PECB Lead Implementer (ISO/IEC 27001) — Question 40

Which approach should organizations use to implement an ISMS based on ISO/IEC 27001?

Answer options

• A. An approach that is suitable for organization’s scope
• B. Any approach that enables the ISMS implementation within the 12 month period
• C. Only the approach provided by the standard

Correct answer: A

Explanation

The correct answer is A because an ISMS should be tailored to the specific needs and context of the organization to be effective. Option B is incorrect as the timeframe does not guarantee a suitable approach, and option C is wrong since organizations can adapt their strategies beyond the prescribed methods in the standard.