PECB
ISO-IEC-27001-LEAD-AUDITOR · Question #119
ISO-IEC-27001-LEAD-AUDITOR Question #119: Real Exam Question with Answer & Explanation
Sign in or unlock ISO-IEC-27001-LEAD-AUDITOR to reveal the answer and full explanation for question #119. The question stem and answer options stay visible for context.
Question
You are the audit team leader conducting a third-party audit of an online insurance company. During Stage 1, you found that the organization took a very cautious risk approach and included all the information security controls in ISO/IEC 27001:2022 Appendix A in their Statement of Applicability. During the Stage 2 audit, your audit team found that there was no evidence of a risk treatment plan for the implementation of the three controls (5.3 Segregation of duties, 6.1 Screening, 7.12 Cabling security). You raise a nonconformity against clause 6.1.3.e of ISO 27001:2022. At the closing meeting, the Technical Director issues an extract from an amended Statement of Applicability (as shown) and asks for the nonconformity to be withdrawn. Select three options of the correct responses of an audit team leader to the request of the Technical Director.
Exhibit
Options
- AAdvise management that the information provided will be reviewed when the auditors have more
- BThis response is correct because the audit team leader should document the request of the
- CAdvise the Technical Director that once a nonconformity is raised it cannot be withdrawn.
- DThis response is correct because the audit team leader should not withdraw the nonconformity
- EAsk the auditor who raised the issue for their opinion on how you should respond to the request.
- FInform the Technical Director that the nonconformity will be changed to an Opportunity for
- GReview the documentation produced and withdraw the nonconformity.
- HThis response is correct because the audit team leader should state that a follow up audit will
Unlock ISO-IEC-27001-LEAD-AUDITOR to see the answer
You've previewed enough free ISO-IEC-27001-LEAD-AUDITOR questions. Unlock ISO-IEC-27001-LEAD-AUDITOR for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.