ISO 27001 and minor non-conformities
We had a question come up regarding ISO 27001 and minor non-conformities. I’ll enter it below hoping that someone from the training team may be able to answer it for us.
Question we have;
We have a certified facility that had a few minor non-conformities during its last surveillance audit.
The audit provider gave the ISMS team until June 2023 to address them. They had 90 days to supply a fix.
Did that mean they needed to report back to the auditor with the remediation by June?
Or do they need to provide evidence that they were addressed by June at their next Audit coming up in March 2024?
So, does that ISMS team need to proactivity reach out to their auditor with the evidence that the non-conformities have been fixed?
Assign topic to the user
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more 
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
ISO 27001 DOCUMENTATION TOOLKIT
Step-by-step implementation for smaller companies.
Find out more
In general, the results of the treatment of minor nonconformities are reported in the next scheduled audit, but the best approach here is for you to contact your certification body and confirm with them when the treatment results should be reported to the certification auditor.
Comment as guest or Sign in
Jul 20, 2023