Explanation: Contract addendums are supplementary documents that modify or amend the original contract terms. They can be used to address third party risk obligations, such as security, privacy, compliance, or performance standards, without having to rewrite the entire MSA. However, contract addendums should be consistent with the MSA and clearly specify the scope, duration, and responsibilities of each party. Contract addendums can also be used to update or revise the contract terms in response to changing business needs or regulatory requirements12.
The other statements are true regarding the different types of contracts and agreements between outsourcers and service providers. Evergreen contracts are contracts that do not have a fixed end date and are automatically renewed unless one party decides to terminate them under the existing contract provisions3. RFPs are documents that solicit proposals from potential service providers for a specific project or service. RFPs should include mandatory requirements based on an organization’s TPRM program policies, standards and procedures, such as risk assessment, due diligence, monitoring, reporting, and remediation . SOWs are documents that define the operational requirements and obligations for each party, such as the scope, deliverables, timelines, costs, quality, and performance metrics . References:
- 1: Contracts and third-party risk - KPMG UK
- 2: Third-Party Risk & Contract Management: A Comprehensive Beginner’s Guide - Trackado
- 3: What Is an Evergreen Contract? | Legal Beagle
- : [Best Practices Guidance for Third Party Risk - GARP]
- : Third-Party Risk Management: A Comprehensive Guide - UpGuard
- : Statement of Work (SOW) - Definition, Contents & Examples
- : How to Write a Statement of Work for Any Industry | Smartsheet