Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • ISO27k Preventive Action Procedure

    Загружено:

    Said Sakr
    123 просмотров2 страницы
    ISO27k Preventive action procedure

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    ISO27k Preventive action procedure

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    123 просмотров2 страницы

    ISO27k Preventive Action Procedure

    Загружено:

    Said Sakr
    ISO27k Preventive action procedure

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 2

    Purpose

    Scope
    R E V I S I O N H I S T O R Y
    No Revision Details Effectivity Date
    0 Initial issue 2009 06 03
    1
    2
    Revision Stat
    0
    RESPONSIBILITY PROCESS FLOW
    Document Title
    PREVENTIVE ACTION PROCEDURE
    Document Ref No
    I27KIForum-ROR-PA
    Approved by Page/Total
    1/2
    Original Author:
    Richard O. Regalado
    Auditor
    Observer
    The purpose of this procedure is to have a defined method in applying preventive actions to eliminate the
    cause of potential non-conformities on the established information security management system (ISMS).
    This procedure covers the collection of data on potential non-conformities, analysis of the potential root
    causes of nonconformities and action planning to prevent occurrence of non-conformities.
    Issue Non-conformance Corrective Action/
    Preventive Action report (NCPAR) to
    concerned person or auditee
    DETAILS
    Establish preventive action based on root-
    cause analysis
    Enter details in the NCPAR Log
    Lead Auditor shall monitor NCPAR Log
    on a weekly basis to verify open
    potential non-conformities and ensure
    timeliness of follow-up audits.
    Lead Auditor
    Auditor
    Observer
    Auditor
    Observer
    Refer to instructions on page 2 of NCPAR
    for proper usage
    Apply immediate or containment action to
    arrest the non-conformity
    Root cause analysis tools such as the
    why-why analysis and Ishikawa diagram
    shall be used to identify potential root
    causes of the non-conformity.
    Auditee
    Auditees management
    Determine potential root cause of the non-
    conformity
    Auditee
    Auditees management
    Preventive actions shall be applied in a
    holistic manner with efforts done to
    ensure applicability on other areas or
    processes.
    Lead Auditor
    Auditor
    Preventive action
    is valid?
    No
    Yes
    For preventive action to be valid, it
    shall ensure non-occurrence of the
    non-conformity.
    Perform follow-up audit within 3 days after
    the committed date of implementation.
    1
    Follow-up shall be performed to ensure
    implementation of preventive action. Lead Auditor
    2
    This work is copyright 2007, Richard O. Regalado and ISO27k implementers' forum, some rights reserved. It is licensed under the Creative Commons
    Attribution-Noncommercial-Share Alike 3.0 License. You are welcome to reproduce, circulate, use and create derivative works from this provided that (a) it
    is not sold or incorporated into a commercial product, (b) it is properly attributed to the ISO27k implementers' forum www.ISO27001security.com), and (c)
    derivative works are shared under the same terms as this.).
    Identify potential non-conformities
    Potential non-conformities maybe in the
    form of findings during internal audits
    (improvement potentials), suspected
    information security weaknesses and
    suggestions by [company] staff.
    Determine the extent or gravity of the
    potential non-conformity
    Revision Stat
    0
    RESPONSIBILITY PROCESS FLOW
    Document Title
    PREVENTIVE ACTION PROCEDURE
    Document Ref No
    I27KIForum-ROR-PA
    Page/Total
    2/2
    DETAILS
    Perform 2
    nd
    follow-up 3 months after
    committed implementation date
    1
    Follow-up shall be performed to ensure
    implementation of corrective action.
    Preventive action
    is implemented?
    No
    Yes
    Issue new NCPAR
    2
    Preventive action
    is effective?
    Yes
    Issue new NCPAR
    2
    No
    Close out non-conformity by making proper
    notations on the NCPAR Log.
    Lead Auditor
    Lead Auditor
    Lead Auditor
    Lead Auditor
    File and maintain all records in
    accordance with Control of records
    procedure
    Lead Auditor
    This work is copyright 2007, Richard O. Regalado and ISO27k implementers' forum, some rights reserved. It is licensed under the Creative Commons
    Attribution-Noncommercial-Share Alike 3.0 License. You are welcome to reproduce, circulate, use and create derivative works from this provided that (a) it
    is not sold or incorporated into a commercial product, (b) it is properly attributed to the ISO27k implementers' forum www.ISO27001security.com), and (c)
    derivative works are shared under the same terms as this.).
    As a result of internal
    audits
    Instances where potential non-conformities may be identified
    Observed improvement potentials are possible sources of preventive actions.
    Identification of
    information security
    weaknesses
    Weaknesses shall be issued appropriate preventive actions lest they become full-
    blown information security incidents.
    SITUATIONS DESCRIPTION
    Near-misses
    Environmental and health and safety near-misses shall be issue corresponding
    preventive actions before they become accidents.

    Вам также может понравиться