Exam ISO-IEC-27001-Lead-Auditor Topic 6 Question 182 Discussion
Actual exam question for PECB's ISO-IEC-27001-Lead-Auditor exam
Question #: 182
Topic #: 6
Question #: 182
Topic #: 6
What is the purpose of an Information Security policy?
Suggested Answer: C Vote an answer
The purpose of an information security policy is to provide direction and support to the management regarding information security. An information security policy is a statement of intent or direction that provides guidance for decision making and actions within an organization. It defines the scope, objectives, principles, and roles for information security management. It also establishes the general approach to information security and the expectations for compliance. An information security policy is the foundation of an information security management system (ISMS) based on ISO/IEC 27001:2022, which requires the organization to establish, implement, maintain, and continually improve an ISMS1. Therefore, the correct answer is C. Reference: ISO/IEC 27000:2022, clause 3.47; ISO/IEC 27001:2022, clause 5.2.
by Mandel at Dec 22, 2025, 05:06 AM
0
0
0
10
Comments
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
Report Comment
Commenting
You can sign-up / login (it's free).