During this module, we will cover close tin improvement,
nonconformity and corrective action.
During this lesson, we will cover what a non conformity is
as well as how one can detect a non conformity.
This lesson pertains to close 10.1.
We've mentioned a couple of times already that one of the most important underpinning items within your ice mess is a culture off continual improvement,
detecting when things don't work as they should, and putting measures in place to address. That is where Clause 10 comes into play.
Nonconformity, ease or when something in your eyes Miss hasn't gone according to plan.
your organization is supposed to perform user access reviews on a monthly basis.
But this month, John from Finance didn't complete his user access review.
This is, in essence, a controlled breakdown,
but with a nice mess. This is called a non conformity
nonconformity. These should be raised for anything that doesn't happen as it should
in orderto wants to see nonconformity, ease and what was done to fix them.
Having zero nonconformity is does not mean you have a perfect isom is and everything is going well
what it rather says is there is not enough monitoring or attention being paid to see it. When something isn't going according to plan,
there are always areas of improvement,
so having nonconformity is
and being able to demonstrate that these were properly corrected
is a key point of having a nice mace.
Please don't just raise nonconformity, ease and not do anything about them.
It is important that only valid nonconformity zehr raised
and that appropriate corrective action for these has taken.
So what exactly counts as a non conformity?
A nonconformity can be a partial or total failure to fulfill a specific requirement off ISO 27,001 in your ice mess.
It can also be an incorrect or failing implementation off a requirement or control within the ice a mess.
Or it could even be a partial or total non compliance to customer requirements or contractual obligations.
Nonconformity is can happen anywhere, any time.
The important part here is that your ice messes structured and operating so well that it takes these nonconformity is almost immediately
and can feed them back into the necessary risk management and treatment processes to be addressed as quickly as possible.
Each nonconformity needs to have a corrective action identified
in the next section. We will cover an example of documenting a nonconformity
and determining a corrective action for it.
So how does one go about detecting a nonconformity?
This can be noted through a breakdown in controls
controls that are not effective and have not been effectively remediated.
Information security incidents that occur and show weaknesses in specific controls
failing to achieve specified objectives.
Internal ordered findings
on the internal ordered findings. This is this could be from any internal order that has taken place, which is specific to items that fall within your ice mess scope.
internal order. It can mean your internal ordered specifically for your ice mess,
or it can mean a penetration test or a vulnerability assessment
or a group he ordered. That was done.
If any of these findings from these audits show control breakdowns or non conformity ease,
then this feeds into your nonconformity process
management review findings
as well as monitoring and measuring efforts
which could show that certain areas are not meeting their specified targets.
in this lesson, we covered what a non conformity is
and learned it is essentially a breakdown of a control or non adherence to a specific requirement.
We also looked at the various ways in which a nonconformity can be detected,
usually at the end of each lesson. We also have covered required documentation.
The required documentation for this will be covered in the next lesson.