ISO-IEC-27001-Lead-Auditor 試験問題を無料オンラインアクセス

You are an ISMS audit team leader preparing to chair a closing meeting following a third-party surveillance audit. You are drafting a closing meeting agenda setting out the topics you wish to discuss with your auditee.
Which one of the following would be appropriate for inclusion?

• A.A disclaimer that the result of the audit is based on the sampling of evidence
• B.An explanation of the audit plan and its purpose
• C.A detailed explanation of the certification body's complaints process
• D.Names of auditees associated with nonconformities

You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit plan is to verify the information security of the business continuity management process. During the audit, you learned that the organisation activated one of the business continuity plans (BCPs) to make sure the nursing service continued during the recent pandemic. You ask the Service Manager to explain how the organization manages information security during the business continuity management process.
The Service Manager presented the nursing service continuity plan for a pandemic and summarised the process as follows:
Stop the admission of any NEW residents.
70% of administration staff and 30% of medical staff will work from home.
Regular staff self-testing, including submitting a negative test report 1 day BEFORE they come to the office.
Install ABC's healthcare mobile app, tracking their footprint and presenting a GREEN Health Status QR-Code for checking on the spot.
You ask the Service Manager how to prevent non-relevant family members or interested parties from accessing residents' personal data when staff work from home. The Service Manager cannot answer and suggests the IT Security Manager should help with that.
You would like to further investigate other areas to collect more audit evidence. Select three options that will not be in your audit trail.

• A.Collect more evidence on how the organisation makes sure all staff periodically conduct a positive Covid test (Relevant to control A.7.2)
• B.Collect more evidence on how the organisation performs a business risk assessment to evaluate how fast the existing residents can be discharged from the nursing home. (Relevant to clause 6)
• C.Collect more evidence on what resources the organisation provides to support the staff working from home. (Relevant to clause 7.1)
• D.Collect more evidence on how the organisation manages information security on mobile devices and during teleworking (Relevant to control A.6.7)
• E.Collect more evidence on how information security protocols are maintained during disruption (relevant to control A.5.29)
• F.Collect more evidence that staff only use IT equipment protected from malware when working from home (relevant to control A.8.7)
• G.Collect more evidence on how and when the Business Continuity Plan has been tested. (Relevant to control A.5.29)
• H.Collect more evidence by interviewing additional staff to ensure they are aware of the need to sometimes work from home (Relevant to clause 7.3)

Select the words that best complete the sentence:
"The purpose of maintaining regulatory compliance in a management system is to To complete the sentence with the best word(s), click on the blank section you want to complete so that it is highlighted in red, and then click on the applicable text from the options below. Alternatively, you may drag and drop the option to the appropriate blank section.

正解：

You are performing an ISO 27001 ISMS surveillance audit at a residential nursing home, ABC Healthcare Services. ABC uses a healthcare mobile app designed and maintained by a supplier, WeCare, to monitor residents' well-being. During the audit, you learn that 90% of the residents' family members regularly receive medical device advertisements from WeCare, by email and SMS once a week. The service agreement between ABC and WeCare prohibits the supplier from using residents' personal dat a. ABC has received many complaints from residents and their family members.
The Service Manager says that the complaints were investigated as an information security incident which found that they were justified.
Corrective actions have been planned and implemented according to the nonconformity and corrective action management procedure.
You write a nonconformity "ABC failed to comply with information security control A.5.34 (Privacy and protection of PII) relating to the personal data of residents' and their family members. A supplier, WeCare, used residents' personal information to send advertisements to family members." Select three options of the corrections and corrective actions listed that you would expect ABC to make in response to the nonconformity.

• A.ABC discontinues the use of the ABC Healthcare mobile app.
• B.ABC periodically monitors compliance with all applicable legislation and contractual requirements involving third parties.
• C.ABC confirms that information security control A.5.34 is contained in the Statement of Applicability (SoA).
• D.ABC asks an ISMS consultant to test the ABC Healthcare mobile app for protection against cyber-crime.
• E.ABC introduces background checks on information security performance for all suppliers.
• F.ABC cancels the service agreement with WeCare.
• G.ABC takes legal action against WeCare for breach of contract.
• H.ABC trains all staff on the importance of maintaining information security protocols.

According to ISO/IEC 27001, Clause 5.1 (Leadership and Commitment), which of the following is NOT a responsibility of top management?

• A.Ensuring the availability of resources for the ISMS and promoting continual improvement
• B.Directing and supporting persons to contribute to the effectiveness of the ISMS
• C.Conducting regular internal audits to assess the effectiveness of the ISMS