PECB
LEAD-AUDITOR · Question #70
LEAD-AUDITOR Question #70: Real Exam Question with Answer & Explanation
Sign in or unlock LEAD-AUDITOR to reveal the answer and full explanation for question #70. The question stem and answer options stay visible for context.
Question
You are performing an ISO 27001 ISMS surveillance audit at a residential nursing home, ABC Healthcare Services. ABC uses a healthcare mobile app designed and maintained by a supplier, WeCare, to monitor residents' well-being. During the audit, you learn that 90% erf the residents' family members regularly receive medical device advertisements from WeCare, by email and SMS once a week. The service agreement between ABC and WeCare prohibits the supplier from using residents' personal data. ABC has received many complaints from residents and their family members. The Service Manager says that the complaints were investigated as an information security incident which found that they were justified. Corrective actions have been planned and implemented according to the nonconformity and corrective action management procedure. You write a nonconformity 'ABC failed to comply with information security control A.5.34 (Privacy and protection of PII) relating to the personal data of residents' and their family members. A supplier, WeCare, used residents' personal information to send advertisements to family members' Select three options of the corrections and corrective actions listed that you would expect ABC to make in response to the nonconformity
Options
- AABC confirms that information security control A.5.34 is contained in the Statement of Applicability
- BThe Service Manager provides evidence of analysis of the cause of nonconformity and how the
- CABC instructs all staff to follow the signed healthcare service agreement with residents' family
- DABC conducts a management review to take the feedback from residents' family members into
- EABC needs to collect more evidence on how the organisation defines the management system
- FABC identifies and checks compliance with all applicable legislation and contractual requirements
- GThe Service Manager implements the corrective actions and Customer Service Representatives
- HABC needs to collect more evidence on how information security risk assessment relates to the
Unlock LEAD-AUDITOR to see the answer
You've previewed enough free LEAD-AUDITOR questions. Unlock LEAD-AUDITOR for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.