Which one of the following options is the definition of an interested party?

ISO-IEC-27001 Lead Auditor V2 0 Comments

Which one of the following options is the definition of an interested party?
A . A third party can appeal to an organisation when it perceives itself to be affected by a decision or
activity
B . A person or organisation that can affect, be affected by or perceive itself to be affected by a decision or activity
C . A group or organisation that can interfere in or perceive itself to be interfered with by a management decision
D . An individual or organisation that can control, be controlled by, or perceive itself to be controlled by a decision or activity

Answer: B

Explanation:

This is the definition of an interested party according to ISO 27001:2013, clause 3.16. An interested party is essentially a stakeholder, i.e., a person or organization that can influence or be influenced by the information security management system (ISMS) or its activities. Interested parties can have different needs and expectations regarding the ISMS, and these should be identified and addressed by the organization.

Reference: ISO/IEC 27001:2013, Information technology ― Security techniques ― Information security management systems ― Requirements, clause 3.16

PECB Candidate Handbook ISO 27001 Lead Auditor, page 10

Identifying interested parties and their expectations for an ISO 27001 ISMS Examples of ISO 27001 interested parties

Latest ISO-IEC-27001 Lead Auditor Dumps Valid Version with 100 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download ISO-IEC-27001 Lead Auditor PDF     ISO-IEC-27001 Lead Auditor Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments