New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27001-Lead-Auditor Exam - Topic 2 Question 30 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 30
Topic #: 2
[All ISO-IEC-27001-Lead-Auditor Questions]

During a third-party certification audit you are presented with a list of issues by an auditee. Which four of the following constitute 'external' issues in the context of a management system to ISO/IEC 27001:2022?

Show Suggested Answer Hide Answer
Suggested Answer: A, B, E, F

According to ISO/IEC 27001:2022, which specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS), clause 4.1 requires an organization to determine external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcomes of its ISMS2.External issues are those that originate from outside the organization, such as legal, regulatory, cultural, social, political, economic, natural and competitive factors2.Internal issues are those that originate from within the organization, such as governance, structure, roles and responsibilities, policies, objectives, culture, capabilities, resources and information systems2.Therefore, based on this definition, four examples of external issues in the context of a management system to ISO/IEC 27001:2022 are a rise in interest rates in response to high inflation (which affects the economic environment of the organization), a reduction in grants as a result of a change in government policy (which affects the political and legal environment of the organization), higher labour costs as a result of an aging population (which affects the social and demographic environment of the organization), and inability to source raw materials due to government sanctions (which affects the trade and supply environment of the organization)2. The other options are examples of internal issues, as they originate from within the organization or its activities.For example, poor levels of staff competence as a result of cuts in training expenditure (which affects the capabilities and resources of the organization), increased absenteeism as a result of poor management (which affects the culture and performance of the organization), poor morale as a result of staff holidays being reduced (which affects the motivation and satisfaction of the organization's personnel), and a fall in productivity linked to outdated production equipment (which affects the efficiency and quality of the organization's processes)2.Reference:ISO/IEC 27001:2022 - Information technology -- Security techniques -- Information security management systems -- Requirements


by Gail at Mar 07, 2024, 08:49 AM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Auditor Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Annamae
3 months ago
F is a clear external issue, sanctions impact sourcing for sure.
upvoted 0 times
...
Roosevelt
3 months ago
Surprised that E is considered external, isn't that more about demographics?
upvoted 0 times
...
Jennifer
3 months ago
C and D seem more internal to me, not external.
upvoted 0 times
...
Ressie
4 months ago
I think B is also external, government policies affect everyone.
upvoted 0 times
...
Donte
4 months ago
A rise in interest rates is definitely an external issue.
upvoted 0 times
...
Aretha
4 months ago
I’m leaning towards A, B, and F for sure, but I’m not confident about the fourth one. Maybe E?
upvoted 0 times
...
Nana
4 months ago
I feel like C and D might be internal issues, but I could be wrong. I think F definitely qualifies as external.
upvoted 0 times
...
Delfina
4 months ago
I remember we discussed how government policies can impact funding, so B seems like a solid pick. But I'm not sure about the others.
upvoted 0 times
...
Michel
5 months ago
I think external issues are factors outside the organization, so maybe A, B, F, and E could be the right choices?
upvoted 0 times
...
Nicolette
5 months ago
Okay, let's see here. I think A, B, E, and F are the external issues based on the context provided. I'll double-check my work before submitting.
upvoted 0 times
...
Devora
5 months ago
Hmm, I'm a bit unsure about some of these options. I'll need to carefully review the definitions of external issues to make sure I select the right four.
upvoted 0 times
...
Paz
5 months ago
This question seems straightforward, I'll focus on identifying the external issues as defined in the ISO/IEC 27001:2022 standard.
upvoted 0 times
...
Sheron
5 months ago
This is a good test of my understanding of the ISO/IEC 27001:2022 requirements. I'll methodically go through each option and determine which ones meet the criteria for external issues.
upvoted 0 times
...
Walton
5 months ago
This looks like a tricky access control question. I'll need to carefully consider the permissions granted and denied to Mary and Library Sales2.
upvoted 0 times
...
Launa
5 months ago
I think I know the answer to this one. The key is understanding how the Java XOM and BOM are related, and what kinds of changes can impact the BOM.
upvoted 0 times
...
Yolande
2 years ago
That's a good point, Moon. Poor management could be considered an external factor influencing absenteeism.
upvoted 0 times
...
Moon
2 years ago
But what about D? Increased absenteeism might also be considered an external issue if it's due to poor management practices.
upvoted 0 times
...
Stevie
2 years ago
I agree with Yolande. Those issues are definitely external and can impact the management system.
upvoted 0 times
...
Yolande
2 years ago
I think B, F, G, and H are external issues because they are influenced by factors outside the organization's control.
upvoted 0 times
...

Save Cancel