nerdexam
PECB

LEAD-AUDITOR · Question #149

LEAD-AUDITOR Question #149: Real Exam Question with Answer & Explanation

The correct answer is C. The organisation does not have an effective process in place that ensures service. The non-conformity you have identified relates to the organization's failure to implement adequate operational controls to ensure that service and regulatory requirements for data protection are met. This situation is particularly critical given the nature of the items being ship

Question

You are conducting an Information Security Management System audit in the despatch department of an international logistics organisation that provides shipping services to large organisations including local hospitals and government offices. Parcels typically contain pharmaceutical products, biological samples and documents such as passports and driving licences. You note that the company records show a very large number of returned items with causes including misaddressed labels and, in 15% of cases, two or more labels for different addresses for the one package. You are interviewing the Shipping Manager (SM). You: Are items checked before being dispatched? SM: Any obviously damaged items are removed by the duty staff before being dispatched, but the small profit margin makes it uneconomic to implement a formal checking process. You: What action is taken when items are returned? SM: Most of these contracts are relatively low value, therefore it has been decided that it is easier and more convenient to simply reprint the label and re-send individual parcels than it is to implement an investigation. You raise a non-conformity against clause 8.1 of ISO 27001:2022. Which one option below that best describes the non-conformity you have identified?

Options

  • AThe organisation does not have an approved process in place that ensures service requirements
  • BThe organisation does not have an audited process in place that ensures service requirements
  • CThe organisation does not have an effective process in place that ensures service
  • DThe organisation does not have an efficient process in place that ensures service requirements
  • EThe organisation does not have an efficient process in place that ensures service requirements

Explanation

The non-conformity you have identified relates to the organization's failure to implement adequate operational controls to ensure that service and regulatory requirements for data protection are met. This situation is particularly critical given the nature of the items being shipped, which include sensitive medical information and government documents. The fact that 15% of returned parcels have labels for different addresses, potentially exposing sensitive information to incorrect recipients, underscores the lack of effective information security practices. The best description of the non-conformity, based on the details provided and the requirements of ISO/IEC 27001:2022, particularly clause 8.1 which deals with operational planning and control, would be: requirements and regulatory requirements for data protection are met. Records show that 15% of returned parcels have disclosed information intended for another party to the recipient (which may include sensitive medical information or government department communications) without adequate operational controls to meet information security requirements. This option accurately captures the essence of the non-conformity by highlighting the lack of effective operational controls to protect sensitive information, leading to potential unauthorized disclosure of information intended for another party. This is a direct violation of information security management principles, particularly those related to the protection of confidentiality and integrity of information as mandated by ISO/IEC 27001:2022.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full LEAD-AUDITOR Practice
You are conducting an Information Security Management System audit... | LEAD-AUDITOR Q#149 Answer | NerdExam