CertiProf I27001F Exam - Topic 3 Question 7 Discussion

Actual exam question for CertiProf's I27001F exam

Question #: 7
Topic #: 3

[All I27001F Questions]

What is the purpose of management review in ISO/IEC 27001:2022?

ATo ensure that the information security policy matches all identified risks

BTo ensure that employees receive information about updates to information security policies

CTo ensure the continuing suitability, adequacy, and effectiveness of the ISMS

DTo ensure that the information security policy covers all controls indicated in ISO/IEC 27001

Show Suggested Answer

Suggested Answer: C

ISO/IEC 27001:2022 requires top management to review the organization's ISMS at planned intervals to ensure its continuing suitability, adequacy, and effectiveness. Management review is a formal requirement under performance evaluation and is intended to confirm that the ISMS continues to support the organization's objectives and strategic direction. It is broader than policy review alone and is not limited to communication or Annex A coverage. Therefore, option C is correct.

=======

by Kristin at Apr 09, 2026, 11:32 AM

Limited Time Offer

25%

Off

Get Premium I27001F Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

Submit Cancel

Shawn

3 days ago

I think the management review is mainly about ensuring the effectiveness of the ISMS, but I'm not entirely sure if that's the only purpose.

upvoted 0 times

...