Expert Advice Community

Nonconformities and corrections identified during and audit

  Quote
TracyS Created:   Jul 07, 2020 Last commented:   Jul 09, 2020

Nonconformities and corrections identified during and audit

Can you record nonconformities and corrections in the same document that you are using to capture risks?  Example is that we have a risk register spreadsheet which covers all requirements and would like to only have one document capturing all of this if it is allowed.

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jul 09, 2020

ISO 27001 does not prescribe how to develop documents, so you can record nonconformities and corrections in the same document that you are using to capture risks, but we do not recommend such an approach.

The reason is that, if nonconformities and risks are in the same document, persons looking for one type of information would have unnecessary access to the other and this can compromise confidentiality.

Moreover, risks and nonconformities are very different types of information, and this is also why it makes sense to keep them separate. 

This article will provide you a further explanation about records management:

These materials will also help you regarding records management:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jul 07, 2020

Jul 09, 2020

Suggested Topics

Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits

Guest user Created:   Oct 31, 2023 ISO 27001 & 22301
Replies: 1
0 0

Audit report