Month End Sale Limited Time 70% Discount Offer - Ends in 0d 00h 00m 00s - Coupon code: simple70

  1. Home
  2. Discussions
  3. PECB
  4. ISO 27001
  5. ISO-IEC-27001-Lead-Auditor Discussions
  6. ISO-IEC-27001-Lead-Auditor Exam Topic 6 Question 52 Discussion

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 52 Topic 6 Discussion

 PECB Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 52 Topic 6 Discussion

ISO-IEC-27001-Lead-Auditor Exam Topic 6 Question 52 Discussion:
Question #: 52
Topic #: 6

Scenario 9

CloudFort, a small networking company, provides network security, cloud computing, and virtualization solutions. The company has recently been certified in an information security management system (ISMS) based on the ISO/IEC 27001 standard, which has resulted in a spike in its recognition, confirming the maturity of CloudFort’s operations.

CloudFort continually reviewed and enhanced its security controls and the overall effectiveness and efficiency of the ISMS by conducting internal audits. Due to its size and desire for greater objectivity, top management decided to outsource the internal audit function to ensure the internal audit is independent of the audited activities and holds an advisory role in the continual improvement of the ISMS.

After the initial certification audit, the company created a new department specializing in data storage solutions. It offered routers and switches optimized for data centers and software-based networking devices, such as network virtualization and network security appliances. Because of the new department, CloudFort initiated a risk assessment process and an internal audit. Following the internal audit results, the company confirmed the effectiveness and efficiency of the new processes and controls.

After determining that the new department fully complies with ISO/IEC 27001 requirements, top management decided to include it in the certification scope. They submitted a request to the certification body for an extension of the certification scope to ensure that the department’s processes and security measures fully align with the overall ISMS.

One year after the initial certification audit, the certification body conducted another audit of CloudFort's ISMS. This audit aimed to determine CloudFort’s ISMS fulfillment of specified ISO/IEC 27001 requirements and ensure continual improvement. The audit team confirmed that the certified ISMS fulfills the standard requirements. Nonetheless, the new department introduced changes that significantly affected how the overall management system was governed, requiring updates to existing processes and controls.

Moreover, although CloudFort requested an extension of the certification scope, they failed to provide timely updates on the impact of the new department on the ISMS to the certification body. Thus, CloudFort’s certification was suspended.

Question

Based on Scenario 9, why was CloudFort’s certification suspended?
A.

Because it applied the certification beyond its approved scope, despite submitting a request for scope extension

B.

Because it outsourced the internal audit function

C.

Because its ISMS does not fulfill the requirements of the standard

Get Premium ISO-IEC-27001-Lead-Auditor Questions
Actual exam question for PECB ISO-IEC-27001-Lead-Auditor exam by Blaise44874 at Feb 1, 2026, 6:36:09 PM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next