ISO 27701:2019 – Privacy Information Management System Auditor Free Practice Test — 30 Questions

Question 1

Javier, a privacy auditor with expertise in GDPR and ISO 27701, is participating in a combined audit of \"InnovTech Solutions,\" a multinational technology firm. Ingrid, the lead auditor, prioritizes maintaining a positive relationship with InnovTech due to their significant contract with the auditing firm. During the audit, Javier discovers a significant non-conformity related to InnovTech\'s handling of data subject access requests under GDPR, potentially impacting thousands of EU citizens. Ingrid, however, believes highlighting this issue prominently in the audit report might jeopardize the relationship with InnovTech. She suggests downplaying the severity of the finding and focusing on other areas where InnovTech demonstrates better compliance. Javier strongly disagrees, arguing that this would misrepresent InnovTech\'s actual privacy posture. The audit team is now divided on how to present this finding in the final report.

According to ISO 19011:2018 principles, what is the MOST appropriate course of action regarding the conflicting viewpoints and the discovered non-conformity?

Accepted Answer

The audit report should fairly present the audit findings, conclusions, and reports accurately, reflecting significant obstacles encountered and unresolved diverging opinions among the audit team, including Javier's concerns regarding the GDPR non-conformity.

Question 2

\"MediCare Inc.,\" a healthcare provider, is establishing an ISO 27701:2019 audit program to ensure the effective management of privacy information related to patient data. MediCare Inc. is subject to the Health Insurance Portability and Accountability Act (HIPAA) in the United States, which has specific requirements for protecting patient health information, in addition to general data protection laws. Considering the principles of \'Managing an Audit Program\' as outlined in ISO 19011:2018, what is the MOST appropriate approach for the audit program manager to take when allocating resources and determining competency requirements for the audit team?

Accepted Answer

Ensure that the audit team includes members with expertise in both ISO 27701 and HIPAA regulations to effectively assess compliance with all relevant requirements.

Question 3

Anya, a lead auditor for a certification body, is assigned to conduct a privacy information management system audit for SecureFuture Corp, a data processing company seeking ISO 27701 certification. During the audit planning phase, Anya recalls that she previously worked as a consultant for SecureFuture Corp, assisting them in implementing their initial privacy framework two years prior. This framework is now part of the system she is auditing. Considering the principles outlined in ISO 19011:2018 regarding audit independence and objectivity, what is Anya\'s most appropriate course of action?

Accepted Answer

Disclose the potential conflict of interest to both SecureFuture Corp and her audit organization, allowing them to assess the situation and determine the appropriate course of action to maintain audit objectivity.

Question 4

Anya Petrova, a highly skilled and certified ISO 27701 lead auditor, is assigned to conduct an internal audit of the Human Resources (HR) department\'s compliance with the organization\'s Privacy Information Management System (PIMS) based on ISO 27701:2019. However, Anya previously worked directly under the Head of HR, reporting to them for three years. During this time, the Head of HR conducted Anya\'s performance evaluations and significantly influenced her career advancement within the company. Although Anya has since moved to a different department and no longer reports to the Head of HR, the potential for a conflict of interest is raised by the compliance officer. Considering the principles of auditing as defined in ISO 19011:2018, which emphasizes independence and objectivity, what is the MOST appropriate course of action to ensure the integrity and credibility of the audit?

Accepted Answer

Reassign the audit to another qualified auditor who has no prior reporting relationship with the HR department to ensure both actual and perceived independence.

Question 5

Anya Sharma, a lead auditor for a certification body, is conducting an ISO 27701 audit of \"InnovTech Solutions,\" a multinational technology company. During the audit of the marketing department, the department head, Javier Rodriguez, expresses reluctance to provide Anya with complete access to certain data processing records. Javier claims that granting full access would disrupt several ongoing marketing campaigns and could potentially expose proprietary algorithms and marketing strategies unrelated to personally identifiable information (PII). He assures Anya that the department is fully compliant with the relevant data protection regulations, including GDPR and CCPA, and suggests that focusing on a smaller, representative sample of records would be sufficient. Anya suspects that the limited access could potentially mask non-conformities related to the processing of PII. Considering the principles of auditing outlined in ISO 19011:2018, what is Anya\'s MOST appropriate initial course of action?

Accepted Answer

Document Javier's refusal to provide full access and its potential impact on the audit scope and conclusions in her working papers.

Question 6

During a privacy audit of \"Innovate Solutions,\" a burgeoning tech firm specializing in AI-driven marketing solutions, concerns arise regarding the audit team\'s composition. The lead auditor, Anya Sharma, previously spearheaded the implementation of Innovate Solutions\' current data processing infrastructure two years prior, before transitioning to the auditing department. Further complicating matters, Anya\'s spouse, Ben Carter, holds a senior management position within Innovate Solutions\' IT security division, a department directly responsible for maintaining the systems under audit. Considering the principles outlined in ISO 19011:2018 and the potential implications for audit objectivity, which principle is MOST directly threatened in this scenario, and why is it crucial for a privacy information management system auditor to address this concern proactively? Detail the specific risks associated with Anya\'s prior involvement and her spouse\'s current role within Innovate Solutions, and how these factors might compromise the reliability and impartiality of the audit findings, especially concerning compliance with GDPR and CCPA regulations.

Accepted Answer

Independence, because Anya's prior involvement and her spouse's position could create conflicts of interest, potentially influencing her judgment and compromising the objectivity of the audit findings, thereby undermining the credibility of the audit process and its alignment with regulatory requirements like GDPR and CCPA.

Question 7

A PIMS auditor, Anya Volkov, is assigned to evaluate the data processing activities of \"Innovate Solutions,\" a multinational corporation with operations in both the United States and the European Union. During the audit, Anya discovers that Innovate Solutions relies on pre-ticked boxes for obtaining consent from EU citizens for marketing communications. When questioned about this practice, Anya states, \"As long as the users have the option to unsubscribe later, this method of consent is perfectly acceptable under global privacy standards.\" She further justifies this approach by pointing out that the company\'s privacy policy is readily available on its website and provides detailed information about data processing activities. Considering the principles of auditing as defined in ISO 19011:2018 and the requirements of GDPR, which of the following principles is Anya demonstrably failing to uphold in her conduct of the audit?

Accepted Answer

Due professional care

Question 8

Emily, an auditor conducting a PIMS audit of DataSafe Inc., encounters resistance from the auditee when requesting access to specific data processing records. The auditee expresses concerns about disclosing sensitive information and hesitates to provide full access, despite Emily explaining the necessity of these records for the audit. According to ISO 19011:2018 guidelines, what is Emily\'s most appropriate course of action in this situation, considering the need to obtain sufficient appropriate audit evidence?

Accepted Answer

Document the auditee's resistance and escalate the issue to the audit program manager or the auditee's senior management.

Question 9

A PIMS auditor, Anya Sharma, is conducting an ISO 27701 audit for \"Innovate Solutions,\" a technology firm specializing in AI-driven healthcare solutions. During the audit, Anya uncovers sensitive personal data processing activities related to a new diagnostic tool that Innovate Solutions is developing. The audit agreement includes a strict confidentiality clause. Subsequently, Anya receives a subpoena from a court, requesting all documents and data related to the Innovate Solutions audit, as part of a lawsuit alleging privacy violations against the company. The subpoena demands immediate compliance and threatens legal repercussions for non-compliance. Considering the principles of auditing outlined in ISO 19011:2018, specifically the principle of confidentiality, what is Anya\'s MOST appropriate course of action?

Accepted Answer

Inform Innovate Solutions about the subpoena, seek legal counsel to understand the subpoena's scope, and provide only the information legally required, taking steps to minimize disclosure of sensitive data.

Question 10

\"SecureFuture Inc.\", a multinational corporation operating in both the EU and California, initially established its ISO 27701-based privacy information management system (PIMS) audit program in 2022. The program focused primarily on GDPR compliance for its EU operations and CCPA compliance for its California operations. However, in early 2024, SecureFuture Inc. significantly expanded its operations to Brazil, now falling under the LGPD (Lei Geral de Proteção de Dados Pessoais) regulatory framework. Additionally, the company implemented a new AI-driven customer relationship management (CRM) system that processes a substantial amount of personal data, including sensitive categories. The recent annual audit, conducted under the existing program, revealed significant gaps in LGPD compliance and raised concerns about the data processing practices of the new AI-driven CRM system. The audit team, while proficient in GDPR and CCPA, lacked specific expertise in LGPD and AI-related privacy risks. Considering the principles of ISO 19011:2018, what is the MOST appropriate immediate action SecureFuture Inc. should take to address this situation and ensure the effectiveness of its PIMS audit program?

Accepted Answer

Conduct a comprehensive review and revision of the audit program, redefining its scope and objectives to include LGPD compliance and AI-related privacy risks, allocating resources to acquire LGPD and AI expertise within the audit team, and establishing mechanisms for continuous monitoring and improvement of the audit program's effectiveness.

Question 11

Anya Petrova, a lead auditor for a certification body, is assigned to conduct an audit of \"OmniCorp,\" an organization that has implemented an integrated management system. This system combines ISO 27701:2019 (Privacy Information Management System) with ISO 9001 (Quality Management System), ISO 14001 (Environmental Management System), and ISO 45001 (Occupational Health and Safety Management System). OmniCorp claims that integrating these systems streamlines processes and reduces audit fatigue. According to ISO 19011:2018 guidelines, what is Anya\'s MOST appropriate approach to auditing OmniCorp\'s integrated management system?

Accepted Answer

Anya should assess how the integrated system fulfills the requirements of ISO 27701:2019, considering the specific demands of ISO 9001, ISO 14001, and ISO 45001, and verify that the PIMS does not compromise the effectiveness of the other systems, while identifying overlaps, conflicts, or synergies between them.

Question 12

Anya Petrova, a lead auditor certified in ISO 27701:2019, is tasked with conducting a privacy information management system (PIMS) audit of InnovTech Solutions, a multinational corporation operating in both the EU and California, thus subject to both GDPR and CCPA. As Anya prepares for the audit, several potential scenarios arise. Considering the principles of auditing as outlined in ISO 19011:2018, which of the following scenarios most directly threatens Anya\'s adherence to the principle of \"independence\" during the audit process, potentially compromising the objectivity and impartiality of her findings? Assume all scenarios are fully disclosed to relevant parties prior to the audit commencement.

Accepted Answer

Anya provided consultancy services to InnovTech Solutions on the implementation of their PIMS, specifically advising on data flow mapping and consent management processes, within the past two years.

Question 13

Anya Sharma is the lead auditor for an upcoming ISO 27701:2019 audit at \"GlobalTech Solutions.\" During the audit planning phase, Anya realizes that Javier Rodriguez, the Data Protection Officer (DPO) at GlobalTech, who will be her main point of contact during the audit, is someone with whom she had a significant romantic relationship several years ago. While the relationship ended amicably and both have moved on, Anya is concerned about the potential impact on the perceived independence of the audit. According to ISO 19011:2018 guidelines on auditing management systems, what is the MOST appropriate course of action for Anya to take in this situation to uphold the principles of auditing?

Accepted Answer

Disclose the potential conflict of interest to the audit program manager and relevant stakeholders to determine the best course of action for maintaining audit objectivity and integrity.

Question 14

Anya, a PIMS auditor certified in ISO 27701:2019, is conducting a follow-up audit at \"DataSecure Inc.\" six months after the initial audit identified a significant nonconformity related to inadequate data encryption protocols for customer personal data. DataSecure Inc. had submitted a corrective action plan outlining the implementation of AES-256 encryption across all relevant databases and employee training on secure data handling practices. During the follow-up, Anya confirms that the AES-256 encryption has been implemented as documented, and training records indicate that all relevant employees have completed the required modules. However, recent penetration testing reports reveal a vulnerability stemming from weak key management practices that could potentially expose the encrypted data. Considering the principles of auditing outlined in ISO 19011:2018 and the need for a risk-based approach, what should Anya prioritize in her follow-up audit activities?

Accepted Answer

Conduct a thorough verification of the effectiveness of the implemented AES-256 encryption, including assessing the adequacy of key management practices and reviewing incident logs to ensure no data breaches have occurred related to the initial nonconformity.

Question 15

Anya Sharma, a lead auditor, is conducting an ISO 27701:2019 audit of \"GlobalTech Solutions,\" a multinational corporation with operations in both Europe and the United States. The audit scope includes assessing the organization\'s compliance with the General Data Protection Regulation (GDPR). During the audit, Anya discovers that GlobalTech\'s data retention policy aligns perfectly with GDPR requirements. However, she also notes that the same policy might not fully comply with the California Consumer Privacy Act (CCPA), particularly concerning the \"right to be forgotten\" and data deletion timelines. GlobalTech\'s management argues that the audit scope is limited to GDPR, and CCPA is outside the current audit\'s purview. Considering the principles of auditing outlined in ISO 19011:2018, what is Anya\'s MOST appropriate course of action?

Accepted Answer

Document the potential conflict between the data retention policy and CCPA in the audit findings and recommend that GlobalTech evaluate its policy against CCPA requirements.

Question 16

Aisha, a lead auditor for a certification body, is assigned to conduct an ISO 27701 audit for Globex Corp, a multinational technology company. During the initial audit planning meeting, Aisha realizes that Ben, the Chief Technology Officer (CTO) of Globex Corp, is a close personal friend she has known for many years. This relationship predates the audit engagement. According to ISO 19011:2018 principles and best practices for auditing privacy information management systems, what is Aisha\'s most appropriate course of action upon recognizing this potential conflict of interest to maintain audit integrity and objectivity? Consider the implications under GDPR and other relevant privacy regulations if the audit\'s impartiality is compromised.

Accepted Answer

Immediately disclose the relationship with Ben to the audit program manager and allow them to determine the appropriate course of action, which may include reassignment or additional oversight.

Question 17

Javier, the lead auditor for a certification audit of SecureFuture Solutions\' Privacy Information Management System (PIMS) based on ISO 27701:2019, discovers that his wife, Elena, is the Head of Data Governance at SecureFuture Solutions. Elena\'s role involves overseeing data policies and procedures across the organization, though she is not directly involved in the marketing department\'s data processing activities, which are the specific focus of the audit. According to ISO 19011:2018 guidelines on auditor independence and conflict of interest, what is Javier\'s MOST appropriate course of action in this situation to ensure the integrity and impartiality of the audit process, considering SecureFuture Solutions is seeking certification from an accredited certification body and must adhere to GDPR requirements regarding data protection impact assessments and accountability?

Accepted Answer

Javier should immediately disclose the relationship to both SecureFuture Solutions and the certification body and allow them to determine the appropriate course of action, including potential reassignment or implementation of additional safeguards.

Question 18

Anya, a lead auditor for a certification body, is assigned to conduct an ISO 27701 audit for \"DataSecure Solutions,\" a company specializing in cloud-based data storage. During the initial document review, Anya discovers that she was previously employed by DataSecure Solutions as a consultant and played a significant role in developing and implementing their Privacy Information Management System (PIMS) three years ago. This prior involvement was not disclosed during the audit assignment process. Considering the principles outlined in ISO 19011:2018 regarding auditor independence and objectivity, what is the MOST appropriate course of action for Anya to take in this situation to maintain the integrity of the audit process?

Accepted Answer

Disclose her prior involvement to the audit program manager and discuss potential mitigation strategies to ensure objectivity.

Question 19

During an ISO 27701 audit of \"HealthFirst,\" a healthcare provider, the auditor, Anya, discovers evidence of a significant data breach affecting thousands of patients. HealthFirst\'s management is aware of the breach but has not yet notified the relevant data protection authorities or the affected individuals, potentially violating GDPR and other applicable laws. According to ISO 19011:2018 guidelines on communication in auditing, what is Anya\'s MOST appropriate course of action?

Accepted Answer

Immediately report the data breach to the relevant data protection authorities without informing HealthFirst's management, as their inaction constitutes a clear violation of data protection laws.

Question 20

A PIMS auditor, Anya Sharma, is conducting an audit of a cloud-based data analytics company, \"Data Insights Corp,\" against ISO 27701:2019. During the audit, Anya discovers inconsistencies in the data retention policies compared to the documented procedures and observed practices. The Head of Compliance at Data Insights Corp. insists that these are minor discrepancies due to a recent system migration and urges Anya to overlook them to expedite the audit process, as the company is facing an impending regulatory deadline. Anya is also running short on time to complete the audit within the allocated budget. Considering the principles of auditing outlined in ISO 19011:2018, what is the MOST appropriate course of action for Anya to demonstrate \"Due Professional Care\" in this situation?

Accepted Answer

Anya should consult with her audit team leader, document the inconsistencies, and adjust the audit plan to allocate more time to investigate the potential nonconformities thoroughly, ensuring objective evidence is gathered and assessed.

Question 21

Javier, the lead auditor for a Privacy Information Management System (PIMS) audit based on ISO 27701:2019 and guided by ISO 19011:2018, encounters a challenge. During the audit of a multinational corporation\'s marketing department, the Head of Marketing, Ms. Tanaka, expresses strong reservations about providing the audit team with detailed data from recent marketing campaigns. Ms. Tanaka argues that the data contains sensitive marketing strategies and client information, and she fears that its exposure, even within the audit context, could compromise the company\'s competitive advantage. She suggests using summarized reports instead of raw data. Javier\'s audit scope explicitly includes verifying the effectiveness of privacy controls related to consent management and data minimization within marketing activities. Considering the principles of auditing outlined in ISO 19011:2018, what is the MOST appropriate next step for Javier to take to ensure the audit\'s integrity and adherence to the standard?

Accepted Answer

Javier should politely but firmly explain to Ms. Tanaka the importance of accessing the detailed data to fulfill the audit objectives, emphasizing the confidentiality measures in place and the alignment of the audit with legal obligations, and if resistance persists, escalate the issue to the Data Protection Officer (DPO) or a senior executive responsible for privacy to ensure access is granted.

Question 22

Anya, a lead auditor for a certification body, is assigned to conduct an ISO 27701:2019 audit for \"DataSecure Solutions,\" a cloud-based data storage company. During the audit planning phase, Anya realizes that her consulting firm provided DataSecure Solutions with privacy information management system (PIMS) implementation guidance six months prior to the audit engagement. The consulting project involved developing several key PIMS policies and procedures now being audited. Considering the principles outlined in ISO 19011:2018, what is Anya\'s most appropriate course of action to ensure the integrity and objectivity of the audit process, particularly concerning the potential conflict of interest? Assume that DataSecure Solutions is unaware of Anya\'s prior involvement.

Accepted Answer

Disclose the prior consulting engagement to both her audit team and DataSecure Solutions' management, allowing stakeholders to assess the potential impact on her objectivity and determine appropriate safeguards.

Question 23

A highly skilled and certified ISO 27701:2019 auditor, Anya Sharma, is assigned to conduct a privacy information management system (PIMS) audit for \"InnovTech Solutions,\" a multinational technology firm processing sensitive personal data of EU citizens under GDPR and subject to the California Consumer Privacy Act (CCPA). Anya possesses extensive knowledge of ISO 27701, ISO 27001, and relevant data protection regulations. However, it is discovered that Anya\'s brother, Rohan Sharma, holds the position of Chief Technology Officer (CTO) at InnovTech Solutions, directly overseeing the implementation and maintenance of the PIMS being audited. Considering the principles outlined in ISO 19011:2018, which aspect is MOST significantly compromised in this audit engagement, potentially impacting the validity and reliability of the audit findings, irrespective of Anya\'s technical competence and understanding of relevant legal frameworks?

Accepted Answer

The auditor's independence due to the familial relationship, creating a potential conflict of interest and perceived bias, even if Anya adheres to all audit procedures and ethical guidelines.

Question 24

A multinational corporation, OmniCorp, recently implemented a new privacy control related to data subject access requests (DSARs) as part of its ISO 27701-aligned Privacy Information Management System (PIMS). The internal audit department is tasked with evaluating the effectiveness of this new control. An internal auditor, Anya Sharma, is assigned to lead the audit. However, Anya previously worked in the department responsible for implementing the DSAR control and was actively involved in its design and initial rollout. She understands the intricacies of the system intimately. Anya discloses this prior involvement to the head of internal audit, Javier Rodriguez, and assures him that she can remain objective. Javier, under pressure to complete the audit quickly due to an upcoming regulatory review related to GDPR compliance, decides to proceed with Anya as the lead auditor, reasoning that her familiarity with the system will expedite the process. During the audit, Anya primarily relies on documented evidence provided by the department, conducting only limited independent verification. Considering the principles of auditing outlined in ISO 19011:2018, what is the MOST appropriate course of action in this scenario?

Accepted Answer

Reassign the audit to another auditor who has no prior involvement with the department responsible for implementing the DSAR control, ensuring independence and objectivity in the assessment.

Question 25

\"GlobalFinance Corp,\" a multinational financial institution, is planning its ISO 27701 audit program. To ensure the audit program is efficient and effective, how should the organization BEST integrate a risk management approach into the audit process?

Accepted Answer

Identify and prioritize audit areas based on the organization's risk assessment, focusing on areas with the highest potential impact on data privacy and compliance.

Question 26

A large multinational corporation, OmniCorp, is undergoing an ISO 27701:2019 audit of its Privacy Information Management System (PIMS) across its global subsidiaries. Kai, the lead auditor from an external certification body, is assessing the level of auditor independence within OmniCorp\'s internal audit team, which also conducts PIMS audits. Considering the requirements of ISO 19011:2018 regarding auditor independence, which of the following situations would most significantly raise concerns about the impartiality and objectivity of OmniCorp\'s internal PIMS auditors, potentially compromising the integrity of the audit findings and the overall credibility of OmniCorp\'s PIMS?

Accepted Answer

Several internal auditors previously held positions within OmniCorp's IT department, responsible for implementing some of the security controls now being audited, and their current reporting line goes through the Chief Information Security Officer (CISO), who also oversees the PIMS implementation.

Question 27

Anya, a lead auditor for a certification body, is assigned to conduct a follow-up audit of \"SecureData Solutions,\" a data processing organization certified against ISO 27701. During the initial audit, a significant nonconformity was identified regarding inadequate access controls to sensitive personal data, potentially violating GDPR Article 32 (Security of Processing). SecureData Solutions has since implemented corrective actions, including revised access control policies, employee training, and system configuration changes. According to ISO 19011:2018 guidelines, what is the MOST effective approach for Anya to verify the effectiveness of these corrective actions during the follow-up audit, ensuring alignment with both ISO 27701 and relevant data protection regulations?

Accepted Answer

Gathering objective evidence through document reviews, interviews, and testing to confirm that the implemented actions have eliminated the cause of the nonconformity and are consistently applied.

Question 28

Anya, a lead auditor for an ISO 27701 Privacy Information Management System (PIMS) audit, discovers a significant nonconformity related to the organization\'s data breach incident response plan. The plan lacks specific procedures for notifying affected data subjects within the timeframe stipulated by GDPR Article 34. During the closing meeting, Mr. Dubois, a high-ranking executive, approaches Anya privately and expresses concerns that reporting this nonconformity will severely damage the company\'s reputation and potentially lead to substantial financial penalties. He suggests that Anya could \"rephrase\" the finding to be less severe, framing it as an \"area for improvement\" rather than a nonconformity. He emphasizes the company\'s commitment to privacy and ongoing efforts to enhance its PIMS. Considering the principles outlined in ISO 19011:2018, which principle is MOST directly challenged by Mr. Dubois\'s request?

Accepted Answer

Fair presentation

Question 29

During the planning phase of an ISO 27701 audit for \"Global Dynamics,\" lead auditor Javier discovers that his spouse, Lena, recently accepted a senior management position within the data protection department of Global Dynamics. Javier was unaware of Lena applying for this position. Javier has always maintained a strict professional code and believes he can conduct the audit impartially. However, according to ISO 19011:2018 principles, specifically regarding due professional care, what is Javier\'s MOST appropriate course of action?

Accepted Answer

Disclose the relationship to the audit client and the audit organization, and discuss potential mitigation strategies, such as having another auditor oversee the areas related to Lena's responsibilities.

Question 30

During an ISO 27701:2019 audit of \"Globex Corp,\" a multinational pharmaceutical company processing sensitive patient data across multiple jurisdictions, lead auditor Anya Petrova discovers several instances of robust data encryption practices exceeding industry standards. However, she also uncovers a critical vulnerability in their incident response plan, which lacks specific procedures for notifying data protection authorities in accordance with GDPR\'s 72-hour breach notification requirement. Furthermore, key personnel were unavailable for interviews due to an unexpected company-wide training initiative, limiting Anya\'s ability to fully assess certain aspects of the PIMS. Which of the following approaches best exemplifies the principle of \"fair presentation\" as defined by ISO 19011:2018 in Anya\'s audit report?

Accepted Answer

Anya's report highlights Globex Corp's superior encryption practices in detail, briefly mentioning the incident response vulnerability as a minor area for improvement, and omits the challenges faced due to personnel unavailability to maintain a positive client relationship.

ISO 27701:2019 – Privacy Information Management System Auditor Free Practice Test — 30 Questions

A lot more is already mapped out

About the ISO 27701:2019 – Privacy Information Management System Auditor Certification