PECB Lead Implementer (ISO/IEC 27001) — Question 28

Who should be involved, among others, in the draft, review, and validation of information security procedures?

Answer options

• A. An external expert
• B. The information security committee
• C. The employees in charge of ISMS operation

Correct answer: B

Explanation

The information security committee is responsible for overseeing the development and validation of information security procedures, ensuring they align with organizational policies and compliance requirements. While an external expert and ISMS operation employees may contribute, the committee plays a crucial role in the governance and strategic oversight of these processes.