
Explanation:
The correct answer is A.
Fourth-party risk occurs when a firm's third-party vendor subcontracts services to another vendor (a fourth party). Managing this risk is challenging because the firm does not have a direct contractual relationship with the fourth party. A good practice for addressing fourth-party risk is to require the primary third-party vendor to establish strict standards on their own outsourcing activities. These standards should be equivalent to or aligned with the firm's own third-party risk management (TPRM) standards.
Options B, C, and D are generally standard practices applied directly to third-party risk management (such as defining trigger events for reassessment, having an exit strategy, and including termination clauses in the contract with the third party).
Ultimate access to all questions.
No comments yet.