SecAware materials

SecAware logo 150 animated ezgif.gif

~2-page information security policy template on Corrective And Preventive Action (CAPA).


There are structured processes to deal with problems relating to the way the Information Security Management System is being used (corrective actions) and deeper issues concerning the design of the ISMS itself (preventive actions).  Either way, the intention is to achieve gradual, systematic, appropriate improvements in the organisation’s management of information risk and security.


CAPA is, in effect, mandatory for certified compliance with ISO/IEC 27001 ISMS (see clause 10).

CAPA Corrective And Preventive Action policy

  • Information security (ISMS) policy template on corrective and preventive action


    See also the SecAware ISMS Launchpad materials.