Everything you need to know
Security and customers first

Request a demo

Find out today the difference that Hicomply’s unique solution can make to your business.


Thank you for your request


In the meantime, connect with Hicomply for insights on authentication and fraud prevention


ROI Calculator

See how much you could save with Hicomply

Hicomply feature Yearly saving
Automated scoping Easily scope your ISMS with the Hicomply platform
Asset register autogeneration A shorter learning curve for organisations and a simplified process
Risk assessment Autogenerate your risk register and risk treatment plan
Extended policy templates 90% of the essential are already written out of the box
Controls framework All controls are pre-loaded and already linked to the risks they mitigate
Task management Automate all actions, administration and setup time of your ISMS
Real time monitoring Understand status and progress across your ISMS with the Hicomply dashboard
Compliance & Training Your whole team, on the same page
Audit readiness Hicomply makes sure you have everything in place for your audit
Auditor access Give auditors a dedicated login to access and audit your ISM
Back to Resource Hub

ISO 27001 Clause 10.1: Non-Conformity And Corrective Actions

Non-conformity means that a certain requirement is not complied with. In the context of ISO 27001, the requirements might be ISO 27001 requirements , relevant legislation, the ISMS documentation as well as requirements of interested parties.

Non-conformity and corrective actions are important because they enable companies to identify oversight errors and mistakes timeously and deal with them effectively. Non-conformities can be identified by anyone in the organisation at any time (during everyday operations in the monitoring processes etc.).

However, most of the nonconformities are usually identified by conducting an internal audit.

Corrective actions are formal way for a company to resolve non-conformities and the standard requires companies to keep records as evidence of the nature of the non-conformity, the actions that are taken and the results of the implemented corrective actions.

It is not enough to implement the corrective action as the company should attempt to ensure that it has resolved the root cause of the non-conformity through a detailed analysis to assess whether the reoccurrence of the non-conformity has been prevented.

Corrective actions are significant in terms of showing improvements of the ISMS and therefore the standard requires that you document a corrective action procedure This procedure defines the steps for analysing the non-conformity, initiating corrective actions, assigning responsibilities for implementing the corrective actions, how to document the corrective actions, how to evaluate the effectiveness of the corrective actions and so on.

ISO 27001 requires the company to take actions when a non-conformity occurs to correct the nonconformity and deal with the consequences. As an example when the non-conformity is that the internal audit was conducted by untrained auditors the company should ensure that the internal auditors are trained and then understand how this occurred to prevent recurrence, this could involve correctly understanding the audit process or assigning competent resources.

More Resource Hub

NIST Controls For Supply Chain Risk Management
ISO 9001 Hub
NIST 800-53 Hub