Content library
NIS2 Directive
21.4: Non-conformities and corrective actions

How to fill the requirement

NIS2 Directive

21.4: Non-conformities and corrective actions

Task name
Priority
Status
Theme
Policy
Other requirements
Continuous improvement and documentation
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Cyber security management
10
requirements

Task is fulfilling also these other security requirements

PR.IP-7: Protection processes
NIST
10.1: Continuous improvement
ISO27k1 Full
CC4.2: Evaluation and communication of internal control deficiencies
SOC 2
21.4: Non-conformities and corrective actions
NIS2
1.5.2: External review of ISMS
TISAX
1. Task description

The organization shall continuously strive to improve the performance of the information security management system. Ways to improve are being actively sought - not just through audits or clear non-conformities.

Task owner is responsible for documenting the improvements made to the management system and dividing them into tasks to be performed, monitoring task execution and assessing the reached effects.

Treatment process and documentation of identified non-conformities
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Risk management
11
requirements

Task is fulfilling also these other security requirements

10.2: Non-conformity and corrective action
ISO27k1 Full
23: Häiriöiden- ja poikkeamienhallintaprosessi
Sec overview
CC4.2: Evaluation and communication of internal control deficiencies
SOC 2
21.4: Non-conformities and corrective actions
NIS2
P8.1: Periodic monitoring of privacy compliance
SOC 2
1. Task description

From the point of view of the information security management system, non-conformities are situations in which:

  • the organisation's security requirements are not matched by the management system
  • the procedures, tasks or guidelines defined in the management system are not complied with in the organisation's day-to-day operations

In systematic security work, all detected non-conformities must be documented. To treat the non-conformity, the organization must identify and implement improvements that correct it.

No items found.