1. Home
  2. Discussions
  3. PECB
  4. ISO 27001
  5. ISO-IEC-27001-Lead-Auditor Discussions
  6. ISO-IEC-27001-Lead-Auditor Exam Topic 8 Question 76 Discussion

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 76 Topic 8 Discussion

 PECB Discussions      Browse All Questions      Go to Exam Detail      Get Premium Access
 Previous
Next  

PECB Certified ISO/IEC 27001 2022 Lead Auditor exam ISO-IEC-27001-Lead-Auditor Question # 76 Topic 8 Discussion

ISO-IEC-27001-Lead-Auditor Exam Topic 8 Question 76 Discussion:
Question #: 76
Topic #: 8

As the Information Security Management System audit team leader, you are conducting a second-party audit of an international logistics company on behalf of an online retailer. During the audit, one of your team members reports a nonconformity relating to control 5.18 (Access rights) of Appendix A of ISO/IEC 27001:2022. She found evidence that removing the server access protocols of 20 people who left in the last 3 months took up to 1 week whereas the policy required removing access within 24 hours of their departure.

When the auditee was asked why there was a delay in removing access they replied, 'no one was available in the IT department during that period as a result of COVID-19. As soon as an IT officer became available the rights were removed.

You note that she intends to raise a minor non-conformity against Access rights control (5.18). How should you respond to this?
A.

Agree with the raising of a minor non-conformity but against control 5.15, not 5.18.

B.

Agree with the raising of the minor non-conformity against 5.18.

C.

Disagree with the raising of a minor conformity as appropriate action was taken at the earliest opportunity Take no further action.

D.

Disagree with the raising of the minor nonconformity as appropriate action was taken at the earliest opportunity. Instead raise an opportunity for improvement.

E.

Disagree with the raising of the minor nonconformity, there is sufficient evidence to justify an escalation to a major non-conformity.

F.

Require additional audit evidence to be obtained before determining whether a non-conformity is appropriate.

Get Premium ISO-IEC-27001-Lead-Auditor Questions
Actual exam question for PECB ISO-IEC-27001-Lead-Auditor exam by Hale39862 at Aug 3, 2025, 12:00:00 AM

Contribute your Thoughts:


Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.

Submit
 Previous
Next