Common Nonconformities

non conformity11
non conformity11

A question that we are often asked during our Lead Auditor Training Course is “what are the most common nonconformities found by third party certification auditors?

The definition of a nonconformity in ISO 17021 is defined as:  “non-fulfilment of a requirement”.

In real terms this is often explained as a failure to fulfil one or more requirements of the management system standard, or a situation that raises significant doubt about the ability of the client’s management system to achieve its intended outputs.”

A nonconformity can be identified as a “minor” or a “major”. Put simply, a minor nonconformity means the failure to comply with a requirement which is not likely to result in management system failure, e.g. a single lapse or an isolated incident. Whereas a major nonconformity means an absence or total breakdown of a system to meet a requirement, in some cases a number of minors related to the same clause or requirement.

After doing some research with several UK certification bodies, we were able to put together a list of top 5 minor nonconformities for ISO 9001, ISO 14001, ISO 27001 and AS9100. Can you guess what they are before looking?

The top 5 QMS ISO 9001 minor nonconformities:

7.6 Control of Monitoring and Measurement Equipment
4.2.4 Control of Records
5.6 Management Review
4.2.3 Control of Documents
6.3 Infrastructure

The top 5 EMS 14001 Environmental Management System (EMS) minor nonconformities:

4.3.2 Legal and Other Requirements
4.4.6 Operational Control
4.5.2 Evaluation of Compliance
4.5.3 Corrective and Preventive Action
4.5.5 Internal Audit

The top 5 ISMS 27001 Information Security Management System (ISMS) minor nonconformities found were:

6 ISMS Internal Audit
8.2 Corrective Action
4.2.1 Establish the ISMS
4.3.2 Control of Documents
4.3.3 Control of Records

The top 5 Aerospace and Defence AS91xx minor nonconformities:

7.5.1 Control of Production and Service Provision
4.2.3 Control of Documents
8.5.2 Corrective Action
8.2.2 Internal Audit
4.2.4 Control of Records

If you have been involved in auditing for some time a would guess that you knew the answers before you read them, but the age old ones never seem to go away – control of documents, control of records, corrective action and internal audit results.

If you need help with your management system or auditing skills, Batalas offer a wide variety of training course for auditors:

Originally posted 27 November 2012, updated 3 September 2013

Want to know more?

Our ISO experts are here to help answer your questions.

Get in touch

Related Courses

You may also be interested in

Back to Videos & Blogs

Stay up to date with industry news, courses and offers

By subscribing, you consent to receive marketing emails from Batalas. Your data will not be forwarded to any third parties, and you can unsubscribe anytime.

By clicking ‘Sign up’ you agree to the Terms and Conditions and Privacy Policy.

portrait happy young freelancer using laptop

More Resources to make your studies go further

With over 60 years experience, our expert team have a wealth of knowledge to share. From auditing tips to FAQ’s, we have a range of resources to support you.

All resources

Let’s level up your career together

Are you a new auditor looking for ISO training advice? Or do you want to build on existing auditing skills to boost your career?


Whatever your need, our experienced and knowledgeable Batalas team can guide you on the right training path to help you reach your professional goals.

Get in touch

Batalas Ltd is a limited company registered in England and Wales. Registered number: 3736166. Registered office: Victoria House, 2 Grove Road, Fareham, PO16 7TE

© 2023 Batalas ltd, All Rights Reserved. Designed by Damteq®