PECB Lead Implementer (ISO/IEC 27001) — Question 56

Based on scenario 16, did the nonconformity report include all the necessary aspects?

Answer options

• A. Yes, the report included all the necessary aspects
• B. No, the report must also specify the root cause of the nonconformity
• C. No, the report must also specify the audit criteria

Correct answer: B

Explanation

The correct answer is B because identifying the root cause is essential for addressing the nonconformity effectively. Option A is incorrect as it implies completeness, which isn't the case. Option C is also wrong, as while audit criteria are important, specifying the root cause is more critical for corrective action.