Glossary
Nonconformity
Non-fulfilment of a requirement. The requirement may come from a standard, a regulation, a customer contract, an internal procedure, or any other applicable source.
Source standard: ISO 9000:2015 §3.6.9
A nonconformity in a QMS context is the gap between an outcome and the requirement that governs it. It is the entry point for two distinct responses under ISO 9001:2015 clause 10.2: a correction that deals with the immediate effect (rework the part, withdraw the document, re-issue the report) and a corrective action that addresses the underlying cause so the same nonconformity does not recur.
Auditors grade nonconformities by severity. The two grades that appear in most certification schemes are:
- Major nonconformity. Absence, breakdown, or systemic failure of a required element of the management system. The certificate is at risk until the major is closed and effectiveness is verified.
- Minor nonconformity. Isolated lapse against a requirement, with no systemic root cause and no immediate threat to product or service conformity.
Some schemes add an opportunity for improvement (OFI) which is a suggestion that does not breach a requirement.
Nonconformities also originate from sources other than audit: customer complaints, internal monitoring, supplier issues, regulator findings, and post-market surveillance feedback. The QMS must channel each into a single register and apply consistent classification, root cause analysis, and effectiveness review.
A common implementation gap is closing nonconformities without verifying effectiveness. ISO 9001:2015 clause 10.2.1(e) requires the organisation to “review the effectiveness of any corrective action taken.” A register that records actions but skips the verification step will produce repeat nonconformities at the next surveillance audit.
See: internal audit checklist, ISO 9001 implementation guide, corrective action.
Related terms
- Corrective action
- Correction
- Major nonconformity
- Minor nonconformity
- Audit finding