Which two of the following phrases would apply to "act" in relation to the Plan-Do-Check-Act cycle for a business process?

Scenario 9: UpNet, a networking company, has been certified against ISO/IEC 27001. It provides network

security, virtualization, cloud computing, network hardware, network management software, and networking

technologies.

The company's recognition has increased drastically since gaining ISO/IEC 27001 certification. The

certification confirmed the maturity of UpNefs operations and its compliance with a widely recognized and

accepted standard.

But not everything ended after the certification. UpNet continually reviewed and enhanced its security controls

and the overall effectiveness and efficiency of the ISMS by conducting internal audits. The top management

was not willing to employ a full-time team of internal auditors, so they decided to outsource the internal audit

function. This form of internal audits ensured independence, objectivity, and that they had an advisory role

about the continual improvement of the ISMS.

Not long after the initial certification audit, the company created a new department specialized in data and

storage products. They offered routers and switches optimized for data centers and software-based networking

devices, such as network virtualization and network security appliances. This caused changes to the operations

of the other departments already covered in the ISMS certification scope.

Therefore. UpNet initiated a risk assessment process and an internal audit. Following the internal audit result,

the company confirmed the effectiveness and efficiency of the existing and new processes and controls.

The top management decided to include the new department in the certification scope since it complies with

ISO/IEC 27001 requirements. UpNet announced that it is ISO/IEC 27001 certified and the certification scope

encompasses the whole company.

One year after the initial certification audit, the certification body conducted another audit of UpNefs ISMS.

This audit aimed to determine the UpNefs ISMS fulfillment of specified ISO/IEC 27001 requirements and

ensure that the ISMS is being continually improved. The audit team confirmed that the certified ISMS

continues to fulfill

the requirements of the standard. Nonetheless, the new department caused a significant impact on governing the management system. Moreover, the certification body was not informed about any changes. Thus, the

UpNefs certification was suspended.

Based on the scenario above, answer the following question:

What type of audit is illustrated in the last paragraph of scenario 9?

Select two options that describe an advantage of using a checklist. 

During a follow-up audit, you notice that a nonconformity identified for completion before the follow-up audit

is still outstanding.

Which four of the following actions should you take?

You are an experienced audit team leader guiding an auditor in training.

Your team is currently conducting a third-party surveillance audit of an organisation that stores data on behalf

of external clients. The auditor in training has been tasked with reviewing the PEOPLE controls listed in the

Statement of Applicability (SoA) and mplemented at the site.

Select four controls from the following that would you expect the auditor in training to review.