Content library
ISO 27001 (2022): Full
10.2: Non-conformity and corrective action

Requirement description

When nonconformities occur, the organization should react, evaluate causes, implement corrective actions, and make necessary changes to the information security management system. Documented information is essential to record nonconformities and corrective action results. It's also beneficial to determine if similar nonconformities exist, or could potentially occur.

How to fill the requirement

ISO 27001 (2022): Full

10.2: Non-conformity and corrective action

Task name
Priority
Status
Theme
Policy
Other requirements
Treatment process and documentation of identified non-conformities
Critical
High
Normal
Low
Fully done
Mostly done
Partly done
Not done
Risk management and leadership
Risk management
14
requirements

Examples of other requirements this task affects

10.2: Non-conformity and corrective action
ISO 27001
23: Häiriöiden- ja poikkeamienhallintaprosessi
Digiturvan kokonaiskuvapalvelu
CC4.2: Evaluation and communication of internal control deficiencies
SOC 2
21.4: Non-conformities and corrective actions
NIS2
P8.1: Periodic monitoring of privacy compliance
SOC 2
See all related requirements and other information from tasks own page.
Go to >
Treatment process and documentation of identified non-conformities
1. Task description

From the point of view of the information security management system, non-conformities are situations in which:

  • the organisation's security requirements are not matched by the management system
  • the procedures, tasks or guidelines defined in the management system are not complied with in the organisation's day-to-day operations

In systematic security work, all detected non-conformities must be documented. To treat the non-conformity, the organization must identify and implement improvements that correct it.

Tasks included in the policy

Task name
Priority
Status
Theme
Policy
Other requirements
No items found.

Never duplicate effort. Do it once - improve compliance across frameworks.

Reach multi-framework compliance in the simplest possible way
Security frameworks tend to share the same core requirements - like risk management, backup, malware, personnel awareness or access management.
Cyberday maps all frameworks’ requirements into shared tasks - one single plan that improves all frameworks’ compliance.
Do it once - we automatically apply it to all current and future frameworks.
Get to know Cyberday
Start your free trial
Cyberday is your all-in-one solution for building a secure and compliant organization. Whether you're setting up a cyber security plan, evaluating policies, implementing tasks, or generating automated reports, Cyberday simplifies the entire process.
With AI-driven insights and a user-friendly interface, it's easier than ever to stay ahead of compliance requirements and focus on continuous improvement.
Clear framework compliance plans
Activate relevant frameworks and turn them into actionable policies tailored to your needs.
Credible reports to proof your compliance
Use guided tasks to ensure secure implementations and create professional reports with just a few clicks.
AI-powered improvement suggestions
Focus on the most impactful improvements in your compliance with help from Cyberday AI.