ISMS audit fidings
Sorry, i'm reaching you for a Quick answer since i'm not updated with the current classification of findings for ISMS. Still current opportunity for improvement, observation, minor and Major NC?, or just NC & OBSERVATIONS?.
I have Been looking for a response but not sure, several opinions and i'm confident that you could help me.
Assign topic to the user
First, it is important to note that, considering ISO 19011, the standard used for auditing ISO management systems, audit findings can be conformity, nonconformity, opportunities for improvement, and recommendations (i.e., there is no definition for observation in the standard as an audit finding).
As for minor and major NC, these definitions are normally used by certification auditors, to differentiate NCs that impact mandatory documents, or systematically affects the management system, from punctual NCs that do not affect the general operation of the management system.
The difference between an NC and observation is that for the second one you do not have enough evidence to support a non-conformity statement. In this situation, an auditor can make an observation to the organization so its staff can decide to work on an evaluation to identify if further work has to be done. It also can be used by another auditor in another audit to verify if the situation has evolved to a well-based non-conformity or not.
For further information, see:
- Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
This course can give you further information about internal audit:
- ISO 27001:2013 Internal Auditor course https://advisera.com/training/iso-27001-internal-auditor-course/
Comment as guest or Sign in
Feb 03, 2021