Exam ISO-IEC-27001-Lead-Implementer Topic 3 Question 299 Discussion

Actual exam question for PECB's ISO-IEC-27001-Lead-Implementer exam
Question #: 299
Topic #: 3
Question:
What action should an organization take to ensure the security of information when it is transferred or treated by an external party?

Suggested Answer: B Vote an answer

ISO/IEC 27002:2022 Clause 5.20 - Addressing information security within supplier agreements states:
"Agreements with suppliers should include requirements to address the information security risks associated with information and communications technology services and products provided by suppliers." Further emphasized in Clause 5.19 - Information security in supplier relationships, which mandates managing supplier-related risks.
This means contracts must include clauses addressing information security expectations, responsibilities, access rights, compliance, audits, and breach response mechanisms.
References:
ISO/IEC 27002:2022 Clauses 5.19 and 5.20
ISO/IEC 27001:2022 Annex A Control A.5.19 & A.5.20===========

by Ward at Mar 20, 2026, 01:11 AM

Comments

Chosen Answer:
This is a voting comment (?) , you can switch to a simple comment.
Switch to a voting comment New
Nick name: Submit Cancel
A voting comment increases the vote count for the chosen answer by one.

Upvoting a comment with a selected answer will also increase the vote count towards that answer by one. So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.

Contact Us

If you have any question please leave me your email address, we will reply and send email to you in 12 hours.

Our Working Time: ( GMT 0:00-15:00 ) From Monday to Saturday

Support: Contact now 

日本語 Deutsch 繁体中文 한국어