Which statement best describes the observed nonconformity related to Company ABC's first action plan?

Prepare for the PECB Certified ISO/IEC 27001 Lead Auditor Exam with our comprehensive quiz. Test your knowledge with multiple-choice questions and detailed explanations. Get exam-ready!

The statement that the best describes the observed nonconformity related to Company ABC's first action plan is that there is no process in place to manage access to systems and services that process sensitive information. This option highlights a fundamental issue in the organization's governance of information security, which is critical for protecting sensitive information.

Without a process to manage access, the organization exposes itself to significant risks, including unauthorized access, data breaches, and non-compliance with applicable regulations. The absence of a management process indicates a lack of systematic controls, making it difficult to ensure that only authorized individuals have access to sensitive information, which is a core requirement of ISO/IEC 27001 and risk management principles.

Moreover, having a defined access management process is essential for establishing clear roles and responsibilities, which is necessary for maintaining the security and integrity of information systems. Establishing such processes can help in ensuring that access rights are granted based on job roles and responsibilities, while also facilitating audits and reviews of access rights.

While the other statements highlight various access control issues, they focus on specific elements rather than addressing the complete absence of a management process. This makes the chosen statement more comprehensive in describing the root cause of the nonconformity.

Subscribe

Get the latest from Examzify

You can unsubscribe at any time. Read our privacy policy