Ads 468x60px


Monday, 28 April 2014

Action to be Taken for Improvement of ISMS

Continual Improvement
The organization shall regularly improve the effectiveness of the Information security management system (ISMS) through the employment of the data security policy, information security objectives, audit results, analysis of monitored events, corrective and preventive actions and management review.

Corrective Action
The organization shall take action to eliminate the reason for nonconformities with the ISMS necessities so as to stop repeat. The documented procedure for corrective action shall outline necessities for: 

  • Identifying nonconformities 
  •  Determining the causes of nonconformities 
  •  Evaluating the requirement for actions to make sure that nonconformities don't recur    
  •  Determining and implementing the corrective action needed 
  •  Recording results of action taken and 
  •  Reviewing of corrective action taken.

Preventive Action
The organization shall confirm action to eliminate the reason for potential nonconformities with the information security management system requirements so as to stop their prevalence. Preventive actions taken shall be acceptable to the impact of the potential issues. The documented procedure for preventive action shall outline necessities for: 

  • Identifying potential nonconformities and their causes 
  •  Evaluating the requirement for action to stop prevalence of nonconformities
  •  Determining and implementing preventive action needed
  •  Recording results of action taken and 
  •  Reviewing of preventive action taken.

The organization shall determine modified risks and determine preventive action necessities focusing attention on considerably modified risks.


Hafeezriyas said...

Thanks for sharing this post.
ISO 27001 in Iraq

Post a comment