Non-conformance to the ISMS

  • As per the ISO 27001 Standard and our Information Security Policy – conformance to the ISMS is a requirement for all staff relevant to it’s function;
  • Non-conformance to the ISMS can either be raised through the appropriate channels, or will be detected in the regular Internal Audits.
  • A report is generated and an entry created in the Non-conformance Log, along with a request to rectify the Non-conformance
  • After a prescribed timeframe, the entry is revisited by the ISO Team and reviewed to see if it has been suitably dealt with.
  • If not rectified appropriately, then the entry will be flagged as a Major Issue in the ISMS and escalated to the Management Team for consideration and further action