ISO 27001 clause 10 is called “Improvement” — this clause defines requirements for nonconformities, corrections, corrective actions, and continual improvement.
This clause is important because it defines how companies can overcome problems in their ISMS.
Clause 10 has two sub-clauses:
- Clause 10.1 — Continual improvement — it requires continually improving the ISMS in order to achieve that the security is appropriate and that it performs as expected.
- Clause 10.2 — Nonconformity and corrective action — if a nonconformity is identified, this sub-clause requires companies to consider taking corrective action in order to mitigate the consequences of the nonconformity and eliminate its root cause.
The effectiveness of actions taken must be evaluated and documented, along with the originally reported information about the nonconformity / corrective action and the results achieved.
