Guest user Created: Mar 13, 2018 Last commented: Mar 13, 2018

Handling non-conformities

I have a few major and minor non conformances from my certification audit which stems from outsourced services.Do o need to prepare a root cause analysis for outsourced services?

0 0

Assign topic to the user

Select user

Expert

Rhand Leal Mar 13, 2018

Answer: According to ISO 27001, clause 10.1 b) 2), causes of nonconformities shall be determined in order to evaluate the need to take action to eliminate them and prevent nonconformities recurrence, or occurrence elsewhere. Considering that, since the outsourced services are affecting your ISMS, a root cause analysis must be performed.

This article will provide you further explanation about handling nonconformities:
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

These materials will also help you regarding handling nonconformities:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 13, 2018

Expert Advice Community