10.2 Nonconformity and corrective action

Clause 10.2 of ISO/IEC 27001:2022 requires an organization to identify and document any nonconformities in its information security management system, evaluate their causes, and implement corrective actions to eliminate those causes and prevent recurrence, while maintaining appropriate records of the process.