Home Resources Blog September 2019

What is a Non-Conformance in Relation to ISO 9001, ISO 14001 & ISO 45001?

25 September 2019
There is a common theme throughout the 3 standards beyond the required specialist knowledge to manage the operations and requirements...

‘Non-conformity’ is included in all 3 standards and all need ‘corrective action’.

It is rare that any company who has human involvement will NEVER have a non-conformance within their 3 year cycle.

The purpose of an external audit is not to punish you when things occasionally go wrong, but instead to see what you do about them and how you improve your processes to reduce risk of the same issues happening again.

Whether your company records 3 non-conformities a year or 300 a month, the purpose of ISO is to show continual improvement by reacting quickly and discovering if there’s a trend.

What is a non-conformance?

Quality - Something which has gone wrong or not met the requirements of the quality management systems processes. (e.g. missing traceability, not using current version of documentation.)

Environment – Something that has gone wrong even though there are things in place to prevent an event which can cause environmental damage. (e.g. an environmental risk assessment missed or not reviewed, using spill kit and not replenishing, not thoroughly investigating statutory issues, or not utilising aspects and impacts.)

Health and Safety – Something which has gone wrong such as; protective equipment not functioning properly; failure to fulfil legal and other requirements; company procedures not being followed.

Simply put: something that has gone wrong and requires action!

What is corrective action?

Quality – You must document both the non-conformity and the corrective action. What went wrong, how did you contain it, what was the root cause and how did you fix it? (e.g. we expected a customer order to be completed/delivered by the 10th of the month; it didn’t happen until the 15th. Did contract review process not factor resources, was it the delivery company, can you prevent this happening again?)

Environment - You must document both the non-conformity and the corrective action. Also consider what negative effect the non-conformance had or may have had on the environment? (e.g. we failed to complete necessary checks, we didn’t notice an oil leak, we need to correct it, but we need to reassess damage, containment, root cause, how do we prevent it happening again?)

Health and Safety - You must document both the non-conformity and the corrective action. Consider what negative effect the non-conformance had or may have had on safety/health. (e.g. PPE in disrepair or unavailable may result in near miss, may breach PPE legislation, may result in an incident which requires reporting.) The result of corrective action is to eliminate a hazard.

Is it the company’s decision as to what constitutes non-conformity?

Within ISO 14001 and ISO 45001 it is likely that non-conformity may need to involve an external body such as Environment Agency or HSE, this is why identifying non-conformance, correcting it and recording it is positive!

The implication of these and having a competent person to identify them is therefore more of a specialist nature and although a common theme with quality, should not be merely seen as a bolt on.

To a certain extent with ISO 9001:2015 it is purely the decision of the company as long as it is compliant with the International standard, Regulatory and Statutory requirements. If however we enter into the compliance of Standard in the spirit which it is intended, you may wish to consider the following when defining a non-conformance:
Please remember... a non-conformance is NOT a failure of a person, but should be utilised as a tool to improve your business by helping you understand where potential future risks and opportunities sit.