CISSP · Question #987
During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, a
The correct answer is D. Improvement. The improvement stage is the stage in which nonconformities are reviewed, assessed and/or corrected by the organization during an internal audit of an ISMS. The improvement stage is based on the Plan-Do-Check-Act (PDCA) cycle, which is a continuous improvement model for managing
Question
During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?
Options
- APlanning
- BOperation
- CAssessment
- DImprovement
How the community answered
(56 responses)- A4% (2)
- B2% (1)
- C2% (1)
- D93% (52)
Explanation
The improvement stage is the stage in which nonconformities are reviewed, assessed and/or corrected by the organization during an internal audit of an ISMS. The improvement stage is based on the Plan-Do-Check-Act (PDCA) cycle, which is a continuous improvement model for managing and maintaining an ISMS. The improvement stage involves taking corrective actions to address the root causes of the nonconformities, preventing their recurrence, and enhancing the performance of the ISMS. The planning stage involves establishing the ISMS policy, objectives, processes and procedures. The operation stage involves implementing and operating the ISMS processes and procedures. The assessment stage involves monitoring and reviewing the ISMS performance and effectiveness.
Topics
Community Discussion
No community discussion yet for this question.