So You Have ISO Nonconformities, Now What?

Video Transcript:

So you're going through your ISO certification process, but you have nonconformities, in this video, we'll talk about how that impacts your path to certification and the steps you must take to ensure that you can become certified.

Hi, I'm Danny Manimbo and I'm a principal with Schellman and one of the co-directors of our ISO certification practice. We're going to talk about nonconformities. How does that impact your certification process? Part of doing an ISO audit, we are assessing whether or not you're meeting the requirements of the standard, if there are any deviations or what we call non-conformities, those have to be formally called out and addressed by our clients through what's called a corrective action process, meaning they must fill out a corrective action plan and also correct the issue before we're able to issue the certificate.

What makes ISO unique is that when we do find non-conformance with the standard, we do have to go through this formal corrective action process in order to be able to issue that certificate, because that certificate, once issued, means there is full conformance to the requirements of the standard.

As a reminder, ISO isn't a pass/fail audit. Whether you have one non-conformity or multiple, the end goal is certification. But to get there, we have to make sure we go through the corrective action process effectively through submitting an acceptable corrective action plan, which contains things such as

  • The root cause
  • What you're going to do to correct it
  • What type of process changes you're going to make to ensure that similar nonconformity doesn't occur again.

Once we're on the same page with respect to the corrective action plan and seeing it through the actual corrective correction of that issue we can issue the certificate.

So now that you understand the impacts of nonconformity on your path to ISO certification, reach out by our website and we'll be happy to talk more. 

About the Author

Danny Manimbo

Danny Manimbo is a Principal with Schellman based in Denver, Colorado. As a member of Schellman’s West Coast / Mountain region management team, Danny is primarily responsible for co-leading Schellman's ISO practice as well as the development and oversight of Schellman's SOC practice line as well as specialty practices such as HIPAA. Danny has been with Schellman for eight years and has over 11 years of experience in providing data security audit and compliance services.

More Content by Danny Manimbo
Previous Video
Changing Your Scope AFTER ISO Certification
Changing Your Scope AFTER ISO Certification

Next Video
Which Trust Services Categories Should I Include In My Next SOC 2 Report?
Which Trust Services Categories Should I Include In My Next SOC 2 Report?