Addressing non-conformities

Gaining your ISO 27001 certification

Evidence collection External audit stage 1: Review of documentation External audit stage 2: Certification audit Addressing non-conformities Running a surveillance audit ISO 27001 recertification

Auditors find non-conformities during external audits, which the organization must address promptly to move forward with the ISO 27001 certification. These are misses or issues in the ISMS or failure of controls related to ISO 27001 requirements.

Once non-conformities are identified, immediate action must be taken to control and correct them. This includes dealing with any consequences and minimizing risks associated with the issue.

The best practice is to evaluate the underlying cause for the non-conformity and set up a corrective action plan. It should clearly outline

Specific steps to address the root cause
Responsibilities for each action
Deadlines for implementation

Once the corrective actions are implemented, the organization must strengthen control monitoring to ensure such non-conformities do not occur in the future. Document the evidence supporting the corrective actions and keep all the relevant stakeholders informed.

Once all non-conformities are addressed, the external auditor will have a final look at your ISO 27001 and ISMS controls and test them for effectiveness and compliance. If all goes well, you will receive your ISO 27001 certification.

Running a surveillance audit

The Sprinto advantage

From automating compliance checklists to monitoring security controls in real-time and more, Sprinto does the heavy lifting for you to get you compliant. ISO 27001 isn’t a one-time exercise. It requires constant monitoring and improvement to ensure you stay compliant. Sprinto doesn’t just help you pass the audit it helps you stay continuously compliant and add more compliances to your kitty with very little additional lift.

Contact sales