Selected I27001F ISO 27000 Questions Answers

ISO/IEC 27001:2022 requires the information security policy to be available as documented information, communicated within the organization, and available to interested parties as appropriate. In practical terms, this means the policy must be communicated to relevant persons in the organization so they understand the direction and expectations related to information security. Among the options provided, the best and correct answer is D, because the policy is intended to be known broadly across the organization, not restricted to a single role or department.

Clause 4.3 of ISO/IEC 27001:2022 requires the organization to determine the boundaries and applicability of the ISMS. When determining the scope, the organization must consider the external and internal issues referred to in clause 4.1, the requirements referred to in clause 4.2, and interfaces and dependencies between activities performed by the organization and those performed by other organizations. Therefore, option D is the correct answer.

=======

The PDCA cycle stands for Plan, Do, Check, Act. It is a management model commonly associated with management systems, including the implementation and continual improvement of an ISMS. In the context of ISO/IEC 27001:2022, this logic supports planning the ISMS, implementing and operating it, monitoring and reviewing performance, and taking actions for continual improvement. Therefore, option B is correct.

=======

ISO/IEC 27001:2022 requires top management to demonstrate leadership and commitment by ensuring that the information security policy and information security objectives are established and are compatible with the strategic direction of the organization. Top management must also integrate ISMS requirements into the organization’s processes, ensure resources are available, support relevant roles, and promote continual improvement. The standard does not allow leadership accountability to be replaced by a consultant or a volunteer. Therefore, option A is correct.

=======