Policy and Compliance 25% Flashcards
Which of the following tables are in the GRC: Policy and Compliance scope? (Select all that apply)
a. Issue
b. Control
c. Risk
d. Citation
b. Control
d. Citation
Can you nest or stack Policy records?
a. True
b. False
a. True
Can you nest or stack Control Objectives?
a. True
b. False
b. True
GRC Knowledge articles are used by employees to understand the company policies. What GRC record generates the Knowledge article once it is approved?
a. Authority document
b. Citation
c. Policy
d. Control Objective
e. Risk
f. Risk statement / Risk template
c. Policy
If an Entity record is inactivated, which of the following happens?
a. Entity records are deleted
b. Controls associated with the Entity are deleted
c. Controls associated with the Entity are retired
d. There is no change to Test Plans
e. There is no change to Risks
c. Controls associated with the Entity are retired
Which of the following is not a table in the Policy and Compliance scope?
a. Policy
b. Authority Document
c. Issue
d. Control
c. Issue
Multiple Citations can be satisfied and measured once by relating multiple citations to what Table/record?
a. Controls
b. Policy
c. Control Objective
c. Control objective
What table does not have a state lifecycle?
a. Policy
b. Control Objective
c. Policy Exception
d. Control
b. Control objective
What is the name of the Control Objective table?
a. sn_compliance_control_objective
b. sn_compliance_statement
c. sn_compliance_policy_statement
d. sn_grc_policy_statement
c. sn_compliance_policy_statement
Service Level Agreements can easily be set up against all the major tables in the GRC applications.
a. True
b. False
d. False
Which of the following Roles can move a policy from Review into Awaiting Approval? Select all that apply.
a. Policy Owner
b. Compliance Manager
c. Named Reviewer
d. Admin
a. Policy Owner
c. Named Reviewer
Which of the following records has a life cycle? Select all that apply.
a. Policy Exception
b. Policy
c. Policy Acknowledgement
d. Control
e. Control Objective
f. Issue
a. Policy Exception
b. Policy
c. Policy Acknowledgement
d. Control
f. Issue
When is attestation is completed, the Control remains in Review until a compliance officer reviews the attestation results.
a. Yes
b. No
a. Yes
If a Control is set back to Draft, the attestation is canceled
a. Yes
b. No
a. Yes
Issues can be related to which of the following? Select all that apply.
a. Entities
b. Entity Types
c. Controls
d. Control Objectives
e. Risk Statements
f. Controls
g. Risks
a. Entities
c. Controls
d. Control Objectives
e. Risk Statements
f. Controls
g. Risks
Does not apply to Entity Types