ISO Non-Conformance Research

Analyse Non-Conformances Raised in audits for ISO 27001, ISO 9001, ISO 14001, OHSAS 18001.  Identify common weaknesses in management systems.

Source: Assent Risk Management Audits
Data Range: June 2016-June 2017
Sample Size: 1147
Published: 04/07/17


Non Conformance Research 2017
Non Conformance by Clauses



Assent Risk Management is an ISO Consultancy company which provides services to clients including implementing ISO Management Systems and Auditing.

This analysis is based on the results of Internal Audits conducted by Assent Risk Management staff between June 16 and June 17.

The findings have been categorised to the Sub Clause, for example 4.x, and do not take in to account the severity of the finding, for example if it was a minor or major nonconformance.

Our auditors are IRCA trained and have a broad experience of auditing.  This data samples the audits of every auditor.


OHSAS 18001 – Occupational Health and Safety

This is the only standard in the project which does not use the Annex SL structure, and therefore does not feature in the later Annex SL analysis.

The most common clauses:

  • 4.4.6 Operational Control
  • 4.3.2 Legal & Other Requirements
  • 4.3.1 Hazard Identification, Risk Assessment and Determining Controls.

The OHSAS 18001 findings centre around “real world” issues rather than explicit OHSAS requirements.


All Annex SL Standards

The following includes ISO 27001:2013, ISO 14001:2015 and ISO 9001:21015 findings combined to analyse the Annex SL structure.

  • 6.2 Objectives and Planning to Achieve them.
  • 4.2 Understanding the Needs and Expectations of Interested Parties
  • 6.1 Actions to Address Risks and Opportunities

Unsurprisingly the top 3 clauses are new features of Annex SL based standards.

Although Objectives have always been a requirement of most standards, the Annex SL structure put more emphasis on the structure and documentation of them.


See more results in the Infographic above.