You: Are items checked before being dispatched?

You are conducting an ISMS audit in the despatch department of an international logistics organisation that provides shipping services to large organisations including local hospitals and government offices. Parcels typically contain pharmaceutical products, biological samples, and documents such as passports and driving licences. You note that the company records show a very large number of returned items with causes including misaddressed labels and, in 15% of cases, two or more labels for different addresses for the one package. You are interviewing the Shipping Manager (SM).

You: Are items checked before being dispatched?

SM: Any obviously damaged items are removed by the duty staff before being dispatched, but the small profit margin makes it uneconomic to implement a formal checking process.

You: What action is taken when items are returned?

SM: Most of these contracts are relatively low value, therefore it has been decided that it is easier and more convenient to simply reprint the label and re-send individual parcels than it is to implement an investigation.

You raise a nonconformity against ISO 27001:2022 based on the lack of control of the labelling process.

At the closing meeting, the Shipping Manager issues an apology to you that his comments may have been misunderstood. He says that he did not realise that there is a background IT process that automatically checks that the right label goes onto the right parcel otherwise the parcel is ejected at labelling. He asks that you withdraw your nonconformity.

Select three options of the correct responses that you as the audit team leader would make to the request of the Shipping Manager.

A. Advise the Shipping Manager that his request will be included in the audit report

B. Advise management that the new information provided will be discussed when the auditors have more time

C. Inform the Shipping Manager that the nonconformity is minor and should be quickly corrected

D. Ask the audit team members to state what they think should happen

E. Inform him of your understanding and withdraw the nonconformity

F. Thank the Shipping Manager for his honesty but advise that withdrawing the nonconformity is not the right way to proceed

G. Advise the Shipping Manager that the nonconformity must stand since the evidence obtained for it was dear

H. Indicate that the nonconformity is evidence of a deeper system failure that needs to be rectified

Answer: ABF

Explanation:

A. Advise the Shipping Manager that his request will be included in the audit report. This is true because the audit report should document all the relevant information and evidence related to the audit, including any requests or objections raised by the auditee. The audit report should also provide the rationale for the audit conclusions and recommendations12.

B. Advise management that the new information provided will be discussed when the auditors have more time. This is true because the auditors should not make hasty decisions based on incomplete or unverified information. The auditors should review and evaluate the new information in a systematic and objective manner, and determine whether it affects the audit findings, nonconformities, or conclusions12.

F. Thank the Shipping Manager for his honesty but advise that withdrawing the nonconformity is not the right way to proceed. This is true because the auditors should acknowledge and appreciate the cooperation and transparency of the auditee, but also maintain their professional integrity and independence. The auditors should not withdraw a nonconformity unless they are satisfied that it was raised in error or that it has been effectively corrected and verified12.

Reference: =

ISO 19011:2022 Guidelines for auditing management systems

ISO/IEC 17021-1:2022 Conformity assessment ― Requirements for bodies providing audit and certification of management systems ― Part 1: Requirements