A non-conformance means that something went wrong – a problem has occurred and needs to be addressed. Non-conformances are addressed with corrective actions.
You may find a non-conformance in a service, a product, a process, from a supplier, or in the system itself. It occurs when something does not meet the specifications or requirements in some way. Those requirements might be defined by the customer, a regulatory body, or in the internal procedures of the company.
A non-conformance could be identified through customer complaints, internal audits, external audits, incoming material inspection or simply during normal testing and inspection activities.
ISO 9001:2008 requires that you document your non-conformance procedure (clause 8.3) and keep records of non-conformance issues you identify and the actions taken.
ISO 9001:2015 no longer requires a documented procedure, but you must still keep records (“retain documented information”) of the nonconformity and what was done to correct it.
You’ll need to work out a process (documented or not) for how your organisation will deal with nonconforming output:
- how to decide on what immediate actions will be taken to correct the problem, and who is responsible for the decision. These immediate actions can be seen as ‘damage control’ and need to:
- stop further non-conformance
- assess the effects of the problem – how much, how bad (e.g. scrap / rework),
- contain the effects – e.g. quarantine defective items
- notify affected customers, if necessary
- how reworked items should be checked (if it is different from normal inspection)
- how and where a non-conformance should be recorded
- what steps should be taken to identify any defective product released to a customer
- what, if any, concessions/discounts will be given to the customer
- how a decision will be made on whether further corrective action is necessary