nerdexam
ExamsCCSPQuestions#221
(ISC)2(ISC)2

CCSP · Question #221

CCSP Question #221: Real Exam Question with Answer & Explanation

The correct answer is B: ISO/IEC 28000:2007. ISO/IEC 28000:2007 is the specific standard addressing security management systems within the supply chain.

Submitted by carter_n· Apr 18, 2026Legal, Risk and Compliance

Question

Which ISO standard refers to addressing security risks in a supply chain?

Options

  • AISO 27001
  • BISO/IEC 28000:2007
  • CISO 18799
  • DISO 31000:2009

Explanation

ISO/IEC 28000:2007 is the specific standard addressing security management systems within the supply chain.

Common mistakes.

  • A. ISO 27001 specifies requirements for an Information Security Management System (ISMS) in general, not solely focused on the supply chain.
  • C. ISO 18799 is not a recognized or relevant ISO standard for supply chain security.
  • D. ISO 31000:2009 provides general guidelines for risk management, applicable to any type of risk, but is not specific to supply chain security.

Concept tested. ISO standards for supply chain security

Reference. https://www.iso.org/standard/41551.html

Topics

#ISO standards#Supply chain security#Risk management#Compliance

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full CCSP PracticeBrowse All CCSP Questions