PECB ISO-IEC-27001-Lead-Auditor Question Answer
You are performing an ISMS audit at a residential nursing home that provides healthcare services. The next step in your audit
plan is to verify the information security of the business continuity management process. During the audit, you learned that
the organisation activated one of the business continuity plans (BCPs) to make sure the nursing service continued during the
recent pandemic. You ask the Service Manager to explain how the organization manages information security during the
business continuity management process.
The Service Manager presented the nursing service continuity plan for a pandemic and summarised the process as follows:
Stop the admission of any NEW residents.
70% of administration staff and 30% of medical staff will work from home.
Regular staff self-testing, including submitting a negative test report 1 day BEFORE they come to the office.
Install ABC's healthcare mobile app, tracking their footprint and presenting a GREEN Health Status QR-Code for checking on the spot.
You ask the Service Manager how to prevent non-relevant family members or interested parties from accessing residents' personal data when staff work from home. The Service Manager cannot answer and suggests the IT Security Manager should help with that.
You would like to further investigate other areas to collect more audit evidence. Select three options that will not be in your audit trail.