Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. PECB
  4. ISO 27001
  5. ISO-IEC-27001-Lead-Auditor Discussions
  6. ISO-IEC-27001-Lead-Auditor Exam Topic 11 Question 106 Discussion

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 106 Topic 11 Discussion

 PECB Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 106 Topic 11 Discussion

ISO-IEC-27001-Lead-Auditor Exam Topic 11 Question 106 Discussion:
Question #: 106
Topic #: 11

Scenario 8

Trustingo has been providing banking and financial services in Estonia since 2010. The company has a network of 30 branches with over 100 ATMs nationwide. To meet strict data security and privacy regulations, Trustingo implemented an information security management system (ISMS) based on ISO/IEC 27001, ensuring better security, improved risk management, and compliance with legal requirements.

Nine months after the successful implementation of the ISMS, Trustingo decided to pursue certification for their ISMS based on ISO/IEC 27001 by an independent certification body. The certification audit included Trustingo's systems, processes, and technologies.

The audit team conducted the Stage 1 and Stage 2 audits jointly, and several nonconformities were detected. The first nonconformity was related to Trustingo's labeling of information. The company had an information classification scheme but no information labeling procedure. As a result, documents requiring the same level of protection would be labeled differently.

The nonconformity also impacted media handling. The audit team used sampling and concluded that 50 of 200 removable media stored sensitive information mistakenly classified as confidential. According to the information classification scheme, confidential information can be stored in removable media, whereas storing sensitive information is strictly prohibited.

The audit team drafted the nonconformity report and discussed the audit conclusions with Trustingo's representatives, who agreed to submit an action plan for the detected nonconformities within two months. Since the certification recommendation is conditional upon filing corrective actions, Trustingo must submit corrective action plans to show how they will address and resolve these nonconformities. Trustingo accepted the audit team leader's proposed solution and addressed the nonconformities by drafting an information labeling procedure and updating the removable media procedure.

Two weeks after the audit completion, Trustingo submitted a general action plan. Although the plan addressed the detected nonconformities and corrective actions taken, it lacked detailed action steps for each nonconformity and did not include specific details on the impacted systems, controls, or operations. The audit team evaluated the action plan. Nevertheless, Trustingo received an unfavorable recommendation for certification.

Question

Which option justifies the unfavorable recommendation for certification? Refer to Scenario 8.
A.

The major nonconformity related to storing sensitive information in removable media

B.

The minor nonconformity related to the lack of information labeling procedure

C.

The company's decision to submit the action plan in two weeks despite having a different timeline available

Get Premium ISO-IEC-27001-Lead-Auditor Questions
Actual exam question for PECB ISO-IEC-27001-Lead-Auditor exam by Echo85370 at Jan 31, 2026, 1:20:40 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next