ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now 
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now
ISO 27001 RISK TREATMENT PLAN
Determine responsibilities for the implementation of controls.
Get it now
1.- Recently we had a transition Audit we had a Audit finding related to clause 7.4 "communication -No clear reference within ISMS doc. How this is to be managed".
2.- What is the difference between the template for CAPA & CAR ?
Answer:
Point 1: There is no mandatory to have a document for the communications, but you can read this article How to create a Communication Plan according to ISO 27001 : https://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/
Point 2: The first is the procedure, and the second is the record. In the new revision of the standard (ISO 27001:2013) there is no preventive actions (has been deleted from the old version), so you do not need to manage preventive actions (although the risk management is a global preventive action). So, you only need a procedure, an a template for the register of corrective actions. Finally, I recommend you to read t his article "Practical use of corrective actions for ISO 27001 and ISO 22301" : https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
Comment as guest or Sign in
Jan 12, 2016