Corrective action in ISO
In the templates, you provided us, in 12 procedure for corrective action, there is nothing in the document on preventive actions, is that no longer an ISO requirement? The only thing in there is corrective actions, this is also reflected in the 12.1 form
Assign topic to the user
ISO 27001:2013 does not have requirements for preventive actions, however, preventive actions are in fact included in the risk assessment and treatment because the essence of risk management is to recognize a potential problem before it happens, and by treating it to prevent such an incident from happening.
- Where to start from with ISO 27001 https://advisera.com/27001academy/knowledgebase/iso-27001-where-to-start-most-important-materials/
- Risk-based thinking replacing preventive action in ISO 9001:2015 – The benefits https://advisera.com/9001academy/blog/2015/09/08/risk-based-thinking-replacing-preventive-action-in-iso-90012015-the-benefits/
Comment as guest or Sign in
May 18, 2020