A corrective action is a documented response to a nonconformity identified in the ISMS, whether through an internal audit, external audit, or other mechanism. ISO 27001 requires organizations to investigate the root cause of each nonconformity, take actions to eliminate the root cause and prevent recurrence, and verify that corrective actions were effective. Corrective action records must be retained and available during audits.
Keep Exploring