sujansuresh Created: Jun 23, 2016 Last commented: Jun 24, 2016

RARTP vs NCPA

Risk Assessment and Risk Treatment Vs Non-conformities Corrective and Preventive Actions: How dos the play an impact in real-time? Can someone give me a real-time example on how things move around with these two. TIA

0 0

Assign topic to the user

Select user

Expert

Dejan Kosutic Jun 24, 2016

The purpose of risk assessment / risk treatment is to prevent incidents from happening, while the purpose of corrective actions is to prevent nonconformities to re-occur.

Security incidents are when the confidentiality, integrity and availability of your information is endangered (e.g., hacker attack); nonconformities are when some of your internal rules have not been complied with (e.g., not performing the backup according to the Backup procedure).

These articles will help you:
- How to handle incidents according to ISO 27001 A.16 https://advisera.com/27001academy/blog/2015/10/26/how-to-handle-incidents-according-to-iso-27001-a-16/
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/

See also this free online course that will teach you everything about the standard: ISO 27001 Foundations Course: https://advisera.com/training/iso-27001-foundations-course/

Quote

0 1

Guest

sujansuresh Jun 27, 2016

Thanks for the help! It cleared the doubt :-)

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Jun 23, 2016

Jun 27, 2016

Expert Advice Community

RARTP vs NCPA

RARTP vs NCPA

Assign topic to the user

Comment as guest or Sign in

Suggested Topics

Can a company be certified by someone who works for them?

Asset and Risk Owners - can it be a role and also a name of an employee

ISO 27001 2013 vs. 2022 revision