CTPRP Exam | 99 Questions and Answers with complete
third party
outsourcer
outsourcer
fourth party/subcontractor
drivers for third party risk assessments
different names for third parties
Office of the Comptroller of the Currency (OOC) lifecycle framework for third party risk
False - You ...
CTPRP Exam | 99 Questions and Answers with
complete
1). Third party
Ans: entities or persons that work on behalf of the organization but are not its
employees, including consultants, contingent workers, clients, business partners, service
providers, subcontractors, vendors, suppliers, affiliates and any other person or entity that
accessess customer, company confidential/proprietary data and/or systems that interact
with that data
2). Outsourcer
Ans: the entity delegating a function to another entity, or is considering doing so
3). Outsourcer
Ans: the entity evaluating the risk posed by obtaining services from another entity
4). Fourth party/subcontractor
Ans: an entity independent of and directly performing tasks for the assessee being
evaluated
5). Drivers for third party risk assessments
Ans: ISO 27002, FFEIC Appendix, OOC Bulletins, FFEIC CAT Tool, PCI Data Security
Standard, NIST Cybersecurity Framework, HIPAA/HiTech, EU GDPR
6). Different names for third parties
Ans: Business Associate, Service Provider, Processor, Person who provides support for
the internal operations of the Web site or online service, Third-Party Service Provider
PaperStoc.com Page 1 of 15
, 7). Office of the comptroller of the currency (ooc) lifecycle framework for third party risk
Ans: Planning, Due Diligence and Third Party Selection, Contract Negotiation, Ongoing
Monitoring, Termination
8). False - you must determine the third party's ability to satisfy those requirements.
Ans: T/F - You can rely on contract requirements to satisfy regulatory requirements for
third parties.
9). True - e.g., hipaa and ofac
Ans: T/F - It is possible to be subject to regulations from different industry sectors
10). False - in many instances state requirements may be more stringent than federal
Ans: T/F - Federal regulations always supersede state regulations
11). Audits should ensure compliance with:
Ans: Corporate, Legal, Regulatory, Industry requirements
12). Risk assessment and treatment
Ans: Describes the vendor's risk assessment program, and its maturity and operating
effectiveness.
13). True
Ans: T/F - A risk assessment program should be approved by management and
communicated to all appropriate constituents
14). Different names for data
Ans: Protected Health Information, Electronic Health Records, Personally Identifiable
Financial Information, Cardholder Data, Personal Data, Personal Information, Consumer
Financial Information
15). Personally identifiable information (pii)
PaperStoc.com Page 2 of 15
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Academik001. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $12.49. You're not tied to anything after your purchase.
