“Non conformances (also known as nonconformities) are outputs that do not meet requirements.”

If your company produces/ makes dolls, then the requirement is that each doll has 2 arms, 2 eyes, 2 legs, etc. Correct?

What if you are packing the doll in a box right after it being made and notice that it is missing half a leg?

Does this doll meet your expectations?

This is definitely a non-conformance (NC1).

Depending on the company and the production manager they could call these different things: rejects, issues, NCR (non-conformance report), DMR (defective material review), defects, etcetera.

At the end of the day, they all are the same, an item that did not meet expectations.

Moreover, this is a product nonconformity.

You can read more about this type of nonconformity and the ISO requirements around it in clause 8.7 of the ISO 9001:2015 standard. It will detail all requirements on how to deal with this operations nonconformance.

But don’t worry, we will explain how to handle it a bit later.

Production or manufacturing nonconformities are probably the easiest to spot but now let’s talk about nonconformances for service companies.

Imagine you worked at a logistics company (3rd party logistics / 3PL). Your customers want you to send their products out to their customers when they communicate it to you. What if they told you to send “Doll A”, UPS ground to customer X in Miami and instead you sent the package to customer Y in Washington. This a service non conformance (NC2).

Just for clarification, service provision should follow clause 8.7 as if it was a manufacturing rejection. This is something that a lot of people are not able to identify properly. In general if there’s a service that a company provides to a customer, then they need to meet many operation requirements in section 8 of the standard so do not forget 8.6.

But wait! Things could go wrong anywhere.

Non conformances could happen in any department, not only in operations, service or production. In any department something can go awry and impact the final quality of your service or product.

For example, the purchasing department in the doll company buys blonde & brown hair for the dolls. They purchase 100 lbs of each hair color hair.

When the items arrive, the receiving department notices that a portion (60 lbs) of the blonde hair was blue. Is this what they expected?

Can they use it? Should they use it?

What they have here is a non conformance, and more specifically, a supplier non conformance (NC3). They did not meet your requirements and thus, you will need to contact them for a credit or replacement.

In the logistics company they have an order management team and a shipping team that rely on each other. What if the order management team makes a mistake in communicating order information. If they missed the shipping method or the product detail, that would be an order management team nonconformance (NC4).

The expectation is that order management provides correct order information to the shipping department so that it does not impact the system or a customer’s experience.

Finally, let’s imagine your company wants to become ISO 9001 certified (wink-wink). No matter if you are a service or manufacturing company, there are certain requirements (from the standard) you will need to meet.

For example, you will need to demonstrate that you deal with nonconformities adequately, that you monitor these non conformances and that if necessary “open” a corrective action to eradicate the underlying cause. (Refer to Clause 10.2, in the Improvement section).

But let’s say during your audit you say to the auditor have not had any non conformances.

The auditor will doubt it, but will need to take your word for it. As the auditor continues digging a little deeper, they find out that you do have supplier issues (things you purchased do not come in as expected).

He finds you have returned several items to your supplier.

The auditor asks you, “why is this not considered a nonconformance?” Probably because you did not know this is a nonconformance.

Therefore, when you receive the audit report it will state you have a nonconformance because you did not meet the requirements of the standard in clause 10.2, to identify nonconformities and handle them.

This is a quality management system’s – QMS – nonconformance (NC5).

To summarize, non conformances are:

Instances where something your company does not meet requirements.

Further, requirements could be set by: a customer, a regulatory agency, a standard or your own process.

Found anywhere in the life-cycle of a company- service or manufacturing

Identified during audits

To be clearly identified and controlled

Will need to be resolved adequately (ie: by replacing, returning, crediting, etc.)

Now that we understand what non conformances are, remember you will need to prove to your auditors that you are identifying them and if possible monitoring non conformances.

We suggest keeping a log or having these recorded somewhere.

TIP: you will have to report NC’s to your management team so keeping it in a log/ database will be easiest.

Corrective Actions

We always ask our teams: “Why do you think ISO wants you to keep records for these nonconformances?” We get different responses.

The reason we highlight is that when monitoring and analyzing nonconformance data it provides your business insight on how and where there are areas for improvement.

Further, you will be able to discuss these during management review meetings which will point to specific areas for improvements.

(Which you already value because all quality management systems are committed to continuous improvement anyways, right?)

TIP: create categories or summary descriptions for your nonconformances so you can sight a trend and report it easily.

When you start recording, monitoring and analyzing issues you could find trends or you might find a significant issue that your company will like to address immediately.

When you spot these, you should consider opening a CORRECTIVE ACTION.

A corrective action is an activity (project) that aims to remove/eradicate an impactful issue that is affecting your company.


Further, ISO clarifies that a corrective action should address the root cause (underlying cause) to ensure it truly prevents the issue from happening again. Do not be confused by the word action in its name.

You might have more than 1 action or task for you to eliminate the issue.

Wait a second… a nonconformity is an issue and a corrective action is a project by which we deal with impactful issues. Do I need to have a corrective action for all nonconformities?

NO!!!!!!! Nobody has time or resources for that! This is why we tell you a Corrective Action is trying to eradicate an impactful issue not any issue.

A corrective action will take a bit more resources and analysis, that is why we call it a project. Use the nonconformance trend analysis so that you can decide what needs a corrective action. And always make sure that the actions taken eradicate the issue from your system, otherwise the corrective action is not effective and should be done again.

An effective corrective action will have the following parts:

Problem definition.


Resource assignment.

Root Cause analysis.

Actions taken.

Verification that actions taken are effective.

What to do with Nonconformances?

Handling nonconformities

Dealing with nonconformances

Now that we know what NC’s + CA’s are, let’s make sure we understand that identifying issues is not enough.

You need to resolve issues in order to continue improving. When a nonconformance does not impact your company too much and can be remedied quickly and swiftly instead of opening a corrective action you need to deal with it.

ISO used to call this disposition now it states you deal with the nonconformities. ISO wants you to control, correct & deal with consequences of issues.

We call this the band-aid fix (quick & swift). A band-aid will cover a wound and help it heal but it does not prevent you from getting a wound again.

Let’s use the following examples to show you how you can handle nonconformances…

In the doll company issue (NC1) you can fix it by reworking the doll or scrapping the doll and replacing it. If all is well, then you can ship it out. As long as it meets your customer’s expectations when delivered, all will be okay.

In the logistics company issue (NC4) it is a matter of communicating correctly. If they catch the issue before it leaves their warehouse, they will have to make the necessary changes in the paperwork, and send it off. If they don’t catch the issue in-house, then they will have to bring back the package and re-send it.

NCR Handling

2 Things to Remember

Rules about nonconformances that ISO 9001 want to highlight are:

Nonconformances need to be identified & controlled (dealt with). I call it the “band-aid” fix.

You should monitor/analyze/evaluate your nonconformances to see if there is a bigger/ recurrent / impactful issue your company will need to deal with. Trend information and report to your leadership team.

Opening & Handling Corrective Actions

What happens if the incident of the doll missing half a leg (NC1) reoccurred 5520 times and you notice that this “rework” is costing the company to spend more money in resources and time.

For all matters and purposes let’s say it costs the company 5$ per reworked item.

Essentially the company is now out $27,600. Each company will have a different threshold but if you decide this is too impactful to your business then this is something you need to correct immediately!!!

The best way to deal with a recurrent and impactful issue and ensure it never happens again is by opening a Corrective Action.

This is what we call a “forever fix”.

Is there a guide of when a Corrective Action should be open ?

When the impact to your business is too big to accept a recurrence. But we created this awesome list that we believe will help you “see it”.

Disclaimer: there will be more specific reasons when to open a corrective action in your business, but below will provide a sense of structure of when to open.

Open a Corrective Action when there is:

A severe delay in production or service provision (operations).

A recurrent supplier issue that is impacting your operations.

A quality issue with negative financial impact to the business.

A recurrent design failure.

A burden to the company’s resources.

A recurrent knowledge gap.

An impactful resource loss to the business that was not planned.

A nonconformance in a quality audit (internal or certification body).

Consensus from management team (normally in a management review meeting) that there is an issue that needs to be resolved by using a CAR.

Leave a Reply

Your email address will not be published. Required fields are marked *