ISO-IEC-27001-LEAD-AUDITOR Question #135: Real Exam Question with Answer & Explanation

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security incident management process. The IT Security Manager presents the information security incident management procedure (Document reference ID: ISMS_L2_16, version 4). You review the document and notice a statement "Any information security weakness, event, and incident should be reported to the Point of Contact (PoC) within 1 hour after identification". When interviewing staff, you found that there were differences in the understanding of the meaning of the phrase "weakness, event, and incident". The IT Security Manager explained that an online "information security handling" training seminar was conducted 6 months ago. All the people interviewed participated in and passed the reporting exercise and course assessment. You would like to investigate other areas further to collect more audit evidence. Select three options that would not be valid audit trails.