Expert Advice Community

Guest

Nonconformities, OFI's vs Low/Med/High Audit Gaps

  Quote
Guest
Guest user Created:   Jan 13, 2021 Last commented:   Jan 13, 2021

Nonconformities, OFI's vs Low/Med/High Audit Gaps

"I got ISO 27001 certified last year and extensively used your site for references and the courses and found the materia to be very valuable and easy to understand. I have successfully completed a number of ISO 27001 audits in an internal auditor role and still use your docs for reference.

I am also CISA certified and the majority of my audits are IT General control audits where we rate gaps based on assessing impact and likelihood with ratings of low, medium and high.

I was looking to find information on how major/minor nonconformities and OFI's would compare to the 'traditional' audit gap ratings of low, medium, high. Would you be able to provide some guidance?

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Admin
Tihana Jan 13, 2021

First is important to note that major/minor nonconformities are normally used only for certification/surveillance audits of certified ISO management systems. Internal audits in general use the ratings you mentioned.

Considering that, major nonconformities would compare to high rating, while minor nonconformities could be compared to low or medium rating, depending on criteria used by the organization.

As for Opportunities For Improvement (OFIs), they should be rated considering criteria adopted by the organization to evaluate their potential benefits (i.e., they could be rated low, medium, or high).

These materials will also help you regarding NC and OFI ratings:

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 13, 2021

Jan 13, 2021

Suggested Topics

Guest user Created:   Oct 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Audit Checklist

Guest user Created:   Oct 06, 2021 ISO 27001 & 22301
Replies: 2
0 0

ISO 27001 audits