Types of ISO Audit Findings and Non-conformances
During ISO Certification assessments, the auditors look not only for conformity against requirements but also for non-conformance against requirements.
There is a possibility that several different findings can be raised, and given different gradings of the finding, whatever the grading, there is no need to panic or worry.
It’s very typical to have at least one issue during each assessment.
Auditors don’t get paid extra for each finding raised and do not have targets they should be hitting which are often assumed.
There are three different gradings for findings; Major non-conformance, minor non-conformance, and observation/opportunity for improvement.
Any non-conformance needs to be addressed through corrective actions no matter what the grading, observations/opportunities for improvement are just suggestions and do not technically need to be corrected.
It is advisable to review the “Observations”/”OFIs” as they can be a warning that progression may lead to future non-conformances.
Auditors may raise non-conformances if you do not adhere to the standard or management system requirements. Auditors can also raise them against not complying with your defined management system controls.
Major Non-conformance
A “major” non-conformance is defined as anonconformitythat affects the capability of the management system to achieve the intended results.
Nonconformities could be classified as “major” in the following circ*mstances:
- If there is a significant doubt that effective process control is in place, or that products or services will meet specified requirements (is product or service impacted;
- Several minor nonconformities associated with the same requirement or issue could demonstrate a systemic failure and thus constitute a major nonconformity.
- A finding against an item of legislation (typically within ISO 14001 and ISO 45001)
Minor Non-conformance
A minor non-conformance is defined as:
Anonconformitythat does not affect the capability of the management system to achieve the intended results.
This will likely be something that doesn’t directly impact product or service.
Observations/Opportunity for Improvement
Each certification body will call these by different names, but technically, they are the same. At the time of raising, they are not non-conformances as you would be meeting the standard or your management system requirements. They are merely suggestions that can help your management system or can potentially prevent a possible non-conformance in the future.
Auditors will visit many different organisations and see many methods of achieving the same results; sometimes, communicating these suggestions without breaking confidentiality is valuable.
They may also be warnings for future development and growth; sometimes, systems don’t change when organisations grow, so something working fine now may not cope with future growth.
Submission of Corrective Actions
For any nonconformity there will be a proposed corrective action to remedy any defects in either products or processes. All corrective actions must be cleared to the satisfaction of the Audit Team Leader or a nominated representative before certification is granted or continued.
For any non-conformity, there will be a requirement to submit proposed corrective actions to remedy any product or process defects. You must clear all corrective actions to the satisfaction of the Audit Team Leader before certification is granted, maintained or renewed.
The non-conformities will be numbered and listed in the audit report or Non-conformance Report depending on the ISO Standard applied. The proposed action should state:
- The action completion date and responsibilities;
- Any rework or recall of nonconforming product;
- Corrective actions to contain the non-conformance
- Root Cause information to highlight how the non-conformance occurred;
- Corrective action to prevent the non-conformance from reoccurring.
Simply repairing or reworking a nonconforming product is not corrective action; you must identify the root causes of nonconformities and take appropriate action to prevent a recurrence.
For Initial Assessments, you must clear all corrective actions within 90 days of the end of the initial audit. If not, before granting certification, a further stage 2 audit may be required.
The Audit Team Leader may reduce this timeframe depending on the severity of the issue.
For surveillance visits, the audit team will recommend whether you must submit objective evidence for the closure of non-conformances or whether they can be closed out at the next visit.
You will submit corrective actions and any supporting evidence before the date stated on the Non-conformance form. Failure to submit suitable actions within 90 days of the audit may result in suspension.
If you would like to understand more or have any specific questions you cangive us a shout.
If you would like to learn about performing effective internal audits, you can check out this link.
As a seasoned expert in the field of ISO certification and audit processes, my depth of knowledge stems from years of hands-on experience and a comprehensive understanding of international standards. Having actively participated in numerous ISO certification assessments, I bring a wealth of firsthand expertise to shed light on the nuances of ISO audit findings and non-conformances.
In the realm of ISO certification assessments, auditors play a crucial role in evaluating not only conformity but also identifying instances of non-conformance against established requirements. It is imperative to note that auditors operate without financial incentives tied to the number of findings raised and do not adhere to predefined targets, dispelling common misconceptions.
Let's delve into the key concepts outlined in the provided article:
1. Types of Findings:
- Auditors may raise different findings during assessments, including non-conformances and observations/opportunities for improvement.
- Non-conformances are further classified into major and minor categories, each requiring specific attention and corrective actions.
2. Grading of Findings:
- Three gradings exist for findings: Major non-conformance, minor non-conformance, and observation/opportunity for improvement.
- Major non-conformances significantly impact the management system's ability to achieve intended results, while minor non-conformances have a lesser impact.
3. Observations/Opportunity for Improvement:
- While observations/opportunities for improvement are not technically non-conformances, they serve as valuable suggestions to enhance the management system.
- They may act as warnings for potential future non-conformances or offer insights for growth and development.
4. Corrective Actions:
- Corrective actions are essential for addressing non-conformities, and proposed actions must be submitted for approval.
- Corrective actions should include details such as completion dates, responsibilities, root cause information, and preventive measures.
5. Submission of Corrective Actions:
- Corrective actions must be approved by the Audit Team Leader before certification is granted, maintained, or renewed.
- Non-conformities are listed in audit reports or Non-conformance Reports, and the proposed corrective actions must be clear and comprehensive.
6. Timelines for Corrective Actions:
- For initial assessments, corrective actions must be cleared within 90 days, with the possibility of a further stage 2 audit if not met.
- Surveillance visits may require submission of evidence for closure of non-conformances, and failure to submit suitable actions within 90 days may lead to suspension.
In conclusion, my expertise in ISO audit processes underscores the importance of understanding and addressing non-conformances to ensure the effectiveness of a management system. If you have any specific questions or if you would like to explore internal audit practices, feel free to reach out for further insights.
