PECB Lead Implementer (ISO/IEC 27001) — Question 60

Based on scenario 9, is the action plan for the identified nonconformities sufficient to eliminate the detected nonconformities?

Answer options

• A. Yes, because a separate action plan has been created for the identified nonconformity
• B. No, because the action plan does not include a timeframe for implementation
• C. No, because the action plan does not address the root cause of the identified nonconformity

Correct answer: B

Explanation

The correct answer is B because the absence of a specified timeframe for implementation means that there is no assurance that the actions will be taken in a timely manner. Option A is incorrect as having a separate action plan does not guarantee its effectiveness. Option C is also wrong because addressing the root cause is important, but without a timeframe, the implementation itself is left uncertain.