- As per the ISO 27001 Standard and our Information Security Policy – conformance to the Information Security Management System is a requirement for all staff relevant to it’s function;
- Non-conformance to the Information Security Management System can either be raised through the appropriate channels, or will be detected in the regular Internal Audits.
- A report is generated and an entry created in the Non-conformance Log, along with a request to rectify the Non-conformance
- After a prescribed timeframe, the entry is revisited by the ISO Team and reviewed to see if it has been suitably dealt with.
- If not rectified appropriately, then the entry will be flagged as a Major Issue in the ISMS and escalated to the Management Team for consideration and further action