Improvement for ISO 27001 Information Security

ISO 27001 Clause 10 - Improvement

Clause 10 closes the management system loop. The planning under Clause 6, the operation under Clause 8 and the evaluation under Clause 9 all feed into improvement - the activity that keeps the management system fit for purpose as the organisation, its risks and the threat landscape evolve.

Sub-clauses of ISO 27001 Clause 10

Clause 10.1 - Continual Improvement requires the organisation to continually improve the suitability, adequacy and effectiveness of the information security management system.

Clause 10.2 - Nonconformity and Corrective Action sets out the activities the organisation must perform when a nonconformity occurs, including reaction, evaluation, action, review of effectiveness and any necessary changes to the ISMS.