Deal of The Day! Hurry Up, Grab the Special Discount - Save 25% - Ends In 00:00:00 Coupon code: SAVE25
Welcome to Pass4Success

- Free Preparation Discussions

PECB Exam ISO-IEC-27001-Lead-Auditor Topic 7 Question 55 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 55
Topic #: 7
[All ISO-IEC-27001-Lead-Auditor Questions]

Scenario 9: Techmanic is a Belgian company founded in 1995 and currently operating in Brussels. It provides IT consultancy, software design, and hardware/software services, including deployment and maintenance. The company serves sectors like public services, finance, telecom, energy, healthcare, and education. As a customer-centered company, it prioritizes strong client relationships and leading security practices.

Techmanic has been ISO/IEC 27001 certified for a year and regards this certification with pride. During the certification audit, the auditor found some inconsistencies in its ISMS implementation. Since the observed situations did not affect the capability of its ISMS to achieve the intended results, Techmanic was certified after auditors followed up on the root cause analysis and corrective actions remotely During that year, the company added hosting to its list of services and requested to expand its certification scope to include that area The auditor in charge approved the request and notified Techmanic that the extension audit would be conducted during the surveillance audit

Techmanic underwent a surveillance audit to verify its iSMS's continued effectiveness and compliance with ISO/IEC 27001. The surveillance audit aimed to ensure that Techmanic's security practices, including the recent addition of hosting services, aligned seamlessly with the rigorous requirements of the certification

The auditor strategically utilized the findings from previous surveillance audit reports in the recertification activity with the purpose of replacing the need for additional recertification audits, specifically in the IT consultancy sector. Recognizing the value of continual improvement and learning from past assessments. Techmanic implemented a practice of reviewing previous surveillance audit reports. This proactive approach not only facilitated identifying and resolving potential nonconformities but also aimed to streamline the recertification process in the IT consultancy sector.

During the surveillance audit, several nonconformities were found. The ISMS continued to fulfill the ISO/IEC 27001*s requirements, but Techmanic failed to resolve the nonconformities related to the hosting services, as reported by its internal auditor. In addition, the internal audit report had several inconsistencies, which questioned the independence of the internal auditor during the audit of hosting services. Based on this, the extension certification was not granted. As a result. Techmanic requested a transfer to another certification body. In the meantime, the company released a statement to its clients stating that the ISO/IEC 27001 certification covers the IT services, as well as the hosting services.

Based on the scenario above, answer the following question:

According to ISO/IEC 17021-1, what is the purpose of surveillance audits?

Show Suggested Answer Hide Answer
Suggested Answer: C

Relevant Standard Reference:

ISO/IEC 17021-1:2015 Clause 9.6.2 (Purpose of Surveillance Audits)


Contribute your Thoughts:

Salome
25 days ago
I believe option C is the correct answer. Surveillance audits help in monitoring the effectiveness of the management system and identifying any nonconformities.
upvoted 0 times
...
Maddie
1 months ago
Wow, Techmanic really had some issues with their hosting services, but at least they're proactive about learning from past audits. Option C is definitely the right answer here.
upvoted 0 times
...
Ciara
1 months ago
I agree with Carin. Surveillance audits are important to ensure that the organization continues to meet the requirements of the certification.
upvoted 0 times
...
Yolande
1 months ago
Hah, financial performance? That's what the accountants are for, not the ISO auditors! The correct answer is C - to maintain confidence in the certified management system between audits.
upvoted 0 times
...
Kristian
1 months ago
The purpose of surveillance audits is to maintain confidence in the certified management system between audits, as stated in option C. Techmanic's surveillance audit was aimed at ensuring the continued effectiveness and compliance of its ISMS, including the recent addition of hosting services.
upvoted 0 times
Paris
16 days ago
I think surveillance audits are meant to maintain confidence in the certified management system.
upvoted 0 times
...
...
Carin
1 months ago
I think the purpose of surveillance audits is to maintain confidence in the certified management system between audits.
upvoted 0 times
...

Save Cancel