Treatment process and documentation of identified non-conformities

Critical
High
Normal
Low

From the point of view of the information security management system, non-conformities are situations in which:

  • the organisation's security requirements are not matched by the management system
  • the procedures, tasks or guidelines defined in the management system are not complied with in the organisation's day-to-day operations

In systematic security work, all detected non-conformities must be documented. To treat the non-conformity, the organization must identify and implement improvements that correct it.

Connected other frameworks and requirements:
10.2: Non-conformity and corrective action
ISO 27001
No items found.