Exam ISO-IEC-27001-Lead-Implementer Topic 1 Question 81 Discussion
Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 81
Topic #: 1
Question #: 81
Topic #: 1
Scenario 6: GreenWave
GreenWave, a manufacturer of sustainable and energy efficient home appliances, specializes in solar-powered devices, EV chargers, and smart thermostats. To ensure the protection of customer data and internal operations against digital threats, the company has implemented an ISO/IEC 27001-based information security management system (ISMS). GreenWave is also exploring innovative loT solutions to further improve energy efficiency in buildings GreenWave is committed to maintaining a high standard of information security within its operations As part of its continuous improvement approach, the company is in the process of determining the competence levels required to manage its ISMS. GreenWave considered various factors when defining these competence requirements, including technological advancements, regulatory requirements, the company's mission, strategic objectives, available resources, as well as the needs and expecations of its customers Furthermore, the company remained committed to complying with ISO/IEC 27001's communication requirements. It established clear guidelines for internal and external communication related to the ISMS, defining what information to share, when to share it. with whom, and through which channels. However, not all communications were formally documented; instead, the company classified and managed communication based on its needs, ensuring that documentation was maintained only to the extent necessary for the ISMS effectiveness .
GreenWave has been exploring the implementation of Al solutions to help understand customer preferences and provide personalized recommendations for electronic products. The aim was to utilize Al technologies to enhance problem-solving capabilities and provide suggestions to customers. This strategic initiative aligned with GreenWave's commitment to improving the customer experience through data-driven insights.
Additionally, GreenWave looked for a flexible cloud infrastructure that allows the company to host certain services on internal and secure infrastructure and other services on external and scalable platforms that can be accessed from anywhere. This setup would enable various deployment options and enhance information security, crucial for GreenWave's electronic product development According to GreenWave, implementing additional controls in the ISMS implementation plan has been successfully executed, and the company was ready to transition into operational mode. GreenWave assigned Colin the responsibility of determining the materiality of this change within the company.
Question:
Is GreenWave's approach to documenting communication acceptable?
GreenWave, a manufacturer of sustainable and energy efficient home appliances, specializes in solar-powered devices, EV chargers, and smart thermostats. To ensure the protection of customer data and internal operations against digital threats, the company has implemented an ISO/IEC 27001-based information security management system (ISMS). GreenWave is also exploring innovative loT solutions to further improve energy efficiency in buildings GreenWave is committed to maintaining a high standard of information security within its operations As part of its continuous improvement approach, the company is in the process of determining the competence levels required to manage its ISMS. GreenWave considered various factors when defining these competence requirements, including technological advancements, regulatory requirements, the company's mission, strategic objectives, available resources, as well as the needs and expecations of its customers Furthermore, the company remained committed to complying with ISO/IEC 27001's communication requirements. It established clear guidelines for internal and external communication related to the ISMS, defining what information to share, when to share it. with whom, and through which channels. However, not all communications were formally documented; instead, the company classified and managed communication based on its needs, ensuring that documentation was maintained only to the extent necessary for the ISMS effectiveness .
GreenWave has been exploring the implementation of Al solutions to help understand customer preferences and provide personalized recommendations for electronic products. The aim was to utilize Al technologies to enhance problem-solving capabilities and provide suggestions to customers. This strategic initiative aligned with GreenWave's commitment to improving the customer experience through data-driven insights.
Additionally, GreenWave looked for a flexible cloud infrastructure that allows the company to host certain services on internal and secure infrastructure and other services on external and scalable platforms that can be accessed from anywhere. This setup would enable various deployment options and enhance information security, crucial for GreenWave's electronic product development According to GreenWave, implementing additional controls in the ISMS implementation plan has been successfully executed, and the company was ready to transition into operational mode. GreenWave assigned Colin the responsibility of determining the materiality of this change within the company.
Question:
Is GreenWave's approach to documenting communication acceptable?
Suggested Answer: C Vote an answer
ISO/IEC 27001:2022 Clause 7.4 -Communicationstates:
"The organization shall determine the need for internal and external communications... including:
(a) what to communicate;
(b) when to communicate;
(c) with whom to communicate;
(d) how to communicate."
There isno mandate that all communication must be documented. The organization has the freedom to decide what is documented, based on necessity for theeffectiveness of the ISMS(as also supported by Clause
7.5 - Documented Information).
"The organization shall determine the need for internal and external communications... including:
(a) what to communicate;
(b) when to communicate;
(c) with whom to communicate;
(d) how to communicate."
There isno mandate that all communication must be documented. The organization has the freedom to decide what is documented, based on necessity for theeffectiveness of the ISMS(as also supported by Clause
7.5 - Documented Information).
by Marcus at Apr 20, 2025, 11:23 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).