Your security and compliance glossary

All the terms you need to know when you’re trying to get compliance audit ready, fast.

Show filters

What is an ISO 27001 nonconformity?

An ISO 27001 nonconformity is an organization’s non-fulfillment of a requirement of the ISO standard. Both major and minor nonconformities may be recorded in the process of a company’s certification audit. The presence of a major nonconformity means that a company cannot get certified. 

An organization is at risk of nonconformity if they have not fulfilled the standard requirements of the ISO 27001; if an organization’s documentation specified a process the organization is not following; or if an organization is not upholding contractual requirements in its dealings with third parties.  

A company’s ISO auditor will utilize nonconformities to judge the compliance of that company’s Information Security Management System (ISMS) against the ISO standard. An auditor will describe the nonconformity, provide evidence of the issue, reference by clause the requirement that is not being adequately addressed, and summarize what must be done to meet the stated requirement.

Examples of major nonconformities include:

  • Failure to fulfill a certain requirement of the standard
  • Absence of mandatory documentation
  • Breakdown of a process or procedure
  • Accumulation of minor nonconformities about one process or element of an organization’s management system, illuminating a larger problem 
  • Misuse of a certification mark, thus misleading customers 
  • Unresolved minor nonconformities

Additional resources you might like:

Product updates
Introducing new products to secure and accelerate an AI-powered future

Today we’re excited to announce new and upcoming product capabilities that empower you to accelerate innovation and strengthen security in an increasingly AI-driven world.

Leverage Security and Compliance to Win Over Prospects

Curious about how security and compliance can help you build trust and win over prospects? On December 13th at 8:30am PST / 4:30pm GMT, join our AMAA

Product updates
New in Vanta | October 2023

This past month, we announced the single destination to showcase your security posture, Vanta Trust Center, 19 new integrations, Private links for Vendor Risk Management, and more.

Get compliant and
build trust, fast.