nerdexam
PECB

ISO-IEC-27001-LEAD-AUDITOR · Question #184

ISO-IEC-27001-LEAD-AUDITOR Question #184: Real Exam Question with Answer & Explanation

The correct answer is B. The ISMS scope should take any information security issues that have occurred and any. The correct statement which defines the content of the scope of the ISMS is that the ISMS scope should take any information security issues that have occurred and any interested parties' requirements into consideration. According to ISO/IEC 27001:2022, the scope of the ISMS shoul

Question

You are performing an ISMS audit at a residential nursing home called ABC that provides healthcare services. You find all nursing home residents wear an electronic wristband for monitoring their location, heartbeat, and blood pressure always. You learned that the electronic wristband automatically uploads all data to the artificial intelligence (AI) cloud server for healthcare monitoring and analysis by healthcare staff. To verify the scope of ISMS, you interview the management system representative (MSR) who explains that the ISMS scope covers an outsourced data center. Select one option of the correct statement which defines the content of the scope of the ISMS.

Options

  • AThe ISMS scope should not cover external service providers because they can have compliance
  • BThe ISMS scope should take any information security issues that have occurred and any
  • CThe most likely ISMS scope is to cover the IT department and the outsourced data centre
  • DThe organisation should only follow the government's recommendation, i.e., legal and legislation

Explanation

The correct statement which defines the content of the scope of the ISMS is that the ISMS scope should take any information security issues that have occurred and any interested parties' requirements into consideration. According to ISO/IEC 27001:2022, the scope of the ISMS should be determined by considering the internal and external issues, the requirements and expectations of interested parties, the interfaces and dependencies between the organisation and other parties, and the information security risks. The scope of the ISMS should also be aligned with the strategic direction of the organisation and be appropriate to its purpose and context. The scope of the ISMS should not be limited by the government's recommendation, nor exclude external service providers, nor be based on a single department or function, unless these are justified by the risk assessment and the needs and expectations of interested parties.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full ISO-IEC-27001-LEAD-AUDITOR Practice
You are performing an ISMS audit at a residential nursing home... | ISO-IEC-27001-LEAD-AUDITOR Q#184 Answer | NerdExam