Which two of the following phrases would apply to ‘check’ in the Plan-Do-Check-Act cycle for a business process?

ISO-IEC-27001 Lead Auditor V2 0 Comments

Which two of the following phrases would apply to ‘check’ in the Plan-Do-Check-Act cycle for a business process?
A . Making improvements
B . Managing changes
C . Verifying training
D . Resetting objectives
E . Updating the Information Security Policy
F . Auditing processes

Answer: CF

Explanation:

The two phrases that would apply to ‘check’ in the Plan-Do-Check-Act cycle for a business process are:

C. Verifying training

F. Auditing processes

C. This phrase applies to ‘check’ in the PDCA cycle because it involves measuring and evaluating the effectiveness of the training activities that were implemented in the ‘do’ phase. Training is an important aspect of information security awareness, education, and competence, which are required by clause 7.2 of ISO 27001:20221. Verifying training can help the organisation to assess whether the staff have acquired the necessary knowledge, skills, and behaviour to perform their roles and responsibilities in relation to information security. Verifying training can also help the organisation to identify any gaps or weaknesses in the training program and to plan for improvement actions.

F. This phrase applies to ‘check’ in the PDCA cycle because it involves examining and reviewing the performance and conformity of the processes that were implemented in the ‘do’ phase. Auditing is a systematic, independent, and documented process for obtaining objective evidence and evaluating it to determine the extent to which the audit criteria are fulfilled2. Auditing processes can help the organisation to verify whether the information security objectives and requirements are met, whether the information security controls are effective and efficient, and whether the information security risks are adequately managed. Auditing processes can also help the organisation to identify any nonconformities or opportunities for improvement and to plan for corrective or preventive actions.

Reference: 1: ISO/IEC 27001:2022 – Information technology ― Security techniques ― Information security management systems ― Requirements, clause 7.2 2: ISO 19011:2018 – Guidelines for auditing management systems, clause 3.2

Latest ISO-IEC-27001 Lead Auditor Dumps Valid Version with 100 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download ISO-IEC-27001 Lead Auditor PDF     ISO-IEC-27001 Lead Auditor Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments