Corrective actions
How an auditor can verify that agreed corrective actions have been effectively implemented?
Assign topic to the user
For every proposed corrective action the auditor must look for implementation evidence.
For example, if the proposed action is training, the auditor must look for certifications, attendance lists, or interview employees about the training topic. If the proposed action is a system update, the auditor must look for a change record or information about which is the most updated version of the system and verify if it is the same version in the system. If the proposed action is the installation of a CCTV system, the auditor must look for the installed cameras and see if they are operational.
This article will provide you further explanation about Corrective actions:
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
Comment as guest or Sign in
Apr 23, 2020