what is non-conformanceWhat Is Non-Conformance and How Can It Be Minimized

Nonconformance (also known as nonconformity or non-conformance) is when something goes wrong with a product, service, or process.  This often leads to the end result not matching the original specifications.

If a company doesn’t have proper controls in place, there is no assurance that the internal operations will deliver the intended results. This can in turn lead to products having to be scrapped, customer satisfaction being impacted negatively, and/or reputational damage.

What is Nonconformance in a Quality Management System?

Nonconformances result when a process, service, or product doesn’t meet industry-defined standards and regulations. Companies are impacted negatively by non-conformances in terms of costs, reputation, efficiency, and effectiveness.

The examples below will help to illustrate non-conformances.

  • Evidence that employees have been trained is not captured.
  • The composition of a drug is compromised due to faulty testing equipment.
  • A batch of 200ml measuring beakers is shown to only hold 199.9ml of liquid.

Many industries are governed by strict industry regulations due to the potential of faulty products endangering the health and lives of people. Even in industries where this isn’t the case, non-conformances can result in damage to the company’s reputation, monetary losses, and remediation costs. This type of issue can be identified via routine inspection or audits and testing, or customer complaints.

Some of the international quality management systems (QMS) standards are:

  • ISO 9001:2015: The abbreviation ISO stands for “International Organization for Standardization”. This NGO is based in Geneva, Switzerland, and its aim is to develop voluntary standards for the maintenance of the quality and safety of products and services. ISO 9001:2015 is a framework for quality improvement. Any company that provides products or services can implement this standard to match customers’ expectations and requirements very efficiently.
  • ISO 13485:2016: This standard places the emphasis on the requirements for a QMS for the development and design of medical services and devices to regulatory standards.
  • FDA 21 CFR Part 820: The US FDA (Food and Drug Administration) regulations specify that all device manufacturers that distribute commercial medical devices in the USA must be FDA 21 CFR Part 820 compliant. This standard outlines Current Good Manufacturing Practice (cGMP) regulations and is also known as quality system regulation (QSR).

Different Non-Conformance Types

Internal auditors often classify non-conformances as major or minor. It should however be noted that this isn’t a requirement of any of the quality standards mentioned above.

The difference between non-conformances classified as minor and major is how many corrective measures need to be put in place to get your organization back on track. Another way to decide on the type is based on the severity of the impact caused by the nonconformity.

Irrespective of the type of non-conformance, 2 points need to be noted:

  1. Non-conformance should always be addressed immediately.
  2. As minor non-conformances can easily turn into major non-conformances, don’t ignore minor problems!

One way of determining if a non-conformance should be viewed as minor or major is to evaluate its impact, frequency, and detection.

  • What will the impact be if the problem isn’t corrected?
  • Is the problem repeated often?
  • Will the system identify the problem on time?

Minor Non-Conformance

Minor non-conformances are ones that don’t impact customers directly, are easily detected, and occur seldom.

Some examples of minor non-conformances are:

  • A single document is not signed or missing.
  • An alteration to a document that was not authorized.
  • A purchase order was released without being approved.
  • An instrument was used after its calibration had expired.

Major Non-Conformance

A major non-conformance may have a negative impact on customers, is difficult to detect, and recurs.

Some examples of a major non-conformance are:

  • Multiple documents are not signed or missing.
  • Alteration to multiple documents that were not authorized.
  • Multiple requirement violations.
  • Issues that affect operations or processes adversely.

Identifying Non-Conformances

Non-conformances are normally identified via routine testing, internal and external audits, negative customer feedback, and an inspection of standard operating procedures and products.

When a nonconformance has been identified, a non-conformance report (NCR) is compiled to deal with the problem.

How To Address Non-Conformances

Non-conformances are usually addressed via an NCR. The main goal of an NCR is to define the problem logically, concisely, and clearly. This will help relevant employees to implement changes that are appropriate.

Corrective Action and Preventive Action (CAPA) is a series of actions undertaken to improve the protocols and processes within an organization to eradicate non-conformances. CAPAs are used in many industries, including biotechnology, medical devices, pharmaceutical, food & beverages, biologics, manufacturing, IT services, etc.

The CAPA action typically uses a number of steps that have to be completed. Each action is documented carefully to in a NCR report to promote continuous quality improvement.

Let’s look at how non-conformance is typically addressed. It is determined that during a manufacturing process, a specific component does not function properly. To solve the problem, the component is replaced by the supplier.

The problem however occurs again, and a CAPA is initiated to determine the root cause. It is found that the component is manufactured from the wrong alloy type which isn’t good enough for your process. The specification of the component is discussed with the supplier to ensure that they will in future supply the correct component.

In this example, a digital tool such as our NCR-Software would be very handy as it provides a CAPA process where everything is saved in a centralized location. This system will help you in identifying, uncovering, resolving, and reporting all the corrective actions and preventative actions (CAPAs) easily and link those to audit findings, NCs, etc. This enables an improved overview of all CAPAs and issues.

Preventing or Minimizing Non-Conformances

Let’s look at another non-conformance example and how it can be prevented or minimized.

In a medical devices company, an internal audit team identified that a finished product is not up to industry standards and is defective, i.e., this is a non-conformance. A catheter used during a procedure will for example not fit into a 5 French Guide properly. This non-conformance is major as it affects its proper operation.

Any organization will experience non-conformances at some stage. It is crucial to have a process in place that will handle non-conformances. It should be noted that the prerequisites of an effective nonconformity process should include reviews with affected employees, management reviews, conducting internal audits, implementation, documentation feedback, and a focus on continual improvement.

The processes’ most important components are:

  • Short-term correction of the issue.
  • Root cause analysis.
  • Corrective action.
  • Preventive action.
  • Validating the approach’s effectiveness.


You should respond to the non-conformance quickly and correct the issue immediately. This could be done by informing a customer and sending them the right product, separating a non-conforming product, or reviewing a process.

Root Cause Analysis

The goal of a root cause analysis is to answer the question ‘Why did the non-conformance happen in the first place?’ This is a crucial step. Long-term solutions can’t be implemented if you don’t identify the reason(s) why the non-conformance occurred. The root cause analysis must be factual and answer all questions.

Corrective Action

These are the steps that need to be taken to bring the product or process back into conformance.

Responsibilities and timescales are assigned, and demonstrable proofs for each task are required.

Preventive Action

This step can’t be implemented until the root cause for the non-conformance has been identified fully.

As is done with corrective action, responsibilities and timescales are assigned, and demonstrable proofs for each task are required.

Validating the Approach’s Effectiveness

The approach can only be proved effective by monitoring the situation for a period to ensure that the non-conformance is not repeated.

Using Digital Tools Such As Non-Conformance Management Software

Nowadays, organizations need a non-conformance management solution that is flexible, upgradeable, and innovative. The solution should match your organization’s requirements and ensure compliance with quality, product safety, and industry standards. One such solution would be a digital tool such as non-conformance management software.

Our NCR Software complies with FDA 21 CFR Part 820, ISO 13485, and ISO 9001 QMS standards.

Our software permits seamless tracking of non-conformance states, components, equipment, CAPAs, and suppliers. Using the software makes it easy to identify, analyze, and manage NCs.

Non-Conformance Frequently Asked Questions

What Is the Purpose of a Non-Conformance Report?

A non-conformance report is used to define the problem (i.e., the non-conformance) in logical, concise, and clear terms. This helps the organization in rectifying the problem and implementing appropriate changes.

What is a Non-Conformance Report (NCR)?

A non-conformance report (NCR) documents non-conformances in a company. Non-conformances are when something goes wrong with a product, service, or process, and the result doesn’t meet the original specifications.

How Do I Deal with a Non-Conformance?

When a non-conformance is identified, you deal with it by reviewing it with the employees concerned and management. This is followed by implementing the non-conformance process, documenting it, and conducting an internal audit. This will help to continuously improve the company’s standards.

What Is the Non-Conformance Process?

The non-conformance process consists of 5 important components. These are short-term correction of the issue, root cause analysis, corrective action, preventive action, and validating the approach’s effectiveness.


When a product, service, or process doesn’t match the original specification, it results in non-compliance. In worst-case scenarios, non-conformances can endanger the safety and health of patients. Failure to identify and rectify these problems can also lead to a loss of reputation monetary damages and remediation costs. Non-compliances need to be identified, analyzed, and corrected as soon as possible.

Non-conformance management software will help in achieving the common goal of better quality that complies with ISO 13485:2016, FDA 21 CFR Part 820, and ISO 9001:2015 QMS standards. This type of software will permit seamless tracking of the non-conformance and the traceability of equipment, components, CAPAs, and suppliers.