Achieving a good result at an ISO 9001 Audit should be a walk in the park for a well designed, developed and implemented Quality Management System. During the audit, the Certification Auditor will sight objective evidence to support conformity with each of the sub-clauses (clause numbers 4-10) of ISO 9001. This will mean an ISO 9001 audit result of either:
- Satisfactory – all is well
- Improvement Opportunity – the auditor is recommending improvements (take them or leave them)
- Observation – things may be going off the tracks
- Minor Non-conformity – isolated minor deficiency identified
- Major Non-conformity – major deficiency identified
Note: If you have received a dreaded ISO 9001 Quality Management System major non-conformity it means there has been a significant deficiency identified in the structure and/or the implementation of the quality management system but don’t panic! Read on.
What is the difference between a non-conformity and a non-compliance?
Before we go into the details of the various audit codes it is worth reflecting on the terminology used (incorrectly at times) around ISO Audits.
- A Non-compliance is typically used when there is a breach of externally imposed requirements, for example, when you have not complied with the law (Acts, Regulations, etc) – Noncompliance.
- A Non-conformity (also known as a Non-conformance) is normally used in situations where there has been a failure or non-fulfillment to conform with internally imposed requirements such as ISO Standards (eg ISO 9001 Quality Management Systems).
So when talking about ISO Audits you would normally say audit Non-conformity as opposed to audit Non-compliance. On the flip side (where you want to be), you would conform with ISO standards and comply with legal requirements.
ISO 9001 Audit Codes
A note about ISO Audit codes: Under JAS-ANZ, Certification Bodies are not obliged to use specific Audit Codes so these may vary somewhat depending upon which Certification Body conducts the audit. For example (with reference to the definitions below), some Certification Bodies will raise an Improvement Opportunity as their Observation, a Minor Non-conformity as an Improvement Request, and a Major Non-conformity as a Non-conformity. So much for standardisation! That said the following definitions will largely apply.
Satisfactory (SAT) objective evidence was sighted to demonstrate conformance with ISO 9001:2015 Quality Management Systems. No further action required here – keep up the good work and well done!
If the ISO Certification auditor identifies an Improvement Opportunity (IO) then it means they think things could be done better and they are making a recommendation to try and add value to your Quality Management System through their audit service. Bear in mind that there are many ways to skin a cat and some ISO 9001 Certification auditors may be used to seeing systems set up in a way that may not necessarily be the best solution for your business. You aren’t required to action IO recommendations made in the audit report however it is a good idea to address them in either the Improvement Register or QMS Management Review Minutes, even if it is just to say that you have reviewed the recommendations and aren’t going to proceed with them.
If the Auditor gives you an Observation (OBS) it means that things aren’t going to plan and there are some issues that need addressing before they escalate to a Minor or Major Nonconformity. Observations should be registered in your improvement framework and action taken to address the recommendations made prior to the next surveillance audit from the Certification Body.
An isolated failure to conform with the requirements of the ISO standard or implement the Quality Management System is generally classified as a minor nonconformity and as a minimum should be addressed within the next 12 months prior to the next surveillance audit.
A Corrective Action Plan is not usually required as long as the non-conformity is registered into the improvement framework and addressed in a timely manner (maximum of 12 months). Corrective action taken to address a Minor Non-conformity will be reviewed at the following surveillance audit and if appropriate action has not been taken then the Minor will likely escalate into a major Non-conformity.
A Major Non-conformity means the auditor has determined that there is a complete or significant absence of any objective evidence to support conformance to the clause, or a complete failure to implement the Quality Management System to requirements.
If you receive a Major Nonconformity then you will not receive certification (if it is your initial audit) until the Non-conformity has been closed out, and if you are already certified then the Certification Body will not renew your certification if the Non-conformity has not been actioned within three months (ie certification suspended). But again – don’t panic!
When a Major Nonconformity is raised, simply complete the following five steps:
- Complete a Corrective Action Plan (including Root Cause Analysis).
- Submit the Corrective Action Plan to the Certification Body for review and approval within one month of the audit date.
- Action the items detailed in the Corrective Action Plan within three months.
- Update the Corrective Action Plan when the action items have been completed to indicate they have been closed out.
- Send the completed CAP to the Certification Body, along with any other evidence required to support the completion of the action items.
Based on the information provided the Certification Body may decide a follow-up audit is required to verify the effectiveness of action taken.
How to Avoid ISO 9001 Audit Non-conformity
Consider engaging an ISO 9001 Consultant to undertake a comprehensive internal audit prior to certification, surveillance or recertification audit from a Certification Body. A thorough Internal Audit will ensure any deficiencies are identified and an action plan established before non-conformities are picked up by the ISO 9001 Certification Auditor.
Outsourcing your internal auditing to Streamline provides independence, objectivity and eliminates the requirement for employee training and diversion from normal work activities – both of which cost time and money. Our Certified ISO Auditors provide experience, professionalism, and the high level of diplomacy required to facilitate effective internal audits.
Your business will receive highly objective and impartial audits that will add real value to your management system and ensure any problems with the QMS are identified and actioned before you receive a Non-conformity at the external audit.
Benefits of ISO 9001 Internal Auditing
- Receive highly objective and impartial audits that will add real value to your management system,
- Reduced requirements for internal auditor training and logistical costs,
- Allow your employees to focus on their core jobs so there is minimal disruption to normal business operations,
- Avoid internal political issues that may arise due to internal departments cross-auditing,
- Meet the requirements of management system standards,
- Ensure your management system is effectively implemented,
- Identify opportunities for improvement, and
- Reduced non-conformance findings from certification bodies.
Contact Us Today
If you’d like more information on ISO 9001 Internal Auditing, or to request a Quick Quote please use the form to the right and one of our ISO Consultants will contact you within one business day.
If you would like to speak with someone straight away feel free to call us on the numbers below – we look forward to hearing from you and answering any questions you may have.
- Brisbane ISO Consultants 07 3667 8280
- Sydney ISO Consultants 02 8315 7780
- Melbourne ISO Consultants 03 9034 3990