Expert Advice Community

Guest

Root cause analysis on ISO 27001

  Quote
Guest
Guest user Created:   Mar 30, 2017 Last commented:   Mar 30, 2017

Root cause analysis on ISO 27001

We received this question: Are root cause analysis is not mandatory on ISO 27001:2013?
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Mar 30, 2017

Answer: Root cause analysis is a mandatory requirement for ISO 27001:2013, as defined in clause 10.1 b) 1). This clause requires a nonconformity to be evaluated to identify the need to implement actions to eliminate root causes to prevent recurrence, or occurrence elsewhere, of the same nonconformity.

This article will provide you further explanation about handling non conformities:
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/

These materials will also help you regarding handling non conformities:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote
0 0
Guest
dimazm Mar 30, 2017

but on Procedure_for_Corrective_Action_EN.docx not mention any root cause analysis and how to implement it.

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Mar 30, 2017

Mar 30, 2017