graphgrc

ISO 27001 - 10 - Improvement

10.1

Continual improvement

The organization shall continually improve the suitability, adequacy and effectiveness of the information security management system

Mapped SCF controls

10.2.a

Nonconformity and corrective action, part a)

When a nonconformity occurs, the organization shall: react to the nonconformity, and as applicable: take action to control and correct it; and deal with the consequences.

Mapped SCF controls

10.2.b

Nonconformity and corrective action, part b)

When a nonconformity occurs, the organization shall: evaluate the need for action to eliminate the causes of nonconformity, in order that it does not recur or occur elsewhere, by: reviewing the nonconformity; determining the causes of the nonconformity; and determining if similar nonconformities exist, or could potentially occur.

Mapped SCF controls

10.2.c

Nonconformity and corrective action, part c)

When a nonconformity occurs, the organization shall: evaluate the need for action to eliminate the causes of nonconformity, in order that it does not recur or occur elsewhere, by: implement any action needed.

Mapped SCF controls

10.2.d

Nonconformity and corrective action, part d)

When a nonconformity occurs, the organization shall: review the effectiveness of any corrective action taken.

Mapped SCF controls

10.2.e

Nonconformity and corrective action, part e)

When a nonconformity occurs, the organization shall: make changes to the information security management system, if necessary.

Mapped SCF controls

10.2.f

Nonconformity and corrective action, part f)

Corrective actions shall be appropriate to the effects of the nonconformities encountered. The organization shall retain documented information as evidence of: the nature of the nonconformities and any subsequent actions taken.

Mapped SCF controls

10.2.g

Nonconformity and corrective action, part g)

Corrective actions shall be appropriate to the effects of the nonconformities encountered. The organization shall retain documented information as evidence of: the results of any corrective action.

Mapped SCF controls