New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27001-Lead-Auditor Exam - Topic 1 Question 49 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 49
Topic #: 1
[All ISO-IEC-27001-Lead-Auditor Questions]

As an auditor, you have noticed that ABC Inc. has established a procedure to manage the removable storage medi

a. The procedure is based on the classification scheme adopted by ABC Inc. Thus, if the information stored is classified as "confidential," the procedure applies. On the other hand, the information that is classified as "public," does not have confidentiality requirements: thus, only a procedure for ensuring its integrity and availability applies. What type of audit finding is this?

Show Suggested Answer Hide Answer
Suggested Answer: C

This scenario represents a conformity because ABC Inc. has implemented procedures for managing removable storage media that align with the classification scheme of the information stored. When information is classified as 'confidential,' more stringent procedures apply, whereas for 'public' information, the procedures focus only on integrity and availability, following the organization's defined information classification policy.


by Tyisha at Sep 18, 2024, 02:04 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Auditor Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Junita
3 months ago
This seems off, I doubt that’s the right classification approach.
upvoted 0 times
...
Colette
3 months ago
Totally agree, it should be a nonconformity!
upvoted 0 times
...
Angelica
3 months ago
Wait, are they really classifying public info like that?
upvoted 0 times
...
Shalon
4 months ago
I think it's more of an anomaly.
upvoted 0 times
...
Brandon
4 months ago
Sounds like a nonconformity to me.
upvoted 0 times
...
Rosenda
4 months ago
I practiced a question similar to this, and I think it was about nonconformities too. If the procedure doesn't cover all data types properly, it could definitely be a nonconformity.
upvoted 0 times
...
Mammie
4 months ago
I feel like this is a conformity issue because they have procedures in place, but I guess it depends on whether those procedures are adequate for all classifications.
upvoted 0 times
...
Raina
4 months ago
I'm not entirely sure, but I think an anomaly might be when something unusual occurs, and this seems more like a standard procedure issue.
upvoted 0 times
...
Blondell
5 months ago
I remember discussing how a nonconformity indicates a failure to meet established requirements, so I think this might be a nonconformity since the procedure doesn't apply uniformly.
upvoted 0 times
...
Mirta
5 months ago
I'm pretty confident this is a nonconformity. The company has established a specific procedure for confidential information, but not for public information, which doesn't align with their own classification scheme. I'll make sure to explain that clearly in my answer.
upvoted 0 times
...
Lemuel
5 months ago
Okay, I think I've got this. The key is that the company has a defined procedure for managing confidential information, but not for public information. So the audit finding would be a nonconformity, since the procedure is not being applied consistently.
upvoted 0 times
...
Telma
5 months ago
Hmm, I'm a bit confused by the wording here. Is the issue that the company has different procedures for confidential vs. public information? I'll need to think through the implications of that to figure out the right audit finding.
upvoted 0 times
...
Selene
5 months ago
This seems like a straightforward question about audit findings. I'll need to carefully review the details about the company's classification scheme and procedures to determine the appropriate audit finding.
upvoted 0 times
...
Carmen
5 months ago
Hmm, I'm not sure if that's the best approach. Wouldn't it be better to just ask the customer's age directly and then use that to determine the age group? That way we don't have to worry about the synonyms and can be more accurate.
upvoted 0 times
...
Jamika
1 year ago
I believe it could also be considered a nonconformity finding, as there may be a lack of confidentiality requirements for certain information.
upvoted 0 times
...
Sage
1 year ago
What kind of company has 'public' information that doesn't need to be managed? Sounds like they're asking for trouble. I'd go with nonconformity on this one.
upvoted 0 times
...
Carlene
1 year ago
Hmm, I'm not so sure. If the company doesn't have any requirements for public information, then maybe this is just an anomaly rather than a nonconformity. It depends on the specific policies and procedures.
upvoted 0 times
...
Lawanda
1 year ago
I agree with Bulah, it seems to be a conformity finding based on the procedure matching the classification scheme.
upvoted 0 times
...
Mozell
1 year ago
I agree, this is definitely a nonconformity. The company's own classification scheme is not being consistently applied, which is a control issue.
upvoted 0 times
Ressie
1 year ago
Anomaly
upvoted 0 times
...
Tamekia
1 year ago
Nonconformity
upvoted 0 times
...
Cecily
1 year ago
The company's own classification scheme is not being consistently applied, which is a control issue.
upvoted 0 times
...
Lashawna
1 year ago
I agree, this is definitely a nonconformity.
upvoted 0 times
...
...
Murray
1 year ago
This seems like a clear case of a nonconformity. The company has established a procedure for managing confidential information, but it doesn't apply to public information. That's a gap in their policy.
upvoted 0 times
Zena
1 year ago
Makeda: They should address this gap in their policy to ensure compliance.
upvoted 0 times
...
Kathrine
1 year ago
B) Anomaly
upvoted 0 times
...
Peggie
1 year ago
It's important for them to have consistent procedures in place.
upvoted 0 times
...
Makeda
1 year ago
I agree, they need to ensure all information is managed properly.
upvoted 0 times
...
Kirk
1 year ago
I agree, it definitely seems like a nonconformity. They need to ensure their procedure covers all types of information.
upvoted 0 times
...
Leanna
1 year ago
A) Nonconformity
upvoted 0 times
...
Cassi
1 year ago
This is definitely a nonconformity.
upvoted 0 times
...
...
Bulah
1 year ago
I think this is a conformity finding.
upvoted 0 times
...

Save Cancel