Nonconformity and Corrective Action
A nonconformity is any failure to meet a requirement. A requirement can be that of a customer’s, statutory or regulatory body, ISO 9001 or your organization’s (i.e. Failure to follow a procedure). When a nonconformity occurs, you must react to it by either controlling and correcting it or dealing with the consequences. Then you must determine the root cause(s), evaluate the need to eliminate the cause(s) so the nonconformity does not reoccur and implement any corrective action necessary. A corrective action is defined as the action taken to prevent recurrence of a nonconformity.
Major Nonconformance Vs. Minor Nonconformance
There are two types of nonconformances, major and minor. A major nonconformance is classified when there is an absence or a complete breakdown in your QMS, preventing you from meeting the ISO 9001 requirements. Examples would include a failure to take corrective or preventative action, not implementing a part of the standard, or not implementing a procedure. A minor nonconformance is defined as an incident that does not meet the ISO 9001 requirements, but that does not have any major consequences. This means, that the nonconformance will not result in a failure or majorly weaken your QMS. Examples of minor nonconformances are, failure of a few personnel to correctly follow a process, or a single incident of not having proper paperwork for inspecting equipment.
A nonconformance report (NCR) is a document that addresses specific deviations or work that fails to meet the quality standard. This document is created to allow the auditee to take action to correct the nonconformity and to eliminate the cause. In essence, the report is used as part of a quality control process be detailing the nonconformity, relaying how it occurred, and how to prevent it from occurring again.
Non-Conformance Report Items
When you are creating a nonconformance report there are specific items that need to be in it:
- The requirement is affected by the nonconformance
- What went wrong to cause the NCR
- What can be done to prevent the problem from happening again
- Explanation of corrective action to be taken
ISO 9001:2015 requires organizations to review the effectiveness of any corrective actions taken and if necessary, update risks and opportunities determined during planning. Reviewing the effectiveness of corrective actions has taken the shape in many organizations as an added field to their existing corrective action report. The review can be in the form of a meeting, observation, or follow-up with relevant parties. Updating risks and opportunities is often done using a risk management system, though a formal system is not a requirement.
ISO 9001:2015 standard has replaced the term “preventative action” with “risks and opportunities”. The motivation behind this is to make the 9001 standard consistent with other ISO standards. The basic concept between preventative action and risk management is the same- assess the risk and mitigate it based on severity; the only difference is that the terminology has changed.
The nature of nonconformities, actions taken to address them, and results of corrective actions, must be documented. Check out our Forms Package which includes a nonconformance report and corrective action request to help your organization meet the documentation requirements around nonconformity and corrective action.