GRC Part 1 Flashcards
What is the database table name for Control Objectives starting with Orlando?
sn_compliance_policy_statement
Can you nest or stack policy records?
Yes
Can you nest or stack control objectives?
Yes
What GRC record generates a KB article when approved
Policy
What must be set up for controls to be generated?
The Control Objective has the checkbox for “Create Controls Automatically” checked and Entity Type is applied to the Control Objective,
Attestations are generated when a control is moved from draft to what?
Attest
What can you do with the Policy Acknowledgement feature?
Send out policies for review & acknowledgement, Track responses on the campaign record, designate the campaign audience for acknowledgement.
What can you NOT do with the Policy Acknowledgement feature
Enable employees to ask for more info about the policy.
A control attestation can be used to measure the level of compliance - T or F
False
How many entity types can an entity belong to?
None, 1 or multiple
Entities can be added to an entity type via what methods?
Manually, from the All Entities module or using a filter defined on the Entity Type record.
Entities can be added to an entity type on a Policy Related List - True or False
False
An entity must always relate to a record in a ServiceNow table - True or False
False
What records are generated when an entity type is related to a risk statement/template?
Risks, Risk Indicators (if there is an indicator template related to the risk statement)
Risk Frameworks are required records in Risk Framework Process - T or F
False
What’s another name for Risk Statement Records
Risk Templates
Risk statements can be nested or created in a hierarchy - T or F
True
Risk Events always involve a loss - T or F
False
Customers may refer to Risk Events as Loss Events - T or F
True
Risk Events are the same as Risk Statements - T or F
False
Risk Events can be related to Risks - T or F
True
What is the module name for all Registered Risks?
Risk->Risk Register->All Risks
Entity Types can be applied at what level to generate risks?
Risk Framework and Risk Statement/Template
Default Risk Scoring Method in SN baseline is ___
Quantitative