Take the ISO 27001 course exam and get the
EU GDPR course exam for free
LIMITED-TIME OFFER – ENDS SEPTEMBER 29, 2022

Expert Advice Community

Guest

Auditor findings - Opportunities for improvement

  Quote
Guest
Guest user Created:   Jan 12, 2016 Last commented:   Jan 12, 2016

Auditor findings - Opportunities for improvement

The final auditors report has a lot of comments known as Opportunity of improvement (OFI) some are makes since and some are not to us. One of my advisers told me that, if I didn't do anything regarding these OFI the auditor will raise theme as minor NC in the next visit, is that true and I have to do something?    
0 0

Assign topic to the user

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

ISO 27001 RISK ASSESSMENT AND TREATMENT REPORT

Document the results of the risk management process.

Guest
DejanK Jan 12, 2016

It is not true. The Opportunity of Improvement are recommendations of the auditor, and never will be a Non-Conformity. However an observation yes, this can become a Non-Conformity if the organization do not resolve it.

For the internal audit the situation is the same, but in this case is would be interesting that you include in your procedure of internal audit the definition of each finding (Non-Conformity Major, Non-Conformity Minor, Observation, Opportunity of Improvement).

If you need information for the development of the procedure of Internal Audit, you can see our video tutorial “Documentation Tutorial: How to write ISO 27001/ISO 22301 Internal Audit Procedure and Audit Program”: https://advisera.com/27001academy/iso-27001-22301-premium-documentation-toolkit/
Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 12, 2016

Jan 12, 2016

Suggested Topics