Guest
Should nonconformities undergo a documented risk assessment / analysis?
After purchasing ISO27001 templates and following your training it is not completely clear to me if ISO27001 obligates that nonconformities need to undergo a risk assessment / analysis and that this needs to be documented.
Can you clarify this? Thanks.
Assign topic to the user
Expert
Rhand Leal
Jun 21, 2023
ISO 27001 does not prescribe risk assessment to be performed over identified nonconformities, so a company is not obliged to perform it.
This article will provide you with further explanation about handling non-conformities:
- Complete guide to corrective action vs. preventive action https://advisera.com/articles/complete-guide-to-corrective-action-vs-preventive-action/
Comment as guest or Sign in
Jun 21, 2023
Jun 21, 2023
Jun 21, 2023