IAPP CIPP/US Practice Exam

Category - Professional

Which of the following can be implemented to manage risks when an organization relies on vendors for data processing and other services involving the handling of sensitive or personal information?
  1. Data flow chart
  2. SOC reports and custom risk assessments
  3. Third-Party Risk Management Programs (TPRM Programs)
  4. Both B and C.
Explanation
Answer: D - Organizations often rely on third-party vendors for data processing, management, and other services involving sensitive or personal consumer information. SOC (Service Organization Control) reports and custom risk assessments may be developed as part of a Third-party Risk Management (TPRM) Program to effectively evaluate, manage and mitigate risks.
 
In some cases, especially when an organization relies on many vendors to collectively process complex sets of data for a global database of consumers, SOC reports and custom risk assessments are not as scalable as necessary. A custom and more scalable TPRM Program is established.
Was this helpful? Upvote!
Login to contribute your own answer or details

Top questions

Related questions

Most popular on PracticeQuiz