Improvement (10.0)

10.1 - Nonconformity and Corrective Action

When a nonconformity occurs, the organisation shall

• React to the nonconformity, and as applicable
  • Take action to control and correct it, and
  • Deal with the consequences
• Evaluate the need for action to eliminate the causes of nonconformity, in order that it does not recur or occur elsewhere by:
  • Reviewing the nonconformity
  • Determining the causes of nonconformity, and
  • Determining if similar nonconformities exist, or could potentially occur.
• Implement any action needed
• Review the effectiveness of any corrective action taken, and
• Make changes to the ISMS, if necessary.

Corrective actions shall be appropriate to the effects of the nonconformities encountered.

The organisation shall retain documented information as evidence of:

• The nature of the nonconformities and any subsequent actions taken
• The results of any corrective action.

10.2 - Continual Improvement

The organisation shall continually improve the suitability, adequacy and effectiveness of the ISMS.