ExamTopics Logo
Mail Us[email protected]
Menu
Pecb Discussions
exam questions

Exam Lead Auditor All Questions

View all questions & answers for the Lead Auditor exam
Go to Exam

Exam Lead Auditor topic 1 question 120 discussion

Actual exam question from PECB's Lead Auditor
Question #: 120
Topic #: 1
[All Lead Auditor Questions]

You are performing an ISO 27001 ISMS surveillance audit at a residential nursing home, ABC Healthcare Services. ABC uses a healthcare mobile app designed and maintained by a supplier, WeCare, to monitor residents' well-being. During the audit, you learn that 90% of the residents' family members regularly receive medical device advertisements from WeCare, by email and SMS once a week. The service agreement between ABC and WeCare prohibits the supplier from using residents' personal data. ABC has received many complaints from residents and their family members.
The Service Manager says that the complaints were investigated as an information security incident which found that they were justified. Corrective actions have been planned and implemented according to the nonconformity and corrective action management procedure.
You write a nonconformity "ABC failed to comply with information security control A.5.34 (Privacy and protection of PII) relating to the personal data of residents' and their family members. A supplier, WeCare, used residents' personal information to send advertisements to family members."
Select three options of the corrections and corrective actions listed that you would expect ABC to make in response to the nonconformity. (Choose three.)

  • A. ABC asks an ISMS consultant to test the ABC Healthcare mobile app for protection against cyber-crime.
  • B. ABC cancels the service agreement with WeCare.
  • C. ABC confirms that information security control A.5.34 is contained in the Statement of Applicability (SoA).
  • D. ABC discontinues the use of the ABC Healthcare mobile app.
  • E. ABC introduces background checks on information security performance for all suppliers.
  • F. ABC periodically monitors compliance with all applicable legislation and contractual requirements involving third parties.
  • G. ABC takes legal action against WeCare for breach of contract.
  • H. ABC trains all stiff on the importance of maintaining information security protocols.
Show Suggested Answer Hide Answer
Suggested Answer: CFH 🗳️
by BB4 at March 15, 2025, 5:59 p.m.

Comments

Chosen Answer:
This is a voting comment (?). It is better to Upvote an existing comment if you don't have anything to add.
Switch to a voting comment New
Submit Cancel
BB4
2 weeks, 2 days ago
Selected Answer: BEF
H is related to training, and it is irrelevant to the third-party issue. third party breached the contract despite the contract stating not to use PII. instead, E is related to the question and more suitable to monitor suppliers security performance to avoid such issues in the future.
upvoted 1 times
...
Community vote distribution
A (35%)
C (25%)
B (20%)
Other
Most Voted
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

SaveCancel
exam
Someone Bought Contributor Access for:
SY0-701
London, 1 minute ago