The Nonconformity register allows you to enter all nonconformities, i.e., when your employee, supplier, or partner does not comply with your policies, procedures, contracts, or other requirements. It is an integral part of the maintenance of your ISO 27001 project and will give you a great overview of areas that need improvement in the future.
Accessing Nonconformity Register
To access the Nonconformity Register, do the following:
- Go to Registers and Modules;
- Click the Go To Register button in the Nonconformity Register module.
Filling out the Nonconformity Register
Before you start filling out the Nonconformity Register, we suggest establishing the necessary procedures for logging incidents. This can be done in the Implementation steps and the document Procedure for Nonconformities and Corrective Actions. This document is edited and completed like other policies and procedures in the Document Wizard.
Adding Nonconformities
To add the nonconformity to the Nonconformity Register, click the Add New button.
Here, you also have a quick button to access the Corrective Actions Module.
Data fields with a red asterisk are mandatory – the remaining fields are optional. When you fill out all the mandatory fields, click the Save button to save the nonconformity.
When saved, the nonconformity is listed in the Nonconformities Register as a list entry. Here you can:
- See the title of the nonconformity;
- Delete the nonconformity;
- Expand the incident by clicking the arrow next to the title;
- See the nonconformity status via the color circle (with the description of the color in the left menu).
Assigning User
To assign the user, do the following:
- Expand the nonconformity by clicking the blue arrow next to the nonconformity name;
- Click the Expand button in line with the Responsibilities menu;
- Assign the incident to a user;
- Notify users of the incident;
- Click the Assign button.
After submitting the responsibilities, the nonconformity is assigned to a user. That user will be responsible for performing corrections and/or corrective actions.
Adding Corrections
To add a correction, do the following:
- Click the New task button;
- Input the field from the pop-up window;
- Click the Save button.
After the correction is saved, you can see it in the list of corrections, and you can:
- See its status under Completed?;
- Delete the task;
- Edit the task;
- Create a new task.
As the correction is noted in the Nonconformities register, the Resolve button is available.
Creating and Adding Corrective Action
If you created corrective actions before, you can apply them by clicking the Add Existing Corrective Action.
To create a Corrective Action for the incident, do the following:
- Click the New Corrective Action button;
- Enter the information required in the pop-up window shown;
- Click the Save button.
After the corrective action is saved, you can see it in the list of corrections, and you can:
- See its status under Completed?;
- Delete the task;
- Edit the task;
- Create a new task.
Note: The Complete Work button is locked if the created correction (task) is not completed. You need to complete all corrections to complete the work.
Completing Corrective Actions
After the corrections and corrective actions have been implemented in the company, you can complete the corrections.
To complete the corrections and corrective actions, do the following:
- Go to Tasks assigned to me under My Work;
- Click the Mark as Done button to confirm completing the task.
Note: The Complete Work button is only linked to the corrective actions and not corrections. You cannot click on the button if only the correction is completed, but you can click on the button if only the corrective action is completed.
Resolving Nonconformities
To resolve nonconformities, click the Complete Work button. When the Complete Work button is clicked, you need to answer this question: “Are all related corrective actions implemented effectively?“ with Yes or No.
The YES Answer
If all the related corrective actions have been implemented effectively, select the answer Yes and click the Mark as Resolved button.
The NO Answer
If all the related corrective actions have not been implemented effectively, select the answer No.
To resolve incidents in this situation, you can:
- Open additional corrections or corrective actions;
- Ask the person responsible for the corrective actions to do a better job.
After the improvements are done, click the Mark as Resolved button and click the OK button to confirm the incident is resolved.
After clicking OK, you will see the register’s main page, and the nonconformity’s status color is green, indicating the incident is resolved.
Frequently Asked Questions:
1. What are nonconformities?
Nonconformities are instances where a requirement, whether from ISO 27001, relevant legislation, ISMS documentation, or interested parties, is not complied with. They can be identified through internal audits or by anyone in the organization during everyday operations.
2. Are corrective actions needed for nonconformity resolution, or are corrections enough?
Corrective actions are not needed for nonconformity resolution. However, suppose you have both corrections and corrective actions defined for a specific nonconformity. In that case, the nonconformity cannot be resolved until you complete the corrective action (regardless of the correction status).
3. How to monitor the completion of tasks outside of Conformio?
This needs to be done by the project manager under the accepted practices in the company. Everything done outside of Conformio must then be completed in Conformio to resolve nonconformities properly.