ISMS/04-registers/corrective-actions-register-template.md

Title: Corrective Actions Register Template
Document ID: [REG-CORRECTIVE-001]
Version: 0.1 Draft
Status: Draft
Owner: CISO (Paul Jenkins)
Approver: CISO (Paul Jenkins)
Classification: Internal
Effective date: [DD Month YYYY]
Review date: [DD Month YYYY]

# Corrective Actions Register Template

## Purpose

This template provides the structure for recording and tracking corrective actions arising from ISMS issues, findings, and improvement activity.

## Scope

This register applies to actions arising from incidents, audits, risk reviews, exceptions, testing, management review, and other control gaps.

## Data Fields / Expected Columns

The register should record at least:

- action ID
- source
- issue summary
- action description
- owner
- priority
- target date
- status
- progress update
- closure evidence
- closure date
- linked records

## Ownership

This register should be owned by [Role]. Assigned action owners are responsible for progress and evidence of closure.

## Update Frequency

The register should be updated when actions are raised, reassigned, progressed, delayed, or closed. Overdue actions should be reviewed regularly.

## Retention

Corrective action records should be retained in line with document and records retention requirements and audit needs.

## Template Table

| Action ID | Source | Issue Summary | Action Description | Owner | Priority | Target Date | Status | Progress Update | Closure Evidence | Closure Date | Linked Records |
| --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- | --- |
| [CA-001] | [Incident / Audit / Review] | [Issue] | [Required action] | [Role] | [Low/Medium/High] | [DD Month YYYY] | [Open / In Progress / Blocked / Closed] | [Summary] | [Evidence ref] | [DD Month YYYY] | [Incident / risk / audit ref] |

## Related Documents

- Corrective Action Procedure
- Internal Audit Procedure
- Management Review Procedure
- Security Incident Handling Procedure