Non-Conformance in ISO Terms

Non-conformance or nonconformity refers to a failure to meet one or more of the ISO standards. It is a problem or mistake unresolved that may disrupt an organization's daily business operation.

ISO 9000:2015 3.6.9 defines the non-fulfillment of a requirement as a “nonconformity”. The fulfilling of a requirement is regarded as "conformity" in 3.6.11.

The auditing guideline standard ISO 19011:2018 defines "audit findings" in 3.10 as the results of an evaluation of audit evidence to audit criteria. It states that findings can indicate conformity or nonconformity, or be opportunities for improvement.

Referenced from
ISO 9000:2015 | Whittington & Associates | ISO 9001 Checklist

A non-conformance happens when a product, a process, a machine, an employee, a supplier or an infrastructure has not performed according to your planned quality management system and fails to abide by the standard requirements.

Before the issue reaches the audit stage, coworkers or supervisors should identify non-conformance.

If an auditor finds a nonconformity to the standards, it is the audited organization's responsibility to correct the problem as soon as possible before it impairs the company's overall business objective.

These finding will be recorded during an audit, an on-site inspection to the audited organization. The conclusion will later be written in a non-conformity report (NCR).

Refers to events or activities that are not included in the ISO 9001 requirements but do not have a negative impact on the overall operation or quality control of the company.

Example: Fail to update training record, missing document traceability or missed equipment calibration date.

Refers to failure to comply or absence of procedures and actions to business objectives and ISO standard. Business operation is disrupted. These errors can lead to a loss of productivity and client satisfaction.

Example: Unauthorized documents, lack of management review and leadership involvement or no internal audit conducted.

With reference to ISO 9001, the international standard for quality, Clause 10.2. It requires the organization to take these several actions, as applicable, to address the nonconformities encountered.

1. React to the nonconformity by taking action or dealing with the consequences
2. Evaluate if there is any need to eliminate the cause of nonconformity
3. Implement action needed as per manual, policy or other documented information
4. Review effectiveness of any corrective action taken
5. Conduct risk assessment, update risk and opportunities determined from planning
6. Make changes to quality management system

ISO 9001 also requires documented information to be retained as evidence. The documented information which includes:

1. the nature of nonconformities and any subsequent actions taken
2. the results of any corrective action