1.9 KiB
Title: Corrective Actions Register Template Document ID: [REG-CORRECTIVE-001] Version: 0.1 Draft Status: Draft Owner: CISO (Paul Jenkins) Approver: CISO (Paul Jenkins) Classification: Internal Effective date: [DD Month YYYY] Review date: [DD Month YYYY]
Corrective Actions Register Template
Purpose
This template provides the structure for recording and tracking corrective actions arising from ISMS issues, findings, and improvement activity.
Scope
This register applies to actions arising from incidents, audits, risk reviews, exceptions, testing, management review, and other control gaps.
Data Fields / Expected Columns
The register should record at least:
- action ID
- source
- issue summary
- action description
- owner
- priority
- target date
- status
- progress update
- closure evidence
- closure date
- linked records
Ownership
This register should be owned by [Role]. Assigned action owners are responsible for progress and evidence of closure.
Update Frequency
The register should be updated when actions are raised, reassigned, progressed, delayed, or closed. Overdue actions should be reviewed regularly.
Retention
Corrective action records should be retained in line with document and records retention requirements and audit needs.
Template Table
| Action ID | Source | Issue Summary | Action Description | Owner | Priority | Target Date | Status | Progress Update | Closure Evidence | Closure Date | Linked Records |
|---|---|---|---|---|---|---|---|---|---|---|---|
| [CA-001] | [Incident / Audit / Review] | [Issue] | [Required action] | [Role] | [Low/Medium/High] | [DD Month YYYY] | [Open / In Progress / Blocked / Closed] | [Summary] | [Evidence ref] | [DD Month YYYY] | [Incident / risk / audit ref] |
Related Documents
- Corrective Action Procedure
- Internal Audit Procedure
- Management Review Procedure
- Security Incident Handling Procedure