Should nonconformities undergo a documented risk assessment / analysis?
After purchasing ISO27001 templates and following your training it is not completely clear to me if ISO27001 obligates that nonconformities need to undergo a risk assessment / analysis and that this needs to be documented.
Can you clarify this? Thanks.
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 does not prescribe risk assessment to be performed over identified nonconformities, so a company is not obliged to perform it.
This article will provide you with further explanation about handling non-conformities:
- Complete guide to corrective action vs. preventive action https://advisera.com/articles/complete-guide-to-corrective-action-vs-preventive-action/
Comment as guest or Sign in
Jun 21, 2023