Documentation Index
Fetch the complete documentation index at: https://docs.matproof.com/llms.txt
Use this file to discover all available pages before exploring further.
Overview
Corrective Actions (/[orgId]/corrective-actions) are remediation tasks created when a control gap, audit finding, or risk deficiency is identified. They ensure that identified problems are formally tracked, assigned, and resolved — with evidence of closure.
ISO 27001 Clause 10.1 requires organisations to react to nonconformities and take action to control and correct them. Corrective actions in Matproof are your documented proof of compliance with this requirement.
Corrective action fields
Each corrective action includes:| Field | Description |
|---|---|
| Title | Short description of what needs to be fixed |
| Description | Detail on the gap or deficiency and its impact |
| Priority | Critical, high, medium, low |
| Owner | Team member responsible for resolution |
| Due date | Deadline for resolution |
| Status | Open, In Progress, Resolved, Overdue |
| Linked record | The control, risk, or audit finding that triggered it |
Creating a corrective action
Manually
Navigate to Corrective Actions and click New Corrective Action. Fill in the fields, link to the relevant control or risk, and assign an owner.From a finding
Findings — whether logged inside an Audit Program, raised by a penetration test, surfaced by the Device Agent, or detected by Cloud Tests — all funnel into the unified Findings view. From any finding, click Create Corrective Action to spawn one pre-populated with the finding title, severity, and linked control.From the risk register
On any risk in the Risk Register, you can create a corrective action to address a specific treatment gap or overdue mitigation task.Assigning owners
Every corrective action requires an owner — the team member accountable for resolving it. Owners receive:- An email notification when assigned
- Reminders as the due date approaches
- A notification when the action becomes overdue
Tracking progress
The corrective actions list shows all open actions with their status, owner, due date, and priority. You can filter by:- Status — Open, In Progress, Resolved, Overdue
- Owner — filter to a specific team member
- Priority — show only critical or high priority items
- Linked record type — control, risk, or finding
Closing with evidence
When marking a corrective action as Resolved, Matproof prompts for closure evidence — proof that the remediation was completed. Examples of acceptable closure evidence:- Screenshot of the new configuration or control in place
- Policy document showing the updated procedure
- Test results confirming the fix
- Third-party confirmation or certificate
The overdue dashboard
The corrective actions dashboard highlights:- Overdue actions — past their due date without resolution
- Actions by owner — who has the most open items and where bottlenecks are
- Resolution rate over time — are you closing actions faster than they are being opened
- By priority — how many critical or high priority items remain open
ISO 27001 Clause 10 alignment
Corrective actions in Matproof directly address ISO 27001 Clause 10.1 requirements:| Clause 10.1 requirement | How Matproof covers it |
|---|---|
| React to the nonconformity | Log finding → create corrective action |
| Take action to control and correct | Assign owner, set due date, track status |
| Evaluate the need for action | Priority field, linked risk/control context |
| Implement action needed | Status tracking, owner notifications |
| Review effectiveness | Closure evidence required before resolving |
| Make changes to ISMS if needed | Link corrective action back to control or policy |
| Retain documented information | All actions, evidence, and history are stored permanently |