In this post “ISO 9001 Clauses Explained” we dive into Control of Nonconforming Outputs.



Control of nonconforming outputs can be viewed in several different lights. For instance, if we’re looking strictly at the quality of our products or services, this is a traditional nonconformance report form. Other variations may be nonconforming material reports, a defect form or just a nonconformity. All of these imply the same general intent.

A nonconformity is effectively output that did not conform to our previously identified requirements and we take note of it. A non-conformance report, NCR for a common language, has really one or two main purposes. We want to identify how many times a part of our process did not conform to the expected outcome. Separately we may make a determination to quarantine the material until a decision can be made. This decision we often reference as our disposition code, with these common disposition codes

  • retrain/educate
  • rework
  • scrap
  • accept with concession
  • leave as is

The disposition codes above are taken as an interpretation of the following requirements from the ISO 9001 standard.

The organization shall deal with nonconforming outputs in one or more of the following ways:
a) correction;
b) segregation, containment, return or suspension of provision of products and services;
c) informing the customer;
d) obtaining authorization for acceptance under concession.
Conformity to the requirements shall be verified when nonconforming outputs are corrected.

ISO 9001:2015 8.7 Control of nonconforming outputs – 8.7.1

It is not uncommon to collect large volumes of data. By doing so, you are able to develop trends, find patterns, or maybe find a clustering of defects. The knowledge you can gain from analyzing this data is oftentimes unlimited and profound. You could learn something as simple as a machinist we have on 2nd shift is performing poorly. The process of reviewing and analyzing data over time can lead to a much better understanding of the problems in the process. Whatever it is that you learn from the analysis of your nonconformance will allow you to have a better input into your corrective action process.

Nonconformance Report vs Corrective Action Report

Let me be clear that a nonconformance report and a corrective action report are two very very different processes. In the ISO 9001 standard, the conformance of our production and service provision and control of nonconforming outputs are governed under clause eight. Clause eight is all about doing the work in the PDCA cycle. A nonconformance report comes from reporting on nonconformities in the “do” phase, this is the D of our PDCA cycle. The Corrective Action takes place in the “act” phase, the A in the PDCA cycle.

Other Purposes of Nonconformance Reports

A nonconformance report need not be limited strictly to the outputs of the production and service process, they can be issued against any number of points throughout various processes. For instance, a purchase order that is missing the required SKU or a necessary sign-off. These are excellent opportunities to issue a nonconformance report, we want to track and trend these nonconformities as well as nonconformities identified through the production and service provision outputs. These types of nonconformities earlier in the process or through other ancillary processes can ultimately harm our reputation with customers, it can cause an increase in rework, increase in confusion, and delay. Some organizations do choose to issue nonconformance reports in the production service provision process versus other processes such as HR, Safety, or Document Control for example.

Another great example is health and safety. With health and safety, your typical nonconformities are either in the identification of a near miss (which typically necessitates an investigation), or perhaps with unsafe conditions identified throughout the workplace. There is no requirement to utilize a separate form for these various types of nonconformances, but in many instances, it can be helpful. The simplest and easiest way to track these various types of nonconformities is through defect codes. Two tiers of defect codes(included in QA Cloud) can often provide for greater control of what otherwise can turn into a mess of endless codes. For instance, we may have a tier one defect code for shipping receiving, with several tier two defect codes associated with it regarding the packing list, material identification, the counts of the materials, and so forth. We may otherwise have a tier one defect code that identifies this as a health and safety issue, with several tier two defect codes relating to a spill, a trip hazard, or failure to display appropriate warning signs, etc…

Minor vs Major Nonconformance in daily reporting

A process that has been observed before and is highly discouraged is separating our nonconformance reports by significance or status. An example that we’ve seen a couple of times is where you would have a minor nonconformance versus a major nonconformance. This is understandable considering this is the nomenclature given during an internal audit or an external audit. But during the regular course of the production process this is not an ideal solution. This implies a certain level of root cause analysis and a certain level of risk assessment has been conducted on the issue at the point of issue to make the determination of minor versus major. During an internal audit or an external audit, the auditor does take substantial time to review any findings and make the judgment call of minor versus major, and there are strict criteria for governing minor versus major findings in an audit. Your typical shop supervisor or inspector does not have such training, criteria available or time to properly analyze the nonconformance prior to its issue. It is best to take the opportunity to quarantine any defective material (or place services on hold), and then submit to leadership for review. At that point, if this nonconformance is determined to be significant, major, or in any way, the next course of action is either to quarantine, scrap, or in fact issue a corrective action if it is determined that this particular issue needs to be prevented from recurring in the future. Failure to treat nonconformances in this manner can lead to what Edward Deming referenced as tampering. The average employee in an organization is not going to immediately be able to identify the difference between a common cause and a special cause. If we try to prevent every nonconformance by treating it as correctable via simple corrective action, we’re going to wind up tampering with the system to such a degree that we introduce new inefficiencies and new sources of future defects.

Texas Quality Assurance
TQA Cloud QMS Software

Email: | Tel:(512)548-9001
LinkedIn Facebook Instagram Twitter(X) |  YouTube

Quality Management Simplified

QMS Software | Consultation | FQM | Auditing

#QualityMatters podcast is streaming on

iTunes Spotify Audible YouTube