A corrective action aims to eliminate the root cause of a detected nonconformity or security incident. ISO 27001 clause 10.2 requires a documented corrective action process. The process includes root cause analysis, defining and implementing the action, and verifying its effectiveness. Corrective actions differ from immediate actions: immediate actions fix the symptom; corrective actions prevent recurrence. In your ISMS, maintain a register of all corrective actions that tracks status, the responsible person, and evidence of the effectiveness review.