Corrective actions
Assign topic to the user
Answer:
Regarding the first question, yes, it is necessary, because in accordance with the point 10.1 you need to eliminate the causes of a nonconformity, so if a nonconformity has been detected during an internal audit, you need to define corrective actions, and in the corrective actions you need to identify the causes of the nonconformity.
Regarding the second question, KPIs are not mandatory in ISO 27001:2013, so there is no clause directly related to KPIs in ISO 27001:2013, although in accordance with the clause 9.1 you need to establish a way to measure the ISMS, and a KPI can help you (but it is not only the unique way). This article can be interesting for you “How to perform monitoring and measurement in ISO 27001” : https://advisera.com/27001academy/blog/2015/06/08/how-to-perform-monitoring-and-measurement-in-iso-27001/
And our online course can be also interesting for you, because we give more information about the measurement of an ISMS “ISO 27001:2013 Foundations Course” : https://advisera.com/training/iso-27001-foundations-course/
Comment as guest or Sign in
Jul 21, 2016