Auditors use the _______________ as a reference to determine conformity.

Prepare for the PECB Certified ISO/IEC 27001 Lead Auditor Exam with our comprehensive quiz. Test your knowledge with multiple-choice questions and detailed explanations. Get exam-ready!

The reference used by auditors to determine conformity is known as audit criteria. These criteria consist of the standards, regulations, policies, and procedures that have been established to measure whether an organization’s practices align with specified requirements. For an ISO/IEC 27001 audit, the criteria typically include the standard itself, any relevant legal or regulatory requirements, and the organization's own information security policies.

By using these criteria, auditors can evaluate the effectiveness of the information security management system in meeting its objectives and compliance requirements. Audit criteria provide a benchmark against which audit evidence can be assessed, ensuring that the audit process is based on a clear and coherent framework.

In contrast, audit feasibility pertains to whether an audit can be conducted effectively and is not directly related to measuring conformity. Audit objectives establish the goals of the audit but do not serve as the benchmarks for conformity itself. Lastly, the audit report is a documented summary of findings and conclusions after the audit has taken place, rather than a reference used during the auditing process.

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy