Section FOUR

Section four – three questions worth ten marks each – maximum 30 marks

Time : 40 minutes

Questions in this section are designed to test your ability to analyse audit situations, evaluate objective evidence and apply knowledge of the audit criteria correctly.

Delegates are required to either:

  • Complete the nonconformity report template.

Marking scheme for a nonconformity:

  • For correctly identifying the scenario as a nonconformity (2 marks)
  • For a clear description of the nonconformity (3 marks)
  • For correctly quoting relevant evidence (3 marks)
  • For correctly identifying the relevant ISO 27001 requirement (1 mark)
  • Overall clarity of the nonconformity report (1 mark)

Note: if you raise a nonconformity report when there is no nonconformity, 0 (zero) marks will be awarded.

OR

  • Complete the audit investigation template, clearly stating:
  • Your reason(s) for thinking there is not yet sufficient evidence to report your findings as a nonconformity (2 marks)
  • How you would investigate to determine conformity or nonconformity, including audit trails you would follow and specific examples of objective evidence you would seek and for what purpose. (8 marks)

Note: If you complete the audit investigation template for a situation where there is evidence that a nonconformity exists, a maximum of 7 marks may be awarded as follows:

  • Providing a valid reason why there is insufficient evidence for a nonconformity (2 marks)
  • Providing relevant audit trails as above. (5 marks)