How do you decide if recurring minor nonconformities or a series of such minor non-conformities can be classified as a major nonconformity?
Assign topic to the user
I think you are concerned with audit nonconformities. As a general rule, you can follow that a major nonconformity is a situation where an organization:
- Completely failed to fulfill a certain requirement.
- Has a process that has completely fallen apart – rules are not followed systematically.
- Has several minor nonconformities that are related to the same process or to the same element of the management system (for example, you find obsolete documents in several areas of the organization. Or you find people in several areas of the company without the required competence).
- If a certification mark is misused
- If a minor nonconformity, raised during the previous audit, has not been resolved within the deadline – such a small nonconformity automatically becomes a major one.
You can find more information in the following links:
- Major vs. minor nonconformities in the certification audit - https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
- Free webinar on demand - How to perform an ISO 9001:2015 internal audit - https://advisera.com/9001academy/webinar/how-to-perform-an-iso-9001-2015-internal-audit-free-webinar-on-demand/ (includes a slide about the follow-up)
- You can enroll for free in this course - ISO 9001:2015 Internal Auditor Course: https://advisera.com/training/iso-9001-internal-auditor-course/
- Book - ISO internal audit: A plain English guide: https://advisera.com/books/iso-internal-audit-plain-english-guide/
Does the same guidance apply to nonconformities identified as part of the ISO 27001 internal audit? If a minor nonconformity is not remediated by the deadline, does this automatically become a major nonconformity in the next internal audit?
ISO 27001 does not prescribe that Nonconformities must be graded, so you can treat all of them only as Nonconformities in the internal audit. The use of minor and major Nonconformities are more used for certification bodies as a best practice.
Considering that, for certification purposes, you only need to ensure that any nonconformity is remediated by the time of the next surveillance/certification audit and that there is no recurrence of the same situation.
This article will provide you with a further explanation about nonconformities:
- Major vs. minor nonconformities in the certification audit https://advisera.com/27001academy/blog/2014/06/02/major-vs-minor-nonconformities-in-the-certification-audit/
For further information, see:
- ISO Internal Audit: A Plain English Guide https://advisera.com/books/iso-internal-audit-plain-english-guide/
Comment as guest or Sign in
Apr 12, 2022