Continual
Improvement
The organization shall regularly
improve the effectiveness of the Information
security management system (ISMS) through the employment of the data
security policy, information security objectives, audit results, analysis of
monitored events, corrective and preventive actions and management review.
Corrective
Action
The organization shall take
action to eliminate the reason for nonconformities with the ISMS necessities so
as to stop repeat. The documented procedure for corrective action shall outline
necessities for:
- Identifying nonconformities
- Determining the causes of nonconformities
- Evaluating the requirement for actions to make sure that nonconformities don't recur
- Determining and implementing the corrective action needed
- Recording results of action taken and
- Reviewing of corrective action taken.
Preventive
Action
The organization shall confirm
action to eliminate the reason for potential nonconformities with the information security management system requirements so as to stop their prevalence.
Preventive actions taken shall be acceptable to the impact of the potential
issues. The documented procedure for preventive action shall outline
necessities for:
- Identifying potential nonconformities and their causes
- Evaluating the requirement for action to stop prevalence of nonconformities
- Determining and implementing preventive action needed
- Recording results of action taken and
- Reviewing of preventive action taken.
The organization shall determine
modified risks and determine preventive action necessities focusing attention
on considerably modified risks.
1 comments:
Thanks for sharing this post.
ISO 27001 in Iraq
Post a Comment