Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

APMG-International ISO-IEC-27001-Foundation Exam - Topic 5 Question 1 Discussion

Which action is an organization required to take to ensure that personnel are competent to perform their assigned tasks within the ISMS?
D) Hold up-to-date records on training, skills, experience and qualifications
A) Identify products which could be used in the organization to improve ISMS performance and effectiveness
B) Ensure all personnel are trained to ISO/IEC 27001 Foundation level
C) Ensure that the controls for compliance with legal and contractual requirements are implemented

APMG-International ISO-IEC-27001-Foundation Exam - Topic 5 Question 1 Discussion

Actual exam question for APMG-International's ISO-IEC-27001-Foundation exam
Question #: 1
Topic #: 5
[All ISO-IEC-27001-Foundation Questions]

Which action is an organization required to take to ensure that personnel are competent to perform their assigned tasks within the ISMS?

Show Suggested Answer Hide Answer
Suggested Answer: D

Clause 7.2 (Competence) requires the organization to:

''determine the necessary competence of person(s) doing work under its control that affects its information security performance;''

''ensure that these persons are competent on the basis of appropriate education, training, or experience;''

''retain appropriate documented information as evidence of competence.''

This makes holding up-to-date records on training, skills, experience, and qualifications (D) the correct answer. Option A is irrelevant to competence. Option B is incorrect since ISO does not require Foundation-level training --- competence is context-based. Option C is related to compliance but does not ensure individual competence.

Thus, the verified correct answer is D.


by Walker at Oct 02, 2025, 07:44 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Foundation Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Kati
5 months ago
Totally agree with D, you can't manage what you don't measure!
upvoted 0 times
...
Joaquin
5 months ago
Wait, are we really required to train everyone to that level? Seems excessive.
upvoted 0 times
...
Toi
6 months ago
Definitely D, keeping records is crucial!
upvoted 0 times
...
Mohammad
6 months ago
I think B is important too, but not the only factor.
upvoted 0 times
...
Darrin
6 months ago
A is interesting, but it doesn't directly address personnel competence.
upvoted 0 times
...
Leatha
6 months ago
I feel like A is a bit off-topic, but I can’t recall if it’s actually relevant to personnel competence.
upvoted 0 times
...
Kristel
7 months ago
I’m torn between C and D. I know compliance is crucial, but keeping records seems more directly related to ensuring competence.
upvoted 0 times
...
Nikita
7 months ago
I remember a practice question that emphasized the importance of training, so I’m leaning towards B, but it feels too simplistic.
upvoted 0 times
...
Chaya
7 months ago
I think the answer might be D, but I'm not entirely sure if just having records is enough to ensure competence.
upvoted 0 times
...
Stephen
7 months ago
Ah, I see what they're getting at now. It's not about improving the ISMS or ensuring compliance, but specifically about demonstrating personnel competence. Option D covers that requirement nicely.
upvoted 0 times
...
Katheryn
7 months ago
This is straightforward - the organization needs to maintain up-to-date records on the training, skills, experience, and qualifications of its personnel to ensure they are competent. Option D is the clear answer.
upvoted 0 times
...
Miles
8 months ago
I'm a bit confused on this one. Are we looking for general ISMS improvement, compliance, or specific personnel competence requirements? I'll need to re-read the question carefully.
upvoted 0 times
...
Natalya
8 months ago
Okay, I think I've got this. The key is ensuring personnel have the necessary training, skills, and qualifications to perform their assigned ISMS tasks. Option D looks like the best choice here.
upvoted 0 times
...
Malissa
8 months ago
Hmm, this seems like a tricky one. I'll need to carefully review the options and think through the requirements for personnel competence in an ISMS.
upvoted 0 times
...

Save Cancel