As ISO Consultants we are keen to understand the clauses of ISO Standards that our clients find most challenging, so we can focus our support in those areas.
Assent have analysed a sample of over 1,300 anonymised non-conformances from a 12 month period to determine the clauses that occur most often. Here’s the results:
Most Common Annex SL Major Non-Conformances
Assent auditors raised few Major Non-Conformances during the period sampled, however the three areas with the most severe findings were:
- C9.1 Monitoring, Measurement, Analysis, Evaluation
- C9.3 Management Review
- C8.3 Design & Development (ISO 9001)
Most Common Annex SL Minor Non-Conformances
Minor Non-Conformances occur more frequently and are wide ranging in subject matter. However, a significant proportion occur in these 5 clause areas.
- C6.1 Risks & Opportunities
- C6.2 Objectives
- C7.3 Awareness
- C9.2 Internal Audit
- C9.3 Management Review
Most Common ISO 9001 Minor Non-Conformances
The Quality Management Standard, ISO 9001, is still the most popular standard with over 878,664 valid certificates according to ISO’s 2018 Survey.
Our data shows the following areas attract the most non-conformances:
- C6.1 Risks & Opportunities
- C7.5 Document Control
- C8.1 Operational Control
- C9.2 Internal Audit
- C9.3 Management Review
Most Common ISO 14001 Minor Non-Conformances
The Environmental Management Standard, ISO 14001, is a trailing second place with just over 300,000 valid certificates according to ISO’s 2018 Survey. However, ISO 14001 takes third place in our data, behind ISO 27001.
Our data shows the following areas attract the most non-conformances:
- C4.1 Understanding the Organisation and It’s Context
- C4.2 Needs & Expectations of Interested Parties
- C5.1 Leadership
- C6.1 Risks & Opportunities
- C9.3 Management Review
Most Common ISO 27001 Minor Non-Conformances
PLEASE NOTE: This research was conducted on ISO 27001:2013, which has since been updated to ISO 27001:2022.
The Information Security Standard, ISO 27001, is increasing in popularity globally with almost 31,000 valid certificates according to ISO’s 2018 Survey.
Our data shows the most common areas of ISO 27001 findings are:
- A11 Physical Security
- C4.1 Understanding the Organisation and It’s Context
- C4.2 Needs & Expectations of Interested Parties
- C6.1 Risks & Opportunities
- C9.2 Internal Audit
Unlike other ISO standards, ISO 27001:2013 has an Annex of 114 Controls. Our data shows these are the top 5 attracting non-conformances:
- A12.1.1 Documented Operating Procedures
- A9.2.1 User Registration/Deregistration
- A14.3.1 Protection of Test Data
- A15.1.2 Addressing Security within Supplier Agreements
- A17.1.3 Verify, review and evaluate information security continuity
Most Common ISO 22301 Minor Non-Conformances
The Business Continuity Standard, ISO 22301, is one of our fastest growing standards, and according to ISO’s 2018 Survey, there are now just over 1,500 valid certificates.
Our data shows the most common areas of ISO 22301 findings are:
- C6.1 Risks & Opportunities
- C7.1 Resources
- C7.2 Competence
- C8.2 Business Impact Analysis & Risk Assessment
- C8.5 Exercising & Testing
Note About this Data
Our research is based on data from Assent clients, between August 2018 and August 2019.
The non-conformances are drawn from the Annex SL based ISO Standards:
- ISO 9001
- ISO 14001
- ISO 27001
- ISO 22301
ISO 45001 was not included as the period included migration from OHSAS 18001.
Assent auditors use several levels of audit findings, with the most severe being a Major Non-Conformance, followed by a Minor Non-Conformance and lastly an Observation.