ServiceNow Certified Implementation Specialist – Risk and Compliance — Question 84

How does GRC: Policy and Compliance Management track compliance to Authority Documents?

Answer options

• A. Citations are mapped to entity-scoped controls, which are tested as compliant or non-compliant.
• B. Authority Documents are mapped to individual policies, which are either marked compliant or non-compliant.
• C. Authority Documents are mapped to control objectives and compliance is checked when controls are tested as compliant or non-compliant.
• D. Citations are mapped to control objectives, and compliance is checked when controls are tested as compliant or non-compliant.

Correct answer: D

Explanation

The correct answer, D, accurately describes how citations are associated with control objectives, and compliance is determined based on the assessment of controls. Options A and B incorrectly focus on either entity-scoped controls or policies, which do not align with the compliance tracking mechanism. Option C does not mention the role of citations, which is essential for understanding compliance tracking in this context.