From the point of view of the information security management system, non-conformities are situations in which:
In systematic security work, all detected non-conformities must be documented. To treat the non-conformity, the organization must identify and implement improvements that correct it.