Guest user Created: Mar 30, 2017 Last commented: Mar 30, 2017

Root cause analysis on ISO 27001

We received this question: Are root cause analysis is not mandatory on ISO 27001:2013?

0 0

Assign topic to the user

Select user

Rhand Leal Mar 30, 2017

Answer: Root cause analysis is a mandatory requirement for ISO 27001:2013, as defined in clause 10.1 b) 1). This clause requires a nonconformity to be evaluated to identify the need to implement actions to eliminate root causes to prevent recurrence, or occurrence elsewhere, of the same nonconformity.

This article will provide you further explanation about handling non conformities:
- Practical use of corrective actions for ISO 27001 and ISO 22301 https://advisera.com/27001academy/blog/2013/12/09/practical-use-of-corrective-actions-for-iso-27001-and-iso-22301/

These materials will also help you regarding handling non conformities:
- Book Secure & Simple: A Small-Business Guide to Implementing ISO 27001 On Your Own https://advisera.com/books/secure-and-simple-a-small-business-guide-to-implementing-iso-27001-on-your-own/
- Free online training ISO 27001 Foundations Course https://advisera.com/training/iso-27001-foundations-course/

Quote

0 0

Guest

dimazm Mar 30, 2017

but on Procedure_for_Corrective_Action_EN.docx not mention any root cause analysis and how to implement it.

Quote

0 0

Comment as guest or Sign in

HTML tags are not allowed

Name *

Email *

I accept the Privacy and Terms

Notify me when someone replies

Mar 30, 2017

Expert Advice Community