Lead Implementer Exam - Question 34

A is correct : because the hosting was moved from On Premise hosting to Cloud Computing supplied by a 3rd party infrastructer supplier . This is a significant change impacting information security and requires the ISMS scope to be updated .

This should be C, because any change in ISMS scope should be accepted by the management.

While changes to the environment (like cloud migration) can necessitate a change in the ISMS scope (making option A partially correct in principle), the process matters. Defining and modifying the ISMS scope is a strategic decision that requires top management oversight and approval according to ISO/IEC 27001 principles (Clause 5.1). The scenario implies the IT team made this decision unilaterally ("the IT team... decided"). Therefore, the action as described is likely not acceptable because it bypasses necessary management approval. The answer is C.

While changes to the environment (like cloud migration) can necessitate a change in the ISMS scope (making option A partially correct in principle), the process matters. Defining and modifying the ISMS scope is a strategic decision that requires top management oversight and approval according to ISO/IEC 27001 principles (Clause 5.1). The scenario implies the IT team made this decision unilaterally ("the IT team... decided"). Therefore, the action as described is likely not acceptable because it bypasses necessary management approval. The answer is C.

While changes to the environment (like cloud migration) can necessitate a change in the ISMS scope (making option A partially correct in principle), the process matters. Defining and modifying the ISMS scope is a strategic decision that requires top management oversight and approval according to ISO/IEC 27001 principles (Clause 5.1). The scenario implies the IT team made this decision unilaterally ("the IT team... decided"). Therefore, the action as described is likely not acceptable because it bypasses necessary management approval. The answer is C.