nerdexam
(ISC)2

CISSP · Question #987

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, a

The correct answer is D. Improvement. The improvement stage is the stage in which nonconformities are reviewed, assessed and/or corrected by the organization during an internal audit of an ISMS. The improvement stage is based on the Plan-Do-Check-Act (PDCA) cycle, which is a continuous improvement model for managing

Submitted by kevin_r· Mar 5, 2026Security and Risk Management

Question

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

Options

  • APlanning
  • BOperation
  • CAssessment
  • DImprovement

How the community answered

(56 responses)
  • A
    4% (2)
  • B
    2% (1)
  • C
    2% (1)
  • D
    93% (52)

Explanation

The improvement stage is the stage in which nonconformities are reviewed, assessed and/or corrected by the organization during an internal audit of an ISMS. The improvement stage is based on the Plan-Do-Check-Act (PDCA) cycle, which is a continuous improvement model for managing and maintaining an ISMS. The improvement stage involves taking corrective actions to address the root causes of the nonconformities, preventing their recurrence, and enhancing the performance of the ISMS. The planning stage involves establishing the ISMS policy, objectives, processes and procedures. The operation stage involves implementing and operating the ISMS processes and procedures. The assessment stage involves monitoring and reviewing the ISMS performance and effectiveness.

Topics

#ISMS#audit#nonconformity#continual improvement

Community Discussion

No community discussion yet for this question.

Full CISSP Practice