Free CertiProf I27001F Practice Exam with Questions & Answers | Set: 2

ISO/IEC 27001:2022 requires top management to demonstrate leadership and commitment by ensuring that the information security policy and information security objectives are established and are compatible with the strategic direction of the organization. Top management must also integrate ISMS requirements into the organization’s processes, ensure resources are available, support relevant roles, and promote continual improvement. The standard does not allow leadership accountability to be replaced by a consultant or a volunteer. Therefore, option A is correct.

=======

ISO/IEC 27001:2022 requires the organization to plan, establish, implement, and maintain an audit programme that takes into consideration the importance of the processes concerned and the results of previous audits. This ensures that audit effort is focused appropriately and that past issues are followed up effectively. The standard does not prescribe a minimum of two audits in the first year, nor does it make certification body availability or supplier count the defining factors. Therefore, option C is correct.

=======