5Şub
Can a nonconformity be raised against a control – for ISMS audit based on ISO 27001?
I read a LinkedIn article by Chris Hall (Post 1, Post 2), who states that Certification Auditors cannot and should not raise nonconformity against the controls and should only raise nonconformity against the clauses.
Can a nonconformity be raised against a control for an ISMS audit based on ISO 27001?
Also, if possible, please include examples of nonconformity against at least two to three controls if in case raising a nonconformity against control is practiced.
Or in case auditing a control, please provide a few examples where the control though being audited, but their nonconformity is raised against a particular or a set of clause(s).
