What is non-conformity, and why is it important?

non conformity

“Failure is the seed of success,” said Kaoru Ishikawa, the quality guru. We know that having any non-conformance is nothing embarrassing but a chance to grow, while we hold the key to improving all the time.

In any Quality Management System (QMS), you might be familiar with hearing conformity and non-conformity terms being used. What is the definition of non-conformity, and why is it essential for your QMS? Read on!

Conformity, or conformance itself, is the fulfilment of a requirement or specifications, whereas non-conformity is defined as the non-fulfilment of a requirement or specifications. These definitions are taken from ISO 9000:2015 Quality Management System – Fundamentals and Vocabulary. The terms are widely used in many quality management standards, not just in ISO 9001 but also in other ISOs such as ISO 13485, ISO 27001, and ISO 22000.

Here we list down some samples regarding the clauses in which the non-conformity process is defined and used in each management system standard:


Non-conformity, described as non-fulfilment or failure to meet a requirement in practice, could vary. This may happen in any step and aspect of the management system. It could also be present in the organisation’s process, product, or services.

We can say that a “defect” that arises in the product during the manufacturing process is also a form of non-conformity against its intended or specified use.

Both conformity and non-conformity are usually detected through processes such as inspection and audit. While seeking conformity during those practices, there will also be a chance to find non-conformities. Other sources whereby non-conformities can be detected are customer feedback, testing, reviewing, observations, etc. 

feedback, satisfaction, employee

Can non-conformity be graded?

Non-conformities can be graded depending on your organisation’s context and organisational risks. It can be generally qualitative (e.g., major non-conformity and minor non-conformity) or even quantitative with any grade (e.g., 1 to 5).

It is common to grade the non-conformities qualitatively, for example:

Minor Non-conformances

An isolated lapse in the content or implementation of procedures or records could reasonably lead to a systematic failure or significant system deficiency if not corrected.

Suppose a trend of minor non-conformance occurs over successive assessments. In that case, it may represent a systematic failure or considerable system deficiency, resulting in the issuance of major non-conformance.

Case study:

An auditor found out that the auditee from a specific department was inconsistent in recording the processes in the provided form template; hence auditee did not conduct a process according to the published standard of procedures. Although this issue caused no severe consequence, a minor non-conformance report is required to ensure specified requirements have been met.

Major Non-conformances

A systematic failure, or significant deficiency, occurs when a single wrong incident or a combination of several similar inappropriate incidents are conducted. Several non-conformance cases identified against one requirement of the relevant standards can represent a total system breakdown and thus be considered a major non-conformance.

Case study:

An auditor found that the company conducted no internal audit and management review for the previous period of a year. The auditee provided no records to prove that they had performed these operations. The auditee’s statement also supported that no such internal audit and review was conducted last year as they lacked resources. This could be classified as major non-conformities.

How to deal with Non-conformity?

To deal with non-conformance, it is essential to understand that the non-conformance process laid out in the various management system standards has several purposes.

It applies not only to the product developed by your company but also to the service provided and business process implemented within the company.

At some point, non-conformity can lead to a negative customer experience, affecting their satisfaction level toward your products and services if you do not adequately handle it. To prevent this, do not leave any issues untreated.

Here are some necessary Plan-Do-Check-Act steps you might need to take as preventive measures:

  1. Identify the Problem and Report
    To address and resolve the issue, identification of the non-conformity is the crucial preliminary step to decide what corrective action is required at the next step. Usually, this process is documented in a Non-conformance Report. The sample of information needed within the Non-conformance Report is:
    • Affected products and processes
    • Source of non-conformances, including date and time that the non-conformity occurs
    • Description of the non-conformance
    • Collection of all supporting evidence
    • Other related information

  2. Address, and act on the corrective action
    After the non-conformance is identified and the information is completed, it is noteworthy that you are required to investigate and conduct a root cause analysis to obtain effective corrective action.All necessary steps to be implemented must consider the costs, workforce, tools and documents. This is especially crucial if your manufacturing processes are affected when corrective actions have to take place.Hence, it is always essential to determine the planned actions’ impact. Remember to retain the respective record as a supporting document. For further information, look at our post regarding Corrective Actions.

  3. Review the system
    Any organisation needs to review the non-conformance process within a specific period during the management review as required in the standard, such as ISO 9001:2015 in clause 9.3.2.The management should review the effectiveness of each corrective action as well. For example, the similar nature of the non-conformities might have similar root causes and corrective actions in the end. The management of the company or organisation needs to test the corrective action and solve the root cause to prevent its recurrence.

What documentation is required?

Generally, documents required related to non-conformity handling are:

  • Procedures
    Non-conformity handling procedures are mandatory and very common for any organisation or company. This document should guide all employees within the organisation to be aware of the non-conformity handling process. The acknowledgement and training of this procedure are also considered critical as part of your business.

  • Form Template
    To have everything recorded well, you are required to provide and develop a standardised framework structured in form templates for employees to fill in in the event of any incidents. For example, Non-Conformance Reports (NCR) and Non-Conformance Investigation Reports are usually created and raised for each non-conformance found using standardised form templates.

  • Other Records
    As the non-conformities can vary, your organisation must retain other relevant supporting documentation. These can support the investigation process more straightforwardly, as well as support the corrective action conducted. laptop, office, hand

Maintaining retained information might seem like an extra hassle when juggling it with other daily operational activities, especially ensuring all retained documents are available during any audit or activities for review purposes.

At Stendard, we have developed our proprietary software, an exciting tool as part of your Document Management System, to maintain your retained information or documentation paperlessly, allowing you to access it anywhere.

With Stendard Solution™ as one of the software tools, organisations can control all processes easily, enhancing business productivity which saves costs and ensures that your customers are satisfied with the service provided. Feel free to find out more about our platform here.

Final Thoughts

A robust system to control the non-conformity handling process will significantly benefit your management system and business, including setting up your Non-conformity Handling Procedure and other relevant SOPs.

Most importantly, how you implement it in the entire process in your business, how deeply your employee is aware of it, and how your Correction Action and Preventive Action Procedure support it.

The following are the other advantages of continuously implementing a robust non-conformance handling system :

  • Reduction and or prevention of the recurrence of non-conformances
  • Reduction of customer complaints
  • Continuous improvement on the effectiveness of the Management Systems, including compliance with any quality standard
  • Continuous improvement on the product or service quality provided
  • Improvement of resource efficiency through the system review

The control function of this system might be best handled by your quality managers, as both conformances and non-conformances are inseparable from the management system or quality standards themselves.

Alternatively, if your company and business require support and service to conform with non-conformity requirements, our in-house consultants can also provide the following:

  1. Setting up your non-conformity procedure and process, which serves as a guide for your team to implement best practices for:
    • Identification of non-conformities
    • Root cause analysis
    • Determination of appropriate changes whenever a non-conformity occurs
    • Ensuring effectiveness and improvement of your quality management systems
    • Compliance with various ISO standard’s non-conformity requirements
    • Ensuring that the processes are well documented

  2. Address any non-conformities arising from internal or external audits on the ISO standard that your company complies with. This includes the documented suggestion for process improvement and rectification of your company to address the non-conformity, ensuring that it does not occur again.

Learn More

our Academy e-learning course:

Do you have any questions?

Drop us an inquiry now!