Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

CertiProf I27001F Exam - Topic 1 Question 1 Discussion

Which of the following options should be included in the ISMS policy?
C) The information security objectives
A) The name of the intrusion detection system
B) The company history and the motivation for implementing the ISMS
D) The results of previous audits

CertiProf I27001F Exam - Topic 1 Question 1 Discussion

Actual exam question for CertiProf's I27001F exam
Question #: 1
Topic #: 1
[All I27001F Questions]

Which of the following options should be included in the ISMS policy?

Show Suggested Answer Hide Answer
Suggested Answer: C

Under ISO/IEC 27001:2022, the information security policy must be appropriate to the purpose of the organization, include information security objectives or provide the framework for setting them, and include a commitment to satisfy applicable requirements and to continual improvement of the ISMS. The standard does not require technical product names, company history, or prior audit results to appear in the policy. Therefore, option C is the best and correct answer.

=======


by Marylyn at Apr 01, 2026, 01:49 AM

Limited Time Offer

25%

Off

Get Premium I27001F Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Dorcas
1 month ago
A) is not really necessary, right?
upvoted 0 times
...
Crista
1 month ago
Definitely need the info security objectives!
upvoted 0 times
...
Kasandra
2 months ago
I practiced a similar question, and I remember that the ISMS policy should focus on objectives and frameworks, so C seems like the best choice to me.
upvoted 0 times
...
Kathryn
2 months ago
I feel like option D could be relevant too, especially if it helps show how the ISMS has evolved, but I can't recall if it's a must-have.
upvoted 0 times
...
Fannie
2 months ago
I'm not sure about option B; I remember something about including motivation, but does it really belong in the policy itself?
upvoted 0 times
...
Nicolette
2 months ago
I think option C is definitely important because the information security objectives guide the whole ISMS policy, right?
upvoted 0 times
...

Save Cancel