Q: 18
Who is responsible for ensuring that the ISMS achieves its intended outcomes?
Options
Discussion
Nah, "A" is tempting since IT handles the daily stuff, but ISO 27001 is clear about top management's responsibility for outcomes. B is right here even if it feels counterintuitive sometimes.
Its B, though some wording on real exams trips me up if they shift to operational vs. accountable roles.
Wouldn't B fit better since ISO 27001 puts accountability on top management?
A tbh
Be respectful. No spam.
