FREE ISO 20000 Certification Auditor Questions and Answers

Question 1

"A certification audit has discovered that security risk assessments are not being carried out within the stipulated timeframes.
She has indicated that this does not comply with ISO/IEC 20000-1 standard.
What justifies this deviation from the norm?"

Accepted Answer

Security risk assessments shall be performed at planned intervals

Answer

ISO/IEC 20000-1, the international standard for Service Management Systems, requires that security risk assessments shall be performed at *planned intervals*. This means the organization must define and adhere to a specific schedule for these assessments. Failure to carry out assessments within these stipulated, planned timeframes constitutes a deviation from the standard, regardless of whether they are performed 'as agreed' or 'at least annually' if those aren't the established intervals.

Question 2

Which deviation is the biggest?

Accepted Answer

The organization being audited does not carry out internal audits

Answer

Internal audits are a foundational requirement for maintaining any management system, including ISO 20000. They are essential for an organization to proactively identify non-conformities, ensure continuous improvement, and demonstrate commitment to its Service Management System (SMS). The complete absence of internal audits signifies a major systemic failure and a severe deviation from the standard's requirements, making it the biggest non-conformance.

Question 3

What may not always be found in an audit report?

Accepted Answer

The statements made by the individuals assigned

Answer

An audit report typically provides a summary of findings, conclusions, and recommendations, along with key details like the audit objective and scope. While auditor observations are based on evidence gathered, including statements from individuals, the verbatim or detailed statements of every person interviewed are usually synthesized and presented as objective findings rather than being included directly in the formal report. The report focuses on the evidence and its implications, not raw interview transcripts.

Question 4

The Service Management System (SMS) Certification aims directly at a particular result.
What is the desired result?

Accepted Answer

Furnishing evidence of an effective qualty management system by an independent third party

Answer

The primary purpose of ISO 20000 certification for a Service Management System (SMS) is to obtain independent, third-party validation. This certification provides external assurance that an organization's SMS meets the international standard, demonstrating its effectiveness in delivering quality IT services. It serves as credible evidence to customers and stakeholders that the organization adheres to best practices in service management.

Question 5

What does an ISO 20000 Auditor do?

Accepted Answer

To assess and verify whether an organization conforms to the ISO 20000 standards.

Answer

An ISO 20000 auditor's core responsibility is to conduct an independent and systematic examination of an organization's Service Management System (SMS). Their role involves assessing processes, documentation, and practices against the specific requirements outlined in the ISO 20000 standard. This assessment verifies whether the organization is compliant and effectively managing its IT services according to the international benchmark.

ISO 20000 Certification Practice Test

ISO 20000 Certification Practice Test

FREE ISO 20000 Certification Auditor Questions and Answers