Scribd Logo
Upload

Welcome to Scribd!

  • 10 Clause

    Uploaded by

    Isaiah
    6 views1 page
    When a nonconformity occurs, the organization must take action to control and correct it, deal with the consequences, review the causes of nonconformity to determine if similar issues exist elsewhere, implement any necessary actions, review the effectiveness of corrective actions, and update the information security management system if needed. Corrective actions should be appropriate to the effects of the nonconformity. The organization must retain documented evidence of the nature of nonconformities, subsequent actions taken, and results of any corrective actions. The organization shall also continually improve the suitability, adequacy and effectiveness of the information security management system.

    Original Description:

    27001 10 clause

    Original Title

    27001 10 clause

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    When a nonconformity occurs, the organization must take action to control and correct it, deal with the consequences, review the causes of nonconformity to determine if similar issues exist elsewhere, implement any necessary actions, review the effectiveness of corrective actions, and update the information security management system if needed. Corrective actions should be appropriate to the effects of the nonconformity. The organization must retain documented evidence of the nature of nonconformities, subsequent actions taken, and results of any corrective actions. The organization shall also continually improve the suitability, adequacy and effectiveness of the information security management system.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    6 views1 page

    10 Clause

    Uploaded by

    Isaiah
    When a nonconformity occurs, the organization must take action to control and correct it, deal with the consequences, review the causes of nonconformity to determine if similar issues exist elsewhere, implement any necessary actions, review the effectiveness of corrective actions, and update the information security management system if needed. Corrective actions should be appropriate to the effects of the nonconformity. The organization must retain documented evidence of the nature of nonconformities, subsequent actions taken, and results of any corrective actions. The organization shall also continually improve the suitability, adequacy and effectiveness of the information security management system.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 1

    10 Improvement

    10.1 Nonconformity and corrective action


    When a nonconformity occurs, the organization shall:
    a) react to the nonconformity, and as applicable:
    1) take action to control and correct it; and
    2) deal with the consequences;
    b) evaluate the need for action to eliminate the causes of
    nonconformity, in order that it does not
    recur or occur elsewhere, by:
    1) reviewing the nonconformity;
    2) determining the causes of the nonconformity; and
    3) determining if similar nonconformities exist, or could potentially
    occur;
    c) implement any action needed;
    d) review the effectiveness of any corrective action taken; and
    e) make changes to the information security management system, if
    necessary.
    Corrective actions shall be appropriate to the effects of the
    nonconformities encountered.
    The organization shall retain documented information as evidence
    of:
    f) the nature of the nonconformities and any subsequent actions
    taken, and
    g) the results of any corrective action.
    10.2 Continual improvement
    The organization shall continually improve the suitability, adequacy
    and effectiveness of the
    information security management system.

    You might also like