Quiz: ISO 27701

1. For SOP 08 (Field Safety Corrective Action FSCA Reporting), which is NOT a relevant scenario to raise a FSCA?

A

Potential flaw identified in a medical product that could injure its user

B

Recall of a medical product

C

Feedback by a user regarding possible improvements to a medical software’s features

D

Flaws identified in a medical product that has led to reported death of its user

2. For SOP 13 (Sales Execution), what is the main purpose of the SOP?

A

Ensure and regularly review personnel only receive minimum access to digital/physical assets required to perform their tasks

B

Ensure sales activities are documented, and its documentation are accessible and traceable

C

Ensure functional testing is performed and met all requirements required on products/services

D

Ensure risk classification of product providers accounts for the product and services purchased

3. For SOP 20 (Risk Management), during the business process lifecycle of a product, when should we identify and address potential hazards and security shortcomings of the product?

A

Development stage

B

Prototyping stage

C

Post-production stage

D

All stages

4. For SOP 25 (Acceptable Use of Assets), who is responsible for ensuring the confidentiality, integrity, and availability of information assets in BYOD-devices?

A

COO

B

Owner of BYOD-devices

C

Network Administrator

D

Security Software

5. For SOP 26 (Mobile Device and Teleworking), what is the main purpose of this SOP?

A

Ensure all mobile devices are properly distributed when employees are teleworking

B

Ensure organization data and mobile devices are secured when employees or relevant third-parties work remotely or from home

C

Ensure organization does not maintain prolonged access to individuals' mobile devices when outside of organization premises

D

Ensure employees are within organization premises when using organization mobile devices for maximum efficiency

6. For SOP 28 (Password Management), which of the following is true?

A

Passwords must have a minimum of 5 characters

B

Passwords must be changed every 90 days

C

Passwords must include a word from a dictionary

D

Passwords must not be changed upon user's first login

7. For SOP 29 (Disposable and Destruction), what should be done when equipment or media is intended for disposal or reuse?

a. Licensed data and software must be disposed

b. Licensed data and software must be shared

c. Licensed data and software must be duplicated

7. For SOP 29 (Disposable and Destruction), what should be done when equipment or media is intended for disposal or reuse?

A

a and b

B

a only

C

a and c

D

b and c

8. For SOP 31 (Clear Desk and Clear Screen), what should be avoided when leaving confidential documents unattended?

A

Storing confidential documents in printers, scanners, fax, photocopiers

B

Storing confidential documents in a secure and private location

C

Storing confidential documents away from unauthorised persons

D

Storing confidential documents in the owner’s desk

9. For SOP 34 (Information Transfer), which risk is NOT mentioned in the SOP when securing the email system?

A

Modification risks

B

Denial-of-Service

C

Unauthorised access

D

XSS attacks

10. For SOP 16 (Maintenance of Work Environment), which of the following are the 3 stages that the work environment must be split into?

A

Software, Staging, Production

B

Back end, Front end, Database

C

Planning, Development, Integration

D

Production, Design, Initialization