APMG-International Exam ISO-IEC-27001-Foundation Topic 2 Question 7 Discussion

Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam

Question #: 7
Topic #: 2

[All ISO-IEC-27001-Foundation Questions]

Which item is required to be included in an information security policy?

AA commitment to satisfy applicable requirements related to information security

BA plan for the continual improvement of the information security management system

CA framework enabling concerns with the information security policy to be addressed

DA Statement of Applicability which defines the necessary controls to be implemented

Show Suggested Answer

Suggested Answer: A

Clause 5.2 (Information security policy) requires that the policy:

''includes information security objectives (or provides a framework for setting them)''

''includes a commitment to satisfy applicable requirements related to information security''

''includes a commitment to continual improvement of the ISMS.''

Among the listed options, the exact mandatory requirement is ''a commitment to satisfy applicable requirements related to information security''. Option B partially reflects Clause 5.2 (commitment to continual improvement), but the wording given in the standard prioritizes the satisfaction of applicable requirements (e.g., legal, regulatory, contractual). Option C is not a policy requirement. Option D (Statement of Applicability) is a separate mandatory document (Clause 6.1.3) and not part of the policy itself.

Thus, the correct answer is A.

by Thaddeus at Nov 02, 2025, 05:32 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Foundation Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Kirk

3 days ago

D seems like the most comprehensive answer. A Statement of Applicability that defines the necessary controls is a crucial part of an information security policy.

upvoted 0 times

...

Chaya

9 days ago

Hmm, I'm not sure about this one. I'll need to review my notes on the key elements of an information security policy.

upvoted 0 times

...

Rosendo

14 days ago

I think the answer is A. An information security policy should include a commitment to satisfy applicable requirements related to information security.

upvoted 0 times

...