Which option best describes the relationship between Control Objective and Policy in ServiceNow GRC?

Prepare for the ServiceNow Integrated Risk Management (IRM) Test. Utilize flashcards and multiple choice questions, each offering hints and explanations. Ensure your success on the exam!

Multiple Choice

Which option best describes the relationship between Control Objective and Policy in ServiceNow GRC?

Explanation:
In ServiceNow GRC, a Policy expresses specific rules and requirements, while a Control Objective states the high-level outcome that controls should achieve. A single policy can address multiple control objectives, and a single control objective can be referenced by multiple policies. This is a many-to-many relationship, and it’s implemented through the Citations bridge, which links policies to control objectives (often along with standards or regulations). This setup provides flexible traceability: you can see which policies cover which control objectives and how the objectives map to external standards. The other options don’t fit because the relationship isn’t strictly one-to-one, and it isn’t unrelated or driven by indicators.

In ServiceNow GRC, a Policy expresses specific rules and requirements, while a Control Objective states the high-level outcome that controls should achieve. A single policy can address multiple control objectives, and a single control objective can be referenced by multiple policies. This is a many-to-many relationship, and it’s implemented through the Citations bridge, which links policies to control objectives (often along with standards or regulations). This setup provides flexible traceability: you can see which policies cover which control objectives and how the objectives map to external standards. The other options don’t fit because the relationship isn’t strictly one-to-one, and it isn’t unrelated or driven by indicators.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy