U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

HITRUST CCSFP Exam - Topic 3 Question 18 Discussion

When performing r2 assessments, any added compliance factors should be considered before marking a requirement statement "N/A".
A) True
B) False

HITRUST CCSFP Exam - Topic 3 Question 18 Discussion

Actual exam question for HITRUST's CCSFP exam
Question #: 18
Topic #: 3
[All CCSFP Questions]

When performing r2 assessments, any added compliance factors should be considered before marking a requirement statement "N/A".

Show Suggested Answer Hide Answer
Suggested Answer: A

Marking a requirement statement ''Not Applicable (N/A)'' requires careful justification. In r2 assessments, compliance factors such as HIPAA, PCI-DSS, GDPR, or state-specific laws may trigger requirements that would not otherwise apply. Therefore, an assessor must verify that all compliance factors have been considered before permitting an N/A designation. For example, a requirement related to cardholder data might seem irrelevant unless PCI-DSS was selected as a compliance factor; in that case, it becomes mandatory. HITRUST QA scrutinizes N/A markings to ensure they are not misused to exclude applicable requirements. Incorrect use of N/A may result in CAPs or QA rejection. Thus, compliance factors must always be reviewed first to confirm whether the requirement is truly outside scope.


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel