LIVE VIRTUAL TRAININGS
Learn in small groups from top experts and real-life examples

Expert Advice Community

Guest

Query on Classification of ISMS

  Quote
Guest
Guest user Created:   Jan 06, 2022 Last commented:   Jan 10, 2022

Query on Classification of ISMS

Query related to ISO 27001 ISMS - (Classification of Non - Conformity) In Advisera ISO 27001 Document toolkit, it is given/recommended that organization must provide classification for the risk. The query to be resolved are as follows: Whether organization is supposed to provide classification for Non-Conformities as well? If yes, please, suggest the method/mechanism to be adopted for the classification of NC's as well.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 06, 2022

ISO 27001 does not require non-conformities to be classified. Normally non-conformities are classified during surveillance/certification audits as major or minor nonconformities, and the main purpose is the following: if the auditor raises a major nonconformity, a company cannot get certified.

For further information, see:

Quote
0 0
Guest
Atul Kamat Jan 06, 2022

The management feedback & concern is that without classification of Non-conformities from internal audit based on risk, decisions and priorities cannot be assigned appropriately. 

Quote
0 0
Expert
Rhand Leal Jan 10, 2022

Although ISO 27001 does not prescribe classification of non-conformities, an organization can define a classification scheme of its own if it understands that it can help improve the ISMS.

Regarding the classification scheme, you can either adopt the minor/major nonconformity scheme used by certification bodies (which will make it easier to explain to certification auditors) or develop your won scheme (e.g., based on a risk assessment of assets impacted by the non-conformity).

Quote
0 1

Comment as guest or Sign in

HTML tags are not allowed

Jan 06, 2022

Jan 10, 2022

Suggested Topics

Guest user Created:   Jan 13, 2022 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 query

Guest user Created:   Jan 12, 2022 ISO 27001 & 22301
Replies: 1
0 0

Query on SOC 2 certification

Guest user Created:   Jan 05, 2022 ISO 27001 & 22301
Replies: 3
0 0

Scope of the ISMS