PECB ISO-IEC-27001-Lead-Implementer Exam Questions
ISO/IEC 27001 Lead Implementer (Page 3 )

HealthGenic is a Swedish pharmaceutical company that specializes in developing human therapeutics. The development process of human therapeutics requires analyzing the medical history of many patients. As the company handles sensitive information of millions of patients, an information security management system (ISMS) was critical to ensure the protection of their assets and improve their information security.
HealthGenic has had an ISMS in place for the past two years. Once the ISMS was implemented, HealthGenic changed its approach from correcting to preventing information security incidents. Since no issues were faced during the last two years, the top management of HealthGenic decided not to conduct a management review, nor did they appoint a team to perform the internal audits as planned. In addition, the IT team totally neglected the regular monitoring and measurement and performance evaluation processes.
Just before the recertification audit, the company asked most of their staff to compile the written individual reports of the past two years. This left the production sector with less than the optimum workforce, which decreased the company's stock.
Emma, HealthGenic's information security officer, was assigned by the top management to conduct the internal audit. As an employee of the company, Emma had access to all offices and documentation of HealthGenic. With hundreds of report pages written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever. Emma concluded that HealthGenic must have a better plan on monitoring the progress of their ISMS. In addition, she concluded that monitoring and measurement, performance evaluation, and management reviews should be conducted at planned intervals. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations.

HealthGenic is a Swedish pharmaceutical company that specializes in developing human therapeutics. The development process of human therapeutics requires analyzing the medical history of many patients. As the company handles sensitive information of millions of patients, an information security management system (ISMS) was critical to ensure the protection of their assets and improve their information security.
HealthGenic has had an ISMS in place for the past two years. Once the ISMS was implemented, HealthGenic changed its approach from correcting to preventing information security incidents. Since no issues were faced during the last two years, the top management of HealthGenic decided not to conduct a management review, nor did they appoint a team to perform the internal audits as planned. In addition, the IT team totally neglected the regular monitoring and measurement and performance evaluation processes.
Just before the recertification audit, the company asked most of their staff to compile the written individual reports of the past two years. This left the production sector with less than the optimum workforce, which decreased the company's stock.
Emma, HealthGenic's information security officer, was assigned by the top management to conduct the internal audit. As an employee of the company, Emma had access to all offices and documentation of HealthGenic. With hundreds of report pages written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever. Emma concluded that HealthGenic must have a better plan on monitoring the progress of their ISMS. In addition, she concluded that monitoring and measurement, performance evaluation, and management reviews should be conducted at planned intervals. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations.

HealthGenic is a Swedish pharmaceutical company that specializes in developing human therapeutics. The development process of human therapeutics requires analyzing the medical history of many patients. As the company handles sensitive information of millions of patients, an information security management system (ISMS) was critical to ensure the protection of their assets and improve their information security.
HealthGenic has had an ISMS in place for the past two years. Once the ISMS was implemented, HealthGenic changed its approach from correcting to preventing information security incidents. Since no issues were faced during the last two years, the top management of HealthGenic decided not to conduct a management review, nor did they appoint a team to perform the internal audits as planned. In addition, the IT team totally neglected the regular monitoring and measurement and performance evaluation processes.
Just before the recertification audit, the company asked most of their staff to compile the written individual reports of the past two years. This left the production sector with less than the optimum workforce, which decreased the company's stock.
Emma, HealthGenic's information security officer, was assigned by the top management to conduct the internal audit. As an employee of the company, Emma had access to all offices and documentation of HealthGenic. With hundreds of report pages written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever. Emma concluded that HealthGenic must have a better plan on monitoring the progress of their ISMS. In addition, she concluded that monitoring and measurement, performance evaluation, and management reviews should be conducted at planned intervals. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations.

HealthGenic is a Swedish pharmaceutical company that specializes in developing human therapeutics. The development process of human therapeutics requires analyzing the medical history of many patients. As the company handles sensitive information of millions of patients, an information security management system (ISMS) was critical to ensure the protection of their assets and improve their information security.
HealthGenic has had an ISMS in place for the past two years. Once the ISMS was implemented, HealthGenic changed its approach from correcting to preventing information security incidents. Since no issues were faced during the last two years, the top management of HealthGenic decided not to conduct a management review, nor did they appoint a team to perform the internal audits as planned. In addition, the IT team totally neglected the regular monitoring and measurement and performance evaluation processes.
Just before the recertification audit, the company asked most of their staff to compile the written individual reports of the past two years. This left the production sector with less than the optimum workforce, which decreased the company's stock.
Emma, HealthGenic's information security officer, was assigned by the top management to conduct the internal audit. As an employee of the company, Emma had access to all offices and documentation of HealthGenic. With hundreds of report pages written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever. Emma concluded that HealthGenic must have a better plan on monitoring the progress of their ISMS. In addition, she concluded that monitoring and measurement, performance evaluation, and management reviews should be conducted at planned intervals. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations.

HealthGenic is a Swedish pharmaceutical company that specializes in developing human therapeutics. The development process of human therapeutics requires analyzing the medical history of many patients. As the company handles sensitive information of millions of patients, an information security management system (ISMS) was critical to ensure the protection of their assets and improve their information security.
HealthGenic has had an ISMS in place for the past two years. Once the ISMS was implemented, HealthGenic changed its approach from correcting to preventing information security incidents. Since no issues were faced during the last two years, the top management of HealthGenic decided not to conduct a management review, nor did they appoint a team to perform the internal audits as planned. In addition, the IT team totally neglected the regular monitoring and measurement and performance evaluation processes.
Just before the recertification audit, the company asked most of their staff to compile the written individual reports of the past two years. This left the production sector with less than the optimum workforce, which decreased the company's stock.
Emma, HealthGenic's information security officer, was assigned by the top management to conduct the internal audit. As an employee of the company, Emma had access to all offices and documentation of HealthGenic. With hundreds of report pages written by 50 different employees, the internal audit process took much longer than planned, was very inconsistent, and had no qualitative measures whatsoever. Emma concluded that HealthGenic must have a better plan on monitoring the progress of their ISMS. In addition, she concluded that monitoring and measurement, performance evaluation, and management reviews should be conducted at planned intervals. She defined SunDee's negligence of ISMS performance evaluation as a major nonconformity, so she wrote a nonconformity report including the description of the nonconformity, the audit findings, and recommendations.