New Year Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. PECB
  4. ISO 27001
  5. ISO-IEC-27001-Lead-Auditor Discussions
  6. ISO-IEC-27001-Lead-Auditor Exam Topic 2 Question 11 Discussion

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 11 Topic 2 Discussion

 PECB Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 11 Topic 2 Discussion

ISO-IEC-27001-Lead-Auditor Exam Topic 2 Question 11 Discussion:
Question #: 11
Topic #: 2

You are conducting an Information Security Management System audit in the despatch department of an international

logistics organisation that provides shipping services to large organisations including local hospitals and government offices.

Parcels typically contain pharmaceutical products, biological samples and documents such as passports and driving licences.

You note that the company records show a very large number of returned items with causes including misaddressed labels

and, in 15% of cases, two or more labels for different addresses for the one package. You are interviewing the Shipping

Manager (SM).

You: Are items checked before being dispatched?

SM: Any obviously damaged items are removed by the duty staff before being dispatched, but the small profit margin makes

it uneconomic to implement a formal checking process.

You: What action is taken when items are returned?

SM: Most of these contracts are relatively low value, therefore it has been decided that it is easier and more convenient to

simply reprint the label and re-send individual parcels than it is to implement an investigation.

You raise a non-conformity against clause 8.1 of ISO 27001:2022.

Which one option below that best describes the non-conformity you have identified?
A.

The organisation does not have an approved process in place that ensures service requirements and regulatory requirements for data protection are met. Records show that 15% of returned parcels have corrected information intended for another party to the recipient (which may include sensitive medical information or government department communications) without adequate operational methods to meet information security requirements.

B.

The organisation does not have an audited process in place that ensures service requirements and regulatory requirements for data protection are met. Records show that 15% of returned parcels have inaccurate information intended for another party to the recipient (which may include sensitive medical information or government department communications) without adequate operational rules to meet information security requirements.

C.

The organisation does not have an effective process in place that ensures service requirements and regulatory requirements for data protection are met. Records show that 15% of returned parcels have disclosed information intended for another party to the recipient (which may include sensitive medical information or government department communications) without adequate operational controls to meet information security requirements.

D.

The organisation does not have an efficient process in place that ensures service requirements and regulatory requirements for data protection are met. Records show that 15% of returned parcels have detailed information intended for another party to the recipient (which may include sensitive medical information or government department communications) without adequate operational procedures to meet information security requirements.

E.

The organisation does not have an efficient process in place that ensures service requirements and regulatory requirements for data protection are met. Records show that 15% of returned parcels have protected information intended for another party to the recipient (which may include sensitive medical information or government department communications) without adequate operational processes to meet information security requirements.

Get Premium ISO-IEC-27001-Lead-Auditor Questions
Actual exam question for PECB ISO-IEC-27001-Lead-Auditor exam by Nash92726 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next