Nonconformity and Corrective Action
A nonconformity is any failure to meet a requirement. A requirement can be that of a customer’s, statutory or regulatory body, ISO 9001 or your organization’s (i.e. Failure to follow a procedure). When a nonconformity occurs, you must react to it by either controlling and correcting it or dealing with the consequences. Then you must determine the root cause(s), evaluate the need to eliminate the cause(s) so the nonconformity does not reoccur and implement any corrective action necessary. A corrective action is defined as the action taken to prevent recurrence of a nonconformity.
ISO 9001:2015 requires organizations to review the effectiveness of any corrective actions taken and if necessary, update risks and opportunities determined during planning. Reviewing the effectiveness of corrective actions has taken the shape in many organizations as an added field to their existing corrective action report. The review can be in the form of a meeting, observation, or follow-up with relevant parties. Updating risks and opportunities is often done using a risk management system, though a formal system is not a requirement.
ISO 9001:2015 standard has replacemed the term “preventative action” with “risks and opportunities”. The motivation behind this is to make the 9001 standard consistent with other ISO standards. The basic concept between preventative action and risk management is the same, assess the risk and mitigate it based on severity, but the terminology has changed.
The nature of nonconformities, actions taken to address them and results of corrective actions must be documented. Check out our Forms Package which includes a nonconformance report and corrective action request to help your organization meet the documentation requirements around nonconformity and corrective action.