What does ISO/IEC 27001:2022 require in order to evaluate information security performance and the effectiveness of the Information Security Management System?
A.
Information security tools to evaluate information security performance and system effectiveness
B.
A consultancy to accurately perform the evaluation of information security performance and validate the effectiveness of the management system
C.
The organization must determine what needs to be monitored and measured, including information security processes and controls
D.
A person designated by top management with expertise to evaluate information security performance and system effectiveness
ISO/IEC 27001:2022 requires the organization to determine what needs to be monitored and measured, including information security processes and controls, the methods for monitoring, measurement, analysis, and evaluation, when these activities will be performed, and when the results will be analyzed and evaluated. The standard does not mandate a specific tool, consultant, or designated individual for compliance. Therefore, option C is the correct answer.
=======
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit