Client Communication
Clear, concise summaries of decisions and next steps are known as this.
What are action items?
This principle ensures users only have the access they need.
What is least privilege?
This document maps controls to requirements.
What is a control matrix?
This document outlines deliverables, timelines, and responsibilities.
What is a statement of work (SOW)?
This practice ensures the client understands what you will and won’t deliver.
What is setting expectations?
This process identifies and fixes weaknesses in systems or applications.
What is vulnerability management?
This type of control requires evidence collected on a schedule (e.g., monthly).
What is a recurring control?
This term describes identifying systems, assets, and boundaries before testing.
What is defining the scope?
This technique involves restating what the client said to confirm understanding.
What is active listening?
This practice requires reviewing access lists at least quarterly.
What is access review?
This is the practice of verifying that controls are implemented before the audit begins.
What is readiness assessment?
This practice ensures both sides agree on assumptions before work begins.
What is validating requirements?