Archives Glossary Terms

Corrective Action / Preventive Action Actions to correct a non-conformance and prevent reoccurrence.  Note: Preventive Action has been replaced by a Risk-Based approach in Annex SL standards.

Risk Register A register documents the potential risks identified including the analysis of that risk (often involving scoring), controls and ownership of the risk.

Risk Assessment The process through which risks are assessed and quantified, but can also include the identification and control process.  Risk Assessment is used within Health & Safety, Information Security and Business Risk.

Statement of Applicability A requirement of ISO 27001.  The SOA lists the controls provided within the standard and justifies their inclusion or exclusion by the organisation.

Opportunity for Improvement something that has been identified as having potential for improvement and could escalate to a non-conformance

Observation Something that has been noted as potentially negative or non-compliant

Non Conformance Something that has not met requirements. Identified as Major or Minor.

Corrective Action Request Actions required to address / close out a non conformance.

Certification Body An organisation responsible for assessing a management system and providing certification.

United Kingdom Accreditation Service National accreditation body that assesses the competence of Certification Bodies. More: