Governance, Organisation, Law, Regulation and Standards QAN 603/0855/2

Similar documents
STEP BY STEP SCHOOL. Data Protection Policy and Privacy Notice

Precedence Privacy Policy

Office of the Australian Information Commissioner

DATA PROTECTION POLICY

DATA PROTECTION POLICY (in force since 21 May 2018)

Standard Operating Procedures (SOP) Research and Development Office

Personal Identifiable Information Policy

SM-PGN 01- Security Management Practice Guidance Note Closed Circuit Television (CCTV)-V03

WISHIN Statement on Privacy, Security, and HIPAA Compliance - for WISHIN Pulse

Home Energy Saving (HES) scheme - Homeowner Application Form Version 10.0

Student Privacy Notice

The EU GDPR: Implications for U.S. Universities and Academic Medical Centers

Home Energy Saving (HES) scheme - Homeowner Application Form Version 1.0

PRIVACY AND NATURAL MEDICINE PRACTITIONERS

INVEST NI INNOVATION VOUCHER SAMPLE ON-LINE APPLICATION FORM SAMPLE APPLICATION. Applications must be submitted through our online application form.

GDPR DATA PROCESSING ADDENDUM. (Revision March 2018)

Application for Recognition or Expansion of Recognition

Compliance with Personal Health Information Protection Act

ACC Privacy Policy. Policy Statement. Objective. Scope. Policy system. Policy standards. Collection

Information for registrants. How to renew your registration

Farm Data Code of Practice Version 1.1. For organisations involved in collecting, storing, and sharing primary production data in New Zealand

Privacy Policy - Australian Privacy Principles (APPs)

Safeguarding Policy Children and Adults at Risk

Prescription Monitoring Program State Profiles - Michigan

Job Description. Service Delivery Manager. Nurse Manager. Ward Sister. Staff Nurses

White Paper on the use of social media messaging services by medical professionals practising under UK law. December 2017

AUSTRALIAN RESUSCITATION COUNCIL PRIVACY STATEMENT

What information does Genome.One collect about you and why?

PRIVACY MANAGEMENT PLAN

DOCUMENT CONTROL Title: Use of Mobile Phones and Tablets (by services users & visitors in clinical areas) Policy. Version: Reference Number: CL062

GDPR readiness at efinancialcareers. Our Responsibilities and the General Data Protection Regulation

New Zealand Farm Data Code of Practice. For organisations involved in collecting, storing, and sharing primary production data in New Zealand

PRIVACY IMPACT ASSESSMENT (PIA) For the. Operational Data Store -Enterprise (ODSE) Department of the Navy - USMC

Diabetes Eye Screener / Photographer Job Description

PRIVACY MANAGEMENT FRAMEWORK

POLICY STATEMENT PRIVACY POLICY

Job Description, Ward Clerk

Date last amended: (refer Version Control Table) Director, Governance and Legal Division

Data Processing Agreement

Protecting and managing personal data Changes on the horizon for hospitals and other health and care organisations

Access to Records Procedure under Data Protection Act 1998 Access to Health Records Act 1990

APPLICATION FOR INITIAL APPOINTMENT TO THE RQIA LIST OF PART II MEDICAL PRACTITIONERS UNDER THE MENTAL HEALTH (NORTHERN IRELAND) ORDER 1986

NHS Constitution summary of rights and responsibilities

IVAN FRANKO HOME Пансіон Ім. Івана Франка

DRAFT Guidelines for Client Records

Compass Privacy Compliance

SURPRISE POLICE DEPARTMENT PORTABLE VIDEO MANAGEMENT SYSTEM

The National Patient Experience Survey Programme. Statement of information practices

Defense Security Service National Industrial Security Program. Guidelines for Trustees, Proxy Holders and Outside Directors

Sidney Sussex College CCTV POLICY. Page 1 of 11

Research Governance Framework 2 nd Edition, Medicine for Human Use (Clinical Trial) Regulations 2004

Visiting Celebrities, VIPs and other Official Visitors

PRIVACY IMPACT ASSESSMENT (PIA) For the

Lawful basis for processing personal and special category data guidance

JOB DESCRIPTION. Specialist Practitioner of Transfusion for Shrewsbury, Telford and surrounding community hospitals. Grade:- Band 7 Line Manager:-

This policy has implications for all managers, staff, board members, students, apprentices and trainees, contractors and volunteers.

THERAPY CENTRE JOB DESCRIPTION

A PHIPA Update from the IPC

Sample Privacy Impact Assessment Report Project: Outsourcing clinical audit to an external company in St. Anywhere s hospital

SENATE, No STATE OF NEW JERSEY. 216th LEGISLATURE INTRODUCED APRIL 28, 2014

General Policy. Code of Conduct

REPORT OF THE BOARD OF TRUSTEES. Protection of Clinician-Patient Privilege (Resolution 237-A-17)

Rail Training Accreditation Scheme (RTAS) Rules

Writtle College Health and Safety Policy

REPORTING ABUSE ACTUAL OR SUSPECTED: FREQUENTLY ASKED QUESTIONS

Terms and Conditions. Erasmus+ 30 years story submission

I. PURPOSE DEFINITIONS. Page 1 of 5

Employ Florida Marketplace Terms and Conditions Governing your access and use of the Employ Florida Marketplace (EFM)

Physician Assistant Jurisprudence Examination

High Dependency Unit, Highgate Hospital

Social Media IUSM-GME-PO-0031

DATED [2015] (1) NORTH YORKSHIRE COUNTY COUNCIL (2) [INSERT NAME OF GRANT RECIPIENT] FUNDING AGREEMENT - GRANT [INSERT PROJECT TITLE]

Policy No. AD I1 ** Information from collection to retention shall be managed according to relevant legislation.

Guidance for care providers in Scotland using CCTV (closed circuit television) in their services

Getting Ready for Ontario s Privacy Legislation GUIDE. Privacy Requirements and Policies for Health Practitioners

Clinical Lead. Contract of Employment

Contract of Employment

Home Energy Saving scheme. Application Guide Version 1.1

National VET Data Policy

A general review of HIPAA standards and privacy practices 2016

COMIC RELIEF AWARDS THE GRANT TO YOU, SUBJECT TO YOUR COMPLYING WITH THE FOLLOWING CONDITIONS:

SECURITY and MANAGEMENT CONTROL OUTSOURCING STANDARD for NON-CHANNELERS

Employing nurses in local authorities. RCN guidance

Mandatory Reporting A process

Submission to the Consultation on Development of a Framework on Secondary Use of My Health Record Data

PRIVACY POLICY USES AND DISCLOSURES FOR TREATMENT, PAYMENT, AND HEALTH CARE OPERATIONS

RULES - Copernicus Masters 2017

ROLE DESCRIPTION. Physiotherapy Musculoskeletal Practitioner Telephone Triage Physiotherapist

DATA PROTECTION POLICY

PRIVACY POLICY. 1. Privacy Statement

Technology Standards of Practice

Deputise and take charge of the given area regularly in the absence of the clinical team leader who has 24 hour accountability and responsibility.

Guidance for organisations applying for both registration and licensing as a new service provider

Implementing the Revised Common Rule Exemptions with Limited IRB Review

DISCLOSURE & BARRING SERVICE POLICY AND PROCEDURES

Employee Assistance Professionals Association of South Africa: an Association for Professionals in the field of Employee Assistance Programmes

Family Violence Risk Assessment and Risk Management Framework: key components

Trial Management: Trial Master Files and Investigator Site Files

Business Risk Planning

Nursing Homes Ireland in association with Irish Small and Medium Enterprises Association (ISME)

Transcription:

S Level 4 ertificate in Governance, Organisation, Law, Regulation and Standards QN 603/0855/2 Specimen Paper Record your surname/ last/ family name and initials on the nswer Sheet. Specimen paper only. 20 multiple-choice questions 1 mark awarded to each question. Mark only one answer for each question. There are no trick questions. number of possible answers are given for each question, indicated by either... or. Your answers should be clearly indicated on the nswer Sheet. The pass mark is 13/20. This is a specimen examination paper only. The full paper will contain 40 questions with a pass mark for the full paper of 26/40. opying of this paper is expressly forbidden without the direct approval of S, The hartered Institute for IT. opyright S 2016 Page 1 of 8 S Level 4 ertificate in Specimen Paper

1 Who are the responsible officers within the HMG Information Governance Framework? a) hief Executive. b) ccounting Officer. c) ccreditor. d) Senior Information Risk Owner. a, c and d only. a, b and c only. b, c and d only. a, b and d only. 2 The Microsoft orporation versus United States of merica (2013) case, colloquially known as the Microsoft Ireland case, was concerned with which matter of international law? The applicability of data disclosure warrants served on the US parent of an EU company for access to personal data stored in the EU. The application of anti-trust provisions in US law to a US company's activities in the European Union. The responsibility of a US company to inform EU citizens of the disclosure of their personal information when demanded by a US warrant. Microsoft's circumvention of privacy features built in to common browsers to allow the continued use of directed advertising. 3 Which of the following certifications are specifically concerned with ata entre security? a) SO 2. b) NSI/TI 942-. c) S EN 50600-2-5. d) ISO/IE 20648 (it's a standard for ata Storage devices in general) a and d only. b and d only. a only. c only. opyright S 2016 Page 2 of 8 S Level 4 ertificate in Specimen Paper

4 Who is accountable for information security within an ISO27001 certified organisation? The Information Security Manager. Everybody. The oard. The ata Protection Officer. 5 PI-SS forbids the storage of what sort of data? ard Holder ata (H). Personally Identifiable Information (PII). Primary ccount Number (PN). Sensitive uthentication ata (S). 6 Which of the following activities is core to a Security Operations entre? Resetting a user's password. Reviewing a rejected attempt to access a sensitive document. Provisioning a new user's access. llowing a user exceptional access to another user's online calendar. 7 resident of a nursing home is being treated for a serious, but not lifethreatening condition in hospital. Prior to discharge, the consultant wishes to share information about the resident s condition with the nursing home. Which is the MOST appropriate answer? The consultant can share relevant information on the resident s condition and ongoing treatment with medical staff who are employed by the nursing home. The consultant must first get the explicit and informed consent of the patient, then relevant information may be shared with the nursing home. The consultant can only give information regarding ongoing treatment that the patient cannot share themselves. The consultant can share relevant information if it is covered by a ata Sharing greement between the hospital and the nursing home. opyright S 2016 Page 3 of 8 S Level 4 ertificate in Specimen Paper

8 n employee has been accused of running their own business in work time and using work IT. The organisation, which is NOT a law enforcement body, wishes to investigate in accordance with their disciplinary policy. Which law or regulatory guidance is MOST pertinent? Police and riminal Evidence ct 1984. Information ommissioner's Employment Practices ode. Telecommunications (Lawful usiness Practice) (Interception of ommunications) Regulations 2000. Regulation of Investigatory Powers ct 2000. 9 Which of the following types of devices would USULLY be certified under the ESG ssisted Product Scheme (PS)? Firewalls. ryptographic Link Encryptors. Intrusion etection Systems. Intrusion Protection Systems. 10 Which new offence under the omputer Misuse ct was created by the Serious rime ct 2015? Unauthorised acts causing, or creating risk of, serious damage. Unlawful obtaining etc. of personal data. Making, supplying or obtaining articles for use in offence under sections 1 or 3. Unauthorised access with intent to commit or facilitate commission of further offences. opyright S 2016 Page 4 of 8 S Level 4 ertificate in Specimen Paper

11 What is the name of the replacement scheme for the EU / US Safe Harbour greement? Safe Harbour 2. Privacy Guard. Safe Guard. Privacy Shield. 12 Which is the EST order for implementing an ISO27001 compliant ISMS? a) Risk assessment. b) Executive sponsorship. c) ontrols selection. d) Scoping. a, b, c, d. a, c, d, b. b, d, a, c. d, b, c, a. 13 What is the name of the international agreement, which is similar to the US ITR regulations? London. Vienna. hicago. Wassenaar. opyright S 2016 Page 5 of 8 S Level 4 ertificate in Specimen Paper

14 Which of the following are significant aspects introduced by the General ata Protection Regulation? a) hanges to the meaning of consent. b) The accountability principle. c) The right to be forgotten. d) Mandatory breach reporting.. a, b and c only.. a, b and d only.. a, c and d only.. b, c and d only. 15 The ata Protection ct 1998 s29 exemption, for notifying data subjects about data disclosures, applies to which of the following?. National Security.. Health, Education and Social Work.. rime and Taxation.. Transfers to parent organisations. 16 The project officer, in charge of an organisation s ISO27001 compliance programme, has been asked to advise a small customer finance office that is currently struggling to achieve PI-SS certification. What might the project officer suggest as the EST way forward? The finance office should carry on with PI-SS as that will be sufficient for ISO27001 compliance. The finance office should stop PI-SS certification as ISO27001 compliance will be sufficient. The finance office should be removed from the ISO27001 scope until they have achieved PI-SS as the standards are significantly different. The finance office should continue with both ISO27001 and PI-SS compliance efforts as the standards are very similar. opyright S 2016 Page 6 of 8 S Level 4 ertificate in Specimen Paper

17 Which ISO/IE standard specifically covers cloud services? ISO/IE 27002. ISO/IE 27015. ISO/IE 27017. ISO/IE 25999. 18 The Information ommissioner OUL issue a monetary penalty under s55 of the ata Protection ct 1998 for which of the following breaches of the ct? Failure to notify the ommissioner that the organisation is processing personal data. Unlawfully obtaining personal data. significant data loss uncovered as a result of a s41 assessment notice. negligent breach of Principle 1 that might cause substantial distress. 19 Who does an expert witness act on behalf of? a) The prosecuting legal team. b) The defence legal team. c) The court. d) The rown Prosecution Service. a and b. c only. a and d. d only. 20 Which of the following is NOT an example of the principle of least privilege? personal assistant having delegate access to their boss's calendar. web-server instance running within a chroot environment. system administrator being required to log in as a normal user and then use sudo or Run s. n SNMP daemon running with local system administration privileges. opyright S 2016 Page 7 of 8 S Level 4 ertificate in Specimen Paper

-End of Paper- opyright S 2016 Page 8 of 8 S Level 4 ertificate in Specimen Paper

2024 © careersdocbox.com Privacy Policy | Terms of Service | Feedback