PECB Lead Implementer (ISO/IEC 27001) — Question 57

Which situation presented in scenario 16 is not in compliance with ISO/IEC 27001 requirements?

Answer options

• A. Emma has an operational role in the HealthGenic's management system
• B. The recertification audit is planned to be conducted two years after HealthGenic implemented the ISMS
• C. Emma had access to all offices and documentation of HealthGenic

Correct answer: B

Explanation

The correct answer is B because ISO/IEC 27001 requires that recertification audits occur within a specified timeframe after the implementation of the ISMS, typically every three years. Options A and C describe compliance with roles and access within the organization, which align with the requirements of the standard.