Home » Certification Exams Questions » Which is the best approach?

An organization works in a highly regulated industry. A new regulation has been introduced that requires additional information to be recorded about users each time the service desk logs an incident in the service logging tool. They want to put controls in place to ensure that the regulation is followed. Which is the best approach?

OPTIONS

  • Update the logging tool to ensure that the minimum data required by the regulation is always recorded and report on any deviations
  • Ensure that the service desk staff are aware of the new regulation and continue to use existing reports of service desk activity
  • Update the logging tool to ensure that all fields must be completed for every incident record and produce daily reports of all service desk activity
  • Ensure that the service desk staff are aware of the new regulation and let them decide what data to record and produce reports when requested

ANSWER

Update the logging tool to ensure that the minimum data required by the regulation is always recorded and report on any deviations

EXPLANATION

This answer creates a balance between implementing controls that are sufficient and it ensures that the regulation is complied with, without being excessive. Identifying only the relevant measurements needed to ensure achievement of agreed objectives is in line with the guiding principle of focus on value. However, when designing organizational measures, it is important to account for external factors, particularly legal factors, which are often enforced by regulatory authorities and should be considered mandatory. Regulatory controls cannot be marginalized doing so would increase risks to the organization.

Leave a Reply

Your email address will not be published. Required fields are marked *

*
*