Common Nonconformities

A question that we are often asked during our Lead Auditor Training Course is “what are the most common nonconformities found by third party certification auditors? ”

The definition of a nonconformity in ISO 17021 is defined as:  “non-fulfilment of a requirement”.

In real terms this is often exlpained as a failure to fulfill one or more requirements of the management system standard, or a situation that raises significant doubt about the ability of the client’s management system to achieve its intended outputs.”

A nonconformity can be identified as a “minor” or a “major”. Put simply, a minor nonconformity means the failure to comply with a requirement which is not likely to result in management system failure, e.g. a single lapse or an isolated incident. Whereas a major nonconformity means an absence or total breakdown of a system to meet a requirement, in some cases a number of minors related to the same clause or requirement.

After doing some research with several UK certification bodies, we were able to put together a list of top 5 minor nonconformities for ISO 9001, ISO 14001, ISO 27001 and AS9100. Can you guess what they are before looking?

The top 5 QMS ISO 9001 minor nonconformities:

7.6 Control of Monitoring and Measurement Equipment
4.2.4 Control of Records
5.6 Management Review
4.2.3 Control of Documents
6.3 Infrastructure

The top 5 EMS 14001 Environmental Management System (EMS) minor nonconformities:

4.3.2 Legal and Other Requirements
4.4.6 Operational Control
4.5.2 Evaluation of Compliance
4.5.3 Corrective and Preventive Action
4.5.5 Internal Audit

The top 5 ISMS 27001 Information Security Management System (ISMS) minor nonconformities found were:

6 ISMS Internal Audit
8.2 Corrective Action
4.2.1 Establish the ISMS
4.3.2 Control of Documents
4.3.3 Control of Records

The top 5 Aerospace and Defence AS91xx minor nonconformities:

7.5.1 Control of Production and Service Provision
4.2.3 Control of Documents
8.5.2 Corrective Action
8.2.2 Internal Audit
4.2.4 Control of Records

If you have been involved in auditing for some time a would guess that you knew the answers before you read them, but the age old ones never seem to go away – control of documents, control of records, corrective action and internal audit results.

If you need help with your management system or auditing skills, Batalas offer a wide variety of training course for auditors:

• Foundation / Awareness Training – for staff that are new to the audit role and need to start with the basics

• Internal Auditor Training – for staff members that have been chosen to conduct internal audits and need to learn the skills

• Lead Auditor Training – for staff that are experienced at 1st party Internal Auditing but need to conduct external supplier audits or lead the team of auditors

Originally posted 27 November 2012, updated 3 September 2013