Q: 16
DRAG DROP
You are performing an ISMS audit at a European-based residential nursing home called ABC that
provides healthcare services. The next step in your audit plan is to verify the effectiveness of the
continual improvement process.
During the audit, you learned most of the residents' family members (90%) receive WeCare medical
devices promotion advertisements through email and SMS once a week via ABC's healthcare mobile
app. All of them do not agree on the use of the collected personal data for marketing or any other
purposes than nursing and medical care on the signed service agreement with ABC. They have very
strong reason to believe that ABC is leaking residents' and family members' personal information to a
non-relevant third party and they have filed complaints.
The Service Manager says that, after investigation, all these complaints have been treated as
nonconformities. The corrective actions have been planned and implemented according to the
nonconformity and corrective management procedure (Document reference ID: ISMS_L2_10.1,
version 1).
You write a nonconformity which you will follow up on later. Select the words that best complete the
sentence:
Your Answer
Discussion
Evidence of change that prevents recurrence is key here.
Looks like the best fit would be: auditor checks if corrective actions solve the problem, not just document it.
Be respectful. No spam.
