Nonconformity
Definition
The ISO 27001 term for a finding that represents a failure to meet a requirement of the standard or the organisation's own ISMS. A major nonconformity indicates a systemic or severe control failure; a minor nonconformity indicates an isolated or less critical gap.
Related terms
- Executive summary
- The opening section of an audit report written for non-technical leadership. It states the audit scope, overall posture, the most material findings...
- Finding
- A discrete, evidence-backed statement that a specific control is absent, misconfigured, or insufficient. Each finding contains an issue statement, evidence, risk rating,...
- Management response
- The audited organisation's formal reply to each finding, included in the report. It states whether the recommendation is accepted, rejected, or accepted...
- Observation
- A noted issue or improvement opportunity that does not constitute a formal finding because it lacks sufficient evidence or does not violate...
- Risk rating
- A classification of a finding's severity, typically Critical, High, Medium, Low, or Informational, derived from a likelihood-by-impact matrix. The rating determines remediation...
Explained in
- Audit Report Structure and Communicating FindingsThe ISO 27001 term for a finding that represents a failure to meet a requirement of the standard or the organisation's own ISMS. A major nonconformity indicate...