We have recently undergone a Gap Analysis with NQA ready for our ISO certification, and some significant failings were discovered during the process.
The key bits were the difficulty in identifying / linking documentation to clauses, missing clauses without explanation and missing information on areas provided.
Firstly, as part of our gap analysis, the processes followed within Conformio did not provide any documentation to Clause 4 of the standard, nor did we get any system assistance in completing these clauses. There was no interested parties section beyond the contractual and legal requirements, thus we were unable to evidence clause 4.2.
Secondly, the Risk Assessments failed to provide a CIA category for any risks. We are told this is mandatory and as such, the Risk Register provided does not meet the requirements of ISO.