In a third-party audit to ISO 9001, select two options of when the organisation is required to act in response to reported findings.

In a third-party audit to ISO 9001, select two options of when the organisation is required to act in response to reported findings.

A. A recommendation is given in the report.

B. A finding of good practice is reported.

C. An opportunity for improvement is raised.

D. A major non-conformity is raised.

E. A finding of conformity is reported.

F. A minor non-conformity is raised.

View Answer

Answer: DF

Explanation:

According to ISO 19011:2018, clause 6.6.2, a nonconformity is the non-fulfilment of a requirement. A nonconformity can be classified as either major or minor, depending on the nature and extent of the deviation from the audit criteria. A major nonconformity is a nonconformity that affects the ability or the integrity of the organization’s management system to achieve the intended results. A minor nonconformity is a nonconformity that does not affect the ability or the integrity of the organization’s management system to achieve the intended results, but is a deviation from the audit criteria1.

According to ISO/IEC 17021-1:2015, clause 9.4.9, the organization is required to analyze the cause and describe the specific correction and corrective actions taken, or planned to be taken, to eliminate detected nonconformities, within a defined time. The organization is also required to provide the certification body with records and evidence of the implementation and effectiveness of the correction and corrective actions taken. The certification body will then verify the correction and corrective actions taken by the organization and decide on the certification status2.

Therefore, the two options of when the organization is required to act in response to reported findings are D and F, as they indicate the presence of nonconformities that need to be corrected and prevented from recurring.

The other options are not correct, as they do not require the organization to act in response to reported findings:

• A. A recommendation is given in the report: A recommendation is a suggestion for improvement that is not related to a nonconformity. A recommendation is not binding for the organization and does not affect the certification status. The organization may choose to accept or reject the recommendation, but it is not required to act on it.

• B. A finding of good practice is reported: A finding of good practice is a positive observation that indicates a strength or a best practice of the organization’s management system. A finding of good practice is not related to a nonconformity and does not affect the certification status. The organization may choose to acknowledge or share the finding of good practice, but it is not required to act on it.

• C. An opportunity for improvement is raised: An opportunity for improvement is a potential area where the organization’s management system can be enhanced or optimized. An opportunity for improvement is not related to a nonconformity and does not affect the certification status. The

organization may choose to pursue or ignore the opportunity for improvement, but it is not required to act on it.

• E. A finding of conformity is reported: A finding of conformity is a confirmation that the organization’s management system fulfils the audit criteria. A finding of conformity is not related to a nonconformity and does not affect the certification status. The organization may choose to celebrate or communicate the finding of conformity, but it is not required to act on it.

Reference: ISO 19011:2018(en), Guidelines for auditing management systems, ISO/IEC 17021-

1:2015(en), Conformity assessment ― Requirements for bodies providing audit and certification of

management systems ― Part 1: Requirements