nerdexam
PECB

LEAD-AUDITOR · Question #85

LEAD-AUDITOR Question #85: Real Exam Question with Answer & Explanation

The correct answer is C. Advise the auditee and audit client that it is not possible to make a positive recommendation at this. Leadership and commitment is a key requirement of ISO/IEC 27001:2022, as it establishes the top management's role and responsibility in establishing, implementing, maintaining, and continually improving the ISMS. Without assessing this aspect, the audit team cannot conclude that

Question

You are an experienced ISMS audit team leader who is currently conducting a third party initial certification audit of a new client, using ISO/IEC 27001:2022 as your criteria. It is the afternoon of the second day of a 2-day audit, and you are just about to start writing your audit report. So far no nonconformities have been identified and you and your team have been impressed with both the site and the organisation's ISMS. At this point, a member of your team approaches you and tells you that she has been unable to complete her assessment of leadership and commitment as she has spent too long reviewing the planning of changes. Which one of the following actions will you take in response to this information?

Options

  • AApologise to the client and tell them you will return at a later date to review leadership and
  • BSuggest to the client that if they are prepared to upgrade your return flight to first class you will
  • CAdvise the auditee and audit client that it is not possible to make a positive recommendation at this
  • DAdvise the auditee that the certification audit will need to be terminated and rescheduled.
  • EContact the individual managing the audit programme and seek their permission to record a
  • FContact your head office and await their further instructions of how to proceed.
  • GGiven there have been no nonconformities identified and the overall impression of the organisation

Explanation

Leadership and commitment is a key requirement of ISO/IEC 27001:2022, as it establishes the top management's role and responsibility in establishing, implementing, maintaining, and continually improving the ISMS. Without assessing this aspect, the audit team cannot conclude that the ISMS is effective and conforms to the standard. Therefore, the audit team leader should advise the auditee and audit client that it is not possible to make a positive recommendation at this point, and explain the reason and the implications. The audit team leader should also consult with the certification body and the audit programme manager on the next steps, such as extending the audit duration, conducting a follow-up audit, or issuing a conditional certification, depending on the certification body's policy and the audit client's agreement.

Community Discussion

No community discussion yet for this question.

Sign up to join the discussion
Full LEAD-AUDITOR Practice