What Is Non-Conformance (Nonconformity)?

In the context of an ISO 9001 Quality Management System (QMS), a nonconformity, also known as a non conformance, is when the company fails to meet quality requirements. 

What Should you Do When You Discover a Non Conformity?

When you discover a nonconformity, you should:

• Realize and define the problem.
• Contain the problem.
• Determine its cause.
• Take appropriate action to prevent it from happening again.

Companies that are ISO 9001 certified need to follow a set of regulations to conform with the guidelines. If the company does not follow any of those mandatory requirements, it means that it is noncompliant. However, a broader definition of non conformance would be that it is the deviation of a quality characteristic from its intended state or level. The deviation is so severe that it causes an associated service or product to no longer meet a specific requirement. This will in turn lead to the company not meeting a customer’s expectation for the service or product. 

ISO9001 does not require that nonconformance software be used to manage nonconformities. However, if you do decide to use non conformance software, it will simplify the process substantially and this will in turn help you save costs. If you use a manual NCR system, our corrective action tracking system will instantly remove your frustration with managing nonconformance reports, guaranteed. If you use our non conformance software, you will see a remarkable improvement in how fast you can file and access your nonconformance reports.

How Can You Detect Non Conformance ?

A nonconformity means that something went wrong in a process, service, or product. Detecting a nonconformity via quality processes happens in several ways, including:

• Inspections.
• Internal and external audits.
• Checks or tests.
• Document adequacy reviews.
• Routine testing.
• Management review.
• General experience or observations.
• Stakeholder or customer feedback or complaints.
• Other process-related quality activities.

What is a Non Conformance ISO 9001? 

In terms of ISO 9001:

nonconformity is seen as failing to meet one or more requirements that are outlined throughout the compulsory ISO clauses.

A nonconformity can relate to many different aspects of the business, including:

• Staff don’t follow the quality standards.
• Staff don’t follow the company’s individual processes and procedures.
• Customers complain.
• Supplier deliveries don’t meet requirements.

If your staff doesn’t follow ISO 9001 requirements, you should take several actions afterward to fix the situation. 

Companies that aren’t certified to ISO 9001 standards, however, still also often find value in following the processes contained therein. After all, it is in the best interest of any company to manage the quality of its operations and processes. If you use nonconformance management software to action capa, it makes it a lot easier to keep track of non conformances.

Types Of Non Conformance

Non-conformances are generally classified as either Minor or Major.

Minor non conformance 

Minor non conformances don’t often happen and detecting these is easy. For example, an unauthorized change to a document or a missing signature on a document will be a minor non-conformity.

Major non conformance

A major non conformance is trickier to detect and will often have a more significant impact. The impact could be either on business operations or customers.

An example of a major non-conformity would be many unauthorized changes to documents or multiple missing signatures on documents.

Irrespective of whether a non conformance is classified as minor or major, you handle them with the same process.

Non-conformance management software usually contains a field where you can capture the type of non conformance (minor or major) for each non conformance.

ISO 9001 Quality Management System Non Conformance Reporting

Most, if not all, quality management systems have the requirements for corrective and preventive action built in. Therefore, you should build this into the company’s standard operating procedures. When an organization identifies a nonconformity, you need to fill out something that is known as a non-conformance report (NCR). With this, you inform the violator in very specific detail what’s wrong so that they can fix the problem.

The NCR is created as a document that is meant to be constructive and will allow the person who is being informed to make changes.

If you want to create an effective and detailed non-conformance report, you need to cover five main points. These five points are defined in ISO 9001’s Nonconformity clause.

Non Conformance Report (NCR)

1. The requirement that has been violated.
2. Describe what went wrong.
3. Explain the action(s) that the company needs to take to eliminate the root cause of the problem.
4. Investigate the issue to determine what went wrong (Root cause analysis).
5. Action(s) that the company must take to prevent the same type of problem from happening again (Preventive action).

Non conformance report software provides an easy document management system that can be used to ensure that all aspects of the report are captured properly.

1 Which requirement did the company violate?

Firstly, you should include the specific requirement that the company did  adhere to in the NCR. That means that you must specify the ISO 9001 regulation or rule that the company broke.

If the company is not ISO 9001 certified but still follows the NCR process as part of its operations to improve quality, this point will not be required.

2 What went wrong?

Secondly, you must describe the actual act or event that went wrong . This will explain what the relevant individual(s) did wrong to cause the violation.

3 Explanation of actions

Thirdly, you must describe what the company must do to prevent the problem recurring. This is referred to as Corrective Action. Things that you do to fix the problem like adding missing signatures to documents, authorizing unauthorized changes to a document, reversing those changes, or supplying a customer with the right product if the company has mistakenly delivered the wrong product are not corrective actions, but corrections.

Corrections fix the immediate problem but won’t do anything to prevent it from happening again.

Corrective action is what action you take to prevent the specific problem from happening again. Using the document signature example again, and the nonconformity was that someone did not sign off an Invoice, the Corrective action would be to look at what can you can do to make sure that people always sign of Invoices.

4 Investigation

The fourth step, investigating to determine the Root Cause of the nonconformity, is perhaps the trickiest, but also arguably the most important step of the process. If you do this step correctly, it will add the most value to an organization’s continual improvement efforts. You will only be able to take effective Preventive action  possible if you have established the root cause of the problem.

5 Which actions should you take?

The fifth step of this process is to devise a plan of action that will prevent future problems of a similar nature and to record this plan. This will often deal with similar potential problems that may not have happened yet and thus creates a closed loop system. 

Still staying with signature example, if the non conformance was that someone did not sign an Invoice , you would have to look at all other types of documents that need a signature and ensure the standard operating procedures, processes, or work instructions are in place to make sure that this happens. Preventive actions could include things like retraining employees, changing a process or procedure, or creating new ones if they’re missing. As an NCR is oriented toward finding a solution, you must recorded some type of positive action on the report.

Writing Effective NCRs

To write effective NCRs, you need to keep several things in mind to make sure you get the point across clearly to achieve the best possible results.

1. Write concisely but clearly.
2. Address all the required aspects.
3. Keep the non-conformance statement general to highlight the specific issue.
4. Included more specific details  in the objective evidence area.

You need to write concisely and clearly so that the auditee is fully aware of the issue that you have identified. Although you need to address all aspects of the report as listed above, the non-conformance statement should be as general as possible.

Benefits of Identifying Non-conformances

There are several benefits to identifying and addressing non-conformities. These include:

1. Improve quality assurance – A non conformance management system that works becomes one of several building blocks that provides a clear grasp of processes and their objectives. This can improve processes or products or both.
2. Reduce customer complaints – Reducing customer complaints is a sure sign that the company’s performance is efficient and improving.
3. Use resources more efficiently – Using resources efficiently is beneficial to both the business and its customers as it reduces production costs.

Why Is It Important to Understand Non-conformances?

When an organizations has put a quality management system in place, whether they are ISO certified or not, they are better prepared to identify nonconformities. This serves various purposes:

1. It ensures the system is effective. Following processes and procedures will expose areas that require attention for improved efficiency.
2. Continual improvement – Identifying and resolving nonconformities and taking corrective and preventive action to prevent these from happening again results in the company improving areas continually that need attention or change.
3. It ensures procedure conformance. Regularly looking for and identifying non-conformities keeps employees aware of company processes and procedures.

Internal and External Audits

Any audit will look at non conformances, be they a minor non conformance or a major non conformance. Quality managers know that implementing corrective actions is crucial. Therefore, they will already focus on those during an internal audit, and report on those during a management review. 

If you use non conformance management software it will streamline the audit process. That is because it becomes much easier to see which non conformances are still open and what actions have been taken to resolve those that are closed. 

You can also read our article What Are the Most Common Causes of ISO 9001 Non-Conformance? 

Our non conformance management software is guaranteed to put a smile on your external auditor’s face. This is because the non conformance management software will quickly show them that you are on top of your quality management process. 

You will also be able to answer any questions they have quickly and easily. And, you’ll have all the relevant information and documentation they require at your fingertips instantly!

Unpacking the Terminology

When you start researching non conformance it is very clear that there is confusion as to which word is correct. People ask many questions around the topic, including:

• Is nonconformance hyphenated?
• Is it nonconformity or non-conformance?
• What is the difference between nonconformity and nonconformance?
• What is a synonym for nonconformity?

From this we can see that there are 6 variations of the word that people commonly use:

• nonconformance
• non conformance
• non-conformance
• nonconformity
• non conformity
• non-conformity

To find out which term is correct, let’s look at the original. The original ISO 9001 document’ wording for ISO 9001-2015 clause 10.2 starts with: “when a nonconformity occurs, the organization shall…“

Which word should I use?

If you however do a search for ‘nonconformity meaning’ and on the variations of the word, i.e. non conformity and non-conformity, you get exactly the same results and all of these show nonforformity as a single word without a hyphen. Most of the search results above appear in dictionaries (Merriam-Webster, Cambridge Dictionary, and Collins) and describe a person’s behavior of dress not conforming to the ‘norm’. When you however search for nonconformance, most of the top results are articles dealing with ISO, Safety, and Compliance, with the only exception being Collins Dictionary. Collin’s definition is however the same as what it gives for nonconformity. From the above, you should be able to see that although all 6 variants of the word basically mean the same thing, people have a tendency to use nonconformance in relation to Quality Management Systems, despite the actual clause in ISO using nonconformity. In all our articles on this website, we use the terms interchangeably as we feel they mean the same thing.

Other Questions Often Asked

There are a few other questions people often ask us when we talk about nonconformances as it relates to a QMS.

Non Conformance to Software Requirements is Known as?

In the software development industry, if software does not meet the requirements that were specified it is commonly called a bug. It is normally best practises to keep tracks of known bugs and to fix them on a regular, scheduled basis. The developers then release these fixes a new software versions. When we talk about non-conformances as defined by an ISO standard, this could relate to a wide range of topis, including compliance to the standard, adherence to internal policies and procedures, customer complaints, as well as to nonconformity in products, including software. If a software development company therefore decides to implement an ISO Quality management Standard, be it the more general ISO 9001 standard or on of the many ISO standards dealing with specific aspects of software development, they will refer to software bugs as nonfonformances. They will then handle these as per the clause pertaining to nonconformities. Some of the relevant standards include:

• ISO 9126: Software Product Quality Management
• ISO 14598: Software Product Evaluation
• ISO 25051: Requirements for Quality of Commercial Off-The-Shelf (COTS) Software Products and Instructions for Testing
• ISO 15026: System and Software Integrity Levels
• ISO 15910: Software User Documentation Process

Non Conformance vs Non Compliance

The Oxford Dictionary defines non compliance as: ‘failure to act in accordance with a wish or command.‘ The ISO definition of non conformance is ‘the failure to meet one or more requirements that are outlined throughout the mandatory clauses’ but this can be expanded to mean failure to meet (comply to) any other company requirement. Therefore, we don’t see any difference between the two terms. It is rather a case of people merely using different terms in different environments.

Non Conformance vs Defect

The Wikipedia definition of a product defect is ‘any characteristic of a product which hinders its usability for the purpose for which it was designed and manufactured.‘ If a company designs a product poorly and people can therefore simply not use it for its intended purpose, it is simply a bad design or a bad product. If, however, the company designed the product well and it will do what it’s supposed to do if it is manufactured correctly, a defect has been introduced. In this case, the manufacturer would likely handle the product defect in the same way as a software development company would handle a bug as described above. This means they would keep track of defects and correct these with the next production runs. If the company is however ISO certified, the defect would be treated as a non conformance and the relevant process for Non Conformance Reporting would be followed.

Nonconformity vs Corrective Action

We often see that people search for terms such as:

• corrective action software
• corrective action tracking software
• corrective action tracking system
• corrective action request & tracking software
• corrective action request software
• corrective action system
• corrective action systems
• corrective action tracking

This is puzzling in the sense that ISO 9001 & ISO 27001 Section 10.1 is called: ‘Nonconformity and corrective action.’ Exploring this section further shows clearly that corrective action only forms one part of the Nonconformity process. That is why we refer to our software as NCR (Non Conformance Reporting) Software, and not Corrective action software. At the end of the day however, it’s six of the one and half a dozen of the other. It doesn’t really matter what we, or others, call our software, as long as we all understand what it does, and how it will benefit you.

Conclusion

A non conformance results when a product, service, or process doesn’t match its specifications. Non-compliances disrupt the smooth flow of operations.

Furthermore, with operations such as production processes or a manufacturing process, the entire process can come to a halt if you don’t apply corrective actions properly.

A failure to identify and rectify non-conformity issue will result in corrective costs, monetary damages, and a potential loss of reputation. To prevent this, non-conformances need to be identified, analyzed, and corrected as soon as possible.

Software solutions such as ISO 9001 nonconformance management software will help reduce the cost associated with non conformances. This is because it reduces manual paperwork and the time that you have to spend to document everything properly.