A large online bookseller decides to contract with a vendor to manage Personal Information (PI). What is the least important factor for the company to consider when selecting the vendor?
A large online bookseller decides to contract with a vendor to manage Personal Information (PI). What is the least important factor for the company to consider when selecting the vendor?
When selecting a vendor to manage Personal Information (PI), the least important factor is the vendor’s employee retention rates. While a high employee retention rate may reflect overall job satisfaction and stability, it does not directly impact the vendor's ability to protect personal information. The more critical factors to consider are the vendor’s reputation, financial health, and employee training programs. These factors are directly related to the security and protection of personal information, ensuring that the vendor is trustworthy, financially stable, and knowledgeable about handling sensitive data appropriately.
Agree. Option C, the vendor's employee retention rates, is the least important factor for the company to consider when selecting a vendor to manage Personal Information (PI). While it is important for a company to consider the reputation and financial health of a vendor, as well as their employee training program, the retention rates of the vendor's employees are not a direct indicator of the vendor's ability to protect personal information. It is important for the company to ensure that the vendor has appropriate security measures in place to protect personal information, such as access controls, encryption, and data breach response procedures. The company should also consider the vendor's compliance with applicable privacy and data protection laws, as well as their experience working with sensitive personal information. Overall, while employee retention rates may indirectly reflect the quality of the vendor's services, they are not a direct factor in assessing the vendor's ability to manage personal information.
The answer should be C. On page 90-91 of the book, Section 4.7.2 Vendor Due Diligence, employee retention rate was not mentioned.
The reason I considered vendor employee retention rate at an important factor is if employees at the vendor have access to PI and are constantly leaving that opens a possibility for the employees that have left to disclose PI.
Agree. Answer should be C
Agree with C
Vendor Due Diligence A procuring organization may have specific standards and processes for vendor selection. A prospective vendor should be evaluated against these standards. Standards for selecting vendors may include: 1. Reputation 2. Financial condition and insurance 3. Information security controls 4. Point of transfer 5. Disposal of information 6. Employee training and user awareness 7. Vendor incident response 8. Audit rights.