Tag
Internal Audit
ISO 37001 “Reasonable and Proportionate”: Why Uniform Controls Fail the Standard’s Own Test
Quick Answer: ISO 37001:2025 requires every anti-bribery control to be calibrated to documented bribery risk โ not applied uniformly. “Reasonable and proportionate” is a design instruction: risk assessment…
Read article →
ISO 22301 Clause 8.4: Why Plan-Centric BCMS Implementations Fail Under Exercise Testing
ISO 22301 Clause 8.4 requires business continuity plans built on BIA outputs and selected strategies. Organisations that start with the plan bypass the Clause 8 dependency chain and produce documents that fail under exercise testing.
Read article →
ISO 45001 Clause 4.2: Why Your Interested Parties Register Isn’t What the Standard Requires
Most ISO 45001 Clause 4.2 registers list workers and generic needs but never feed into objectives. This article traces the structural dependency from Clause 4.2 through worker consultation under 5.4 to objective-setting under 6.2 โ and shows how to close the gap before auditors do.
Read article →
Your Risk Register Doesn’t Satisfy ISO 9001 Clause 6.1 โ Here’s What Does
Most ISO 9001 risk registers list risks without changing anything downstream. Clause 6.1 conformance requires traceable integration into process controls and quality objectives โ a gap ISO DIS 9001:2025 will make structurally visible.
Read article →
Your Internal Audit Programme Isn’t Risk-Based โ And ISO 9001’s Revision Will Prove It
Most ISO 9001 audit programmes run fixed-rotation schedules with no risk-based frequency rationale. ISO DIS 9001:2025 adds defined per-audit objectives โ exposing the structural gap. Here's how to rebuild before transition.
Read article →
IATF 16949 Clause 10.2.3: Why the #1 Nonconformity Keeps Coming Back
Clause 10.2.3 is the #1 IATF 16949 major nonconformity because root cause analyses stop at symptoms. Learn what audit-defensible submissions require โ mechanism-level causes, objective evidence, systemic reviews, and updated pFMEAs.
Read article →
Why Your ISO 14001 Legal Register Fails Surveillance Audits
Static ISO 14001 legal registers generate linked nonconformities across Clauses 6.1.3 and 9.1.2. This article diagnoses why registers go stale, what auditors actually probe during surveillance, and how to rebuild before the next audit cycle.
Read article →
How ISO 37001:2025 Catches Anti-Bribery Function Independence Failures
ISO 37001:2025 requires the anti-bribery function to operate with structural independence and direct governing body access. Most organisations' reporting lines create a nonconformity under Clause 5.3.2 โ here's how to identify and fix the gap before transition audit.
Read article →
Your AI Impact Assessment Is Already Outdated โ The ISO 42001 Clause That Proves It
Most ISO 42001 AI impact assessments are performed once and never updated. Clause 8.2 requires reassessment when significant changes occur โ but most organisations never define that threshold. Here's how to close the gap before surveillance.
Read article →
Your ISO 22301 BIA Passed Certification. It Doesn’t Reflect Your Organisation Anymore.
Most ISO 22301 BIAs are accurate at certification and rubber-stamped thereafter. Clause 8.6 now gives auditors a direct mechanism to challenge whether your BIA is fit for purpose โ not just whether it was reviewed on schedule.
Read article →
Your ISMS Scope Is Protecting the Wrong Perimeter โ and ISO 27001 Auditors Know It
Most ISMS scope statements describe an organisation that existed three migrations ago. Learn why ISO 27001 Clause 4.3 scope failures trigger Stage 2 findings and how to define boundaries that follow information flows, not org charts.
Read article →