An administration office is going to determine the dangers to which it is exposed.
What do we call a possible event that can have a disruptive effect on the reliability of information?

• A.dependency
• B.threat
• C.vulnerability
• D.risk

Comment: *

Name: *

Email: *

Verification: *

Who are allowed to access highly confidential files?

• A.Employees with a business need-to-know
• B.Contractors with a business need-to-know
• C.Employees with signed NDA have a business need-to-know
• D.Non-employees designated with approved access and have signed NDA

Comment: *

Name: *

Email: *

Verification: *

In the context of a third-party certification audit, confidentiality is an issue in an audit programme. Select two options which correctly state the function of confidentiality in an audit

• A.Auditors are forced by regulatory requirements to maintain confidentiality in an audit
• B.Observers in an audit team cannot access any confidential information
• C.Confidentiality is one of the principles of audit conduct
• D.Auditors should obtain the auditee's permission before using a camera or recording equipment
• E.Audit information can be used for improving personal competence by the auditor
• F.As an auditor is always accompanied by a guide, there is no risk to the auditee's sensitive information

Comment: *

Name: *

Email: *

Verification: *

Select the words that best complete the sentence:
"The purpose of maintaining regulatory compliance in a management system is to To complete the sentence with the best word(s), click on the blank section you want to complete so that it is highlighted in red, and then click on the applicable text from the options below. Alternatively, you may drag and drop the option to the appropriate blank section.

Correct Answer:

Explanation:

According to ISO 27001:2013, clause 5.2, the top management of an organization must establish, implement and maintain an information security policy that is appropriate to the purpose of the organization and provides a framework for setting information security objectives. The information security policy must also include a commitment to comply with the applicable legal, regulatory and contractual requirements, as well as any other requirements that the organization subscribes to. Therefore, maintaining regulatory compliance is part of fulfilling the management system policy and ensuring its effectiveness and suitability. References:
ISO/IEC 27001:2013, Information technology - Security techniques - Information security management systems - Requirements, clause 5.2 PECB Candidate Handbook ISO 27001 Lead Auditor, page 10 ISO 27001 Policy: How to write it according to ISO 27001

Comment: *

Name: *

Email: *

Verification: *

In the context of a management system audit, please identify the sequence of a typical process of collecting and verifying information. The first one has been done for you.

Correct Answer:

Explanation:
A screenshot of a computer Description automatically generated

* Identifying the source of information (already given)
* Gathering audit evidence: This involves collecting information from various sources such as documents, records, interviews, and observations.
* Sampling the available data: Due to the vast amount of information available, auditors typically use sampling techniques to select representative data for closer scrutiny.
* Verifying objective evidence: This involves checking the accuracy, completeness, and reliability of the collected evidence.
* Evaluating evidence against the audit criteria: Auditors compare the collected evidence to the established criteria (e.g., standards, policies, procedures) to assess compliance and effectiveness.
* Recording audit findings: This involves documenting the results of the evaluation, including observations, conclusions, and recommendations.
* Making audit conclusions: Based on the recorded findings, auditors formulate overall conclusions about the status of the management system.
Therefore, the correct sequence is:
1. Identifying the source of information 2. Gathering audit evidence 3. Sampling the available data 4.
Verifying objective evidence 5. Evaluating evidence against the audit criteria 6. Recording audit findings 7.
Making audit conclusions

Comment: *

Name: *

Email: *

Verification: *