Exam ISO-IEC-27001-Lead-Auditor Topic 4 Question 140 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 140
Topic #: 4

Which one of the following options is the definition of an interested party?

A. A third party can appeal to an organisation when it perceives itself to be affected by a decision or activity B. A person or organisation that can affect, be affected by or perceive itself to be affected by a decision or activity C. A group or organisation that can interfere in or perceive itself to be interfered with by a management decision D. An individual or organisation that can control, be controlled by, or perceive itself to be controlled by a decision or activity

Suggested Answer: B Vote an answer

This is the definition of an interested party according to ISO 27001:2013, clause 3.16. An interested party is essentially a stakeholder, i.e., a person or organization that can influence or be influenced by the information security management system (ISMS) or its activities. Interested parties can have different needs and expectations regarding the ISMS, and these should be identified and addressed by the organization.
References:
* ISO/IEC 27001:2013, Information technology - Security techniques - Information security management systems - Requirements, clause 3.16
* PECB Candidate Handbook ISO 27001 Lead Auditor, page 10
* Identifying interested parties and their expectations for an ISO 27001 ISMS
* Examples of ISO 27001 interested parties

by Angela at Jan 15, 2025, 02:02 AM

Limited Time Offer

15%

Off

Get Premium ISO-IEC-27001-Lead-Auditor Questions as Interactive Self Test Engine or PDF

Comments

0 Happy Clients

0 Shares

0 Demo Downloads

10 Years in Business