Search

Take Quizzes
- - Animal
  - Nutrition
  - Love
  - Relationship
  - Computer
  - Sports
  - Society
  - Business
  - Geography
  - Language
- - Personality
  - Harry Potter
  - Movie
  - Television
  - Music
  - Online Exam
  - Health
  - Country
  - Art
  - Entertainment
- - Celebrity
  - Math
  - Game
  - Book
  - Fun
  - Science
  - Food
  - History
  - Education
  - All Topics
Create a Quiz

Search

Speak now

Create A Quiz
- Animal
- Nutrition
- Love
- Relationship
- Computer
- Sports
- Society
- Business
- Geography
- Language
- Personality
- Harry Potter
- Movie
- Television
- Music
- Online Exam
- Health
- Country
- Art
- Entertainment
- Celebrity
- Math
- Game
- Book
- Fun
- Science
- Food
- History
- Education
- All Topics

Online Quizzes › Business › Supply

ISO 28000 - The Supply Chain Quiz

Reviewed by Editorial Team

The ProProfs editorial team is comprised of experienced subject matter experts. They've collectively created over 10,000 quizzes and lessons, serving over 100 million users. Our team includes in-house content moderators and subject matter experts, as well as a global network of rigorously trained contributors. All adhere to our comprehensive editorial guidelines, ensuring the delivery of high-quality content.

Learn about Our Editorial Process

| By Catherine Halcomb

Catherine Halcomb

Community Contributor

Quizzes Created: 1439 | Total Attempts: 6,571,922

| Attempts: 140

Quiz Flashcard

Settings

Settings

Questions

Feedback

During the Quiz End of Quiz

Difficulty

Sequential Easy First Hard First

Play as

Quiz Flashcard

Share on Facebook Share on Twitter Share on Whatsapp Share on Pinterest Share on Email Copy to Clipboard Embed on your website

1/18 Questions

Outline 5 agenda points that would be discussed during Management review meeting

About This Quiz

ISO 28000:2007 is an ISO standard published by International Organization for Standardization which includes requirements of a security management system particularly dealing with security assurance in the supply chain. The standard was developed by ISO/TC 8 on "Ships and maritime technology" and published in 2007

ISO 28000 - The Supply Chain Quiz - Quiz

Quiz Preview

2.

Outline 3 key steps involved in managing a security incident?
3.

State 4 mandatory procedures required in ISO 28000?
4.

The standard ISO 28000 specifies the requirement for:
- Security management system for supply chain
- Information security management system
- Business continuity management system
- Safety management systems
Correct Answer

A. Security management system for supply chain

Explanation

ISO 28000 is a standard that outlines the requirements for a security management system for the supply chain. This means that organizations need to establish and maintain a system to manage security risks within their supply chain, ensuring the safety and integrity of goods and services throughout the entire process. This includes implementing measures to prevent theft, damage, and unauthorized access to goods, as well as ensuring compliance with relevant laws and regulations. The standard aims to enhance the security and resilience of supply chains, ultimately protecting organizations and their stakeholders from potential security threats.

Rate this question:
5.

PDCA Refers to
- Plan Do Correct Acknowledge
- Plan Define Check Act
- Plan Do Check Act
- Please Do and Check Accordingly
Correct Answer

A. Plan Do Check Act

Explanation

The correct answer is "Plan Do Check Act." PDCA refers to a four-step management method used for continuous improvement. It starts with planning, where goals and objectives are set. Then, actions are taken to implement the plan. Next, the results are checked and compared to the desired outcomes. Finally, adjustments are made to correct any issues and improve future performance.

Rate this question:
6.

Risk is defined as
- Any possible intentional action
- Process of verifying the trustworthiness of people
- Likelihood of a security threat materializing and the consequences
- All of the above
Correct Answer

A. Likelihood of a security threat materializing and the consequences

Explanation

The correct answer is "likelihood of a security threat materializing and the consequences." This definition of risk refers to the probability of a security threat occurring and the potential negative impact it could have. It encompasses both the chance of a threat happening and the potential consequences that could result from it.

Rate this question:
7.

As per the ISO 28000 standard internal audit shall be conducted?
- Always Every Year
- At planned Intervals
- Prior to Certification audit
- As per management availability
Correct Answer

A. At planned Intervals

Explanation

The correct answer is "At planned intervals." According to the ISO 28000 standard, internal audits should be conducted at regular intervals that are planned in advance. This ensures that the organization's security management system is regularly assessed and evaluated for compliance and effectiveness. Conducting audits at planned intervals allows for a systematic and proactive approach to identifying areas for improvement and ensuring ongoing compliance with the standard's requirements.

Rate this question:
8.

According to ISO 28000, security risk assessment shall consider risks due to:
- Physical failure threats and risks
- Operational threats and risks
- Stakeholder threats and risks
- All of the above
Correct Answer

A. All of the above

Explanation

According to ISO 28000, security risk assessment should consider risks due to physical failure threats and risks, operational threats and risks, as well as stakeholder threats and risks. This means that when conducting a security risk assessment, all these factors should be taken into account to ensure a comprehensive evaluation of potential risks and vulnerabilities.

Rate this question:
9.

Action to eliminate the cause of a nonconformity and to prevent recurrence" is called:
- Security failure
- Preventive action
- Corrective action
- Correction
Correct Answer

A. Corrective action

Explanation

Corrective action is the appropriate term for the action taken to eliminate the cause of a nonconformity and prevent its recurrence. It involves identifying the root cause of the nonconformity, implementing measures to address it, and ensuring that the issue does not happen again in the future. This is different from correction, which refers to the action taken to rectify the nonconformity itself, without necessarily addressing the underlying cause. Preventive action, on the other hand, focuses on taking proactive measures to prevent nonconformities from occurring in the first place. Security failure is unrelated to the concept described in the question.

Rate this question:
10.

The documented procedure for security risk assessment include
- Identification of security threats
- Determination of the risks associated with the identified security threats
- Indication of the level of the risks related to each security threat and whether they are or are not, tolerable
- All of the above.
Correct Answer

A. All of the above.

Explanation

The correct answer is "All of the above" because the documented procedure for security risk assessment includes all three components mentioned in the options. It involves identifying security threats, determining the risks associated with those threats, and indicating the level of risks and whether they are tolerable or not. This comprehensive approach ensures that all potential security risks are considered and evaluated properly.

Rate this question:
11.

To address the root cause(s) of a nonconformity the company will implement
- One or several corrective actions
- One or several corrections
- Corrective actions and preventive actions
- None of the above
Correct Answer

A. One or several corrective actions

Explanation

To address the root cause(s) of a nonconformity, the company will implement one or several corrective actions. This means that the company will take specific actions to correct the issue at hand and prevent it from happening again in the future. These actions may include making changes to processes, procedures, or systems, providing additional training or resources, or implementing new controls or measures. By taking corrective actions, the company aims to eliminate the root cause of the nonconformity and prevent its recurrence.

Rate this question:
12.

Security management programmes is
- Means by which a security management objective is achieved
- Overall intentions and direction of an organization
- Global security risks
- Security achievements
Correct Answer

A. Means by which a security management objective is achieved

Explanation

The correct answer means that security management programs are the methods or strategies used to accomplish a security management objective. These programs outline the specific steps and actions that need to be taken in order to achieve the desired level of security within an organization. They provide a structured approach to addressing security risks and implementing necessary measures to protect against potential threats.

Rate this question:
13.

To be a first party internal auditor a person has to be
- A competent internal auditor
- Down stream Vendor
- Upstream Vendor
- All of the above
Correct Answer

A. A competent internal auditor

Explanation

The correct answer is "A competent internal auditor" because being a first-party internal auditor requires having the necessary skills, knowledge, and experience to effectively perform internal audits within an organization. This role involves assessing and evaluating the organization's internal controls, risk management processes, and compliance with policies and regulations. Being a downstream or upstream vendor is not a requirement for being a first-party internal auditor.

Rate this question:
14.

ISO 28000:2007 requires that the security policy:
- Provide the framework which, enables the specific security management objectives, targets and programmes to be produced.
- Be consistent with the organization’s overall security threat and risk management framework.
- Include a commitment to continual improvement of the security management process.
- Be documented, implemented and maintained;
- All of the above
Correct Answer

A. All of the above

Explanation

ISO 28000:2007 requires that the security policy includes several elements. First, it must provide a framework that enables the specific security management objectives, targets, and programs to be produced. This means that the policy should outline the overall goals and plans for security management within the organization. Second, the security policy should be consistent with the organization's overall security threat and risk management framework. This ensures that security measures are aligned with the organization's specific risks and threats. Third, the policy should include a commitment to the continual improvement of the security management process. This means that the organization should continuously strive to enhance its security practices. Lastly, the security policy should be documented, implemented, and maintained. This ensures that the policy is properly communicated and followed throughout the organization. Therefore, all of the above elements are required in the security policy according to ISO 28000:2007.

Rate this question:
15.

According to ISO 28000, Security management objectives shall be
- Consistent with commitment to supplier evaluation ratings
- One-time activity
- Communicated to Regulatory body
- Communicated, documented and reviewed periodically
- Approved by Regulatory body
Correct Answer

A. Communicated, documented and reviewed periodically

Explanation

According to ISO 28000, security management objectives should be communicated, documented, and reviewed periodically. This means that the objectives should be clearly communicated to all relevant stakeholders, documented in a formal manner, and regularly reviewed to ensure their effectiveness and relevance. This ensures that the security management system remains up-to-date and aligned with the organization's goals and commitments. The other options, such as being consistent with supplier evaluation ratings, a one-time activity, or approved by a regulatory body, do not align with the requirements stated in ISO 28000.

Rate this question:
16.

ISO 28000 section 4.4.1 requires organization to:
- Appointing a member of the top management with overall responsibility
- Establish and maintain a structure of roles, responsibilities and authorities
- Above two points
- Companies to be certified to Information security
Correct Answer

A. Above two points

Explanation

ISO 28000 section 4.4.1 requires organizations to appoint a member of the top management with overall responsibility and establish and maintain a structure of roles, responsibilities, and authorities. These two points are mentioned in the given options, indicating that both of them are required by the standard. The option "Above two points" correctly summarizes the requirements stated in ISO 28000 section 4.4.1.

Rate this question:
17.

In accordance with ISO 28000, which of the following requires records to be retained by the organization?
- Training and competence records
- Security inspection reports
- Reports of security exercises and drills
- All of the above
Correct Answer

A. All of the above

Explanation

ISO 28000 requires organizations to retain records for various aspects, including training and competence records, security inspection reports, and reports of security exercises and drills. This means that the organization must keep a record of the training and competence of its personnel, maintain records of security inspections conducted, and retain reports of security exercises and drills undertaken. By retaining these records, organizations can demonstrate compliance with ISO 28000 requirements and ensure the effectiveness of their security management system.

Rate this question:
18.

Internal audit must be conducted by:
- Trained auditors
- Competent personnel
- Certification body
- None of the above.
Correct Answer

A. Trained auditors

Explanation

Internal audit must be conducted by trained auditors because they possess the necessary skills, knowledge, and expertise to effectively evaluate and assess the organization's internal controls, risk management processes, and compliance with policies and regulations. Trained auditors are familiar with auditing standards and methodologies, which enables them to conduct thorough and objective audits. Their training ensures that they can identify areas of improvement, recommend corrective actions, and provide valuable insights to management. Competent personnel may not have the specific training and expertise required for conducting internal audits, and a certification body is not responsible for conducting internal audits.

Rate this question:

Quiz Review Timeline (Updated): Mar 21, 2023 +

Our quizzes are rigorously reviewed, monitored and continuously updated by our expert board to maintain accuracy, relevance, and timeliness.

Current Version
Mar 21, 2023

Quiz Edited by
ProProfs Editorial Team
May 04, 2021

Quiz Created by
Catherine Halcomb

Related Topics

Customer Service
Customer Support
Sales
Marketing

Featured Quizzes

Which Sonic Character Are You? Which Sonic Character Are You?

Articles Quiz With Answers Articles Quiz With Answers

Best Friend Quiz: Are You Really Best Friends? Best Friend Quiz: Are You Really Best Friends?

Can You Guess These Asian's Nationality? Can You Guess These Asian's Nationality?

Are You Ready For IQ Quiz: Test Your Intelligence Now Are You Ready For IQ Quiz: Test Your Intelligence Now

What Is My Talent? What Is My Talent?

Back to Top

Back to top

Related Quizzes

Arterial Supply And Venous Drainage

How Well Do You Know Your Sullivan Supply Products?

Back to Top

Back to top

Advertisement

×

Wait!
Here's an interesting quiz for you.

We have other quizzes matching your interest.

How well do you know The Law Of Supply?

Start