MGRADES
Third Party Risk Management Terminology
UPDATED ACTUAL Exam Questions and
CORRECT Answers
Health Insurance Portability and Accountability Act (HIPPA) - CORRECT ANSWER -
Regulation designed to protect personal information and data collected and stored in medical
records.
SSAE-16 - CORRECT ANSWER - This is the public accounting auditing standard for
performing 3rd party reviews.
SOC2 - CORRECT ANSWER - Addresses a service organizations controls that relate to
operations and compliance, as outlined by the AICPA's Trust Services criteria in relation to
availability, security, processing integrity, confidentiality and privacy.
SOC1 - CORRECT ANSWER - Focuses on a service organization's controls that are likely
to be relevant to an audit of a user entity's financial statement.
Cloud Security Assessment (CSA) Security - CORRECT ANSWER - A publicly
accessible registry that documents the security controls provided by various cloud computing
offerings, thereby helping users access the security of cloud providers they currently use or are
considering contracting with.
Cloud Service Providers (CSP) - CORRECT ANSWER - Companies that offers network
services, infrastructure, or business applications in the cloud.
Report on Compliance (ROC) - CORRECT ANSWER - A form that must be completed by
all Level 1 Visa merchants undergoing PCI DSS (Payment Card Industry Data Security
Standard) audit.
, MGRADES
Gramm-Leach-Bliley Act (GLBA) - CORRECT ANSWER - Requires financial
institutions to explain their information-sharing practices to their customers and to safeguard
sensitive data.
Telephone Consumer Protection Act (TCPA) - CORRECT ANSWER - Restricts telephone
solicitations and the use of automatic telephone equipment.
Bank Secrecy Act - CORRECT ANSWER - Requires U.S. financial institutions to
collaborate with the U.S. government in cases of suspected money laundering and fraud
Anti-Money Laundering - CORRECT ANSWER - Set of procedures, laws and regulations
designed to stop the practice of generating income through illegal actions.
Office of Foreign Asset Control (OFAC) - CORRECT ANSWER - A department of the
U.S. Treasury that enforces economic and trade sanctions against countries or groups of
individuals involved in terrorism, narcotics, and other disreputable activities.
Foreign Corrupt Practices Act (FCPA) - CORRECT ANSWER - Prohibits U.S. firms and
individuals from paying bribes to foreign officials in furtherance of a business deal and against
the foreign official's duties.
Unfair or Deceptive Acts or Practices (UDAP) - CORRECT ANSWER - Prohibits unfair
or deceptive acts or practices in or affecting commerce.
Regulation Z - CORRECT ANSWER - Must provide written disclosures of interest rates
and finance charges, provide borrowers with explanations of important credit terms, respond to
borrowers' complaints about billing, and refrain from engaging in certain unfair lending
practices.
Regulation E - CORRECT ANSWER - Outlines rules and procedures for electronic fund
transfers and provides guidelines for issuers and sellers of electronic debit cards.
Third Party Risk Management Terminology
UPDATED ACTUAL Exam Questions and
CORRECT Answers
Health Insurance Portability and Accountability Act (HIPPA) - CORRECT ANSWER -
Regulation designed to protect personal information and data collected and stored in medical
records.
SSAE-16 - CORRECT ANSWER - This is the public accounting auditing standard for
performing 3rd party reviews.
SOC2 - CORRECT ANSWER - Addresses a service organizations controls that relate to
operations and compliance, as outlined by the AICPA's Trust Services criteria in relation to
availability, security, processing integrity, confidentiality and privacy.
SOC1 - CORRECT ANSWER - Focuses on a service organization's controls that are likely
to be relevant to an audit of a user entity's financial statement.
Cloud Security Assessment (CSA) Security - CORRECT ANSWER - A publicly
accessible registry that documents the security controls provided by various cloud computing
offerings, thereby helping users access the security of cloud providers they currently use or are
considering contracting with.
Cloud Service Providers (CSP) - CORRECT ANSWER - Companies that offers network
services, infrastructure, or business applications in the cloud.
Report on Compliance (ROC) - CORRECT ANSWER - A form that must be completed by
all Level 1 Visa merchants undergoing PCI DSS (Payment Card Industry Data Security
Standard) audit.
, MGRADES
Gramm-Leach-Bliley Act (GLBA) - CORRECT ANSWER - Requires financial
institutions to explain their information-sharing practices to their customers and to safeguard
sensitive data.
Telephone Consumer Protection Act (TCPA) - CORRECT ANSWER - Restricts telephone
solicitations and the use of automatic telephone equipment.
Bank Secrecy Act - CORRECT ANSWER - Requires U.S. financial institutions to
collaborate with the U.S. government in cases of suspected money laundering and fraud
Anti-Money Laundering - CORRECT ANSWER - Set of procedures, laws and regulations
designed to stop the practice of generating income through illegal actions.
Office of Foreign Asset Control (OFAC) - CORRECT ANSWER - A department of the
U.S. Treasury that enforces economic and trade sanctions against countries or groups of
individuals involved in terrorism, narcotics, and other disreputable activities.
Foreign Corrupt Practices Act (FCPA) - CORRECT ANSWER - Prohibits U.S. firms and
individuals from paying bribes to foreign officials in furtherance of a business deal and against
the foreign official's duties.
Unfair or Deceptive Acts or Practices (UDAP) - CORRECT ANSWER - Prohibits unfair
or deceptive acts or practices in or affecting commerce.
Regulation Z - CORRECT ANSWER - Must provide written disclosures of interest rates
and finance charges, provide borrowers with explanations of important credit terms, respond to
borrowers' complaints about billing, and refrain from engaging in certain unfair lending
practices.
Regulation E - CORRECT ANSWER - Outlines rules and procedures for electronic fund
transfers and provides guidelines for issuers and sellers of electronic debit cards.
