
My Favourite Standard: ISO 3103
My Favourite Standard: ISO 3103 The standard that governs the process of making a cup of tea When I write about ISO, more often than
A key part of successfully maintaining and implementing ISO 27001 is the regular conduction of audits.
As part of this, it is also important to have a clear understanding of your organisation’s ISO audit results.
The outcome of an ISO audit is not presented as a percentage or a score.
Instead, the results of ISO audits are referred to as findings.
Audit findings can either be:
*Non-conformances and non-conformities are typically used interchangeably, both referring to the same thing.
Observations found by the auditor are areas that whilst within compliance, are also dangerously close to being a non-conformance.
These are suggestions of areas that need attention, as to prevent possible future non-conformances.
Observations and Opportunities for improvement can be greatly helpful when implementing both corrective and preventive action.
Non-conformances are raised by the auditor if the requirements of the ISO standard are not being properly adhered to.
All non-conformances need to be addressed through corrective actions, no matter if major or minor.
A minor non-conformance can be defined as an instance where non compliance does not affect the overall effectiveness of an information security management system, or the organisation’s ability to achieve its information security goals.
Simply, minor-conformities are found when a system or requirement has evidently been implemented correctly for the most part, but with apparent minor lapses in the quality management system.
If the auditor finds that an organisation does not comply with its own policies, procedures and guidelines, they will raise a major non-conformity.
Major non-conformances are typically found when there is a significant breakdown in the organisation’s quality management system, blocking it from meeting its ISO requirements.
On the occasion that the auditor raises any non-conformances during the audit, this will prevent your organisation from achieving or maintaining its ISO certificate until this is corrected.
However, the auditor will also describe the non-conformity in detail, provide evidence of the problem, reference the clause of the requirement that is not being addressed and summarise what should be done to rectify the non-conformity and meet the stated requirement.
This will give you plenty of opportunity to implement corrective actions and review their effectiveness.
Follow us on Linkedin and Twitter to stay up to date with all our product news.
If you’d like to chat about your organisation’s compliance needs or book a demo – we’re here to help.
My Favourite Standard: ISO 3103 The standard that governs the process of making a cup of tea When I write about ISO, more often than
ISO 27001 Controls: Handling Security Breaches How to deal with them when to do when they do happen The purpose of ISO 27001 is to
Introducing Answers Simplify Documentation Management with Inverifi At Inverifi, we understand that managing documentation for compliance can be time-consuming and laborious. That’s why we have
©Copyright Inverifi 2023, All rights reserved. Registered in England, No: 06959535, , +44 20 4574 9908