PECB Lead Auditor (ISO/IEC 27001) — Question 8

Which one of the following options best describes the main purpose of a Stage 2 third-party audit?

Answer options

• A. To check for legal compliance by the organization
• B. To determine readiness for certification
• C. To get to know the organization's management system
• D. To identify nonconformances against a standard

Correct answer: D

Explanation

The correct answer, D, is accurate because a Stage 2 audit focuses on evaluating compliance with relevant standards and identifying any nonconformances. Option A is incorrect as the audit is not specifically aimed at checking legal compliance, while B refers to a pre-certification assessment that occurs earlier in the process. Option C, while relevant, does not capture the primary goal of identifying nonconformances.