A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?
A company policy requires third-party suppliers to self-report data breaches within a specific time frame. Which of the following third-party risk management policies is the company complying with?
A Service Level Agreement (SLA) is a contractual agreement between a company and a third-party supplier that outlines the level of service the supplier is expected to provide, which can include specific requirements such as self-reporting data breaches within a certain timeframe. MOUs, EOLs, and NDAs do not generally cover service levels or breach reporting in the same way.
TIME= SLA
The company policy requiring third-party suppliers to self-report data breaches within a specific time frame is an example of compliance with an SLA (Service Level Agreement).
Business to user = MOU. Business to business = SLA
SLA is the answer
Every time I see “third party” involved it’s SLA
B. SLA
>>>B<<<< >>"SLA" (Service Level Agreement) <<< The company policy is complying with the "SLA" (Service Level Agreement) third-party risk management policy. An SLA is a contractual agreement between a company and a third-party supplier that outlines the level of service that the supplier is expected to provide. In this case, the SLA requires the third-party supplier to self-report data breaches within a specific time frame. This helps to ensure that the supplier is meeting the company's security requirements and that any breaches are identified and addressed in a timely manner. The other options (MOU, EOL, and NDA) are not directly related to third-party risk management policies.
-B is correct The company policy requiring third-party suppliers to self-report data breaches within a specific time frame is an example of a third-party risk management policy that complies with an SLA (Service Level Agreement), as shown in option B. An SLA is an agreement between a service provider and a customer that outlines the level of service that will be provided, as well as any specific requirements or expectations. In the context of third-party risk management, an SLA may include specific requirements related to data security, such as the requirement for third-party suppliers to self-report data breaches within a certain time frame.