Based on the identified nonconformities. Company A established action plans that included the detected nonconformities, the root causes, and a general statement regarding each action that would be taken. Is this acceptable?
A.
No, the action plans should include information on the systems that will be installed and how these systems will eliminate the root causes
B.
No, the auditee is required to submit action plans that include detailed information on how every corrective action will be implemented
C.
Yes, the auditee is required to submit action plans that include a general statement regarding the actions that will be taken
The auditee is required to submit action plans that include detailed information on how every corrective action will be implemented. General statements are not sufficient; the action plans must specify the corrective actions in detail to ensure that the root causes of the nonconformities are addressed effectively.
References: ISO/IEC 27001:2013, Clause 10.1 (General) and ISO 19011:2018, Guidelines for auditing management systems.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit