ISO 27001 Clause 10.1 Guide: Continual Improvement

In this guide, I will show you exactly how to implement ISO 27001 Clause 10.1 and ensure you pass your audit. You will get a complete walkthrough of the control, practical implementation examples, and access to the ISO 27001 templates and toolkit that make compliance easy.

I am Stuart Barker, an ISO 27001 Lead Auditor with over 30 years of experience conducting hundreds of audits. I will cut through the jargon to show you exactly what changed in the 2022 update and provide you with plain-English advice to get you certified.

Key Takeaways: ISO 27001 Clause 10.1 Continual Improvement

ISO 27001 Clause 10.1 requires organizations to continually improve the suitability, adequacy, and effectiveness of their Information Security Management System (ISMS). This clause is the “Act” in the Plan-Do-Check-Act (PDCA) cycle. It acknowledges that security is never “finished.” As your business evolves and threats change, your ISMS must adapt. It is not just about fixing what is broken (corrective action), but proactively finding ways to make your security better, faster, and more robust.

Core requirements for compliance include:

Three Pillars of Improvement: You must improve three specific aspects of the ISMS:
- Suitability: Does it still fit your organization’s culture and processes?
- Adequacy: Does it meet the actual security needs and risks you face?
- Effectiveness: Do the controls actually work to protect confidentiality, integrity, and availability?
Diverse Input Sources: Improvements shouldn’t just come from one place. You must gather data from internal audits, external audits, management reviews, incident reports, and staff feedback.
Structured Process: You need a formal process to capture ideas, prioritize them based on risk, plan their implementation, and verify their success.
Evidence-Based Decisions: Changes should be driven by data (metrics, KPIs, audit findings), not just gut feeling.
Integration with Corrective Action: While Clause 10.1 covers proactive improvement, it works hand-in-hand with Clause 10.2 (Nonconformity) to ensure that lessons learned from mistakes are permanently integrated into the system.

Audit Focus: Auditors will look for “The Evidence of Evolution”:

The Improvement Log: “Show me your Continual Improvement (or Corrective Action) Log. What improvements have you implemented in the last 6 months that weren’t just fixing a direct audit finding?”
Management Review Minutes: “Show me where the Management Team discussed opportunities for improvement and authorized resources for them.”
Effectiveness Verification: “You implemented a new security tool last year. How did you measure if it actually improved your security posture?”

Continual Improvement Implementation Checklist (Audit Prep):

Phase	Action Required	Evidence Example
Identify	Source ideas from audits, risks, & staff.	Audit Report / Suggestion Box.
Analyse	Determine feasibility & risk impact.	Risk Assessment Update.
Plan	Assign owner & deadline.	Improvement Project Plan.
Implement	Execute the change.	Change Management Ticket.
Evaluate	Verify the outcome (Did it work?).	Post-Implementation Review.

What is ISO 27001 Clause 10.1?
What is the purpose of ISO 27001 clause 10.1?
Watch the Tutorial
ISO 27001 Clause 10.1 General Guidance
How to implement ISO 27001 Clause 10.1
ISO 27001 Clause 10.1 Implementation Checklist
ISO 27001 Clause 10.1 Best Practice
How to pass the ISO 27001 Clause 10.1 audit
What the auditor will check
ISO 27001 Clause 10.1 Audit Checklist
ISO 27001 Clause 10.1 Templates
ISO 27001 Clause 10.1 Common Mistakes and How to avoid them
Fast Track ISO 27001 Clause 10.1 Compliance with the ISO 27001 Toolkit
ISO 27001 Clause 10.1 FAQ
Related ISO 27001 Controls

What is ISO 27001 Clause 10.1?

The ISO 27001 standard defines ISO 27001 Clause 10.1 Continual Improvement as:

The organisation shall continually improve the suitability, adequacy and effectiveness of the information security management system.
ISO27001:2022 Clause 10.1 Continual Improvement

Key Terms Defined

Information Security Management System

This is the people, processes and documentation that make up how you are managing information security.

Suitability

There are many ways to implement an information security management system but it has to be right for you and it has to work for you. There is no point in implementing an ISMS that is at odds with the organisation so the standard wants you to make sure that it aligned with how you work, your culture and your business objectives.

Adequacy

The ISMS should meet the needs of the business and be able to address the information security risks that you have. This includes having the right level of information security controls based on your needs.

Effective

The ISMS and the information security controls should protect you from the risks to the confidentiality, integrity and availability of data and you should be able to demonstrate that is indeed the case with evidence of effective operation.

What is the purpose of ISO 27001 clause 10.1?

The purpose of ISO 27001 clause 10.1 Continual Improvement is to make sure you have an actual information security management system and that it is established, implemented and continually improved.

Watch the Tutorial

In this tutorial video, How to implement ISO 27001 Clause 10 Improvement I show you how to implement continual improvement.

ISO 27001 Clause 10.1 General Guidance

The first step in improvement is identifying what needs to be improved. You do this by finding nonconformities which are deviations from your established policies and procedures. We covered this in ISO 27001 Clause 10.2 Nonconformity and Corrective Action but here is some additional guidance to consider:

Management Review

The management review process provides oversight and ensures that continual improvement activities are effective and aligned with organisational goals. For a deeper understanding read the guide, ISO 27001 Clause 9.3 Management Review.

Culture of Improvement

Continual improvement should be embedded into your organisational culture and it should encourage employees to actively participate in identifying and implementing improvements.

Incident Management

Incidents, whether isolated or indicative of a larger issue, are a great way to identify things that need to be improved. When you have an incident the standard already gives guidance and you will investigate the incident, performs root cause analysis and then react which may lead to improvements like policy/procedure changes, retraining, or new tools. You can take a deeper dive in ISO 27001 Annex A 5.26 Response To Information Security Incidents

Audits

Audits provide independent checks of your information security management system and your information security controls. ISO 27001 mandates internal audits, and you may also face external client and certification audits. These offer a structured way to pinpoint areas for improvement. Further details is provided in ISO 27001 Clause 9.2 Internal Audit.

Brainstorming

Simply asking people for their input is valuable. Staff often have excellent ideas for improving your information security management system.

Incident and Corrective Action Log

When a problem is identified, you take appropriate corrective action to prevent recurrence. This might involve risk management, including accepting a risk (with management review team approval) if the cost of mitigation is prohibitive. In my experience an incident and corrective action log is essential for managing this process effectively and meeting ISO 27001 requirements. The benefits of such a log, both for compliance and process efficiency, are significant.

Goals and Objectives

Consider the need to set specific, measurable, achievable, relevant, and time-based (SMART) goals and objectives for your ISMS. Be sure to monitor and measure the progress towards those goals and objectives. This will help you to identify what is working well and what needs to be improved.

How to implement ISO 27001 Clause 10.1

Based on my experience and what I have seen work well the following are the best practice implementation steps to implement ISO 27001 Continual Improvement.

Time needed: 1 hour and 30 minutes

How to implement ISO 27001 Clause 10.1 Continual Improvement

Implement a Continual Improvement Policy
You need an ISO 27001 Continual Improvement Policy. Policies are statements of what you do, not how you do it which is covered in the process documents, but the policy sets out your approach to how you handle nonconformities and corrective actions.
Implement a Continual Improvement Process
The ISO 27001 continual improvement process sets out how you make fundamental changes to prevent nonconformities from re occurring. It is covered in detail in ISO 27001 Clause 10.1 Continual Improvement
Implement an Internal Audit Process
Put in place an internal audit plan. Have an internal audit process. Be sure to audit the entire information security management systems at least annually and ideally based on risk. It is covered in detail in ISO 27001 Clause 9.2 Internal Audit
Implement Feedback Mechanisms
Establishing feedback mechanisms from employees, customers, and other stakeholders can provide valuable insights for improvement. Ensure that there is a way for people to provide feedback.
Implement an Incident Management Process
The incident management process sets out how you deal with incidents. Incidents are one of the major sources of identifying nonconformities. It is covered in detail in ISO 27001 Annex A 5.26 Response To Information Security Incidents
Implement an Incident and Corrective Action Log
Implement and use an incident and corrective action log that includes the required fields and allows you to manage incidents and corrective actions. This is the main tool for the management of nonconformity.
Reporting
The Management Review Team provides the management oversight and decision making body. Be sure to report to the meeting and minute the meeting minutes.

ISO 27001 Clause 10.1 Implementation Checklist

In this 10 step implementation checklist I will show you the best practice, practical steps you can take to implement ISO 27001 continual improvement setting out the challenges that you will face and the common solution to over come them.

1. Establish a Continual Improvement Process

Define a formal process for identifying, implementing, and evaluating improvements to the ISMS.

Challenge

Creating a process that’s actually used and not just paperwork. Resistance to change from staff.

Solution

Make the process simple and easy to follow. Involve staff in its design. Show how improvements benefit everyone.

2. Identify Opportunities for Improvement

Actively seek out areas where the ISMS can be better.

Challenge

Hard to see where improvements are needed. People may be complacent with the status quo.

Solution

Use various methods like audits, incident reviews, and staff feedback. Encourage a culture of open communication.

3. Prioritise Improvements

Focus on the improvements that will have the biggest impact on the ISMS.

Challenge

Hard to decide which improvements are most important. Limited resources can make prioritisation difficult.

Solution

Use a risk-based approach. Consider the potential benefits and costs of each improvement.

4. Plan Improvements

Develop detailed plans for implementing each improvement.

Challenge

Plans can become too complex. Things change, making plans outdated.

Solution

Keep plans simple and flexible. Regularly review and update them.

5. Implement Improvements

Put the planned improvements into action.

Challenge

Implementing changes can be disruptive. Staff may resist new ways of working.

Solution

Communicate clearly about the changes. Provide training and support to staff.

6. Evaluate Effectiveness

Check if the implemented improvements are working as intended.

Challenge

Hard to measure the effectiveness of improvements. It can take time to see results.

Solution

Define clear metrics for evaluating improvements. Track progress and analyse the results.

7. Document Improvements

Keep records of all improvement activities, including plans, implementation details, and evaluation results.

Challenge

Documenting everything can be time-consuming. Hard to keep records organised.

Solution

Use a central system for storing records. Make it easy for people to access the information they need.

8. Communicate Improvements

Share information about successful improvements with staff and other interested parties.

Challenge

Hard to communicate complex information clearly. People may not be interested in the details.

Solution

Keep communications short and to the point. Focus on the key benefits of the improvements.

9. Learn from Successes and Failures

Analyse both successful and unsuccessful improvement efforts to identify lessons learned.

Challenge

People may be reluctant to admit failures. Hard to learn from mistakes.

Solution

Create a culture of learning and improvement. Focus on identifying root causes, not blaming people.

10. Integrate with other processes

Ensure the continual improvement process is linked to other ISMS processes, like risk management and internal audit.

Challenge

Processes can become siloed. Hard to ensure they work together effectively.

Solution

Map out the interactions between different processes. Look for opportunities to streamline and integrate them.

ISO 27001 Clause 10.1 Best Practice

Consider the following best practice for continual improvement.

Involve everyone

Be inclusive as continual improvement is everyone’s responsibility. Be sure to involve the your ISO 27001interested parties including staff and third parties.

Prioritise Continual Improvement

Ensure that adequate resources in time and money are made available to identify improvements and to take action and implement them.

Risk Management

ISO 2701 is a risk based management system and it makes sense to prioritise your improvements on the areas that pose the greatest risk.

Evidence Based Improvements

Base changes and improvements to the information security management system based on evidence rather than personal wants and needs. Use metrics, measures and audit reports to back the changes that you make.

How to pass the ISO 27001 Clause 10.1 audit

You demonstrate compliance to ISO 27001 Clause 10.1 Continual Improvement by having effective policy and process in place and having documented evidence that those processes have operated effectively. What this means is that you need policy and process for the identifiers of nonconformities, being:

Incident management
Audit (both internal audit and external audit)

And you need policy and process to deal with the nonconformities being

Continual Improvement

To demonstrate evidence you will have a series of documents and records

Incident tickets on your associated help desk systems
Change tickets that support any changes that have been made
The complete incident and corrective action log that is used to manage nonconformities
Meeting minutes from the Management Review Team meetings where all of he above have been shared and minuted

What the auditor will check

An auditor will want to see proof that you are following these rules. They will check:

1. That you have a corrective action process

When a non conformity is identified you need to be able to manage it. The auditor will look at the process and a sample of recent corrective actions to ensure they followed the process and they were managed effectively. Were they recorded? Were they added to the corrective action log? Were they managed? Were they reported to the management review team? Were any corrective actions checked to ensure they were effective?

2. That you a corrective action log

You need an effective way to record corrective actions and continual improvements. A corrective action log is a simple way to do it but how ever you do it ensure that you have evidence of continual improvement in operation.

ISO 27001 Clause 10.1 Audit Checklist

This 10 step audit checklist for ISO 27001 continual improvement will show you what to audit and the audit technique that is best suited, based on real world audit experience.

1. Review the Improvement Process

Check if a formal continual improvement process exists and is documented.

Audit Technique

Examine documented procedures, flowcharts, or other documentation describing the continual improvement process. Verify its existence and understand how it’s supposed to work.

2. Examine Improvement Records

Review records of improvement activities to verify they’ve been planned and implemented.

Audit Technique

Inspect records of implemented improvements, including project plans, implementation details, and evidence of testing or validation. Look for evidence of management review and approval.

3. Check for Improvement Identification

Verify that opportunities for improvement are actively sought and documented.

Audit Technique

Review records of internal audits, management reviews, incident reports, risk assessments, and staff feedback. Look for documented identification of areas for potential improvement.

4. Assess Prioritisation of Improvements

Confirm that improvements are prioritised based on risk and business impact.

Audit Technique

Examine records of prioritisation exercises. Check if a clear methodology is used and that decisions are justified.

5. Verify Implementation of Improvements

Check that planned improvements have been implemented as intended.

Audit Technique

Conduct site visits, examine system configurations, interview staff, and review implementation records to confirm that improvements are in place and functioning.

6. Evaluate Effectiveness of Improvements

Verify that implemented improvements have achieved their intended outcomes.

Audit Technique

Review performance data, metrics, and feedback gathered after implementation. Check if the improvements have led to measurable improvements in the ISMS.

7. Check Communication of Improvements

Ensure that information about successful improvements is communicated to relevant interested parties.

Audit Technique

Review communication logs, training records, and other evidence to confirm that interested parties are informed about improvements and their impact.

8. Review Lessons Learned

Verify that lessons learned from both successful and unsuccessful improvements are documented and shared.

Audit Technique

Examine records of lessons learned sessions, post-implementation reviews, and any updates to the improvement process based on lessons learned.

9. Assess Integration with Other Processes

Check that the continual improvement process is integrated with other ISMS processes, like risk management and internal audit.

Audit Technique

Review process documentation and interview staff to confirm that the continual improvement process is linked to and interacts effectively with other relevant processes.

10. Verify Management Commitment

Confirm that top management is actively involved in and supports the continual improvement process.

Audit Technique

Interview top management personnel about their understanding of and commitment to continual improvement. Review minutes of management review meetings to check for discussions and decisions related to improvements.

ISO 27001 Clause 10.1 Templates

ISO 27001 Continual Improvement Policy Template

The ISO 27001 Continual Improvement policy template sets out what must be done for continual improvement. As a requirement of the standard continual improvement is covered in ISO 27001 Clause 10.1 Continual Improvement

ISO 27001 Continual Improvement Policy-Black

ISO 27001 Continual Improvement Policy Example

The ISO 27001 continual improvement policy example that covers: Purpose, Scope, Principle, Audit, Internal Audits, External Certification Audits, Client and Third-Party Audits, Incidents, Change Management, Management Review Team, Review of Objectives, Legal Regulatory and Information Security Standards, Change Improvement as a result of Non-Conformity and
management of improvement.

ISO 27001 Continual Improvement Policy Example 2

ISO 27001 Continual Improvement Policy Example 3

ISO 27001 Continual Improvement Policy Example 4

ISO 27001 Continual Improvement Policy Example 5

ISO 27001 Continual Improvement Policy Example 6

ISO 27001 Incident and Corrective Action Log Template

The ISO 27001 Incident and Corrective action Log Template is used track and manage continual improvements effectively. This log is an essential part of the ISO 27001 continual improvement process and managing and records how the improvement was identified and how it was managed.

ISO 27001 Incident and Corrective Action Log Example

This ISO 27001 Incident and Corrective action Log Example shows the layout of a typical ISO 27001 Incident and Corrective action Log and the required columns and data captures needs. ISO 27001 continual improvements are recorded in this log and the log used to manage them.

ISO 27001 Continual Improvement Process Example

The following is what a documented ISO 27001 Continual Improvement Process example would look like if you are not using the ISO 27001 templates.

ISO 27001 Continual Improvement Process Example 2

ISO 27001 Continual Improvement Process Example 3

ISO 27001 Clause 10.1 Common Mistakes and How to avoid them

In my experience, the top 3 mistakes people make for ISO 27001 Continual Improvement are:

Having no evidence of any continual improvement to the Information Security Management System (ISMS)
Not having a continual improvement process
Not following your documented processes or not being able to evidence them in operation

Fast Track ISO 27001 Clause 10.1 Compliance with the ISO 27001 Toolkit

Own Your ISMS, Don’t Rent It

Do it Yourself ISO 27001 with the Ultimate ISO 27001 Toolkit

Get the Ultimate ISO 27001 Toolkit

For ISO 27001 Clause 10.1 (Continual improvement), the requirement is to continually improve the suitability, adequacy, and effectiveness of the Information Security Management System (ISMS). This is a mandatory clause that ensures your security posture isn’t static; it must evolve based on audits, incidents, and management reviews.

While SaaS compliance platforms often try to sell you “automated improvement workflows” or complex “maturity dashboards,” they cannot actually decide if a process is “suitable” for your unique culture or ensure your management team is truly committed to change, those are human leadership and governance tasks. The High Table ISO 27001 Toolkit is the logical choice because it provides the improvement framework you need without a recurring subscription fee.

1. Ownership: You Own Your Improvement Records Forever

SaaS platforms act as a middleman for your compliance evidence. If you define your improvement processes and store your corrective action logs inside their proprietary system, you are essentially renting your own organizational growth history.

The Toolkit Advantage: You receive the Continual Improvement Policy and Incident and Corrective Action Log templates in fully editable Word/Excel formats. These files are yours forever. You maintain permanent ownership of your records (such as your unique history of solving nonconformities), ensuring you are always ready for an audit without an ongoing “rental” fee.

2. Simplicity: Governance for Real-World Progress

Clause 10.1 is about getting better. You don’t need a complex new software interface to manage what a well-run Management Review Meeting and a clear corrective action log already do perfectly.

The Toolkit Advantage: Your team already solves problems and updates processes. What they need is the governance layer to prove to an auditor that these improvements are formal, risk-based, and evidence-driven. The Toolkit provides pre-written policies and “Improvement Checklists” that formalize your existing progress into an auditor-ready framework, without forcing your team to learn a new software platform just to log a process update.

3. Cost: A One-Off Fee vs. The “Progress” Tax

Many compliance SaaS platforms charge more based on the number of “tasks,” “remediation projects,” or “users” involved in improvement. For a clause that is the very heart of the PDCA (Plan-Do-Check-Act) cycle, these monthly costs can scale aggressively for very little added value.

The Toolkit Advantage: You pay a single, one-off fee for the entire toolkit. Whether you implement 5 improvements a year or 50, the cost of your Continual Improvement Documentation remains the same. You save your budget for actual security upgrades (like new tools or staff training) rather than an expensive compliance dashboard.

4. Freedom: No Vendor Lock-In for Your ISMS Evolution

SaaS tools often mandate specific ways to report on and monitor “continual improvement.” If their system doesn’t match your unique agile review process or your specialized industry requirements, the tool becomes a bottleneck to true evolution.

The Toolkit Advantage: The High Table Toolkit is 100% technology-agnostic. You can tailor the Improvement Procedures to match exactly how you operate, whether you use a formal steering committee or a lean, collaborative team approach. You maintain total freedom to evolve your ISMS without being constrained by the technical limitations of a rented SaaS platform.

Summary: For Clause 10.1, the auditor wants to see that you have a formal process for identifying improvements and proof that you are acting on them (e.g., an updated corrective action log and management review minutes). The High Table ISO 27001 Toolkit provides the governance framework to satisfy this requirement immediately. It is the most direct, cost-effective way to achieve compliance using permanent documentation that you own and control.

ISO 27001 Clause 10.1 FAQ

What is ISO 27001 Clause 10.1 Continual Improvement?

The ISO 27001 standard requires that the organisation shall manage when things go wrong, manage the consequences of things going wrong, identify why it went wrong and put in place measures to stop it from happening again.

How do I evidence I meet the requirement of ISO 27001 Clause 10.1 Continual Improvement?

You evidence compliance to the ISO 27001 Clause 10.1 Continual Improvement with an incident and corrective action log and being able to demonstrate that you identify when things go wrong, put things right, identify why it went wrong and put in place measures so it does not happen again.

Where can I download ISO 27001 Clause 10.1 Continual Improvement templates?

You can download ISO 27001 Clause 10.1 Continual Improvement templates in the ISO 27001 Toolkit.

ISO 27001 Clause 10.1 Continual Improvement example?

An example of ISO 27001 Clause 10.1 Continual Improvement can be found in the ISO 27001 Toolkit.

Do I report non conformities to senior management?

Yes. Senior management and leadership are informed of non conformities. This is usually via the management review team meeting.

Do I do a root cause analysis on non conformities?

Yes. Non conformities require a root cause analysis to identify why they happened and to help to identify what can be done to prevent it from happening again.

Can I classify non conformities?

You can classify non conformities to help you to prioritise the order in which to tackle them and the recommended actions you should take. This would be aligned with the risk management process.

Can a corrective action be that I do nothing?

Technically yes but by doing nothing you are accepting risk and therefore you would follow your risk management process with sign off and acceptance by the management review team.

How do I report a non conformity?

Non conformities are reported via the incident management process.

Can I pass ISO 27001 certification with non conformities?

Yes you can pass the ISO 27001 certification if you have non conformities as long as they are being effectively managed and reported.

ISO 27001 Clause 9.2 Internal Audit

ISO 27001 Annex A 5.26 Response To Information Security Incidents

ISO 27001 Annex A 5.36 Compliance With Policies, Rules And Standards For Information Security

ISO 27001 Clause 6.1 1.1Planning General

About the author

Stuart Barker is a veteran practitioner with over 30 years of experience in systems security and risk management.

Holding an MSc in Software and Systems Security, Stuart combines academic rigor with extensive operational experience. His background includes over a decade leading Data Governance for General Electric (GE) across Europe, as well as founding and exiting a successful cyber security consultancy.

As a qualified ISO 27001 Lead Auditor and Lead Implementer, Stuart possesses distinct insight into the specific evidence standards required by certification bodies. He has successfully guided hundreds of organizations – from high-growth technology startups to enterprise financial institutions – through the audit lifecycle.

His toolkits represents the distillation of that field experience into a standardised framework. They move beyond theoretical compliance, providing a pragmatic, auditor-verified methodology designed to satisfy ISO/IEC 27001:2022 while minimising operational friction.

Cookie	Duration	Description
cookielawinfo-checkbox-advertisement	1 year	Set by the GDPR Cookie Consent plugin, this cookie records the user consent for the cookies in the "Advertisement" category.
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
wp_woocommerce_session_*	2 days	WooCommerce sets this cookie to make a unique code for each customer so that it knows where to find the cart data in the database for each one.
yith_wcmcs_currency	7 days	Required for currency conversion.
__stripe_mid	1 year	Stripe sets this cookie to process payments.
__stripe_sid	1 hour	Stripe sets this cookie to process payments.

Cookie	Duration	Description
yt-player-headers-readable	never	The yt-player-headers-readable cookie is used by YouTube to store user preferences related to video playback and interface, enhancing the user's viewing experience.
yt-remote-cast-available	session	The yt-remote-cast-available cookie is used to store the user's preferences regarding whether casting is available on their YouTube video player.
yt-remote-cast-installed	session	The yt-remote-cast-installed cookie is used to store the user's video player preferences using embedded YouTube video.
yt-remote-connected-devices	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-device-id	never	YouTube sets this cookie to store the user's video preferences using embedded YouTube videos.
yt-remote-fast-check-period	session	The yt-remote-fast-check-period cookie is used by YouTube to store the user's video player preferences for embedded YouTube videos.
yt-remote-session-app	session	The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player.
yt-remote-session-name	session	The yt-remote-session-name cookie is used by YouTube to store the user's video player preferences using embedded YouTube video.
ytidb::LAST_RESULT_ENTRY_KEY	never	The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future.

Cookie	Duration	Description
sbjs_current	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_current_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_first_add	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_migrations	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_session	1 hour	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.
sbjs_udata	session	Sourcebuster sets this cookie to identify the source of a visit and stores user action information in cookies. This analytical and behavioural cookie is used to enhance the visitor experience on the website.

Cookie	Duration	Description
PREF	8 months	PREF cookie is set by Youtube to store user preferences like language, format of search results and other customizations for YouTube Videos embedded in different sites.
VISITOR_INFO1_LIVE	6 months	YouTube sets this cookie to measure bandwidth, determining whether the user gets the new or old player interface.
VISITOR_PRIVACY_METADATA	6 months	YouTube sets this cookie to store the user's cookie consent state for the current domain.
YSC	session	Youtube sets this cookie to track the views of embedded videos on Youtube pages.
yt.innertube::nextId	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	YouTube sets this cookie to register a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
m	1 year 1 month 4 days	No description available.
_monsterinsights_uj	1 year	Description is currently not available.

Table of contents

What is ISO 27001 Clause 10.1?

Key Terms Defined

Information Security Management System

Suitability

Adequacy

Effective

What is the purpose of ISO 27001 clause 10.1?

Watch the Tutorial

ISO 27001 Clause 10.1 General Guidance

Management Review

Culture of Improvement

Incident Management

Audits

Brainstorming

Incident and Corrective Action Log

Goals and Objectives

How to implement ISO 27001 Clause 10.1

ISO 27001 Clause 10.1 Implementation Checklist

1. Establish a Continual Improvement Process

Challenge

Solution

2. Identify Opportunities for Improvement

Challenge

Solution

3. Prioritise Improvements

Challenge

Solution

4. Plan Improvements

Challenge

Solution

5. Implement Improvements

Challenge

Solution

6. Evaluate Effectiveness

Challenge

Solution

7. Document Improvements

Challenge

Solution

8. Communicate Improvements

Challenge

Solution

9. Learn from Successes and Failures

Challenge

Solution

10. Integrate with other processes

Challenge

Solution

ISO 27001 Clause 10.1 Best Practice

Involve everyone

Prioritise Continual Improvement

Risk Management

Evidence Based Improvements

How to pass the ISO 27001 Clause 10.1 audit

What the auditor will check

1. That you have a corrective action process

2. That you a corrective action log

ISO 27001 Clause 10.1 Audit Checklist

1. Review the Improvement Process

Audit Technique

2. Examine Improvement Records

Audit Technique

3. Check for Improvement Identification

Audit Technique

4. Assess Prioritisation of Improvements

Audit Technique

5. Verify Implementation of Improvements

Audit Technique

6. Evaluate Effectiveness of Improvements

Audit Technique

7. Check Communication of Improvements

Audit Technique

8. Review Lessons Learned

Audit Technique

9. Assess Integration with Other Processes

Audit Technique

10. Verify Management Commitment

Audit Technique

ISO 27001 Clause 10.1 Templates