PJCINC

  • Home
  • About PJC
    • Why PJC
    • Our “A to Z” Approach
    • PJC Testimonials
    • PJC Clients
    • News & Events
    • Supplier Audits
    • Risk Management
    • Compliance Audit
  • Standards
    • ISO 9001
      • ISO 9000 Implementation
      • ISO 9000 Maintenance
    • AS9100
      • AS9100 Implementation
      • AS9100 Maintenance
    • TNI 2016
    • IATF 16949
      • IATF 16949 Implementation
      • IATF 16949 Maintenance
    • ISO 13485
      • Medical Device Single Audit Program
    • ISO/IEC 17025
      • Cannabis
    • ISO 14001
      • ISO 14000 Implementation
      • ISO 14000 Maintenance
    • ISO 27001
    • ISO 20000-1
    • CMMC
    • R2 – Responsible Recycling
    • RIOS
    • ISO 45001
    • HACCP
    • FSSC 22000
    • Risk Assessment
  • ISO Consulting
  • Training
    • Virtual Public Seminars
    • ISO 9001:2015 Overview Course (Online)
    • ISO 9001:2015
      Internal Auditor
    • ISO 14000
      Internal Auditor
    • IATF 16949
      Internal Auditor
    • AS9100
      Internal Auditor
    • Measurement Uncertainty
    • ISO/IEC 17025 Internal Auditor
    • ISO/IEC 17025 Overview
    • Root Cause
    • SPC
    • Core Tools
      • ISO/TS 16949:2002 Linkage to the
        Core Tools
  • Resources
    • PJC Blog
    • PJC Podcast
    • PJC Videos
    • Green Paper Library
    • Executive Overviews
    • ISO Consultation
    • Quality Manual Review
  • Contact PJC
    • Request A FREE Quote
    • Request A FREE Quick Quote
      • A to Z Implementation
      • Training
      • Internal Audits
      • Assistance/Consulting
    • Here To Answer Your Questions

What Does it Mean to get a Nonconformance During an Audit?

For companies that are new to management system certification the prospect of getting a nonconformance can be unnerving and may lead to feelings of unease. These trepidations are truly unwarranted as the nonconformance process is a natural and often beneficial part of the certification experience.

What Does it Mean to get a Nonconformance During an Audit?

To begin with – it is expected that the audit process at large will contribute to the improvement of the auditee’s management system. This ideal is expressed in ISO 19011:2018 clause 5.5.2d under the concept of “Audit Objectives” where it states that “Identification of opportunities for potential improvement of the management system” is an intended objective for any audit (whether performed by a certification body or not.)

Improvement itself is a concept that has been promoted by the ISO going back over 20 years to the publication of ISO 9001:2000 where the concept of “Continuous Improvement” was first introduced and positioned as a concept tied in with all established processes. The idea was that the organization should also be seeking improvement (both for itself and for customers.) In the 2015 version of ISO 9001 this idea remains and has been furthered by its pairing with the concept of Risk Based Thinking.

Bearing all of this in mind, certification body auditors are trained to write nonconformances whenever they find them. At this juncture, it’s important to remember that just because an auditor has written a nonconformance does not mean that the audited organization is “stuck with it.” All certification bodies train their auditors to be open to further discussion and review of additional evidence from the auditee if a nonconformance is of questionable merit. If these discussions result in the nonconformance still being written, the auditee is allowed to request what the industry calls an “appeal.” The appeals process varies from one certification body to the next but all accredited certification bodies are required to provide one.

Assuming that all parties concerned are in agreement on the nonconformances; the next step is to resolve the nonconformances in a documented fashion. The industry requires that this response take the following three-part form:

  1. Correction
  2. Root Cause Analysis
  3. Corrective Action

Correction is a defined term is ISO 9000: “Action to eliminate a detected nonconformity.” Correction is best understood as the actions needed to resolve the immediate issue cited by the auditor. It is the act of “putting out the fire” as the popular euphemism goes. For example, if the nonconformance was written for a missing training record, the Correction would simply be to create the training record in question.

It is also expected that the audited organization will ensure that no other similar instances of the cited issue exist. In our prior example this would mean that the audited organization has confirmed that there are no other missing training records. This furtherance of the Correction is sometimes referred to as “read across”, “horizontal deployment”, or “extent analysis.” Some certification bodies will even provide a designated space for this step to be captured.

Root Cause Analysis intends to identify the systemic cause of the cited issue. It is common for newer organizations to presume human error as the underlying cause, but this is incorrect thinking. Organizations must look at the complete situation and all related aspects in identifying the true root cause. This means that the organization needs to consider what controls have been established to ensure consistency and effectiveness of a process – and why those controls failed and led to an audit nonconformance. Many organizations may find it useful to use a root cause analysis tool such as fishbone or 5 why. Such organizations would also do well to recognize that in some cases it is possible that there may be more than one contributing cause.

If an organization has done an effective job of determining the Root Cause, the Corrective Action should come very easily. I often have to remind organizations and people that are new to ISO 9001 that Root Cause statements and Corrective Action statements should be “mirror images” of each other. For example – if the root cause analysis has concluded that a process failed because the established work instruction wasn’t specific enough about a particular step, the corrective action would be to add details to the work instruction. Corrective Actions must be systemic in order to be effective. They must extend beyond people remembering to perform an action or complete a step. They must include new or improved process controls that will ensure the steps are completed.

Once you have formulated your Correction, Root Cause Analysis, and Corrective Action statements you will be expected to document these on the certification body’s provided format and send it to your auditor. Most of the time the auditor will provide a review and approval within a very short period of time. It is of course always possible that this review may lead to auditor rejections and a need for revision, but most of the time if you’ve done an effective job these remedial steps won’t be necessary.

By virtue of the steps your organization has completed in formulating your response to the nonconformance your management system will have achieved the ideal of improvement. Each successive audit will help you refine your system even further as your auditor develops a deeper understanding of who you are and how you operate.

PJC believes that nonconformances are beneficial to the certification experience. We offer industry experts with decades of experience in responding to nonconformances in an effective manner that helps your company achieve improvement. Contact us today to see what we can do for you!

Subscribe here to receive updates on this and other standards, training, etc.


Call for more information: 1-888-248-0256

PJC Contact Us

Request A FREE Quote - PJC

Receive News & Updates From PJC



PJC Implementation Process

Training



MORE INFO / REGISTER NOW!


PJC Blog

  • What Is AS9100 and Why Does It Matter for Your Business?
  • Why ISO Gaps Are Costing You Clients—And How to Fix Them Fast?
  • 6 Reasons IATF 16949 Training Should Be Your Next Skill Upgrade

News & Updates

  • First Step in Preparing for ISO Certification: GAP Assessment

Testimonials

Our consultant, Jim Johnson, was extremely helpful not only during the implementation process but afterwards. Kudos to Jim and the staff of PJC!
Ken SeloverQuality ManagerStructural Diagnostics, Inc.
Mahindra Automotive North America (MANA) Manufacturing challenged Perry Johnson Consulting (PJC) to help implement ISO 9001:2015 while ramping up production for our ROXOR off-road vehicle. MANAM was focused on a streamlined, high-level approach to build quality into our manufacturing processes and develop the Quality Management System. PJC was a true partner! Our consultant, Nancy, embraced our approach and kept us focused on key ISO deliverables. She guided us to a successful ISO implementation… Read more
Denise VallisProject ManagerMahindra Automotive North America
From quoting to certification, everyone at Perry Johnson Consulting has been professional and a valued partner. Their auditors demonstrate a vast knowledge of quality standards and are able to translate them to real world application.
Matt NorbergQuality Control ManagerNational Products Inc.
Steve was a wonderful auditor. He was very professional and thorough. He took time to answer my questions about different parts of the standard. I would recommend him to other companies needing an internal audit.
Kelli BradburyPrecision Die Technologies
Hiring Perry Johnson to help us get certified to ISO 9001:2015 was the right move on our part. They did an excellent job on our documentation. Perry Johnson also answered a lot of questions for me going up to the audits which helped greatly. WE passed the audit in June. Thank you for your help, it was money well spent. I will refer you to anyone I talk to about this.
Tony BriaQuality ManagerHydra-Matic/Fabrics For Industry
PJC did consulting for us for our ISO 9002:2015 system and we found them to be professional and listened to our needs. They created a system that was easy to implement and use on a daily basis.
Kraig ReichwaldVP of ManufacturingCustom Metal Products
Wayne’s expertise in ISO 9001:2015 was essential in Vonco Products attaining our ISO certification. His knowledge was a great help improving our system by eliminating waste while assisting in developing our QMS.
Mike DeleoQuality ManagerVonco Products
Michael was instrumental in helping us make this transition much less stressful than I thought it would be. His attention to detail and expertise prepared us for our recertification audit. His professional demeanor made him a pleasure to work with.
Tyler HawkOperations ManagerCross Technologies Group, Inc.
We have been using Perry Johnson Consulting for 5 years and have never had a bad experience. With their expertise and knowledge of the ISO programs they have guided and helped us achieve an outstanding QMS. Thank you to all the friendly and professional people at PJC and we hope to have a long lasting relationship.
Larry ReimersQuality ManagerCTG, Inc.
Thought I’d drop a line to you and the staff to say thank you all very much for your dedicated hard work. You helped save our company, and I’m sending you all a heartfelt thanks!
Kevin J. CoffeyPresidentAlert Tubing Fabricators Inc.

RECEIVE NEWS & UPDATES FROM PJC

Subscribe to our mailing list:


Government "We are proud to provide services to the U.S. Government!"

PJC Celebrates 30 Years!

PJC's 30th Anniversary
Teresa O'Donnell – President & CEO
Teresa O'Donnell
President & CEO

Perry Johnson Consulting, Inc.

200 East Big Beaver Rd.
Troy, Michigan 48083
Phone: 1-888-248-0256 or (248) 519-2602
Email: [email protected]

PJC Contact Us

  • Facebook
  • Instagram
  • LinkedIn
  • YouTube

Copyright © 2025 PERRY JOHNSON CONSULTING, INC. (PJC) • All rights reserved.