What is Nonconformity in ISO 9001?

Written: 10th May 2019
Author: Richard Keen

While I was re-reading the current ISO 9001 guidelines this week, I noticed the term “nonconformity” within one of the clauses. I realized that a lot of people might not immediately know exactly what this means, so I decided to do some deeper research and come up with a detailed explanation if what nonconformity is.

What is nonconformity in ISO 9001? Nonconformity in ISO 9001 is defined as the failure to meet one or more requirements. When the functions of a business are not conforming to ISO 9001, there must be a solution where the problem is controlled or corrected before going forward.

ISO 9001:2015 ISO 9001:2008 Summary of Changes
10.2 Non-Conformity And Corrective Action 8.3 Control Of Nonconforming Product

This requirement is comparable to Clause 8.3 - Control of Non-conforming Product and Clause 8.5.2 - Corrective Action. There is an additional requirement for organizations to determine whether other similar non-conformances exist or have the potential to exist.

There is also a new requirement for an organisation to determine whether changes are required to the QMS in order to prevent a reoccurrence.


Note the new requirement to record the nature of non-conformities as well as the subsequent action(s) undertaken.

8.5.2 Corrective Action

When a company is ISO 9001 certified, there is a specific set of regulations that must be followed in order to conform with the guidelines. In the event that one of these mandatory requirements are not being followed, the company or individual will be considered noncompliant.

Keep reading to find out what is considered to be nonconformity in ISO 9001, as well as what happens after the violation has been recognized.

man writing document

Nonconformity In ISO 9001

Nonconformity in terms of ISO 9001 is defined as the failure to meet one or more requirements that are outlined throughout the mandatory clauses. To get more into detail on the topic, nonconformity can refer to the requirements of a regulatory body, the organization itself, or even the customers of the business.

ISO 9001 Nonconformity:

  1. Failure to meet one or more requirements
  2. Requirements of ISO, business procedures, or customers

Nonconformity can be anything from the company’s individual procedures to the quality standards that must be upheld in order to satisfy the customer base. In the event that there are any violations of ISO 9001, there are a few actions that should be taken thereafter.

There are two different types of nonconformity that can be identified, which are referred to as major and minor nonconformances.

A minor nonconformance is an event or action that is outside of the ISO 9001 requirements. However, this type of violation does not have any dire consequences to the way the business operates nor does it cause any major effects.

A major nonconformance, on the other hand, is identified when where is a huge violation of the business’ QMS, preventing the entire company from meeting the requirements outlined in ISO 9011 guidelines.

For example, if the company personnel failed to take corrective action on an area of the business that was not compliant with ISO regulations or just failed to implement the standards in the first place, this would be considered a major nonconformance.

What Happens After Nonconformity is Identified:

  1. A non-conformance report (NCR) is filled out
  2. The auditee is informed of the contents of the report
  3. Plan of action is established to prevent nonconformity

When nonconformity is identified in a business, there are a few things that will take place in order to get the company back on track. First of all, a non-conformance report (NCR) will be filled out by the supervising personnel.

Once the person who is being audited has been informed of the contents of the report, a plan of action is establishes and carried out in order to prevent future nonconformity.

The details of the processes that go into reporting and correcting ISO nonconformity will be described in detail within the next few sections. Keep reading to get a better idea of what this looks like within an ISO 9001 certified company.

Reporting ISO 9001 Nonconformity

When nonconformity occurs within a business, there is something called a non-conformance report (NCR) that is filled out to notify the violator of the issue at hand in explicit detail in order to begin to repair the problem.

The NCR is created in the form of a document, and is meant to be constructive, allowing the person who is being notified to be able to make changes and move into the right direction.

In order to create a detailed and effective nonconformance report, there are four main points that need to be addressed, as outlined in the ISO 9001 Nonconformity clause. These NCR requirements are outlined below, and explained more in detail throughout the rest of this section.

Nonconformance Report:

  1. Requirement that is being violated by nonconformance
  2. Event/action that went wrong to cause the NCR
  3. Plan of action to prevent future problems
  4. Explanation of the action that will be taken to correct nonconformance

The first item that must be included in a nonconformance report is the specific requirement that is being violated by the nonconformance. Basically, the report must indicate which rule or regulation from ISO 9001 is being broken, which will be the reason why it is being written in the first place.

Along with the requirement that is being violated, the actual event or act that went wrong to cause the NCR to be written up must also be indicated in the report to notify the company personnel of what they have done incorrectly to cause the violation.

Next, and most importantly, a plan of action to prevent future problems of similar nature must be written on the report. Since Nonconformance reports are meant to be solution-oriented, there must be some kind of positive action recorded on the document.

To be more specific, nonconformance reports are not a notification of an employee being fired, put on suspension, or otherwise placed on any kind of punishment per say. They are meant to help the business improve as a whole, by assisting every member of the company in becoming fully compliant with the ISO 9001 regulations.

The NCR could be considered a warning to the non-complaint employee, that outlines a detailed process on how they can correct their actions and avoid making the same mistakes in the future. The plan of action must be accompanied by a more in-depth explanation of the steps that will be taken to fix the nonconformance.

Suggestions for Writing NCR:

  1. Write clearly
  2. Address everything that is required
  3. Keep the nonconformance statement general to highlight the specific issue
  4. Write the more specific details in the objective evidence area only

When it comes to writing an effective NCR, there are a few tips that you will want to keep in mind to get your point across clearly and gain the best results afterward.

First of all, you will want to write clearly so that the auditee will be aware of the issue that has occurred. Along with addressing everything that is required in the report as mentioned in the list above, you will want to keep the nonconformance statement as general as possible.

Even though the report itself should be very detailed, you should write the most specific information in the area that is designated for the objective evidence.

The beginning of the report where you explain the regulation that has been violated should be written in generic terms in order to highlight the specific issue at hand, instead of confusing them with big words and distracting from the main idea of the report.

man writing document

How to Correct a Nonconformity

While it is important to avoid nonconformity in a business at all costs, there will be some instances where mistakes can happen and rules can be broken for whatever reason.

Instead of dwelling on the fact that an employee or certain area of the business is not currently conforming to ISO 9001 regulations, it is important to immediately come up with a plan and take action to fix the issue.

In this section, we will go over the process that should take place in the event that nonconformity occurs anywhere within a company.

Corrective Action:

  1. Review efficiency of corrective actions taken
  2. Completing a review of actions
  3. Meeting, observing, or following up with auditees
  4. Documenting all nonconformities, actions, and results

As mentioned previously, a report must be written up in the event of any nonconformities within the business. In this report, there are detailed steps of how the problem will be solved.

While correcting the nonconformance, the efficiency of the corrective actions outlined in the report should be reviewed. Additionally, the auditees should be met with, observed, or followed up with to make sure the problem does not persist.

Throughout this entire process, everything should be documented for accuracy, effectiveness, and future reference.

As you can see, nonconformity of ISO 9001 is something that occurs when regulations are not being followed, however there are plenty of actions to take in order to fix the problem and prevent any future ones.

Related Questions

What is a nonconforming product?

Under ISO 9001 guidelines, there are requirements for almost everything that goes on within a business, including the products that are designed and developed. A nonconforming product is one that does not meet one or more of the ISO regulations. In this case, the product must be identified and stopped before distribution.

What is an example of a minor nonconformance?

A minor nonconformance can include a misstep that broke a company policy or procedure, rather than directly failing to meet ISO requirements.

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard

ISO templates

Don’t Try to Manage It All Alone!

Our ISO Auditors and Quality Manager Trainers have been in this industry for years, and since 2002 we’ve been providing thousands of small businesses and large corporations with the tools they need to get certified.

Instead of trying to create everything you need to follow this process from scratch, use ours. We have procedures, templates, checklists, process maps, forms and gap analysis tools to help you control your documented information without missing a single input or output.

Before you invest all the hours reinventing the wheel, before you spend countless dollars outsourcing the task — try our templates.

Standard  

ISO 9001:2015

Control of Non-conformity & Corrective Action Procedure

The purpose of this procedure is to establish the process for identifying, documenting and analyzing non-conformities and mitigating their impacts by implementing appropriate corrective actions. Your organization’s quality management system is geared toward the proactive elimination of actual and potential deficiencies.

Non-conformities in products, services, processes and our management system are investigated and action implemented to prevent their occurrence.

Includes the following Process Maps, Turtle Diagrams, Reports and Forms:

  • Control of Non-conformity & Corrective Action Process Activity Map
  • Non-conformance Report
  • Non-conformance Log
  • Concession Request
  • Concession Request Log
  • Corrective Action Report
  • Corrective Action Log
  • Non-conformity & Corrective Action Process Map

Download free example procedure

$19

add to cart

 

  • Supplied as fully-editable MS Word or Excel files
  • All the templates use styles – making reformatting and rebranding a breeze
  • Immediate download

Pay by Credit Card, Debit Card, PayPal or Apple Pay.

 

Are The Templates Suitable For You?

Bought by Small Businesses and Large Corporations our templates have been sold online and CD since 2002.

Used by:

  • Small Businesses – dentists, accountants, engineers
  • Large Organizations – hospitals, power plants, aircraft manufacturers

The Templates are used by first timers following our step-by-step, clause-by-clause guidance documents; and experienced Quality Managers wishing to streamline and improve their existing documentation.

The application of our templates is scalable and generic; regardless of the size and type of organization. The elements that form the quality management system are the same.

 

Five Reasons To Choose Our Templates

1. Our customizable templates save you time and money by offering a streamlined process to create your quality documentation

2. They’ve got everything you need in one simple template

3. Proven to work our templates have helped thousands of businesses big and small achieve certification

4. Documents use styles to make reformatting and rebranding a breeze

5. Our templates are generalizable for any industry or sector. The application of our templates is scalable and generic; regardless of the size and type of organization.

 

Recent Clients

Please view our Client list.

ISO 9001 Client images

 

Any Questions?

Please use the chatbox on the bottom right for any FAQs about:

  • The buying process
  • Security
  • Payment and Billing
  • Downloading and Delivery
  • Document Format
  • Systems Requirements
  • Other Support

Or, email info@iso-9001-checklist.co.uk or call us on 0845 054 2886 if you have any questions about our ISO Procedures and Templates and how they can help you.