+31 (0)73 220 2000 | info@brandcompliance.com
English
  • Dutch
  • English
  • Français
  • België
  • Dutch
  • English
  • Français
  • België
Brand Compliance
  • Certify
    • ISO 9001
    • ISO 22301 (BCM)
    • ISO 19770-1 (IT-assets)
    • ISO 27001
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 27701 (Privacy)
    • NEN 7510
  • IT Assurance
    • SOC 2
  • Vacancies
  • Knowledge base
  • BC Academy
Discuss your situation
  • Information security
    • ISO 27001
    • NEN 7510
    • CyFun
      • CyFun verification
      • Request CyFun verification
    • ISO 27799
    • ISO 27017 and ISO 27018
    • BIO
    • ISO 19770-1
  • Privacy
    • BC 5701
    • ISO 27701
    • GDPR standard BC 5701:2024 EN
  • IT assurance
    • SOC 2
    • ISAE 3402
    • ISAE 3000
  • Quality & continuity
    • ISO 9001
    • ISO 14001
    • ISO 22301
  • Knowledge & news
    • Knowledge articles
    • News
  • Academy
    • All training courses
    • NIS2 & CyFun
    • ISO 27001
  • About us
    • Accreditations
    • Careers
    • Compliment, complaint or tip
    • Locations
    • Privacy Statement
    • Contact

Preparing for certification

6
  • Certification checklist: how to prepare for certification
  • Do you have your first certification audit soon?
  • The certification process step by step
  • How long does ISO certification take?
  • How to conduct an internal audit
  • Describing the scope of certification: tips and examples

Audit process & certification cycle

7
  • Initial audit Stage 1
  • Initial audit Stage 2
  • What is a certification cycle?
  • Nonconformities within the management system
  • What should you know about certificate suspension or revocation?
  • Transfer of certification
  • The use of certification logos

Management systems & key concepts

6
  • Whitepaper management system audits
  • Quality Management: best practices for success
  • The Brand Compliance glossary
  • What is a management system?
  • Internal or external audit?
  • Accreditation versus certification

Information security

3
  • Excelling in information security: best practices
  • Operational Capabilities: The Backbone of Information Security
  • The Traffic Light Protocol (TLP): what does it mean for you?

NEN 7510 & healthcare

4
  • Transition to NEN 7510-1:2024
  • NEN 7510 without healthcare institution?
  • How to expand with NEN 7510
  • The differences between ISO 27001 and NEN 7510

NIS2 & CyberFundamentals

5
  • ISO 27001 in a NIS2 context in Belgium
  • CyberFundamentals 2025: transition from CyFun 2023 to 2025
  • Self-assessment & CyFun verification: best chance of success
  • NIS2 liability for board members
  • CyberFundamentals Framework in Belgium: what is the relationship with NIS2?

Privacy & data protection

8
  • Transition to ISO/IEC 27701:2025
  • GDPR compliance best practices
  • Data breach: What is it and how do you prevent it?
  • Your Data Protection Officer and the GDPR
  • Your record of processing activities and the GDPR
  • Checklist for your BC 5701 certification
  • BC 5701 certification: where do you start?

Assurance audits

1
  • ISAE 3402 vs SOC 2: what is the difference?
View Categories

Nonconformities within the management system

Where do nonconformities within the management system originate?
#

nonconformities within the management system #

Nonconformities within the management system can be detected from various sources. It often comes from an internal audit or from an audit by a certification body, such as Brand Compliance. But a nonconformity can also arise from an internal/external signal or from a complaint.

What types of nonconformities within a management system exist ? #

Nonconformities come in two categories, with the nonconformity definition below:

Major nonconformity #

Failure to meet a requirement that affects the management system’s ability to achieve its intended results.
* For example, when no internal audits or a management review have been performed.

Minor nonconformity #

Failure to meet a requirement that does not affect the management system’s ability to achieve the intended results.
* Consider, for example, the use of an incorrect version of a document.

How do you resolve nonconformities within the management system? #

It is important that nonconformities within the management system are solved properly and adequately. Dealing with nonconformities can be done in different ways. It is important that the method matches the standard against which you want to be certified. There are a number of points for attention that must be followed in order to arrive at a thorough handling of the nonconformity.

We list the points of attention for you:

    • Determine cause and extent
      There are several methods to find out the cause of the abnormality. The most well-known methods that can be used are, for example, the Ishikawa-diagram or the 5 times why method.
    • Correction on the nonconformity
      If the extent of the nonconformity is known, a correction can be made. In fact, this restores everything that went wrong (in the past).
    • Take corrective actions
      To prevent recurrence, so-called ‘corrective actions’ must be taken to remove the identified cause.
    • Verification
      After the corrective actions have been taken, it must be checked whether the actions have worked. If the nonconformity no longer occurs under the same circumstances, the corrective actions taken have worked and the nonconformity can be closed. If the corrective actions have not worked sufficiently, you may not have identified the correct root cause.

What deadlines apply for submitting nonconformities? #

In the closing meeting of the audit, any nonconformities within the management system that the Lead Auditor has found during the audit will be communicated to you. You will receive a nonconformity form that you must complete. This nonconformity form must be submitted to the Lead Auditor within a specified period, for both major and minor nonconformities.

Of course, you are allowed to handle the nonconformities faster than the agreed terms. For example, you would like to receive your certificate as soon as possible? Then you can speed up the process of solving the nonconformities and submit the forms earlier. Agree with your auditor about the options for assessing your forms.

How should a nonconformity be properly addressed? #

For a minor nonconformity, you should initially provide a plan of action. You must analyze the cause of deviations and describe which specific corrections and corrective measures you have applied or have planned to apply, in order to eliminate the deviations found within the specified period.

The auditor will review the corrections, identified causes and corrective actions you have submitted to determine whether they are acceptable. The effectiveness of corrections and corrective actions will be verified by the auditor at the latest during the next audit.

For a major nonconformity, you must complete all steps, including verification, before the auditor verifies the effectiveness of corrections and corrective actions. This process must be completed in full for a major nonconformity before certification can be proceeded with.

Share This Article :

  • Facebook
  • X
  • LinkedIn
Updated on 17 June 2025
What is a certification cycle?What should you know about certificate suspension or revocation?
Contents
  • Where do nonconformities within the management system originate?
  • What types of nonconformities within a management system exist ?
    • Major nonconformity
    • Minor nonconformity
  • How do you resolve nonconformities within the management system?
  • What deadlines apply for submitting nonconformities?
  • How should a nonconformity be properly addressed?

Accreditation

RvA C548Brand Compliance B.V. has accreditation (C548) to certify ISO 27001, ISO 27701 NEN 7510 and ISO 9001 technical area 33 information technology and 35 other services.

View our accreditations

Contact

Have a question about certification, verification or assurance?

info@brandcompliance.com
+31 (0)73 220 2000

Prefer local contact details?
View our locations

Our locations

‘s-Hertogenbosch, The Netherlands

Antwerp, Belgium

Ottignies-Louvain-la-Neuve, Belgium

Stockholm, Sweden

Dublin, Ireland

Luxembourg, coming soon

Practical information

Privacy statement

Terms and conditions

Company details

Feedback and complaints

 

© Copyright 2026 Brand Compliance