It is somewhere important for organizations to realize that their current business processes and associated procedures must bear high percentage of efficiency. But it is not possible when certain common non-conformities with standardized procedures occur at each phase where these typically occur.  A checklist of such procedures will be helpful. A breaking down of each of the clauses and more in an effort to provide further clarity and guidance needs an utmost mention.

According to ISO 9001:2005, the definition of a nonconformity is “non-fulfilment of a requirement.” This basically indicates that a nonconformity occurs when you fail to meet the requirements set forth by the standard, your own documentation, or a third party.

• If the standard calls for you to have records of corrective measures but you don’t,
• If your protocol calls for you to use a particular form for reporting the findings of your internal audit but you choose to use a different one
• If you didn’t provide your clients with specific reports even though you were required to per the agreement you entered into with them

Nonconformities are a “tool” that the auditor can use to determine the extent to which your management system complies with a standard. They are utilized in both internal and external (certification) audits.

In other words, the more nonconformities you commit, and vice versa, the less compliant you are. An audit report must contain a nonconformity report, which is typically the longest section of the report.

The auditor must include the following information when reporting the non-conformity:

Give a brief, broad summary of the nonconformity and the problem.

• Provide audit-proof, such as by citing a specific document or record that is missing or being used incorrectly, an action that is not being completed or is being carried out inappropriately, etc.
• Refer to the precise requirement, such as a specific clause number from a standard, process, or contract.
• Rephrase what the standard, internal document, or contract specifies must be done to summarize the requirement.

The fundamental reason why major and minor nonconformities (as separate categories) are typically only used in certification audits and less frequently in internal audits is that if the auditor raises a major non-conformity, a company cannot obtain certification.

The certification audit’s major versus small non-conformities.

If a business entirely disregarded a mandated obligation, such as when it neglected to conduct a management review despite the standard’s need that it do so.

 If your process has entirely broken down, for instance, if you were supposed to perform backups every day but instead only did so sporadically over the month.

• If you have multiple minor nonconformities that are connected to the same procedure or component of your management system, such as multiple minor nonconformities related to your human resources department, such as some training records missing, some employees not receiving the proper training, some employment records missing, etc., this turns into a major nonconformity because it is obvious that something is seriously wrong with this division.
• If a certification mark is utilized improperly, such as when you tell your consumers that a product is ISO certified when, in fact, only the processes and management systems—not the actual products—are certified under the ISO management standards.
• If a minor nonconformity brought up during the prior audit is not fixed by the deadline, it immediately escalates to a major nonconformity.
• Small nonconformity is simple to define: It is any nonconformity that is not major. For instance, a small nonconformity might be that the backup was run every day of a certain month except for one.

The key is to avoid placing yourself in a situation to experience a significant nonconformity. Make sure you truly implement the standard, not just for certification’s sake. An expert auditor will be able to tell if your system is merely theoretical, and you’ll likely receive a few significant non-conformities.

You Might Also Like:

• Non-Conformity Blog On ISO 9001
• All You Need to Know about SOC Reports
• Significance of ISO 41001 for Industries Globally
• CMMI Certification: Optimising Processes To Achieve Goals