Corrective action

Typically, corrective action will come about from either an audit non-conformity being raised (a Corrective Action Plan - CAP) or an incident leading to the identification of a weakness or fault that requires corrective action.

When a non-conformity is raised, by whatever means, the Auditee (the person in the organisation being audited) must:

· Determine the cause of the non-conformity and complete the CAP to determine how to stop the event recurring in the future.

· Submit the CAP to management for consideration and if approved will be implemented.

· If the CAP is not accepted then the Auditee must determine another solution to address the issues raised.

All CAPs implemented should be reviewed at the next internal audit or management review to ensure that they are performing as required and addressing the issue that they were implemented in order to address.

An Introduction To Information, Network and Internet Security
Corrective action Typically, corrective action will come about from either an audit non-conformity being raised (a Corrective Action Plan - CAP) or an incident leading to the identification of a weakness or fault that requires corrective action. When a non-conformity is raised, by whatever means, the Auditee (the person in the organisation being audited) must: · Determine the cause of the non-conformity and complete the CAP to determine how to stop the event recurring in the future. · Submit the CAP to management for consideration and if approved will be implemented. · If the CAP is not accepted then the Auditee must determine another solution to address the issues raised. All CAPs implemented should be reviewed at the next internal audit or management review to ensure that they are performing as required and addressing the issue that they were implemented in order to address.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security