1.- Recently we had a transition Audit we had a Audit finding related to clause 7.4 "communication -No clear reference within ISMS doc. How this is to be managed".
2.- What is the difference between the template for CAPA & CAR ?
Answer:
Point 1: There is no mandatory to have a document for the communications, but you can read this article How to create a Communication Plan according to ISO 27001 : https://advisera.com/27001academy/blog/2014/10/27/how-to-create-a-communication-plan-according-to-iso-27001/
Point 2: The first is the procedure, and the second is the record. In the new revision of the standard (ISO 27001:2013) there is no preventive actions (has been deleted from the old version), so you do not need to manage preventive actions (although the risk management is a global preventive action). So, you only need a procedure, an a template for the register of corrective actions. Finally, I recommend you to read t his article "Practical use of corrective actions for ISO 27001 and ISO 22301" : https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
Comment as guest or Sign in
Jan 12, 2016