Save 20% on accredited ISO 27001 course exams.
Limited-time offer – ends July 18, 2024
Use promo code:
EXAM20

Expert Advice Community

Guest

Handling non-conformities

  Quote
Guest
Guest user Created:   Mar 13, 2018 Last commented:   Mar 13, 2018

Handling non-conformities

I have a few major and minor non conformances from my certification audit which stems from outsourced services.Do o need to prepare a root cause analysis for outsourced services?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 13, 2018

Answer: According to ISO 27001, clause 10.1 b) 2), causes of nonconformities shall be determined in order to evaluate the need to take action to eliminate them and prevent nonconformities recurrence, or occurrence elsewhere. Considering that, since the outsourced services are affecting your ISMS, a root cause analysis must be performed.

This article will provide you further explanation about handling nonconformities:
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/
- 6-step process for handling supplier security according to ISO 27001 https://advisera.com/27001academy/blog/2014/06/30/6-step-process-for-handling-supplier-security-according-to-iso-27001/

These materials will also help you regarding handling nonconformities:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 13, 2018

Mar 13, 2018