• Home Page
• Corporate
  • BCRM Approach
  • BCRM FAQ
  • Case Studies
  • Certifications
  • Code Of Conduct
  • Company details
  • Customer satisfaction
  • Industry Endorsements
  • The Team
  • Why us?
• Policies
  • Business Continuity
  • Conflict of Interest
  • Corporate Social Responsibility
  • Data Protection
  • Disability Discrimination
  • Environment
  • Equal Opportunities
  • Health and Safety
  • Information Security
  • Personnel Screening
  • Quality
• Services
  • Health Checks
    • Business Continuity
    • Security Vetting
    • Data Protection Act
    • Software Asset Management
    • Service Management
    • Information Security
    • PCI DSS
    • Risk Management
  • Information Assurance
    • Disaster Recovery
    • Information Security
    • Physical Security
    • Employee Vetting
    • Software Asset Management
    • Risk Management
    • Identity Management;
    • Secure Disposal
  • Compliance
    • Governance Today;
    • GRC
    • FSA Compliance
    • Data Protection Act;
    • PCI DSS;
    • Sarbanes Oxley;
    • FSAP
    • Workflow and GRC;
    • Using XBRL for GRC;
    • Inspection of Records;
    • Litigation Support
    • Employment Law
    • FSA Support
    • Money Laundering
  • Management Systems Consultancy
    • ISO 9001
    • SO 14001;
    • ISO 17025
    • OHSAS 18001
    • ISO 20000
    • BS 25999;
    • ISO 27001;
    • Do you need us?
    • Auditing
    • Polices and Procedures
  • Continuous Improvement
    • ISO 9004;
    • Total Quality Management (TQM)
    • Six Sigma;
    • Capability Maturity Models;
    • ServQual / RATER;
    • EQF
    • Balanced Scorecards;
  • Certification Services
    • Standards Implemented
    • Management System Implementation Methodology
    • Consultancy to Support Certification
    • Certification Body Audit Markings
    • Certification Pre-Audit Services
    • Remediation
    • Certification FAQ
  • Digital Forensics
    • Forensic Evidence Recovery
    • Expert Witness Services
• Records Management
• Training
• Standards
  • Management Systems
    • BS 25999
    • ISO 14000
    • ISO 17025
    • ISO 20000
    • ISO 27000
    • ISO 9000
    • OHSAS 18000
    • PAS 99
  • Other Standards
    • BS 10008
    • BS 10012
    • ISO 25777
    • BS 7858
    • BS 8470
    • BS 7858
    • BS 8549;
    • ISO 15489
    • ISO 19770
    • ISO 24762
    • ISO 38500
• Legislation
  • Basel II
  • Data Protection Act
  • Financial Sector Assessment
  • Financial Services and Markets Act (UK);
  • Health Insurance Portability and Accountability Act US);
  • Markets in Financial Instruments Directive (EU);
  • Miscellaneous relevant EU Directives;
  • Payment Card Industry Data Security Standards (worldwide);
  • Sarbanes Oxley (US);
  • Single European Payments Area (EU);
• Legal
  • Copyright
  • Legal Disclaimer
  • Privacy
  • Security
  • Links to other sites
• Site Map
• Contact Us
•  

---

?

Certification Body Audit Markings

---

A non-conformance must be recorded whenever the Auditor discovers that the documented procedures are inadequate to prevent breaches of the Management System requirements, or they are adequate but are not being followed correctly.

Major Non-Conformance

Definition

A failure to implement or comply to one or more of the applicable control requirements, such that it raises significant doubts as to the adequacy of measures to comply with the requirements of the audit and / or represents an unacceptable risk as would be perceived by the systems stakeholders.

Example

These occur in the following circumstances:

• ongoing and systematic breaches of the requirements have been found.

Minor Non-Conformance

Definition

An isolated situation in which some aspect of an applicable control requirement has not been fulfilled, such that it raises some doubts as to the adequacy of measures to comply with the requirements of the audit and / or represents a minor risk as would be perceived by the systems stakeholders.

Example

These occur in the following circumstances:

• one off breaches of the requirements have been found usually caused by human error.

It should be noted however, that a number of Minor Non-conformances in the same area can be symptomatic of a system breakdown and could therefore be compounded into a Major Non-conformance.

Observation

In situations where the Auditor considers that potential non-conformant situations may arise or where a possible improvement can be identified an Observation may be issued. Organisations are free to identify corrective and preventive actions to Observations as they wish, but Auditors should take note of previous observations raised when performing their audits and look for signs of improvement.

Note 1: These can also be called 'Opportunities for Improvement.

Note 2: Some Certification Bodies may use different terms, but the meanings will be broadly similar. Exact definitions should be explained with their meanings at the opening meeting. If they are not, you should ask for definitions and explanations.