PECB
LEAD-AUDITOR · Question #90
LEAD-AUDITOR Question #90: Real Exam Question with Answer & Explanation
Sign in or unlock LEAD-AUDITOR to reveal the answer and full explanation for question #90. The question stem and answer options stay visible for context.
Question
You are performing an ISO 27001 ISMS surveillance audit at a residential nursing home, ABC Healthcare Services. ABC uses a healthcare mobile app designed and maintained by a supplier, WeCare, to monitor residents' well-being. During the audit, you learn that 90% of the residents' family members regularly receive medical device advertisements from WeCare, by email and SMS once a week. The service agreement between ABC and WeCare prohibits the supplier from using residents' personal data. ABC has received many complaints from residents and their family members. The Service Manager says that the complaints were investigated as an information security incident which found that they were justified. Corrective actions have been planned and implemented according to the nonconformity and corrective action management procedure. You write a nonconformity "ABC failed to comply with information security control A.5.34 (Privacy and protection of PII) relating to the personal data of residents' and their family members. A supplier, WeCare, used residents' personal information to send advertisements to family members." Select three options of the corrections and corrective actions listed that you would expect ABC to make in response to the nonconformity.
Options
- AABC asks an ISMS consultant to test the ABC Healthcare mobile app for protection against cyber-
- BABC cancels the service agreement with WeCare.
- CABC confirms that information security control A.5.34 is contained in the Statement of Applicability
- DABC discontinues the use of the ABC Healthcare mobile app.
- EABC introduces background checks on information security performance for all suppliers.
- FABC periodically monitors compliance with all applicable legislation and contractual requirements
- GABC takes legal action against WeCare for breach of contract.
- HABC trains all staff on the importance of maintaining information security protocols.
Unlock LEAD-AUDITOR to see the answer
You've previewed enough free LEAD-AUDITOR questions. Unlock LEAD-AUDITOR for full answers, explanations, the timed quiz mode, progress tracking, and the master PDF. Question stem and options stay visible so you can still see what's on the exam.