Q: 1
Which two of the following options for information are not required for audit planning of a
certification audit?
Options
Discussion
What if the certification scope included reviewing financial controls or leadership qualifications? Would E or C then become required for audit planning, or does ISO 27001 always exclude those specifics by design?
CE tbh, info about financials or MS rep’s experience aren’t actually needed for ISO 27001 audit planning-the focus is on ISMS scope and controls, not staff bios or company money. Pretty sure that’s the logic but happy to hear other views.
I don't see why the org's financials or the MS rep's background would matter for ISO 27001 audit planning. They don't impact scope or required evidence. So, C and E make sense here imo. Disagree?
Pretty sure the question is just after what you don't need for initial audit prep, so C and E fit. The rep's work experience (C) and financials (E) aren't standard inputs according to ISO 27001. Docs, sampling plan, checklists are core. I could be missing some nuance but this lines up with my study notes.
C/E? Not totally sure but management rep's experience and financials aren't part of audit prep requirements. Someone confirm?
Probably C and E, that matches what shows up in official guides. Saw a similar question in an official practice test.
Actually, D and E. Audit checklist isn't mandatory for planning and financials are out of scope.
I don’t think it’s CE. D and E.
Honestly, I'd probably say D and E. Audit checklist (D) feels more like an optional tool than a strict must-have for planning, and org financials (E) definitely aren't needed. Not sure if I'm missing something in ISO 27001 specifics though.
CE tbh, D is tempting but info on rep experience and financials isn't needed for ISO 27001 audit planning.
Be respectful. No spam.
