Here are all the actual test exam dumps for IT exams. Most people prepare for the actual exams with our test dumps to pass their exams. So it's critical to choose and actual test pdf to succeed.
Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam Question #: 195 Topic #: 2
Scenario 10: CircuitLinking is a company specializing in water purification solutions, designing and manufacturing efficient filtration and treatment systems for both residential and commercial applications. Over the past two years, the company has actively implemented an integrated management system (IMS) that aligns with both ISO/IEC 27001 for information security and ISO 9001 for quality management. Recently, the company has taken a significant step forward by applying for a combined audit, aiming to achieve certification against both ISO/IEC 27001 and ISO 9001. In preparation for the certification audit, CircuitLinking ensured a clear understanding of ISO/IEC 27001 within the company and identified key subject-matter experts to assist the auditors. It also allocated sufficient resources and performed a self-assessment to verify that processes were clearly defined, roles and responsibilities were segregated, and documented information was maintained. To avoid delays, the company gathered all necessary documentation in advance to provide evidence that procedures were in place and effective. Following the successful completion of the Stage 1 audit, which focused on verifying the design of the management system, the Stage 2 audit was conducted to examine the implementation and effectiveness of the information security and quality management systems. One of the auditors, Megan, was a previous employee of the company. To uphold the integrity of the certification process, the company notified the certification body about the potential conflict of interest and requested an auditor change. Subsequently, the certification body selected a replacement, ensuring impartiality. Additionally, the company requested a background check of the audit team members; however, the certification body denied this request. The necessary adjustments to the audit plan were made, and transparent communication with stakeholders was maintained. The audit process continued seamlessly under the new auditor's guidance. Upon audit completion, the certification body evaluated the results and conclusions of the audit and CircuitLinking's public information and awarded CircuitLinking the combined certification. A recertification audit for CircuitLinking was conducted to verify that the company's management system continued to meet the required standards and remained effective within the defined scope of certification. CircuitLinking had implemented significant changes to its management system, including a major overhaul of its information security processes, the adoption of new technology platforms, and adjustments to comply with recent changes in industry legislation. Due to these substantial updates, the recertification audit required a Stage 1 assessment to evaluate the impact of these changes. According to Scenario 10, the recertification audit activities at CircuitLinking included a Stage 1 audit. Is this acceptable?
A Stage 1 audit is typically associated with initial certification, but according to ISO/IEC 17021-1:2015 (which governs certification audits and is referenced in ISO/IEC 27001 audit practice) and ISO/IEC 27006: 2015 (guidance for ISMS certification), a Stage 1 audit may also be required in the context of recertification when there have been significant changes to the management system. Relevant Extract: ISO/IEC 17021-1:2015, Clause 9.6.3.2: "Where there have been significant changes to the management system, the client, or the context in which the management system is operating (e.g., changes in legislation), a Stage 1 audit may be required as part of the recertification audit process." ISO/IEC 27006:2015, Clause 9.4.3.1: "A stage 1 audit is performed as necessary, for example when there have been significant changes to the client or management system, or new sites are added." Thus, it is entirely in line with ISO/IEC 27001 and international certification practices to require a Stage 1 audit as part of a recertification audit if significant system, process, or context changes have occurred since the previous certification. References: ISO/IEC 17021-1:2015, Clause 9.6.3.2 ISO/IEC 27006:2015, Clause 9.4.3.1 ISO/IEC 27001:2022 Implementation Guidance, Recertification Activities Summary: A Stage 1 audit may be required for recertification when there are significant changes to the management system, context, or scope. Therefore, the correct answer is: B). Yes, when there are significant changes to the management system, recertification audit activities may need to have a stage 1 audit
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Is the comment made by USERNAME spam or abusive?
Commenting
In order to participate in the comments you need to be logged-in.
You can sign-up / login
(it's free).
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).