Corrective action logs
We are working on the ISO 27001 implementation and one of the questions that popped out to us is about the corrective action logs.
May I know what are the requirements of the corrective action logs? What elements should them be included?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
The corrective action log in general contains a unique identification (e.g., number or code), the description of the non-conformity, identification of similarly identified nonconformities, actions to be implemented, and identification of approver and implementer.
If you need evidence of the actions that follow, at least the following information needs to be recorded:
- the nature of the nonconformities and actions taken
- the results of corrective actions performed
For example, if the nature of the nonconformity is about lack of competence, the proposed action could be training, and the results to be recorded would be certifications, attendance lists, or interviews with employees about the training topic.
This article will provide you with a further explanation about corrective actions:
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
Comment as guest or Sign in
Mar 04, 2023