Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

CIS-RC > Policy & Comp Imp Approach > Flashcards

Policy & Comp Imp Approach Flashcards

(55 cards)

Start Studying
1
Q

Policy Record Lifecycle

A 
Draft
Review
Awaiting Approval
Published
Retired
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Who can create a policy?

A

Compliance Users and above

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Who can move a policy from review to AA

A

Named Reviewer or Policy Owner

not Compliance Manager or Admin

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Who can manually retire a policy?

A

Compliance Manager or Policy Owner

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which record doesn’t have lifecycle

A

Control Objective (they are also child of policy)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Control Lifecycle

A 
Draft
Attest
Review
Monitor
Retire
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Who can create Controls

A

Compliance User

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Who can attest to a control

A

Person assigned to it

sys admin can by impersonating

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Who can move control into “Monitor”

A

Compliance Manager

this ensures that the control and attestation results are reviewed before entering monitor

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How are Controls retired

A
  • Manually by compliance manager

- automatically when entity becomes inactive

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Policy Exception Lifecycle

A 
New
Analyze
Review
Awaiting Approval
Approved
Closed
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Who can request policy exception?

A

any user with snc_internal role

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Who handles policy exceptions in the “analyze” state?

A

Compliance Manager

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

3 locations policy exceptions can be initiated

A

Within GRC: Policy & Compliance
Service Portal
Other apps added to Integration Registry

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Policy Acknowledgement Lifecycle

A

New
Pending Acknowledgement
Closed
Canceled

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Who can set up a Policy Acknowledgement Campaign?

Who determines the audience

A

Compliance User sets it up

Compliance Manager or Admin identifies audience

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

Who can cancel a Policy Acknowledgement Campagin?

A

Compliance Manager or owner of campaign

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

Table Relationship in GRC: Policy and Compliance

A

Policy [sn_compliance_policy] Control Objective [sn_compliance_policy_statement] Citation [sn_compliance_citation] Authority Document [sn_compliance_authority_document]

(ALL MANY TO MANY RELATIONSHIPS)
(COs related to multiple citations allows “test once satisfy many”)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

Indicator Template - table name

A

sn_grc_indicator_template

GRC: Profiles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

Indicator - table name

A

sn_grc_indicator

GRC: Profiles

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

Control Objective - table name

A

sn_compliance_policy_statement

GRC: Policy & Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

Control - table name

A

sn_compliance_control

GRC: Policy & Compliance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Entity Type - table name

Study These Flashcards
A

sn_grc_profile_type

GRC: Profiles

24
Q

Entity - table name

Study These Flashcards
A

sn_grc_profile

GRC: Profiles

25
Issue - table name
sn_grc_issue | GRC: Profile
26
Control Attestation - table name
asmt_assessment_instance | Global
27
Risk - table name
sn_risk_risk | GRC: Risk
28
**Recommend studying page 133
**Recommend studying page 133
29
Policy to Control Objective - table name
sn_compliance_m2m_policy_policy_statement
30
Control Objective to Control Objective - table name
sn_compliance_m2m_policy_stmt_policy_stmt
31
Control Objective to Citation - table name
sn_compliance_m2m_statement_citation
32
Control Objective to Entity Type - table name
sn_compliance_m2m_statement_profile_type
33
**recommend studying page 134
**recommend studying page 134
34
Audience to Audience Filters - table
sn_grc_m2m_audience_filter
35
Audience to User - table name
sn_grc_m2m_audience_user
36
Audience to User Groups - table name
sn_grc_m2m_audience_user_group
37
What table does Acknowledgement Campaign extend from
Task table
38
What table does Acknowledgement extend
It doesn't extend from a table
39
Assessment Grouping Criteria - table name
[sn_grc_asmt_group_options] | Used to determine grouping criteria for control attestations and risk assessments
40
Change who can edit a Policy in Review State
ComplianceUtils
41
Change how compliance scores roll up
ComplianceScoreCalculator
42
Display # of controls excluded from compliance score
AssessmentStrategy
43
Use a different criteria to create control records
ControlGeneratorStrategy
44
Add the state of X to the Policy Exception Process
PolicyException
45
Modify the Policy Acknowledgement process
PolicyAcknowledgementUtils
46
Policy Form - fields to make visible
Number Category Classification Formatter - activity
47
Control Objective form - fields to make visible
Choice list updates - category, classification, type Add Fields - Order, Imported Formatter - Activity
48
Control form - fields to make visible
Add fields - created manually
49
Issue form - fields to make visible
``` Add fields - watch list Due date Created manually Created by Created date ```
50
Two Options for changing/increasing security
ACL Customization | Business Rule Customization
51
Compliance Score Color Scheme
Red <50 Yellow 50-80 Green >80
52
What is an indicator
A filter that looks at a table for evidence
53
Two policy exception flows
- Initial verification (should we consider). Trigger in Substate field. Generates verification based on information in the verification rules record - Final approval(s) (should we approve this). Triger is in State field changing to AA. Generates approval(s) based on info in Approval Rules record
54
Which tables can SLAs NOT be applied to | note to studier: its easier to remember the ones you can't than the ones you can
``` Control Registered Risk Control Objective Risk Statement Policy Risk Framework ```
55
Baseline Default GRC Knowledgebase
Workflows with GRC KB in baseline Can Contribute User Criteria for GRC User role Social Q&A enabled KB owner is System Admin

CIS-RC (4 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions