What is Non-Conformance? (ISO 9001)

ISO 9001 is the international standard that underlines the requirements for a quality management system (QMS). It ensures that an organization continues to offer quality products and operates correctly under its regulatory measures. If an organization isn’t operating up to standard, it’s called non-conformance.

What is Non-Conformance in terms of ISO 9001? Nonconformity is the failure to meet one or more of the existing requirements in ISO 9901. When an organization finds itself outside of regulatory boundaries, it must get the problem under control before continuing business.

ISO 9001:2015 ISO 9001:2008 Summary of Changes
10.2 Non-Conformity And Corrective Action 8.3 Control Of Nonconforming Product

This requirement is comparable to Clause 8.3 - Control of Non-conforming Product and Clause 8.5.2 - Corrective Action. There is an additional requirement for organizations to determine whether other similar non-conformances exist or have the potential to exist.

There is also a new requirement for an organisation to determine whether changes are required to the QMS in order to prevent a reoccurrence.


Note the new requirement to record the nature of non-conformities as well as the subsequent action(s) undertaken.

8.5.2 Corrective Action

Nonconformity can be found at any level of an organization’s operations from quality control and manufacturing to personnel procedures. If Non-conformance persists, it can lead to the company’s overall demise, as these standards are in place to ensure everyone is playing by the same rules.

Within the ISO 9001 standards, two different types of nonconformity (major and minor) exist. We will delve more deeply into these types later on in this discussion. Keep reading to find out more about ISO 9001 nonconformity, what to do if it occurs, and how to correct the issue.

compliace VS violation non-conformance

What is Non-Conformance in ISO 9001?

First of all, non-conformance is ubiquitous. It can happen anywhere in a business. It isn’t limited to one area of production or management.

For example, nonconformity can occur when a manufacturing procedure results in a reduction of quality and does not get immediately addressed.

Conversely, a nonconformity issue can arise if personnel step out of line of the readily available standards regarding employees. Thus creating more issues down the chain of production and quality management.

The goal of the ISO 9001 standards is to ensure quality and safety for employees and the customer.

By entering the realm of non-conformance, a company risks the health of their employees and possibly of their customer base. That is why it is important to recognize nonconformities early.

Non-conformance should first be recognized by coworkers or supervisors before the issue reaches the audit stage. If an auditor notices nonconformity to the standards, it is the job of the audited organization to fix this issue promptly before it affects the greater goal of the company.

Many companies have a goal to satisfy their customer base, and the ISO 9001 standards are there to ensure that this goal is met.

Therefore, nonconformity to these standards may result in unhappy customers. Another main goal is to keep employee morale high, and these standards also help to do just that.

Without these standards, organizations would not be held accountable for their actions and business practices.

Auditors recognize nonconformities to the requirements in order to check the power of companies and make sure they are complying to the necessary regulations that exist within their field.

ISO 9001 Nonconformity: What to watch out for

  1. One or more failures to meet the regulatory requirements 
  2. One or more failures to meet quality standards
  3. Personnel noncompliance
  4. Production chain noncompliance or irregularity

It is important to remain knowledgeable as standards change to ensure your business is on par with the correct requirements.

If a nonconformity is noted, immediate action is required to set the business back on the best course.

important

Minor vs. Major Non-Conformance

The difference between minor and major non-conformance is normally the amount of corrective resources needed to get the business back on the right track.

An auditor will determine the level of nonconformity by analyzing the infraction and the steps needed to correct it.

Minor non-conformance includes happenings or actions that are not listed in the ISO 9001 requirements, but it does not detrimentally affect the operation or quality control of the entire business.

This may include a single event or a low-risk situation, like a momentary lapse in managerial judgment.

An auditor will likely deem a situation minor non-conformance if there is no noted effect on later processes or operations.

Minor nonconformities include a missing training record, a single unauthorized document alteration, or one machine past its calibration date.

Anything that can easily be fixed by noting the violation is usually considered minor. The less time it takes to fix the issue, the more time can be spent operating efficiently and safely.

Major non-conformance is quite different. This would be a procedure-altering violation that entirely prevents the business from operating at QMS or ISO 9001 standards. These mistakes can result in loss of productivity and a major decrease in customer satisfaction.

Major nonconformities that an auditor might look for are multiple unauthorized document alterations, unauthorized purchases from unknown suppliers, and absence of important legal documents.

When minor infractions happen continuously, this can also be considered a major nonconformity.

Both minor and major non-conformance issues must be addressed immediately if the business is to continue running.

It is important to remember that minor infractions can become major problems in the long-term. Don’t let minor problems compound into major nonconformities.

Minor Nonconformities

  • Single events and small slip-ups that can be easily corrected
  • One unauthorized document alteration
  • Isolated personnel incident
  • One missing document

Major Nonconformities

  • Multiple and/or huge violations of requirements
  • Many unauthorized alterations to documents
  • Multiple missing or unsigned documents
  • Problems that negatively affect operations and processes

Maintaining organized and detailed documentation will help you avoid these nonconformities. However, if your company is having trouble with the requirements, there are ways to address the problem promptly so that no further issues occur.

non-conformance audit checklist

How to Deal with and Correct Nonconformity

If a nonconformity has been identified, a non-conformance report (NCR) can be filled out by supervising personnel. NCR’s will help keep the problem under control and are the first step toward fixing the infraction.

A non-conformance report should notify the violator of the ISO 9001 requirement that is being violated, detail the infraction, and outline a plan of action for fixing the violation.

NCR’s should be constructive rather than reprimanding. They should be thorough so that the violator knows exactly what went wrong and how to fix the problem. This will ensure that the nonconformity does not happen again. Here is a list of information to include when filing an NCR.

Non-Conformance Report

  1. ISO 9001 requirement that is being violated
  2. Circumstances surrounding the violation (what went wrong)
  3. Plan of action to correct the problem
  4. Details on how to prevent the problem in the future

The first step in correcting nonconformity is identifying what went wrong in the first place. You must be specific when noting the exact ISO 9001 regulation that is being violated. By identifying the issue more specifically, the corrective action can then be targeted more precisely.

The second step will show the violator exactly what went wrong on their part. This way there is no question of how the requirement is violated. Also, by telling the person what went wrong, this ensures it won’t happen again.

The third step is to create a plan of action. This is arguably the most important step and doing it correctly will hopefully fix the violation so that minor problems don’t become major nonconformities. The plan of action details how to fix the problem and outlines a positive outcome for the employee.

However, if the employee fails to carry out the regulatory plan of action, this can result in disciplinary action on behalf of the supervisory team. If the employee successfully fixes the problem and returns the business to compliance, the NCR should also outline how to maintain compliance for the future.

A well-written NCR foresees that this problem can happen again and takes measures to inform and ensure that the same mistake is not made twice. A good supervisory team will make note of violations to ISO 9001 and how they overcame them, rather than hiding their mistakes for them to grow larger.

The keys to a great NCR are not just what goes into the report but how it is presented. If you happen to be the one noting the violation, it is important to present the report thoroughly with good grammar and concision. Remember that someone will be following your instruction to fix the issue.

You must also have a good grasp on ISO 9001 yourself in order to know how the violator is out of line and how to get them back on track. Also, you must remain up to date, as this information can change frequently.

The call to action must be just that, a call to get the violator moving back toward the original standard. Time is often money and even safety in these circumstances, so your instructions must be clear and concise.

As you can see, it is important to be on top of your regulatory standards. It can be easy to focus too closely on the day-to-day and lose sight of what is best for the company in the long-term. Here is a list of the most important takeaways from this article, in case you need a quick refresher on all things ISO.

Non-Conformance Important Information

  1. Know your ISO 9001 regulations
  2. Be aware of violations and report them as soon as they occur
  3. Don’t let minor violations compound into major ones
  4. If a major violation does occur, file an NCR to correct the problem

With these steps in mind, you and your business can flourish rather than flounder. ISO 9001, when used as a guideline for best practices, can help your business gain better productivity, quality assurance, and a satisfied customer base.

Written: 26th July 2019
Author: Richard Keen

Richard Keen

Richard Keen

Richard is our Compliance Director, responsible for content & product development.
But most importantly he is ISO's biggest fanboy and a true evangelist of the standards.
Learn more about Richard