ISO 27001 ISMS Requirements

Questions and Answers

What is the primary purpose of the Statement of Applicability?

• To list the controls selected to mitigate risk and explain their implementation (correct)
• To organize and review ISMS documentation
• To outline the organization's business objectives and risks associated with them
• To document evidence of security awareness training for personnel

What type of documentation is included in ISMS Resources?

• Only meeting minutes and communications from senior management
• Only audit reviews, incident reports, and remediation plans
• All of the above, including strategy, planning, and budgeting documents (correct)
• Only security awareness training materials and certificates

What is the importance of retaining documented information in ISO 27001?

• To improve the ISMS documentation
• To evidence competence in maintaining the ISMS (correct)
• To show the effectiveness of the ISMS
• To demonstrate compliance with the standard

What is the purpose of the Information Security Objectives and Plans?

To document the organization's information security objectives and plans (C)

What is included in the Employee Security Awareness and Training documentation?

All of the above, including posters, presentations, and attendance records (C)

What is the purpose of the General documentation?

To organize and review ISMS documentation (B)

What is the purpose of the Communication documentation?

To document any processes or policies made around what needs to be communicated, when, and to whom (A)

What is the primary purpose of the Risk Assessment and Treatment?

To identify and assess risks associated with the organization's information assets (D)

What is the purpose of the Information Security Policy?

To outline the organization's approach to managing information security (C)

What is the primary purpose of the Competence documentation?

To evidence competence in maintaining the ISMS (A)

Flashcards are hidden until you start studying