The organization shall continuously strive to improve the performance of the information security management system. Ways to improve are being actively sought - not just through audits or clear non-conformities.
Task owner is responsible for documenting the improvements made to the management system and dividing them into tasks to be performed, monitoring task execution and assessing the reached effects.
From the point of view of the information security management system, non-conformities are situations in which:
In systematic security work, all detected non-conformities must be documented. To treat the non-conformity, the organization must identify and implement improvements that correct it.