5.3 Security Program Management and Oversight

0.0(0)
Studied by 0 people
call kaiCall Kai
Locked
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
GameKnowt Play
Card Sorting

1/15

encourage image

There's no tags or description

Looks like no tags are added yet.

Last updated 3:49 PM on 7/9/26
Name
Mastery
Learn
Test
Matching
Spaced
Call with Kai
Chat

No analytics yet

Send a link to your students to track their progress

16 Terms

1
New cards

Penetration Testing

Authorized simulated attacks carried out to identify vulnerabilities in the vendor’s systems

2
New cards

Right-to-Audit Clause

Allows the customer to conduct or commission audits on the vendor’s operations and practices to ensure compliance with terms and conditions, as well as regulatory requirements

3
New cards

Evidence of Internal Audits

Provides insights into the vendor’s internal controls, compliance, and risk management practices

4
New cards

Independent Assessments

May involve bringing in third-party experts to objectively evaluate the vendor’s practices and systems, and can include certification verifications, such as ISO 27001 or SOC reports

5
New cards

Supply Chain Analysis

Includes assessing the vendor’s suppliers and understanding the interdependencies and risks that could impact the vendor’s ability to deliver products and services

6
New cards

Due Diligence

Thoroughly vetting potential vendors to ensure that they meet the organization’s standards and requirements, and the process should include an evaluation of the vendor’s financial stability, business reputation, quality of products or services, and compliance with relevant regulations

7
New cards

Conflict of Interest

When a vendor has a competing interest that could influence their behavior in a way that is not aligned with the best interests of the organization

8
New cards

Service Level Agreements (SLAs)

Written contracts that specify the conditions of service that will be provided by the vendor and the remedies available to the customer if the vendor fails to meet the SLA, covering common issues like system availability, data durability, and response time

9
New cards

Memorandum of Agreement (MOA)

A formal document that outlines the terms and details of an agreement between parties, establishing a mutual understanding of the roles and responsibilities in fulfilling specific objectives

10
New cards

Memorandum of Understanding (MOU)

A letter written to the document aspects of the relationship, and is an informal mechanism that allows the parties to document their relationship to avoid future misunderstandings, commonly used in cases where an internal service provider is offering a service to a customer that is in a different business unit of the same company

11
New cards

Master Service Agreement (MSA)

Provides an umbrella contract for the work that a vendor does with an organization over an extended period of time and includes detailed security and privacy requirements

12
New cards

Work Order (WO) / Statement of Work (SOW)

Contains the project-specific details and references the MSA

13
New cards

Business Partners Agreements (BPA)

When two organizations agree to do business with each other in a partnership, like specifying each other’s responsibilities and the division of profits

14
New cards

Vendor Monitoring

Continuous observation and analysis of a vendor’s performance and compliance to ensure that they adhere to the contractual obligations

15
New cards

Rules of Engagement

Rules that define the boundaries within which the vendor should operate, including clear communication protocols, defining responsibilities, and establishing processes for issue resolutions

16
New cards

Questionnaires

Used to collect information regarding the vendor’s practices and performance regularly, and can be tailored to focus on specific areas of concern, such as security policies, data handling procedures, and business continuity planning.