APMG-International ISO-IEC-27001-Foundation Exam - Topic 3 Question 11 Discussion

Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam

Question #: 11
Topic #: 3

[All ISO-IEC-27001-Foundation Questions]

Identify the missing words in the following sentence.

The organization shall establish, implement, maintain and [ ? ] an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document.

Areport on

Bcontinually improve

Ccommunicate the importance of

Denforce standards for

Show Suggested Answer

Suggested Answer: B

Clause 4.4 of ISO/IEC 27001:2022 states:

''The organization shall establish, implement, maintain and continually improve an information security management system, including the processes needed and their interactions, in accordance with the requirements of this document.''

This requirement highlights that an ISMS is not static; it must evolve continuously to adapt to new risks, technologies, and business changes. Options A, C, and D are not mentioned in the clause. The continual improvement cycle is central to ISO standards, aligning with the Plan-Do-Check-Act (PDCA) model.

Thus, the missing words are ''continually improve.''

by Jolanda at Mar 06, 2026, 12:11 AM

Limited Time Offer

25%

1 month ago

I think the answer might be B) continually improve, since it aligns with the idea of ongoing management systems.

upvoted 0 times

...