7 hours 52 minutes
pending a nonconformity and its corrective actions.
In this lesson, we will cover what to document for a non conformity
as well as corrective action steps to be taken.
I'm sure I've mentioned it previously in one of the lessons,
but go and check out the I So forum for great tips and example documents for your ice amiss.
The link is provided on the screen,
but you can also Google them.
Nonconformity is maybe documented in the form of incidents that arise from your organization's incident management processes, ordered findings, complaints and so forth.
If you want to keep consistency within your organization,
having all of these transferred to nonconformity or corrective action reports
will be a way to go about that.
In addition to having a document for each nonconformity noted,
it could be useful to have a register of nonconformity ease,
basically a sort of index.
So when you are dealing with hundreds of nonconformity, ease
having a centralized register would make tracking and keeping on top of the corrective actions a lot easier.
You can also then neatly file and link all the evidence for a particular nonconformity within the register to make it easier to access.
This will especially help you during an audit when an auditor can pick and choose any of the nonconformity ease and they're supporting information that he wants to see
the final results awful. The corrective actions
should also be linked here,
where corrective actions have been successfully implemented and verified to be effective and addressing the root cause.
There should be some sort of sign off from an appropriate stakeholder demonstrating approval and close out off the non conformity.
So you're nonconformity Document,
which is also known as an N C a R form.
It's for non conformity and corrective action report
include the following information in this document
the nonconformity number.
This is a unique identify for a specific nonconformity
structure This number anyway you want but ensure that it is sequential
and then it generates a unique number For each nonconformity raised
the date that the nonconformity was discovered,
a description off the non conformity.
The source off the nonconformity in terms off where it was detected,
for example, was
yes. This nonconformity identified from an internal audit,
a process nonconformity a customer complaint,
What the immediate remedial action for the non conformity is
this means the immediate action
to prevent further damage from being caused from the non conformity.
So, for example,
if you're non conformity
is a virus outbreak on one of your computers,
the immediate remedial action would be to disconnect that device from the network to prevent it spreading.
You would also include details about the investigation into the root cause of the non conformity.
So in the anti virus example or the virus infection example. Rather,
you would want to find out what was the root cause
off that machine getting a virus. Was it because it was
running with out of date antivirus signatures?
Did the users stick a flash drive in that had
some sort of virus on it to the virus come by email? Where did it originate from?
Once you understand the root cause, you will understand how better to treat the nonconformity on ensure that it doesn't occur again.
The next thing that you would want to document is the proposed corrective action to address the root cause.
So, for example,
if the virus came from
a flash drive being plugged in,
you would probably want to go and make sure that all machines are in fact receiving updates from the anti virus engine as and when they should,
and also that it is configured to automatically scan removable media upon insertion and to not auto play any files.
A more stringent measure would be to disallow USB access altogether.
The approval of the proposed corrective action needs to be documented and formally signed off by an appropriate stakeholder.
And once the
corrective action has been implemented and completed,
you would go back to your nonconformity documentation
and ensure that it is updated with a confirmation that the corrective action was sufficient.
This is a post corrective action
implemented confirmation, and we would also require formal sign off from an appropriate designated stakeholder.
The main output, once a non conformity is detected, is the corrective action form that comes from it.
The shows that there are processes in place to detect when something within the ice Amis is not working as planned
and that steps have been taken to correct this.
This feeds into the continual improvement process,
although we'll get into that specific process in more detail in the next lesson,
as the creative action is making something better,
which will hopefully prevent the same nonconformity from occurring again in the future.
A corrective action can have both an immediate leg as well as a corrective action that might require some project planning and a lengthy affects.
Think about the virus example that we spoke about in the previous slide.
It is important to maintain old documentation pertaining to nonconformity. Ease
on the previous side, we spoke about what you need to document for a non conformity.
It is also important to maintain evidence pertaining to the corrective actions, whatever that may be.
In other words, the proof that the corrective action was carried out as it should.
Your auditors would usually test on a sample basis so they could pick any nonconformity
or multiple one. Conformity, ease
and want to see ALS the supporting evidence to get comfort that the process is operating as intended.
So what is the corrective steps to be taken once a non conformity is detected
you would want to determine if corrective action is required based on the non conformity severity.
Assess the nonconformity and determine if it is a repeat event.
Determine the impact as well as the implications off the non conformity
some will be more serious than others.
Performer Root cause analysis to identify all potential causes that led to the non conformity
analysis off any consequences that may arise on the ice mess and, if there is a possibility, possibility for similar nonconformity. Ease to occur in other areas.
Next, identify the creative actions to address the nonconformity immediately,
as well as those required to address the root cause.
Prioritize your corrective actions and implement according to your priority set.
Assess the corrective actions to ensure that the cause has been effectively remediated.
In this lesson, we covered which components need to make up your noncompliance and corrective action report or your N C A R form.
We also covered what steps should be taken to plan and execute the identified corrective actions.
Kali Linux Fundamentals
In this Kali Linux course you will learn about the industry standard tool for penetration ...
1 CEU/CPE Hours Available
Certificate of Completion Offered
CompTIA Security+ 501
Empower yourself as a security professional by gaining the fundamental knowledge for securing a network ...