The High-Level Test Plan (HLTP) is outlined in the "Independent Assessment Framework - High-Level Test Plan Guidelines" and serves as a guidance document for assessors. Let’s evaluate each option:
•Option A: The HLTP provides a way of testing and the typical evidence for each control (based on implementation guidelines) and must be strictly followed
This is incorrect. The HLTP is a recommended framework, not a strict mandate. Assessors have flexibility to adapt testing approaches based on the user’s environment, as per the "Independent Assessment Process for Assessors Guidelines."
•Option B: The HLTP provides a way of testing and the typical evidence for each control (based on implementation guidelines), testing should be ideally based on it
This is correct. The HLTP offers a standardized methodology and evidence examples for testing CSCF controls, derived from implementation guidelines. The "CSP_controls_matrix_and_high_test_plan_2025" encourages assessors to use it as a best practice, allowing adjustments as needed.
•Option C: The HLTP provides the rules to define the sample for testing
This is incorrect. While the HLTP includes sample size guidance (e.g., minimum of 3 for limited testing), its primary purpose is broader, covering testing methods and evidence, not just sampling rules.
•Option D: The HLTP provides a detailed way of control testing
This is incorrect. The HLTP is high-level, not detailed; detailed testing plans are developed by assessors based on the HLTP framework.
Summary of Correct Answer:
The HLTP provides testing methods and evidence, and testing should ideally be based on it (B).
References to SWIFT Customer Security Programme Documents:
•Independent Assessment Framework - High-Level Test Plan Guidelines: Defines HLTP purpose.
•CSP_controls_matrix_and_high_test_plan_2025: Recommends HLTP usage.
•Independent Assessment Process for Assessors Guidelines: Allows flexibility.
========
Submit