Scribd Logo
Upload

Welcome to Scribd!

  • 01 - Participant Workbook - Ex 1 - UOI

    Uploaded by

    Shivaraj KM
    2 views2 pages

    Original Title

    01_Participant Workbook_Ex 1_UOI

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    2 views2 pages

    01 - Participant Workbook - Ex 1 - UOI

    Uploaded by

    Shivaraj KM

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as pdf or txt
    of 2

    ISMS Lead Auditor Course – Participant Handout

    Exercise 1: Understanding ISMS – True / False


    Purpose:
    The objective of this exercise is to assess understanding of Information security
    management system and requirements of ISO/IEC 27001:2022

    Duration:
    15 minutes to complete the exercise
    10 minutes classroom feedback discussion

    Reference:
    ISO/IEC 27001:2022
    ISO 27000:2018

    The quiz contains 12 statements related to ISO/IEC 27001:2022 & ISO 27000:2018
    Delegates must read statements carefully and decide whether statements are true or
    false. Answer should be indicated by a tick in the appropriate box.

    Issue: November 2022 ISMS Auditor/Lead Auditor Training Course 1 of 2


    ISMS Lead Auditor Course – Participant Handout

    STATEMENTS True False


    1 The organization shall document external and internal
    issues that are relevant to its purpose and that affect its
    ability to achieve the intended outcome(s) of its information
    security management system.
    2 The organization shall document that which of the needs of
    the interested parties are addressed through the ISMS.
    3 When determining this scope, the organization shall
    consider interfaces and dependencies between activities
    performed by the organization, and those that are
    performed by other organizations.
    4 The organization shall ensure that externally provided
    processes, products or services that are relevant to the
    information security management system are controlled.
    5 Top management shall ensure that the responsibilities and
    authorities for roles relevant to information security are
    assigned, documented and communicated.
    6 Information security objectives shall be monitored quarterly.

    7 Approval of the information security risk treatment plan and


    acceptance of the residual information security risks shall
    be obtained from the auditors.
    8 Statement of Applicability shall include status of
    implementation
    9 Responsibility for internal and external communication shall
    be documented
    10 The extent of documented information for an information
    security management system depends on the competence
    of persons
    11 The organization shall determine when the results from
    monitoring and measurement shall be analysed and
    evaluated.
    12 When nonconformity occurs, the organization shall deal
    with the consequences.

    Issue: November 2022 ISMS Auditor/Lead Auditor Training Course 2 of 2

    You might also like