ISO management standards require the company to take the following activities when a nonconformity occurs:
1. Control and correct the nonconformity and deal with the consequences – for example, in a case when the nonconformity is that the internal audit was conducted by untrained auditors, the company should train internal auditors, and deal with the risks that might have happened as a result of inappropriately conducted internal audits.
2. Evaluate the need to eliminate the causes of the nonconformity in order to prevent its reoccurrence – using the same example, if the cause of the nonconformity is a lack of personnel responsible for the internal audit process, the company should assign responsibility to a relevant person in order to prevent this from happening again in the future.
3. Implement corrective actions – using the same example, the company should conduct a new internal audit with the newly trained auditors.
4. Review the effectiveness of the corrective action taken – using the same example, after a certain period, it should be checked if the newly conducted audits were conducted by trained auditors.
5. Make changes to the documentation, if needed – using the same example, document an internal audit procedure where the responsibilities of the person in charge of the internal audit will be explained and the requirement for having trained internal auditors will be clearly stated.