Non-Comformity and Corrective Action

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Time
7 hours 56 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:01
module eight.
00:05
During this module, we will cover close tin improvement,
00:12
listen 8.1
00:14
nonconformity and corrective action.
00:21
During this lesson, we will cover what a non conformity is
00:25
as well as how one can detect a non conformity.
00:34
This lesson pertains to close 10.1.
00:39
We've mentioned a couple of times already that one of the most important underpinning items within your ice mess is a culture off continual improvement,
00:48
detecting when things don't work as they should, and putting measures in place to address. That is where Clause 10 comes into play.
00:57
Nonconformity, ease or when something in your eyes Miss hasn't gone according to plan.
01:03
For example,
01:03
your organization is supposed to perform user access reviews on a monthly basis.
01:10
But this month, John from Finance didn't complete his user access review.
01:17
This is, in essence, a controlled breakdown,
01:19
but with a nice mess. This is called a non conformity
01:25
nonconformity. These should be raised for anything that doesn't happen as it should
01:30
in orderto wants to see nonconformity, ease and what was done to fix them.
01:37
Having zero nonconformity is does not mean you have a perfect isom is and everything is going well
01:44
what it rather says is there is not enough monitoring or attention being paid to see it. When something isn't going according to plan,
01:52
there are always areas of improvement,
01:55
so having nonconformity is
01:57
and being able to demonstrate that these were properly corrected
02:00
is a key point of having a nice mace.
02:04
Please don't just raise nonconformity, ease and not do anything about them.
02:08
It is important that only valid nonconformity zehr raised
02:13
and that appropriate corrective action for these has taken.
02:17
So what exactly counts as a non conformity?
02:22
A nonconformity can be a partial or total failure to fulfill a specific requirement off ISO 27,001 in your ice mess.
02:32
It can also be an incorrect or failing implementation off a requirement or control within the ice a mess.
02:42
Or it could even be a partial or total non compliance to customer requirements or contractual obligations.
02:57
Nonconformity is can happen anywhere, any time.
03:00
This is normal.
03:01
The important part here is that your ice messes structured and operating so well that it takes these nonconformity is almost immediately
03:09
and can feed them back into the necessary risk management and treatment processes to be addressed as quickly as possible.
03:19
Each nonconformity needs to have a corrective action identified
03:23
in the next section. We will cover an example of documenting a nonconformity
03:28
and determining a corrective action for it.
03:32
So how does one go about detecting a nonconformity?
03:37
This can be noted through a breakdown in controls
03:40
controls that are not effective and have not been effectively remediated.
03:46
Information security incidents that occur and show weaknesses in specific controls
03:53
failing to achieve specified objectives.
03:59
Internal ordered findings
04:02
on the internal ordered findings. This is this could be from any internal order that has taken place, which is specific to items that fall within your ice mess scope.
04:13
So
04:14
internal order. It can mean your internal ordered specifically for your ice mess,
04:19
or it can mean a penetration test or a vulnerability assessment
04:25
or a group he ordered. That was done.
04:29
If any of these findings from these audits show control breakdowns or non conformity ease,
04:35
then this feeds into your nonconformity process
04:40
management review findings
04:43
as well as monitoring and measuring efforts
04:46
which could show that certain areas are not meeting their specified targets.
04:58
To recap
04:59
in this lesson, we covered what a non conformity is
05:01
and learned it is essentially a breakdown of a control or non adherence to a specific requirement.
05:09
We also looked at the various ways in which a nonconformity can be detected,
05:15
usually at the end of each lesson. We also have covered required documentation.
05:20
The required documentation for this will be covered in the next lesson.
Up Next