Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

APMG-International ISO-IEC-27001-Foundation Exam - Topic 3 Question 11 Discussion

Identify the missing words in the following sentence.The organization shall establish, implement, maintain and [ ? ] an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document.
B) continually improve
A) report on
C) communicate the importance of
D) enforce standards for

APMG-International ISO-IEC-27001-Foundation Exam - Topic 3 Question 11 Discussion

Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam
Question #: 11
Topic #: 3
[All ISO-IEC-27001-Foundation Questions]

Identify the missing words in the following sentence.

The organization shall establish, implement, maintain and [ ? ] an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document.

Show Suggested Answer Hide Answer
Suggested Answer: B

Clause 4.4 of ISO/IEC 27001:2022 states:

''The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document.''

This requirement highlights that an ISMS is not static; it must evolve continuously to adapt to new risks, technologies, and business changes. Options A, C, and D are not mentioned in the clause. The continual improvement cycle is central to ISO standards, aligning with the Plan-Do-Check-Act (PDCA) model.

Thus, the missing words are ''continually improve.''


by Jolanda at Mar 06, 2026, 12:11 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Foundation Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Jose
22 days ago
I thought it could be A) report on, but B feels right.
upvoted 0 times
...
Phillip
27 days ago
Definitely agree with B! Makes the most sense.
upvoted 0 times
...
Juliana
1 month ago
I'm pretty sure it's B) continually improve.
upvoted 0 times
...
Chau
1 month ago
I thought it could be C) communicate the importance of, but now I'm not so sure.
upvoted 0 times
...
Lili
1 month ago
Wait, why would you need to enforce standards? Isn't that part of the system already?
upvoted 0 times
...
Zita
2 months ago
A) report on seems off to me.
upvoted 0 times
...
Ressie
2 months ago
Definitely agree with B! Makes the most sense.
upvoted 0 times
...
Dacia
2 months ago
I'm pretty sure it's B) continually improve.
upvoted 0 times
...
Clarence
2 months ago
I was leaning towards B) continually improve too, but I wonder if C) communicate the importance of could also be relevant in some contexts.
upvoted 0 times
...
Glen
2 months ago
I feel like A) report on could fit, but it doesn't really capture the proactive nature of managing a system.
upvoted 0 times
...
Giovanna
2 months ago
I'm not entirely sure, but I remember a similar question where we discussed the importance of maintaining and improving systems.
upvoted 0 times
...
Salome
3 months ago
I think the answer might be B) continually improve, since it aligns with the idea of ongoing management systems.
upvoted 0 times
...

Save Cancel