Types of ISO Audit Findings and Non-conformances

During ISO Certification assessments, the auditors look not only for conformity against requirements but also for non-conformance against requirements.

There is a possibility that several different findings can be raised, and given different gradings of the finding, whatever the grading, there is no need to panic or worry.

It’s very typical to have at least one issue during each assessment.

Auditors don’t get paid extra for each finding raised and do not have targets they should be hitting which are often assumed.

There are three different gradings for findings; Major non-conformance, minor non-conformance, and observation/opportunity for improvement.

Any non-conformance needs to be addressed through corrective actions no matter what the grading, observations/opportunities for improvement are just suggestions and do not technically need to be corrected.

It is advisable to review the “Observations”/”OFIs” as they can be a warning that progression may lead to future non-conformances.

Auditors may raise non-conformances if you do not adhere to the standard or management system requirements. Auditors can also raise them against not complying with your defined management system controls.

Major Non-conformance

A “major” non-conformance is defined as a nonconformity that affects the capability of the management system to achieve the intended results.

Nonconformities could be classified as “major” in the following circumstances:

  • If there is a significant doubt that effective process control is in place, or that products or services will meet specified requirements (is product or service impacted;
  • Several minor nonconformities associated with the same requirement or issue could demonstrate a systemic failure and thus constitute a major nonconformity.
  • A finding against an item of legislation (typically within ISO 14001 and ISO 45001)

Minor Non-conformance

A minor non-conformance is defined as:

nonconformity that does not affect the capability of the management system to achieve the intended results.

This will likely be something that doesn’t directly impact product or service.

Observations/Opportunity for Improvement

Each certification body will call these by different names, but technically, they are the same. At the time of raising, they are not non-conformances as you would be meeting the standard or your management system requirements. They are merely suggestions that can help your management system or can potentially prevent a possible non-conformance in the future.

Auditors will visit many different organisations and see many methods of achieving the same results; sometimes, communicating these suggestions without breaking confidentiality is valuable.

They may also be warnings for future development and growth; sometimes, systems don’t change when organisations grow, so something working fine now may not cope with future growth.

Submission of Corrective Actions

For any nonconformity there will be a proposed corrective action to remedy any defects in either products or processes.  All corrective actions must be cleared to the satisfaction of the Audit Team Leader or a nominated representative before certification is granted or continued.

For any non-conformity, there will be a requirement to submit proposed corrective actions to remedy any product or process defects. You must clear all corrective actions to the satisfaction of the Audit Team Leader before certification is granted, maintained or renewed.

The non-conformities will be numbered and listed in the audit report or Non-conformance Report depending on the ISO Standard applied. The proposed action should state:

  • The action completion date and responsibilities;
  • Any rework or recall of nonconforming product;
  • Corrective actions to contain the non-conformance
  • Root Cause information to highlight how the non-conformance occurred;
  • Corrective action to prevent the non-conformance from reoccurring.

Simply repairing or reworking a nonconforming product is not corrective action; you must identify the root causes of nonconformities and take appropriate action to prevent a recurrence.

For Initial Assessments, you must clear all corrective actions within 90 days of the end of the initial audit. If not, before granting certification, a further stage 2 audit may be required.

The Audit Team Leader may reduce this timeframe depending on the severity of the issue.

For surveillance visits, the audit team will recommend whether you must submit objective evidence for the closure of non-conformances or whether they can be closed out at the next visit.

You will submit corrective actions and any supporting evidence before the date stated on the Non-conformance form. Failure to submit suitable actions within 90 days of the audit may result in suspension.

If you would like to understand more or have any specific questions you can give us a shout.

If you would like to learn about performing effective internal audits, you can check out this link.