ISO 27001 Clause 10.1 Non conformity and corrective action
Required activity ISO 27001 Clause 10.1 Non conformity and corrective action, Clause 10 containing sections 10.1 and 10.2 covers the “Act” part W. Edwards Deming’s Plan-Do-Check-Act (PDCA) cycle. This clause helps an organisation react to nonconformities, evaluate them and take corrective actions with the end goal of continually improving how it runs its daily activities. Explanation Nonconformity may be a non-fulfilment of a requirement of the ISMS. Nonconformity cannot always be avoided, because mistakes do happen in an organisation; however, what is important is that the issue is identified and handled accordingly when it presents itself. Requirements are needs or expectations that are stated, implied or obligatory. There are several types of nonconformities such as: Failure to fulfil a requirement (completely or partially) of ISO/IEC 27001 within the ISMS; Failure to properly implement or conform to a requirement, rule or control stated by the ...