Exam ISO-IEC-27001-Lead-Auditor Topic 4 Question 181 Discussion
Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 181
Topic #: 4
Question #: 181
Topic #: 4
You are an experienced ISMS audit team leader guiding an auditor in training. You decide to test her knowledge of follow-up audits by asking her a series of questions. Here are your questions and her answers.
Which four of your questions has she answered correctly?
Which four of your questions has she answered correctly?
Suggested Answer: A,B,D,H Vote an answer
Explanation
The four questions that she answered correctly are:
* Q: Should a follow-up audit seek to identify new nonconformities? A: YES
* Q: Should follow-up audits seek to ensure nonconformities have been effectively addressed? A: YES
* Q: Is the purpose of a follow-up audit to verify the completion of corrections, corrective actions, and opportunities for improvement? A: YES
* Q: Could an outcome from a follow-up audit be another follow-up
* A follow-up audit is an audit that is conducted after a previous audit to verify the implementation and effectiveness of the corrective actions and/or opportunities for improvement that were agreed upon as a result of the previous audit12. Therefore, a follow-up audit should seek to identify new nonconformities that may have arisen since the previous audit, as well as to ensure that the existing nonconformities have been effectively addressed.
* A follow-up audit should also consider the agreed opportunities for improvement as well as the corrective actions, because both are intended to enhance the performance and conformity of the ISMS12. However, the follow-up audit should not treat the opportunities for improvement as mandatory requirements, but rather as suggestions that may or may not have been implemented by the auditee3.
* The purpose of a follow-up audit is to verify the completion and effectiveness of the corrections, corrective actions, and opportunities for improvement that were agreed upon as a result of the previous audit12. A correction is the action taken to eliminate a detected nonconformity, while a corrective action is the action taken to eliminate the cause of a nonconformity and to prevent its recurrence4. An opportunity for improvement is a potential improvement that is identified during an audit, but is not a nonconformity3.
* An outcome from a follow-up audit could be another follow-up audit if required, depending on the nature and severity of the nonconformities and the effectiveness of the corrective actions12. For example, if the follow-up audit reveals that the nonconformities have not been adequately addressed, or that new nonconformities have emerged, then another follow-up audit may be necessary to ensure that the ISMS is compliant and effective.
References:
1: PECB Candidate Handbook - ISO 27001 Lead Auditor, page 25 2: ISO 19011:2018 - Guidelines for auditing management systems, clause 6.7 3: ISO 27007:2017 - Guidelines for information security management systems auditing, clause 7.5.3 4: ISO 27000:2018 - Information technology - Security techniques - Information security management systems - Overview and vocabulary, clause 3.9 and 3.10
The four questions that she answered correctly are:
* Q: Should a follow-up audit seek to identify new nonconformities? A: YES
* Q: Should follow-up audits seek to ensure nonconformities have been effectively addressed? A: YES
* Q: Is the purpose of a follow-up audit to verify the completion of corrections, corrective actions, and opportunities for improvement? A: YES
* Q: Could an outcome from a follow-up audit be another follow-up
* A follow-up audit is an audit that is conducted after a previous audit to verify the implementation and effectiveness of the corrective actions and/or opportunities for improvement that were agreed upon as a result of the previous audit12. Therefore, a follow-up audit should seek to identify new nonconformities that may have arisen since the previous audit, as well as to ensure that the existing nonconformities have been effectively addressed.
* A follow-up audit should also consider the agreed opportunities for improvement as well as the corrective actions, because both are intended to enhance the performance and conformity of the ISMS12. However, the follow-up audit should not treat the opportunities for improvement as mandatory requirements, but rather as suggestions that may or may not have been implemented by the auditee3.
* The purpose of a follow-up audit is to verify the completion and effectiveness of the corrections, corrective actions, and opportunities for improvement that were agreed upon as a result of the previous audit12. A correction is the action taken to eliminate a detected nonconformity, while a corrective action is the action taken to eliminate the cause of a nonconformity and to prevent its recurrence4. An opportunity for improvement is a potential improvement that is identified during an audit, but is not a nonconformity3.
* An outcome from a follow-up audit could be another follow-up audit if required, depending on the nature and severity of the nonconformities and the effectiveness of the corrective actions12. For example, if the follow-up audit reveals that the nonconformities have not been adequately addressed, or that new nonconformities have emerged, then another follow-up audit may be necessary to ensure that the ISMS is compliant and effective.
References:
1: PECB Candidate Handbook - ISO 27001 Lead Auditor, page 25 2: ISO 19011:2018 - Guidelines for auditing management systems, clause 6.7 3: ISO 27007:2017 - Guidelines for information security management systems auditing, clause 7.5.3 4: ISO 27000:2018 - Information technology - Security techniques - Information security management systems - Overview and vocabulary, clause 3.9 and 3.10
by Gene at Jun 01, 2025, 10:15 PM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).