New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27001-Lead-Auditor Exam - Topic 5 Question 31 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 31
Topic #: 5
[All ISO-IEC-27001-Lead-Auditor Questions]

You are an ISMS auditor conducting a third-party surveillance audit of a telecom's provider. You are in the equipment staging room where network switches are pre-programmed before being despatched to clients. You note that recently there has been a significant increase in the number of switches failing their initial configuration test and being returned for reprogramming.

You ask the Chief Tester why and she says, 'It's a result of the recent ISMS upgrade'. Before the upgrade each technician had their own hard copy work instructions. Now, the eight members of my team have to share two laptops to access the clients' configuration instructions online. These delays put pressure on the technicians, resulting in more mistakes being made'.

Based solely on the information above, which clause of ISO to raise a nonconformity against' Select one.

Show Suggested Answer Hide Answer
Suggested Answer: B

According to ISO/IEC 27001:2022, which specifies the requirements for establishing, implementing, maintaining and continually improving an information security management system (ISMS), clause 8.1 requires an organization to plan, implement and control its processes needed to meet ISMS requirements2.This includes determining what needs to be done, how it will be done, who will do it, when it will be done, what resources are required, how performance will be evaluated, etc2. Therefore, if an ISMS auditor conducting a third-party surveillance audit of a telecom's provider notes that there has been a significant increase in the number of switches failing their initial configuration test and being returned for reprogramming due to a recent ISMS upgrade that reduced access to work instructions, this indicates a nonconformity against clause 8.1 of ISO/IEC 27001:2022.The organization has failed to plan and control its operational processes effectively to ensure information security and quality2. The other options are not correct clauses to raise a nonconformity against based solely on this information.For example, clause 7.5 deals with documented information required by ISMS or determined by an organization as necessary for its effectiveness2, but it does not specify how many copies or formats of work instructions should be available; clause 10.2 deals with nonconformity and corrective action as a response to an identified problem or incident2, but it does not address how to prevent or avoid such problems or incidents in operational processes; clause 7.3 deals with awareness of ISMS policy, objectives, roles and responsibilities among persons doing work under an organization's control2, but it does not relate to how work instructions are accessed or followed; clause 7.2 deals with competence of persons doing work under an organization's control that affects its ISMS performance2, but it does not imply that lack of competence is caused by insufficient work instructions; clause 7.4 deals with communication about ISMS among internal and external interested parties2, but it does not cover how operational information is communicated within an organization.Reference:ISO/IEC 27001:2022 - Information technology -- Security techniques -- Information security management systems -- Requirements


by Annabelle at Mar 16, 2024, 03:30 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Auditor Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Tabetha
3 months ago
Clause 8.1 seems like the right call for this situation.
upvoted 0 times
...
Charlene
3 months ago
Wait, is the ISMS upgrade really the main issue here?
upvoted 0 times
...
Millie
3 months ago
I think it's more about the lack of proper documentation.
upvoted 0 times
...
Ilene
4 months ago
Totally agree, sharing laptops is a recipe for mistakes!
upvoted 0 times
...
Rosann
4 months ago
Sounds like a classic case of poor resource allocation.
upvoted 0 times
...
Natalya
4 months ago
I'm leaning towards Clause 7.5 since the documented instructions are now harder to access, but I could see how it might also relate to awareness in Clause 7.3.
upvoted 0 times
...
Myra
4 months ago
I practiced a similar question, and I think the lack of individual access to instructions could point to a competence issue, so maybe Clause 7.2?
upvoted 0 times
...
Roslyn
4 months ago
This situation seems to relate more to operational planning and control, so I think Clause 8.1 might be the right choice.
upvoted 0 times
...
Arlene
5 months ago
I remember that Clause 7.5 is about documented information, but I'm not sure if that's the main issue here.
upvoted 0 times
...
Rodney
5 months ago
Hmm, I'm torn between Clause 7.2 - Competence and Clause 10.2 - Nonconformity and corrective action. The issue could be that the technicians don't have the necessary competence to handle the new online instructions, or it could be that the organization needs to take corrective action to address the nonconformities caused by the ISMS upgrade.
upvoted 0 times
...
Sherron
5 months ago
I'm pretty confident that the correct answer is Clause 7.3 - Awareness. The technicians appear to be unaware of the changes in the ISMS, which is leading to the increased mistakes. Improving their awareness of the new processes could help address the problem.
upvoted 0 times
...
Karol
5 months ago
Based on the information provided, I'd say the best answer is Clause 7.4 - Communication. The problem seems to be that the technicians are facing delays and pressure due to the change in how they access the configuration instructions, which could be a communication issue.
upvoted 0 times
...
Veda
5 months ago
I'm a bit confused here. The question mentions an ISMS upgrade, so I'm wondering if the issue could also be related to Clause 8.1 - Operational planning and control, since the upgrade may have impacted the organization's processes.
upvoted 0 times
...
Eliz
5 months ago
Hmm, this seems like a tricky one. I'm thinking it might be Clause 7.5 - Documented information, since the issue seems to be related to the technicians not having easy access to the necessary configuration instructions.
upvoted 0 times
...
Shizue
5 months ago
Hmm, I'm a bit unsure about this one. I know risk is related to consequence and likelihood, but I can't remember the exact formula. I'll have to think this through carefully.
upvoted 0 times
...
Ernestine
5 months ago
Hmm, this is a tricky one. I think the key is to focus on list hygiene - maybe sending different messaging to inactive subscribers or removing those who haven't engaged in a while.
upvoted 0 times
...
Gayla
2 years ago
I think Clause 7.4 - Communication could also be a factor here. If the team members are not able to communicate effectively and share resources, it can lead to delays and mistakes.
upvoted 0 times
...
Graciela
2 years ago
That's a valid point, Coletta. Competence is definitely essential in preventing errors during configuration.
upvoted 0 times
...
Coletta
2 years ago
I disagree, I believe the nonconformity should be raised against Clause 7.2 - Competence. If technicians are not properly equipped or trained, mistakes are bound to happen.
upvoted 0 times
...
Junita
2 years ago
I agree with you, Graciela. The issue seems to stem from the lack of proper operational planning and control.
upvoted 0 times
...
Graciela
2 years ago
I think the right clause to raise a nonconformity against is Clause 8.1 - Operational planning and control.
upvoted 0 times
...
Herminia
2 years ago
That's a good point, Emma. Maybe we need to consider Clause 7.2 as well
upvoted 0 times
...
Hershel
2 years ago
But could it also be related to Clause 7.2 - Competence? If technicians don't have the right resources, it could impact their competence
upvoted 0 times
...
Lillian
2 years ago
I agree with Sara, the issue seems to stem from operational planning and control
upvoted 0 times
...
Herminia
2 years ago
I think we should raise a nonconformity against Clause 8.1 - Operational planning and control
upvoted 0 times
...

Save Cancel