Nonconformity
A nonconformity is the non-fulfilment of a requirement — from the standard, from your own management system, or from a customer or regulation. It is a factual audit finding, stated with evidence, not a judgment of people.
Where it comes from
Every ISO management standard (9001, 14001, 45001, 27001, 42001) uses the same definition, inherited from ISO 9000. Three kinds of requirement can be breached: the standard's requirements, your own documented system (if your procedure says calibrate monthly and you calibrate quarterly, that's a nonconformity even though ISO 9001 never mentions monthly), and external requirements — laws, regulations, customer specifications.
Nonconformities are the raw material of improvement: each one triggers correction (fix the instance) and, where warranted, corrective action (fix the cause).
The four elements of a defensible NCR
A well-written nonconformity report (NCR) contains four parts, and auditors are trained to include all of them: (1) the requirement — quoted or precisely referenced; (2) the evidence — the specific, objective facts observed (records, statements, conditions, with identifiers); (3) the statement of nonconformity — the plain declaration of what requirement is not met; and (4) the grade — major or minor.
Weak NCRs fail on evidence: “training seems insufficient” is an opinion; “operators A and B on line 2 had no training record for procedure WI-014, required by clause 7.2” is a finding. You can practice writing all four elements in our free Findings & NCR Trainer.
What happens after one is raised
In a certification audit: minor nonconformities require a corrective action plan (and usually evidence of implementation checked at the next surveillance audit); major nonconformities block certificate issue or continuation until resolved and verified, typically within 90 days.
Internally, treat each nonconformity through the same loop: contain, correct, analyze the root cause, act on the cause, and verify the action worked. The record of that loop is mandatory retained information in every ISO management standard.
Go deeper, free.
Every standard this term appears in has a free clause-by-clause guide on ReadSafety.com — and when you're ready for certification, USQC provides accredited third-party audits.
Browse the guidesCertify with USQC