Guest user Created: Jul 21, 2016 Last commented: Jul 21, 2016

Corrective actions

Is it necessary to mention the root cause analysis in the corrective actions of an internal audit? whether there is clause in the standard requiring companies to document their KPIs?

0 0

Assign topic to the user

Select user

Guest

Antonio Jose Segovia Jul 21, 2016

Answer:
Regarding the first question, yes, it is necessary, because in accordance with the point 10.1 you need to eliminate the causes of a nonconformity, so if a nonconformity has been detected during an internal audit, you need to define corrective actions, and in the corrective actions you need to identify the causes of the nonconformity.

Regarding the second question, KPIs are not mandatory in ISO 27001:2013, so there is no clause directly related to KPIs in ISO 27001:2013, although in accordance with the clause 9.1 you need to establish a way to measure the ISMS, and a KPI can help you (but it is not only the unique way). This article can be interesting for you “How to perform monitoring and measurement in ISO 27001” : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/

And our online course can be also interesting for you, because we give more information about the measurement of an ISMS “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jul 21, 2016

Expert Advice Community