1/15
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai | Chat |
|---|
No analytics yet
Send a link to your students to track their progress
Penetration Testing
Authorized simulated attacks carried out to identify vulnerabilities in the vendor’s systems
Right-to-Audit Clause
Allows the customer to conduct or commission audits on the vendor’s operations and practices to ensure compliance with terms and conditions, as well as regulatory requirements
Evidence of Internal Audits
Provides insights into the vendor’s internal controls, compliance, and risk management practices
Independent Assessments
May involve bringing in third-party experts to objectively evaluate the vendor’s practices and systems, and can include certification verifications, such as ISO 27001 or SOC reports
Supply Chain Analysis
Includes assessing the vendor’s suppliers and understanding the interdependencies and risks that could impact the vendor’s ability to deliver products and services
Due Diligence
Thoroughly vetting potential vendors to ensure that they meet the organization’s standards and requirements, and the process should include an evaluation of the vendor’s financial stability, business reputation, quality of products or services, and compliance with relevant regulations
Conflict of Interest
When a vendor has a competing interest that could influence their behavior in a way that is not aligned with the best interests of the organization
Service Level Agreements (SLAs)
Written contracts that specify the conditions of service that will be provided by the vendor and the remedies available to the customer if the vendor fails to meet the SLA, covering common issues like system availability, data durability, and response time
Memorandum of Agreement (MOA)
A formal document that outlines the terms and details of an agreement between parties, establishing a mutual understanding of the roles and responsibilities in fulfilling specific objectives
Memorandum of Understanding (MOU)
A letter written to the document aspects of the relationship, and is an informal mechanism that allows the parties to document their relationship to avoid future misunderstandings, commonly used in cases where an internal service provider is offering a service to a customer that is in a different business unit of the same company
Master Service Agreement (MSA)
Provides an umbrella contract for the work that a vendor does with an organization over an extended period of time and includes detailed security and privacy requirements
Work Order (WO) / Statement of Work (SOW)
Contains the project-specific details and references the MSA
Business Partners Agreements (BPA)
When two organizations agree to do business with each other in a partnership, like specifying each other’s responsibilities and the division of profits
Vendor Monitoring
Continuous observation and analysis of a vendor’s performance and compliance to ensure that they adhere to the contractual obligations
Rules of Engagement
Rules that define the boundaries within which the vendor should operate, including clear communication protocols, defining responsibilities, and establishing processes for issue resolutions
Questionnaires
Used to collect information regarding the vendor’s practices and performance regularly, and can be tailored to focus on specific areas of concern, such as security policies, data handling procedures, and business continuity planning.