PECB Lead Implementer (ISO/IEC 27001) — Question 102

Based on scenario 18, is the action plan for treating the nonconformity related to control 8.13 Information backup valid?

Answer options

• A. No, it does not allow the elimination of the reported nonconformity
• B. No, it does not describe the explicit changes of the existing backup procedure
• C. Yes, it allows the elimination of the detected nonconformity

Correct answer: B

Explanation

The correct answer is B because the action plan must detail the changes needed in the backup procedure to effectively address the nonconformity. Options A and C are incorrect as they do not address the requirement for explicit changes, which is essential for compliance.