To rely on a previous CSP assessment report conclusions, a limited testing approach was used.

The "Independent Assessment Framework - High-Level Test Plan Guidelines" and "CSP_controls_matrix_and_high_test_plan_2025" provide guidance on relying on previous assessments using a limited testing approach. Let’s evaluate each option:

•Option A: There is no need for a sample for this limited testing

This is incorrect. Limited testing requires a sample to validate ongoing compliance, as per the guidelines.

•Option B: 1

This is incorrect. A sample size of 1 is insufficient to ensure statistical reliability for limited testing, per the HLTP guidelines.

•Option C: 3

This is correct. The "Independent Assessment Framework - High-Level Test Plan Guidelines" recommends a minimum sample size of 3 for each identified component when relying on previous assessments, allowing the assessor to confirm consistency and effectiveness without a full re-assessment.

•Option D: 5

This is incorrect. While a larger sample (e.g., 5) may be used in full assessments, the HLTP guidelines specify 3 as the minimum for limited testing.

Summary of Correct Answer:

The expected sample size is 3 for each identified component (C).

References to SWIFT Customer Security Programme Documents:

•Independent Assessment Framework - High-Level Test Plan Guidelines: Specifies a sample size of 3.

•CSP_controls_matrix_and_high_test_plan_2025: Supports limited testing sample requirements.

•Independent Assessment Process for Assessors Guidelines: Guides reliance testing.

========