Which two of the following statements are true?

Which two of the following statements are true?
A . The role of a certification body auditor involves evaluating the organisation’s processes for ensuring compliance with their legal requirements
B . Curing a third-party audit, the auditor evaluates how the organisation ensures that 4 6 made aware of changes to the legal requirements
C . As part of a certification body audit the auditor is resporable for verifying the organisation’s legal compliance status

Answer: AB

Explanation:

The following statements are true:

The role of a certification body auditor involves evaluating the organization’s processes for ensuring compliance with their legal requirements. This is part of the auditor’s responsibility to assess the effectiveness and conformity of the organization’s ISMS against the ISO/IEC 27001:2022 standard and the applicable legal and regulatory requirements.

During a third-party audit, the auditor evaluates how the organization ensures that they are made aware of changes to the legal requirements. This is part of the auditor’s responsibility to verify that the organization has established and maintained a process for identifying and updating their legal and other requirements related to information security.

The following statement is false:

As part of a certification body audit, the auditor is responsible for verifying the organization’s legal compliance status. This is not true, as the auditor is not authorized or qualified to provide legal advice or judgment on the organization’s compliance status. The auditor can only report on the evidence of compliance or noncompliance observed during the audit, but the ultimate responsibility for ensuring legal compliance lies with the organization.

Reference: CQI & IRCA ISO 27001:2022 Lead Auditor Course Handbook, page 66. : CQI & IRCA ISO 27001:2022 Lead Auditor Course Handbook, page 67. : ISO/IEC 27001 LEAD AUDITOR – PECB, page 22.