PECB Lead Implementer (ISO/IEC 27001) — Question 100

What should an organization demonstrate through documentation?

Answer options

• A. That the complexity of processes and their interactions is documented
• B. That the distribution of paper copies is regularly complete
• C. That its security controls are implemented based on risk scenarios

Correct answer: C

Explanation

The correct answer is C because documentation should reflect that security controls are tailored to specific risks, ensuring effective risk management. Option A, while important, does not directly relate to security controls, and option B focuses on paper distribution, which is less relevant to demonstrating effective security practices.