Nonconformities and supporting evidence should be recorded on the IT Nonconformity Report Template and reviewed with the Information Technology Security Manager, to obtain acknowledgement of evidential accuracy and ensure that nonconformities are understood. ITSD107-2 IT NONCONFORMITY REPORT should be complete with the date, auditor, area/system, description of nonconformity, and supporting evidence.
The Information Technology Security Manager should meet with Information Technology Managers to review the IT Nonconformity Report Template (if one has been generated) and plan to take corrective actions, if required. If it has been decided to take corrective action, the Information Technology Security Manager should submit a corrective action plan, including objectives, actions, and deadlines, to the audit team leader.
Format: Microsoft Word 2013 (.docx)
Manual: IT Policies and Procedures Templates
Category: IT Security & Disaster Recovery
Procedure: IT Security Audits Procedure ITSD107