Expert Advice Community

Guest

ISMS audit fidings

  Quote
Guest
Guest user Created:   Feb 03, 2021 Last commented:   Feb 03, 2021

ISMS audit fidings

Sorry, i'm reaching you for a Quick answer since i'm not updated with the current classification of findings for ISMS. Still current opportunity for improvement, observation, minor and Major NC?, or just NC & OBSERVATIONS?.

I have Been looking for a response but not sure, several opinions and i'm confident that you could help me.

0 0

Assign topic to the user

Assign

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Feb 03, 2021

First, it is important to note that, considering ISO 19011, the standard used for auditing ISO management systems, audit findings can be conformity, nonconformity, opportunities for improvement, and recommendations (i.e., there is no definition for observation in the standard as an audit finding).

As for minor and major NC, these definitions are normally used by certification auditors, to differentiate NCs that impact mandatory documents, or systematically affects the management system, from punctual NCs that do not affect the general operation of the management system.

The difference between an NC and observation is that for the second one you do not have enough evidence to support a non-conformity statement. In this situation, an auditor can make an observation to the organization so its staff can decide to work on an evaluation to identify if further work has to be done. It also can be used by another auditor in another audit to verify if the situation has evolved to a well-based non-conformity or not.

For further information, see:

This course can give you further information about internal audit:

Quote
1 0

Comment as guest or Sign in

HTML tags are not allowed

Feb 03, 2021

Feb 03, 2021

Suggested Topics