Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

APMG-International ISO-IEC-27001-Foundation Exam - Topic 2 Question 7 Discussion

Which item is required to be included in an information security policy?
A) A commitment to satisfy applicable requirements related to information security
B) A plan for the continual improvement of the information security management system
C) A framework enabling concerns with the information security policy to be addressed
D) A Statement of Applicability which defines the necessary controls to be implemented

APMG-International ISO-IEC-27001-Foundation Exam - Topic 2 Question 7 Discussion

Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam
Question #: 7
Topic #: 2
[All ISO-IEC-27001-Foundation Questions]

Which item is required to be included in an information security policy?

Show Suggested Answer Hide Answer
Suggested Answer: A

Clause 5.2 (Information security policy) requires that the policy:

''includes information security objectives (or provides a framework for setting them)''

''includes a commitment to satisfy applicable requirements related to information security''

''includes a commitment to continual improvement of the ISMS.''

Among the listed options, the exact mandatory requirement is ''a commitment to satisfy applicable requirements related to information security''. Option B partially reflects Clause 5.2 (commitment to continual improvement), but the wording given in the standard prioritizes the satisfaction of applicable requirements (e.g., legal, regulatory, contractual). Option C is not a policy requirement. Option D (Statement of Applicability) is a separate mandatory document (Clause 6.1.3) and not part of the policy itself.

Thus, the correct answer is A.


by Thaddeus at Nov 02, 2025, 05:32 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Foundation Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Stanton
2 months ago
C makes sense. It addresses concerns effectively.
upvoted 0 times
...
Joseph
2 months ago
B is important too. Continual improvement is key.
upvoted 0 times
...
Mignon
3 months ago
I prefer D. It clearly defines controls needed.
upvoted 0 times
...
Shawna
3 months ago
Honestly, I thought all of these were mandatory!
upvoted 0 times
...
Madalyn
3 months ago
I agree with A, but C is also super important for clarity.
upvoted 0 times
...
Aliza
4 months ago
Wait, are we sure B is required? Seems a bit vague.
upvoted 0 times
...
Britt
4 months ago
I think D is essential too. Can't skip the controls!
upvoted 0 times
...
Leigha
4 months ago
Definitely A! Commitment is key.
upvoted 0 times
...
Samira
4 months ago
Haha, this is like a security policy scavenger hunt! A) for the win!
upvoted 0 times
...
Jesusita
4 months ago
Hmm, I'm torn between A) and D). Decisions, decisions...
upvoted 0 times
...
Tambra
4 months ago
This question is a piece of cake! A) is the obvious choice.
upvoted 0 times
...
Fallon
5 months ago
D) A Statement of Applicability which defines the necessary controls to be implemented is the way to go.
upvoted 0 times
...
Karima
5 months ago
A) A commitment to satisfy applicable requirements related to information security is the correct answer.
upvoted 0 times
...
Daron
5 months ago
I thought addressing concerns in the policy was essential, so option C could be the right answer, but I need to double-check my notes.
upvoted 0 times
...
Gertude
5 months ago
I remember a practice question that emphasized the importance of continual improvement in security policies. It might be option B.
upvoted 0 times
...
Glen
6 months ago
I think A is crucial. Commitment shows seriousness.
upvoted 0 times
...
Lashon
6 months ago
I feel like the Statement of Applicability is important too, but I can't recall if it's a strict requirement for all policies.
upvoted 0 times
...
Sunshine
6 months ago
I think the commitment to satisfy applicable requirements is crucial, but I'm not entirely sure if that's the only thing needed in the policy.
upvoted 0 times
...
Lili
7 months ago
I'm leaning towards A, but I'll double-check the other options to make sure I'm not missing anything.
upvoted 0 times
...
Markus
7 months ago
B could also be a good answer. Continual improvement of the information security management system is important for keeping the policy up-to-date.
upvoted 0 times
...
Kirk
7 months ago
D seems like the most comprehensive answer. A Statement of Applicability that defines the necessary controls is a crucial part of an information security policy.
upvoted 0 times
...
Chaya
7 months ago
Hmm, I'm not sure about this one. I'll need to review my notes on the key elements of an information security policy.
upvoted 0 times
...
Rosendo
7 months ago
I think the answer is A. An information security policy should include a commitment to satisfy applicable requirements related to information security.
upvoted 0 times
Mee
2 months ago
All options are important, but A is a must-have!
upvoted 0 times
...
Scot
2 months ago
True, but A sets the foundation for everything else.
upvoted 0 times
...
Janessa
5 months ago
But what about D? The Statement of Applicability is crucial too.
upvoted 0 times
...
Isaiah
6 months ago
Definitely, without a commitment, it's just words.
upvoted 0 times
...
Mitzie
6 months ago
I agree, A seems essential for any policy.
upvoted 0 times
...
...

Save Cancel