Corrective Action Plan
I have a confusion on CAP sheet, is this made after audit or can it be included in the Audit Sheet or is it completely separate? (Read https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/) but not able to clarify.
Assign topic to the user
ISO 27001 RISK ASSESSMENT TABLE
Implement risk register using catalogues of vulnerabilities and threats.
Get it now 
ISO 27001 RISK ASSESSMENT TABLE
Implement risk register using catalogues of vulnerabilities and threats.
Get it now
ISO 27001 RISK ASSESSMENT TABLE
Implement risk register using catalogues of vulnerabilities and threats.
Get it now
In fact the three alternatives can happen:
- a Corrective Action Plan (CAP) can be elaborated after an audit, when the auditor formally states the nonconformities
- in some cases, depending on the auditor approach, a CAP can be elaborated during the audit
- a CAP can be elaborated after someone reports a nonconformity during normal operations, i.e., not associated to an audit activity
Please note that on all cases the purpose of the CAP is the same, to eliminate the causes of identified nonconformities
Comment as guest or Sign in
Aug 30, 2019