ISO 27001 ISMS Requirements

Questions and Answers

What is the primary purpose of the Statement of Applicability?

To list the controls selected to mitigate risk and explain their implementation (correct)

To organize and review ISMS documentation

To outline the organization's business objectives and risks associated with them

To document evidence of security awareness training for personnel

What type of documentation is included in ISMS Resources?

Only meeting minutes and communications from senior management

Only audit reviews, incident reports, and remediation plans

All of the above, including strategy, planning, and budgeting documents (correct)

Only security awareness training materials and certificates

What is the importance of retaining documented information in ISO 27001?

To improve the ISMS documentation

To evidence competence in maintaining the ISMS (correct)

To show the effectiveness of the ISMS

To demonstrate compliance with the standard

What is the purpose of the Information Security Objectives and Plans?

To document the organization's information security objectives and plans

What is included in the Employee Security Awareness and Training documentation?

All of the above, including posters, presentations, and attendance records

What is the purpose of the General documentation?

To organize and review ISMS documentation

What is the purpose of the Communication documentation?

To document any processes or policies made around what needs to be communicated, when, and to whom

What is the primary purpose of the Risk Assessment and Treatment?

To identify and assess risks associated with the organization's information assets

What is the purpose of the Information Security Policy?

To outline the organization's approach to managing information security

What is the primary purpose of the Competence documentation?

To evidence competence in maintaining the ISMS