CoalfireOne
We are still required to have a separate ISO CF1 portal when doing a CAP. (T/F)
What is True?
At a minimum, these key processes & activities should be listed for any in-scope satellite office or sales office
What is Facilities and Property Management?
Or
What is Sales operations or Business operations?
In year 1, a finding was identified related to internal audit. For year 2, another finding was identified for internal audit. Both point to the same requirement, but have a different root cause.
How many findings should the lead auditor identify in the above situation?
What is 2 separate findings?
In an audit plan and audit report, the templates require you to provide the full list of in-scope locations followed only those locations sampled for the current audit. (T/F)
What is True?
Complete the following:
ISO/IEC 20000-1:______
What is 2018?
These roles within a CF1 workspace allow for adding more individuals into the workspace
What is Coalfire Project Lead, Coalfire Project Manager, and Coalfire Director?
For a scope that includes ISO 27001, ISO 27017, and ISO 27018, which standards should be listed in the Stage 1 Audit Plan and Report?
What is all 3 standards: ISO 27001, ISO 27017, and ISO 27018
Section B in an NCF Report can be left blank, and the audit file can be submitted for review under 1 condition.
What is a Major NCF?
Session type when different audit topics are discussed by different auditors on the same calendar day.
What is a parallel session?
Deadline for a client to submit evidence for a minor NCF during a Second Surveillance Audit.
What is end of the year?
What is 12/31?
If you receive errors when uploading custom action items, the best way to solve this is by removing all requirements. (T/F)
What is False.
When CSA STAR is in-scope, the client needs to make sure CCM controls are included in the SOA and ________.
What is the internal audit?
The closing meeting conclusion that should be communicated during a Stage 2 where an issue regarding operating effectiveness is raised.
What is a finding?
If a client says they are fully remote and have no office at all, what should be listed as their central location?
What is a mailing address for HQ (PO box or someone's address (C-suite/founder) address for mailing purposes)
What is the Coalfire-defined certification requirement for our ISO 27701 lead auditors?
What is passing 2 IAPP examinations (CIPP and/or CIPM)
If a CAP client engagement is using parent and child CF1 portals, this portal should be used to respond to evidence (e.g., mark an action item incomplete).
what is the Parent portal
Our communication to clients on what is required (at a minimum) for their internal audit coverage and testing approach.
What is 2 options to testing approach (bare minimum):
1. 100% Testing: All Clauses, all controls
2. Sampling: All Clauses and sampling of controls + multi-year program to ensure 100% coverage. Clauses needing to be tested every year.
The number of days a certificate can be suspended before being revoked
What is 30 days?
The last risk factor-related question on the Audit Program applies to only _______ audits.
What is Recertification and Surveillance?
For CSA STAR Level 2 customers, the deadline to be on version 4.0.
When is June 30, 2022?