PECB ISO 27001 ISO-IEC-27001-Lead-Auditor Question # 90 Topic 10 Discussion

The correct response is A, because grading criteria provide a common basis for the evaluation of nonconformities across the organization. Grading criteria are the rules or standards that define the severity or impact of nonconformities, and help to determine the appropriate corrective actions and follow-up activities. Grading criteria are important for several reasons, such as:

They ensure consistency and objectivity in the assessment and reporting of nonconformities, and avoid subjective or arbitrary judgments.

They facilitate the communication and understanding of nonconformities among the auditors, the auditees, and the audit clients, and enable the comparison and benchmarking of nonconformities across different processes, functions, or locations.

They support the prioritization and allocation of resources for the resolution of nonconformities, and the monitoring and measurement of the effectiveness of the corrective actions.

They demonstrate the commitment and accountability of the organization to the continual improvement of the ISMS, and the compliance with the ISMS requirements and expectations.

References:

ISO/IEC 27001:2022, Information technology — Security techniques — Information security management systems — Requirements1

PECB Candidate Handbook ISO/IEC 27001 Lead Auditor2

ISO 27001:2022 Lead Auditor - PECB3

ISO 27001:2022 certified ISMS lead auditor - Jisc4

ISO/IEC 27001:2022 Lead Auditor Transition Training Course5

ISO 27001 - Information Security Lead Auditor Course - PwC Training Academy

ISO 19011:2022, Guidelines for auditing management systems