Secure Controls Framework
Download The SCF
ISO 27001

What is a corrective action under ISO 27001?

Direct Answer

A corrective action is a documented response to a nonconformity identified in the ISMS, whether through an internal audit, external audit, or other mechanism. ISO 27001 requires organizations to investigate the root cause of each nonconformity, take actions to eliminate the root cause and prevent recurrence, and verify that corrective actions were effective. Corrective action records must be retained and available during audits.

Keep Exploring

Relevant Resources

References

Authoritative Sources