System audit nonconformity determination method

During internal and external system audits, there may be occurrences of nonconformities/noncompliances in certain aspects of the company's system operation. Below we will study these related issues:

1. Definition of Nonconformity (Noncompliance): Failure to meet requirements

Note the distinction:

Nonconforming product: Usually refers to a product that fails to meet a quality characteristic requirement.

Nonconformity: For quality management system activities, when an activity or its result fails to meet requirements, it is called a nonconformity.

2. Manifestations of Nonconformities:

1. Nonconformities in documentation

2. Nonconformities in products

3. Nonconformities in processes

3. Nonconformities in personnel

4. Nonconformities in environment

5. Nonconformities in records and data

3. Principles for Determining Nonconformities:

1. Focus on audit evidence. Facts lacking sufficient evidence cannot be judged as nonconformities. Attention should be paid to factual basis; auditors should not rely on speculation, assumptions, or personal work experience to impose requirements on the auditee. For facts disputed by the auditee, confirmation should be made through negotiation or re-evidence collection.

2. Insist on personal verification. For example, during an on-site audit, an auditor hears from an inspector that the company ships final products without inspection.

3. Strictly follow audit criteria. The determination of nonconformities should be based on the explicit requirements of the ISO9001:2015 standard. Nonconformities should not be raised beyond the specified scope. For example, if the auditee sells products at a loss, nonconformities related to quality costs should not be raised.

4. Types of Nonconformities:

A. Classified by degree of nonconformity

1. Major nonconformities (referring to systemic nonconformities, regional nonconformities, or those with serious consequences)

a. Serious nonconformity with audit criteria and requirements (missing or reduced requirements)

b. Results may cause failure of the quality management system (e.g., uncalibrated equipment)

c. Unable to ensure the quality of provided products (services) meets requirements, leading or potentially leading to serious consequences (e.g., product safety indicators exceeding limits at shipment, personal injury caused by product use, deliberate shipment of nonconforming products to customers)

d. A large number of general nonconformities concentrated in a certain area or process reflecting organizational failure.

2. Minor nonconformities

a. Slight nonconformity with audit criteria and requirements (e.g., document changes without approval, customer complaints not handled)

b. Isolated, occasional, minor violations of quality management system requirements (e.g., production equipment failure, inspected semi-finished products without identification)

c. Consequences that may or have occurred are not serious, with little impact.

3. Observations

Evidence is insufficient to confirm whether it constitutes a nonconformity, but the fact may cause adverse consequences. For example, internal audit plans not considering previous audit results.

B. Classified by cause of nonconformity

1. Systemic nonconformities

Quality management system documents do not comply with applicable laws, regulations, standards, contracts, etc.

For example, failure to establish documented corrective action control procedures, failure to clearly review nonconformities (including customer complaints), determine causes of nonconformities, evaluate and ensure measures to prevent recurrence, and determine and implement necessary measures. After nonconformities occur, merely addressing the issue without preventing recurrence is insufficient.

2. Implementation nonconformities

Failure to implement as documented. For example, a company's procedure requires regular customer satisfaction surveys, but this activity was not conducted.

3. Effectiveness nonconformities

The quality management system documents comply with standards or other document requirements, and on-site implementation is as prescribed. However, for some reason, the operational effect does not meet expected requirements.

For example, repeated occurrence of the same type of batch nonconformities during production.

5. Points to note when determining nonconformities:

1. Whether evidence of nonconformity is accurate and sufficient

2. Whether all necessary details are included

3. Whether the determination of violation of requirements is accurate

4. Whether the same fact is mentioned multiple times

5. Whether it is concise and easy to understand

6. Whether the reasons for judging a major nonconformity are sufficient

7. Whether it is convenient for the auditee to correct

Supplement missing necessary details; if evidence is insufficient, it is better not to write; if evidence for a major nonconformity is insufficient, it can be rewritten as a minor nonconformity;

If the same fact is mentioned multiple times, choose the issue that best reflects its essence to write.

For determined nonconformities, the auditor writes a nonconformity report and submits it to the audit team leader for approval. If there is disagreement within the audit team, the team leader has the final decision authority.