Welcome to ExamTopics
ExamTopics Logo
- Expert Verified, Online, Free.
Mail Us[email protected]
Menu
Isc Discussions
exam questions

Exam CISSP All Questions

View all questions & answers for the CISSP exam
Go to Exam

Exam CISSP topic 1 question 216 discussion

Actual exam question from ISC's CISSP
Question #: 216
Topic #: 1
[All CISSP Questions]

During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are identified. In which of the following management stages are nonconformities reviewed, assessed and/or corrected by the organization?

  • A. Assessment
  • B. Planning
  • C. Improvement
  • D. Operation
Show Suggested Answer Hide Answer
Suggested Answer: C 🗳️
by rdy4u at Oct. 28, 2022, 5:53 a.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
wook33
Highly Voted 2 years ago
WTF is a nonconformity? Why do they have to use these words
upvoted 13 times
BoZT
1 year, 2 months ago
If you ever went through a internal audit, that's a pretty common word.
upvoted 3 times
...
sphenixfire
1 year, 11 months ago
anoying quewstin but it refers to the iso27001 audit findings. a non comfirmity is a finding you need to act on (next to notice). see iso 27001 guide you will find ;) as I rember it is not a thing of risk assessment or treatment, it is a thing regarding to the improvement of the isms itself (act) therefore improvment.
upvoted 3 times
jackdryan
1 year, 6 months ago
C is correct
upvoted 1 times
...
...
...
Soleandheel
Most Recent 11 months, 2 weeks ago
C. Improvement Stage During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are reviewed, assessed, and corrected during the C. Improvement stage. This is evident from the ISO 27001 standard, which requires management reviews to be conducted to ensure the ISMS and its objectives remain suitable, adequate, and effective.
upvoted 1 times
...
74gjd_37
1 year, 2 months ago
Selected Answer: C
According to ISO-27001, the Improvement stage involves identifying areas for improvement, implementing corrective actions, and continually monitoring and reviewing the ISMS to ensure it remains effective and meets changing organizational needs and objectives.
upvoted 3 times
...
Dee83
1 year, 10 months ago
During an internal audit of an organizational Information Security Management System (ISMS), nonconformities are reviewed, assessed and/or corrected by the organization in the Improvement stage. (Option C)
upvoted 1 times
...
DJOEK
1 year, 10 months ago
Selected Answer: C
The answer is C. Improvement. According to the ISO/IEC 27001 standard, which is a widely recognized international standard for information security management systems, the improvement stage is where nonconformities are reviewed, assessed, and corrected by the organization. The purpose of this stage is to identify opportunities for improving the ISMS, including addressing any identified nonconformities. This is an ongoing process that helps the organization continuously improve its information security posture. Planning Implementation Operation Review Improvement
upvoted 3 times
...
rajkamal0
1 year, 11 months ago
Selected Answer: C
Corrective action in operations is wrong. The process of correcting errors and taking corrective action can lead to new opportunities for improvement. The situation should be dealt with accordingly. It is necessary to retain sufficient documentation to demonstrate that the organization has dealt with the nonconformity appropriately and that the consequences have been addressed. Reference: https://www.solutions-inc.co.uk/iso-27001-clause-10-1-nonconformity-and-corrective-action/
upvoted 3 times
...
Jay327
2 years ago
Selected Answer: C
C https://www.isms.online/iso-27001/10-1-nonconformity-and-corrective-action/ The corrective action that follows from a nonconformity is also a key part of the ISMS improvement process that needs to be evidenced along with any other consequences caused by the nonconformity.
upvoted 4 times
...
rdy4u
2 years, 1 month ago
Selected Answer: D
ISO 27001 Clause 10.1 Non conformity and corrective action, Clause 10 containing sections 10.1 and 10.2 covers the “Act” part W. Edwards Deming’s Plan-Do-Check-Act (PDCA) cycle. This clause helps an organisation react to nonconformities, evaluate them and take corrective actions with the end goal of continually improving how it runs its daily activities. https://info-savvy.com/iso-27001-clause-10-1-non-conformity-and-corrective-action/
upvoted 4 times
...

Get IT Certification

Unlock free, top-quality video courses on ExamTopics with a simple registration. Elevate your learning journey with our expertly curated content. Register now to access a diverse range of educational resources designed for your success. Start learning today with ExamTopics!

Start Learning for free
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel