Expert Advice Community

Guest

Raising a Non Conformity or Observation in Internal Audit

  Quote
Guest
Bills Created:   Oct 28, 2019 Last commented:   Oct 30, 2019

Raising a Non Conformity or Observation in Internal Audit

Hi 

I am managing ISMS and as per the standard and as a continual improvement I have to perform an internal audit for ISMS. An internal audit dept is performing an internal audit. I need clarification in understanding when an auditor can raise an NCR(Minor) and when he can raise an Observation? Suppose I say that since I am certified by an external auditor and I have passed a certification audit by complying with all the mandatory requirements of ISO 27001, you cannot raise an NCR for my ISMS but only can raise Observation.
So am I correct, or internal auditor can still raise an NCR for me?
Please advise
Thanks

0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Oct 30, 2019

First, it is important to note that, considering ISO 19011, the standard used for auditing ISO management systems, audit findings can be conformity, nonconformity, opportunities for improvement, and recommendations (i.e., there is no definition for observation in the standard as an audit finding).

Considering that, an internal auditor also can raise a non-conformity for your ISMS even if you have passed a certification.

The difference between an NC and an observation is that for the second one you do not have enough evidence to support a non-conformity statement. In this situation, the internal auditor can make an observation to the organization so its staff can decide to work on an evaluation to identify if further work has to be done. It also can be used by another auditor in another audit to verify if the situation has evolved to a well-based non-conformity or not.

This course can give you further information about internal audit:
- ISO 27001:2013 Internal Auditor course https://training.advisera.com/se/iso-14001-internal-auditor-course/o-27001-internal-auditor-course/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Oct 28, 2019

Oct 30, 2019

Suggested Topics

Guest user Created:   Nov 23, 2021 ISO 27001 & 22301
Replies: 1
0 0

Audit findings

Guest user Created:   Oct 15, 2021 ISO 27001 & 22301
Replies: 1
0 0

Audit Checklist