What relevant factor must be considered in internal audit programmes?
Correct Answer: C
ISO/IEC 27001:2022 requires the organization to plan, establish, implement, and maintain an audit programme that takes into consideration the importance of the processes concerned and the results of previous audits. This ensures that audit effort is focused appropriately and that past issues are followed up effectively. The standard does not prescribe a minimum of two audits in the first year, nor does it make certification body availability or supplier count the defining factors. Therefore, option C is correct. =======
I27001F Exam Question 17
Within the ISMS, communicating the importance of effective information security management and of conforming to the ISMS requirements is a responsibility of:
Correct Answer: B
A specific leadership responsibility in ISO/IEC 27001:2022 is for top management to communicate the importance of effective information security management and of conforming to the ISMS requirements. This communication role is part of demonstrating leadership and commitment, helping create organizational awareness and support for the ISMS. Therefore, option B is correct. =======