Nonconformity Guidance and Corrective Action
Applies to most standards and programs
Check out this free course:How to Respond to Audit Nonconformances
1. Nonconformity Identification is completed primarily by the auditor during the audit. The client’s management does sign and date the Evidence of Company Notification field in this section. Signing this field does not restrict the client from contesting this nonconformity. Signatures can be electronic or handwritten.
2. Company Response to Nonconformity is completed by the client. The client is responsible for providing complete and timely responses. If additional space is required, attachments may be used. Attachments must be referenced in the applicable fields of the Nonconformity Report. A company’s internal form may replace Step 2 if it contains all of the same information. All fields are required.
3. Containment/Correction – The client documents what was done to correct/fix the nonconformity described in Step 1. This containment/correction should address the nonconformity across the breadth of its system, and not address only the particular details described as evidence. The client must attach evidence of its completed containment/correction to the form, and note the date that it was completed. It must be completed by the due date noted on page 1.
Containment/Correction are those actions taken to eliminate a nonconformity. This is often done immediately, while the root causes and corrective actions are being determined. This step identifies and isolates all nonconforming product or data to prevent the harmful effects of the nonconformity from continuing. Containment continues until the problem is solved, permanent corrective actions are taken, and the nature of the problem has been communicated to all affected parties.
When taking containment/correction actions, the following steps are usually required.
● Determine extent of undesired condition(s) / Search for other occurrences
● Fix undesired condition(s)
● Inform all parties who need to know
● For an ISO 14001 nonconformity, the containment/correction should mitigate the nonconformity’s environmental impact.
4. Cause(s) – The client shall determine the cause(s) of the nonconformity using an analytical tool such as the “5 Whys” or a Cause and Effect Diagram. The client shall attach evidence of the cause analysis to support the cause(s) it has identified (evidence such as the output from its analytical tool) or a summary of its actions to identify the cause(s). It must be completed by the due date noted on page 1. Clients shall take care to avoid common errors when identifying the cause(s) of a nonconformity. These include:
● Restating the problem as the cause
● Assigning blame instead of identifying the cause
● Identifying a symptom of the cause as the cause
● Identifying an excuse and calling it the cause
● Guessing or using a stock answer in place of a cause
(For example, using the same cause for every nonconformity.)
5. Corrective Action – The client documents what it plans to do or has done to eliminate the cause(s) of the nonconformity. These actions should be appropriate for the cause identified by the client. The corrective actions should address the cause(s) across the breadth of the client’s system.
The auditor will verify that the corrective actions are implemented and effective by reviewing applicable evidence. This usually happens while the auditor is on-site at the next audit. For major NCRs, this usually happens at the Corrective Action Audit.
6. Company Approval – The Management Representative or designate shall sign and date this field as evidence of management approval of the information provided by the company in Step 2. The client will then send the NCR with the above information directly to the lead auditor, copying Orion. If it is not possible to email the NCR, it may be faxed to 303-645-4864
7. Auditor Verification and Closure are completed by the auditor and used to track the status of the Nonconformity Report.
- No official response is required for Nonconformity Reports written during pre-audits. Clients should take appropriate internal action to correct the nonconformity.
- Please feel free to contact your lead auditor or a technical reviewer in the Orion office for assistance.
- If no response is received by the due date, or if the client continues to fail to provide an acceptable response, Orion will take further actions. For major NCRs, suspension activities may be initiated. For minor NCRs, the NCR may be elevated to a major NCR.