LEAD-AUDITOR · Question #264
LEAD-AUDITOR Question #264: Real Exam Question with Answer & Explanation
The correct answer is B. Conducting regular internal audits to assess the effectiveness of the ISMS. ISO/IEC 27001 Clause 5.1 (Leadership and Commitment) defines top management's role in ensuring the effectiveness of the Information Security Management System (ISMS). It requires top management to: Ensure the availability of resources for the ISMS (Correct Responsibility). Promot
Question
Options
- AEnsuring the availability of resources for the ISMS and promoting continual improvement
- BConducting regular internal audits to assess the effectiveness of the ISMS
- CDirecting and supporting persons to contribute to the effectiveness of the ISMS
Explanation
ISO/IEC 27001 Clause 5.1 (Leadership and Commitment) defines top management's role in ensuring the effectiveness of the Information Security Management System (ISMS). It requires top management to: Ensure the availability of resources for the ISMS (Correct Responsibility). Promote continual improvement of the ISMS (Correct Responsibility). Direct and support employees to contribute to ISMS effectiveness (Correct Responsibility). B. Conducting regular internal audits -Incorrect Internal audits are not a direct responsibility of top management. Instead, Clause 9.2 (Internal Audit) requires audits to be conducted independently of management. Top management is responsible for ensuring audits are conducted but does not need to conduct them personally. Thus, top management is responsible for oversight and support but not for conducting internal audits themselves.
Community Discussion
No community discussion yet for this question.