Guest post Created: Jan 12, 2016 Last commented: Jan 12, 2016

NonConformities and Potential Imrovements

Hello, We are now in the course of updating our ISMS documents to comply with the new version of ISO 27001:2013, and I need a help regarding the corrective action procedure: In our current procedure, we are managing both non conformities and potential improvements, and according to the new version, the potential non confromity and preventive action are no more required, so how can we manage the potential improvements raised by employees or raised during the internal audit for example?

0 0

Assign topic to the user

Select user

Guest

DejanK Jan 12, 2016

The 2013 revision of ISO 27001 does not restrict you from using potential improvements in your procedures - therefore, if this system works fine in your company, you should leave it as it is.

Quote

0 0

Guest

Guest post Jan 12, 2016

CAn I keep the procedure as it is "ISMS Corrective and preventive action procedure", whch handle both corrective and preventive actions, even if it's no more required by the standard?

Quote

0 0

Guest

AntonioS Jan 12, 2016

Yes, you can do it! Although as you know, preventive actions are not mandatory in the new version (ISO 27001:2013)

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jan 12, 2016

Expert Advice Community