U.S. Independence Day Deal! Unlock 25% OFF Today – Limited-Time Offer - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

CertiProf I27001F Exam - Topic 1 Question 12 Discussion

What is the purpose of management review in ISO/IEC 27001:2022?
C) To ensure the continuing suitability, adequacy, and effectiveness of the ISMS
A) To ensure that the information security policy matches all identified risks
B) To ensure that employees receive information about updates to information security policies
D) To ensure that the information security policy covers all controls indicated in ISO/IEC 27001

CertiProf I27001F Exam - Topic 1 Question 12 Discussion

Actual exam question for CertiProf's I27001F exam
Question #: 12
Topic #: 1
[All I27001F Questions]

What is the purpose of management review in ISO/IEC 27001:2022?

Show Suggested Answer Hide Answer
Suggested Answer: C

ISO/IEC 27001:2022 requires top management to review the organization's ISMS at planned intervals to ensure its continuing suitability, adequacy, and effectiveness. Management review is a formal requirement under performance evaluation and is intended to confirm that the ISMS continues to support the organization's objectives and strategic direction. It is broader than policy review alone and is not limited to communication or Annex A coverage. Therefore, option C is correct.

=======


Contribute your Thoughts:

0/2000 characters

Currently there are no comments in this discussion, be the first to comment!


Save Cancel