Exam ISO-IEC-27001-Lead-Implementer Topic 2 Question 69 Discussion
Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 69
Topic #: 2
Question #: 69
Topic #: 2
Question:
Which statement regarding management reviews is correct?
Which statement regarding management reviews is correct?
Suggested Answer: A Vote an answer
ISO/IEC 27001:2022 Clause 9.3 - Management Review:
"Top management shall review the organization's ISMS, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness." While the ultimate responsibility rests with top management, reviews may be conducted at multiple organizational levels for broader visibility and alignment. ISO/IEC 27004 also supports reviews at tactical and operational levels.
There is no requirement for monthly reviews. Option C is incorrect, as top management cannot fully delegate the ultimate responsibility, only supporting roles.
References:
ISO/IEC 27001:2022 Clause 9.3
ISO/IEC 27004:2016 Clause 6.3 - Review structures at multiple levels===========
"Top management shall review the organization's ISMS, at planned intervals, to ensure its continuing suitability, adequacy and effectiveness." While the ultimate responsibility rests with top management, reviews may be conducted at multiple organizational levels for broader visibility and alignment. ISO/IEC 27004 also supports reviews at tactical and operational levels.
There is no requirement for monthly reviews. Option C is incorrect, as top management cannot fully delegate the ultimate responsibility, only supporting roles.
References:
ISO/IEC 27001:2022 Clause 9.3
ISO/IEC 27004:2016 Clause 6.3 - Review structures at multiple levels===========
by Stanley at Mar 18, 2026, 06:19 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).