PECB Lead Implementer (ISO/IEC 27001) — Question 94

According to ISO/IEC 27001 controls, when planning audit tests and assurance activities involving operational systems, who should be involved in the agreement process except the tester?

Answer options

Correct answer: B

Explanation

The correct answer is B, as the appropriate management is directly responsible for overseeing operational systems and ensuring that audit tests align with organizational goals. The top management and board of directors, while important stakeholders, are typically not involved in the day-to-day operational decisions required for audit planning.