Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. PECB
  4. ISO 27001
  5. ISO-IEC-27001-Lead-Auditor Discussions
  6. ISO-IEC-27001-Lead-Auditor Exam Topic 3 Question 24 Discussion

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 24 Topic 3 Discussion

 PECB Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 24 Topic 3 Discussion

ISO-IEC-27001-Lead-Auditor Exam Topic 3 Question 24 Discussion:
Question #: 24
Topic #: 3

You are an experienced ISMS audit team leader. You are currently conducting a third-party surveillance audit of an

international haulage organisation. You have sampled four internal audit reports which state:

Report 1 - Auditor: Mr James.

Over the year the organisation has failed to meet its promised delivery dates on 23 occasions out of 100. This is against a target of '95% of deliveries on time'.

Grading - Minor

Corrective Action due: Within 9 months.

Report 2 - Auditor: Mr James.

Between January and March, it was noted 125 complaints were received about the Service Desk Team. Clients

accused them of being rude and unresponsive.

Grading - Minor

Corrective Action due: Within 12 months.

Report 3 - Auditor: Mr James.

Of the 40 customer orders received last month, 38 were correctly processed. Of the remaining 2, one was missing a

signature and one was missing a date.

Grading -

Corrections due: Within 3 weeks

Report 4 - Auditor: Mr Rogers.

Of the 30 personnel records examined, 26 were found to be fully completed whilst the remaining 4 were all missing

the individual's start date.

Grading – Major

Corrections due: Within 1 week

Which four of the options demonstrate the concerns you would have about these reports?
A.

I would be concerned as to whether criteria for grading nonconformities are in existence in this organisation

B.

I would be concerned as to whether the auditors understand the difference between corrections and corrective actions

C.

I would be concerned because action taken to address a major nonconformity should always be completed sooner than action taken to address minor nonconformities

D.

I would be concerned that no grading is recorded for Report 3. This could indicate that the auditor did not complete the report correctly or that they failed to make a determination as to severity

E.

I would be concerned that the auditors focussed only on information security processes

F.

I would be concerned that timing for addressing the nonconformities is significantly different in the four reports

G.

I would have a concern that no nonconformity review was conducted

Get Premium ISO-IEC-27001-Lead-Auditor Questions
Actual exam question for PECB ISO-IEC-27001-Lead-Auditor exam by Vega3073 at Feb 1, 2026, 11:02:29 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next