Preventive action

Whilst corrective action is the result of something going wrong (e.g. an incident), preventive action seeks to identify possible issues before they become faults, failures or incidents. Preventative action is a lot cheaper and is often easier to implement than corrective action - which only happens after the event.

Ongoing staff awareness is essential so that staff and third parties spot things that appear wrong or 'not quite right' and they are encouraged to report them to the organisational Help Desk.

The Help Desk should analyse trends to see if there are specific incidents that occur more frequently than others

When a possible non-conformity is raised using a CAP, by whatever means, the owner of the area in which it is raised must:

· Determine a solution to reduce the risk identified by completing the CAP to determine how to reduce the risk to an acceptable level

· Submit the CAP to management for consideration and if approved will be implemented.

· If the CAP is not accepted then the owner of the area must determine another solution to address the issues raised.

An Introduction To Information, Network and Internet Security
Preventive action Whilst corrective action is the result of something going wrong (e.g. an incident), preventive action seeks to identify possible issues before they become faults, failures or incidents. Preventative action is a lot cheaper and is often easier to implement than corrective action - which only happens after the event. Ongoing staff awareness is essential so that staff and third parties spot things that appear wrong or 'not quite right' and they are encouraged to report them to the organisational Help Desk. The Help Desk should analyse trends to see if there are specific incidents that occur more frequently than others When a possible non-conformity is raised using a CAP, by whatever means, the owner of the area in which it is raised must: · Determine a solution to reduce the risk identified by completing the CAP to determine how to reduce the risk to an acceptable level · Submit the CAP to management for consideration and if approved will be implemented. · If the CAP is not accepted then the owner of the area must determine another solution to address the issues raised.	The Security Practitioner An Introduction to Information Security
Return To An Introduction to Information Security