New Year Sale 2026! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions
Mail Us support@pass4success.com
Location US
Mob_nav_barsMENU

PECB ISO-IEC-27001-Lead-Implementer Exam - Topic 4 Question 61 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 61
Topic #: 4
[All ISO-IEC-27001-Lead-Implementer Questions]

HealthGenic is a pediatric clinic that monitors the health and growth of individuals from infancy to early adulthood using a web-based medical software. The software is also used to schedule appointments, create customized medical reports, store patients' data and medical history, and communicate with all the [^involved parties, including parents, other physicians, and the medical laboratory staff.

Last month, HealthGenic experienced a number of service interruptions due to the increased number of users accessing the software Another issue the company faced while using the software was the complicated user interface, which the untrained personnel found challenging to use.

The top management of HealthGenic immediately informed the company that had developed the software about the issue. The software company fixed the issue; however, in the process of doing so, it modified some files that comprised sensitive information related to HealthGenic's patients. The modifications that were made resulted in incomplete and incorrect medical reports and, more importantly, invaded the patients' privacy.

Which situation presented in scenario 8 is not in compliance with ISO/IEC 27001 requirements?

Show Suggested Answer Hide Answer
Suggested Answer: A

by Veronika at Jul 06, 2025, 02:37 PM

Limited Time Offer

25%

Off

Get Premium ISO-IEC-27001-Lead-Implementer Questions as Interactive Web-Based Practice Test or PDF

Contribute your Thoughts:

0/2000 characters
Submit Cancel
Laura
2 months ago
Two years for an audit? That seems too long!
upvoted 0 times
...
Xuan
2 months ago
Not sure if Emma's access is really the issue here.
upvoted 0 times
...
Regenia
3 months ago
Wait, they modified sensitive patient info? That’s wild!
upvoted 0 times
...
Odette
3 months ago
I agree, that’s not compliant with ISO standards.
upvoted 0 times
...
Kristeen
3 months ago
Sounds like a major privacy breach!
upvoted 0 times
...
Lynna
3 months ago
I think the main compliance issue here is about patient privacy being invaded. That seems like a clear violation of the standards we studied.
upvoted 0 times
...
Caprice
4 months ago
I feel like the user interface issue could relate to compliance, but I can't recall if it directly ties to ISO/IEC 27001. We had a practice question about user training, though.
upvoted 0 times
...
Onita
4 months ago
I'm not entirely sure, but I think the timing of the recodification audit could be a problem. Two years seems like a long time after implementing the ISMS.
upvoted 0 times
...
Jonell
4 months ago
I remember we discussed the importance of access controls in ISO/IEC 27001. I think Emma having access to all offices and documentation might be a compliance issue.
upvoted 0 times
...
Leslee
4 months ago
This is a tricky one, but I think I've got a good strategy. I'll start by identifying the key information security requirements from ISO/IEC 27001, then carefully match them up to the different issues described in the scenario. The modification of sensitive patient files seems like the most obvious violation, but I'll double-check the other options just to be sure.
upvoted 0 times
...
Wilson
4 months ago
Hmm, I'm a bit unsure about this one. The scenario covers a lot of different problems with the software and the company's management. I'll need to review the ISO/IEC 27001 requirements closely to determine which specific situation is not in compliance. I don't want to rush into an answer without being confident I've identified the right issue.
upvoted 0 times
...
Nikita
5 months ago
Okay, I think I've got this. The key issue here is the modification of sensitive patient files by the software company, which resulted in incomplete and incorrect medical reports and invaded patient privacy. That's clearly not in compliance with ISO/IEC 27001 requirements for information security. The other issues, like service interruptions and a complicated user interface, are more operational in nature.
upvoted 0 times
...
Mitsue
5 months ago
This question seems straightforward, but I want to make sure I understand the key details before answering. The scenario mentions issues with the software, including service interruptions and a complicated user interface. It also mentions that the software company modified sensitive patient files, leading to privacy concerns. I'll need to carefully analyze the ISO/IEC 27001 requirements to determine which of these situations is not in compliance.
upvoted 0 times
...
Willard
6 months ago
Haha, the 'untrained personnel' struggling with the complicated user interface is a classic scenario. But the privacy breach is definitely the big issue here. C is the answer.
upvoted 0 times
...
Raymon
6 months ago
Hmm, the software company really messed up by modifying sensitive files. I'm going with C as the non-compliant situation.
upvoted 0 times
Crista
5 months ago
I agree, modifying sensitive files is a big problem.
upvoted 0 times
...
...
Jamal
6 months ago
Whoa, that's a major breach of patient privacy! Option C has got to be the correct answer here.
upvoted 0 times
...
Anika
6 months ago
The privacy breach due to the software modifications seems like a clear violation of ISO/IEC 27001 requirements. I'd go with option C on this one.
upvoted 0 times
...
Timmy
7 months ago
True, both situations could pose risks to the security and confidentiality of the data.
upvoted 0 times
...
Reita
7 months ago
That could also be a potential compliance issue, as access should be restricted based on roles.
upvoted 0 times
...
Brock
7 months ago
But what about Emma having access to all offices and documentation?
upvoted 0 times
...
Timmy
8 months ago
I agree, patient privacy is a critical aspect that should be protected.
upvoted 0 times
...
Reita
8 months ago
I think the situation with the modified files is not in compliance with ISO/IEC 27001.
upvoted 0 times
...

Save Cancel