ISO-IEC-27001-Lead-Implementer Exam Dumps | Scenario 8: SunDee is an American biopharmaceutical company, headquartered in California, the US. It

Valid ISO-IEC-27001-Lead-Implementer Dumps shared by ExamDiscuss.com for Helping Passing ISO-IEC-27001-Lead-Implementer Exam! ExamDiscuss.com now offer the newest ISO-IEC-27001-Lead-Implementer exam dumps, the ExamDiscuss.com ISO-IEC-27001-Lead-Implementer exam questions have been updated and answers have been corrected get the newest ExamDiscuss.com ISO-IEC-27001-Lead-Implementer dumps with Test Engine here:

Access ISO-IEC-27001-Lead-Implementer Dumps Premium Version
(294 Q&As Dumps, 35%OFF Special Discount Code: freecram)

<< Prev Question Next Question >>

Question 19/35

Scenario 8: SunDee is an American biopharmaceutical company, headquartered in California, the US. It specializes in developing novel human therapeutics, with a focus on cardiovascular diseases, oncology, bone health, and inflammation. The company has had an information security management system (ISMS) based on SO/IEC 27001 in place for the past two years. However, it has not monitored or measured the performance and effectiveness of its ISMS and conducted management reviews regularly Just before the recertification audit, the company decided to conduct an internal audit. It also asked most of their staff to compile the written individual reports of the past two years for their departments. This left the Production Department with less than the optimum workforce, which decreased the company's stock.
Tessa was SunDee's internal auditor. With multiple reports written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever Tessa concluded that SunDee must evaluate the performance of the ISMS adequately. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations. Additionally, Tessa created a new plan which would enable SunDee to resolve these issues and presented it to the top management Based on the scenario above, answer the following question:
What caused SunDee's workforce disruption?

A. The negligence of performance evaluation and monitoring and measurement procedures

B. The inconsistency of reports written by different employees

C. The voluminous written reports

Correct Answer: A

Explanation
According to ISO/IEC 27001:2013, clause 9.1, an organization must monitor, measure, analyze and evaluate its information security performance and effectiveness. This includes determining what needs to be monitored and measured, the methods for doing so, when and by whom the monitoring and measurement shall be performed, when the results shall be analyzed and evaluated, and who shall be responsible for ensuring that the actions arising from the analysis and evaluation are taken 1.
SunDee failed to comply with this requirement and did not monitor or measure the performance and effectiveness of its ISMS for the past two years. As a result, the company did not have any objective evidence or indicators to demonstrate the achievement of its information security objectives, the effectiveness of its controls, the satisfaction of its interested parties, or the identification and treatment of its risks. This also meant that the company did not conduct regular management reviews of its ISMS, as required by clause 9.3, which would provide an opportunity for the top management to ensure the continuing suitability, adequacy and effectiveness of the ISMS, and to decide on any changes or improvements needed 1.
Just before the recertification audit, the company decided to conduct an internal audit, as required by clause
9.2, which is a systematic, independent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the audit criteria are fulfilled 1. However, the company did not have a well-defined audit program, scope, criteria, or methodology, and relied on the written reports of its staff for the past two years. This caused a disruption in the workforce, as most of the staff had to compile their reports for their departments, leaving the Production Department with less than the optimum workforce, which decreased the company's stock. Moreover, the internal audit process was very inconsistent, as the reports were written by different employees with different styles, formats, and levels of detail. The internal audit process also lacked any qualitative measures, such as performance indicators, metrics, or benchmarks, to evaluate the performance and effectiveness of the ISMS.
Therefore, the cause of SunDee's workforce disruption was the negligence of performance evaluation and monitoring and measurement procedures, which led to a lack of objective evidence, a poorly planned and executed internal audit, and a decrease in the company's productivity and stock value.
References: 1: ISO/IEC 27001:2013, Information technology - Security techniques - Information security management systems - Requirements

Question 19/35

LEAVE A REPLY

Download PDF File