This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Third-Party Risk Management Glossary
Gain clarity on essential terms related to vendor and supplier risk management to safeguard your business from external threats.
Third-Party Risk Management Key Terms
Understand critical terms like Vendor Due Diligence, Supply Chain Risk, and Fourth-Party Risk to better manage external dependencies.
Glossary
California Consumer Privacy Act — CCPA
The California Consumer Privacy Act is a state law in California that gives residents the right to access, delete, and control how businesses collect and use their personal information, providing consumers with more privacy rights regarding how their data is handled by companies doing business in California; it allows them to opt-out of the “sale” of their personal information to third parties.
General Data Protection Regulation — GDPR
The General Data Protection Regulation is a European Union law that establishes strict standards for how companies can collect, store, and use the personal data of individuals within the European Economic Area (EEA), aiming to give individuals more control over their personal information and how they protect their privacy by requiring organizations to handle data responsibly and transparently.
Inherent Risk
Inherent risk is the risk that exists before any mitigating factors or controls have been put in place.
Interdependency Mapping
Interdependency mapping is the process of identifying and documenting the activities involved in delivering important business services, including people, processes, technology, data, sites, and third parties.
Risk Lines of Defense
Risk lines of defense refers to a model that organizes and defines how both risk and control cascade across an organization and where responsibility and expectation are assigned.
- 1st Line of Defense refers to functions that own and manage risk.
- 2nd Line of Defense refers to functions that facilitate, oversee, monitor, and assist risk owners throughout the organization.
- 3rd Line of Defense refers to the function that provides independent assurance of risk and control activities across an organization (a.k.a. internal audit).
Service-Level Agreement — SLA
A service-level agreement is a contract that defines performance expectations, including uptime and recovery times.
SOC2 Audit
A SOC2 audit is designed to provide assurance to a service organization’s clients, management, and user entities about the suitability and effectiveness of the service organization’s controls that are relevant to security, availability, processing integrity, confidentiality, and/or privacy.
Statement of Applicability — SOA
A statement of applicability is the main link between your information security risk assessment and treatment work.
Supply Chain Resilience
Supply chain resilience refers to the ability of a company’s supply chain to withstand and recover from disruptions.
Third-Party Risk Management — TPRM
Third-party risk management is the process whereby companies monitor and manage interactions with all external parties with which they have a relationship.
Vendor Service Request — VSR
A vendor service request is a formal request made by a company to a vendor, asking them to provide a specific service that is outlined within their existing contract or service agreement.
Get a closer look at our third-party risk management platform
Discover how Fusion’s third-party risk management software can transform your third-party risk management solutions, making your organization better prepared and better able to maintain your customers’ trust.