Nonconformity and Corrective Action

Document ID: DPWAT-ISMS-PROC-011
Version: 1.0
Owner: ISMS Manager / CISO (RMSI) — Timo Andreas Bejan
Approved by: Administrator (ADM) — Anna Boros
Effective date: 2025-11-10
Next review: 2027-02-01

1. Purpose

Ensure nonconformities are identified, corrected, and prevented from recurring (ISO 27001 clause 10.2).

2. Sources

• Internal audit findings
• Surveillance/external audit findings
• Incident post-mortems
• Monitoring/KPI reviews
• Management review actions

3. Process

1. Record the issue/nonconformity in nonconformity-and-corrective-actions.
2. Apply immediate correction where possible.
3. Perform root cause analysis.
4. Define corrective actions, owners, and deadlines.
5. Verify effectiveness and close the action.

4. Records

• Register: nonconformity-and-corrective-actions
• Template: template-corrective-action
• Evidence: 07-records/