What is a Non-Conformance report?

Simply put, it is a report or document detailing the failings or shortcomings of a product, process, or service when they fail to comply with set quality standards. It is used to detail and describe when and where an organization’s product, process or service could not conform to certain standards and is utilized in the correction of the deviation/s and avoid the same pitfalls in the future. Unsurprisingly, it is always present in quality control processes. From tangible products to processes and services and even in recorded data and results, non-conformances can be found everywhere in every sector, and this leads to the need for NCR’s to record and review these issues within an organization.

NCR’s allow companies to locate process and/or product failures and can indicate where they need to improve or when they need to update these procedures. The NCR consists of:

  • The problem statement that details the issue found and includes the individual/s (usually the project managers and project consultants) who signed off on it, acknowledging the existence of such issues. Here the report details the process or flow and where the issue was encountered.
  • A section that describes the severity of the issue encountered and how it impacts the operation and functions of the organization along with areas of the workflow chain and specs directly affected. It may also specify how far from the standards, the deviations exist (outside tolerance ranges).
  • How the issue occurred or what part of the process chain might have triggered this.
  • Any damage control steps (corrective action plan) to be taken or already in place to alleviate the situation.
  • Sections detailing the root cause (RCA or root cause analysis section) and any preventive actions that should be implemented.
  • The closing off report that concludes when, how, and where corrective actions were put in place, along with preventive actions that were taken to resolve the non-conformances and the individual/s who acknowledged and signed off on it.

What are the ISO-9001 standards?

The ISO-9001 is a set of defined quality management system rules and standards that companies of all scopes and sizes can be certified to match irrespective of their fields. Once a company certifies for ISO-9001 standards (according to external certification body/s), clients are ensured to expect efficient and better products, continual improvements over system processes and stringent standards for quality management systems (QMS) that is to be expected from top quality companies. Compliance with ISO-9001 standards makes sure that companies organize and conduct internal audits and management reviews that ensure regular quality checks and that their services and processes follow the outlined standards. There are currently different standards from the ISO family for different sectors. The ISO 9000:2015, ISO 9001:2015 and ISO 9004:2018 deal directly with standards of quality management systems. For more information please check ISO 9000 FAMILY QUALITY MANAGEMENT

So, what does it mean if there is an NCR according to ISO-9001?

As explained above, the ISO-9001 outlines a list of specs and criteria that the company must meet if they are to ensure that their services are the best; failure to do so would then result in NCR. Now, NCR can exist for two forms of non-conformances, whenever there is deviation from the standards, these are 1) major non-conformity and 2) minor non-conformity and this can happen in any part of the business chain or auditing process; it can occur in the products, supply and/or production or even in human resources. The key point to take away is that non-conformance is ever-present and any failure to meet a certain desired function or spec is usually jotted down to an NCR. NCR in ISO-9001 then denotes that there is a lagging in the chain of the organization with respect to the ISO standards and must thus be addressed promptly if the company is to keep up in terms of quality with its competitors.

Differences between Major and Minor Non-conformance

Major NCR

Whenever there is a complete breakdown or disregard in quality management system (QMS) with reference to the ISO-9001 standards, there is an occurrence of a major non-conformance, and is quite severe and injurious to company health since it often means that products and services take a big hit. Efficiency of the firm will fall because of major non-conformances and the reliability and credibility of the company may fall under question if such issues and discrepancies are left unattended. Major non-conformances must be dealt with immediately otherwise, the company faces backlash from customers and can consecutively lead to falling revenue streams. There can also be safety hazards if there are major deviations from standardized specs and or failings in testing and inspection of products.

Minor NCR

As the name implies, minor NCRs are typically isolated and less obtrusive than their major counterparts, but such non-conformances also arise from the fact that there are slight deviations from standardized outlines. Usually, a minor NCR will not immediately affect the performance of the system, but if ignored, can accumulate and lead to major non-conformances down the line. As such, it is usually better to immediately address these seemingly trivial issues so that systemic failures do not arise in the future. As with other NCR forms, it is always advisable to keep track of all minor NCRs so as to keep the company and its processes operating as smoothly as possible. Minor NCR’s can also give helpful insights to areas of problems your company might have and help keep major NCRs at bay.

Reasons to utilize NCR and how it is beneficial

The objective or purpose of the NCR is to create a detailed report that can be used to identify, define, explore and record existing issues in quality management systems and products to help management to implement the proper corrective and preventive actions (CAPA) in order to circumvent around said issues and prevent others in the future. As such, keeping track of non-conformance reports can beneficial in several ways:

  • It helps companies keep a log of non-conformances and defects in their processes and services to better account and identify such problems if they were to ever occur at a later date.
  • Non-conformances might reveal the deficiencies within a quality management system and indicate any systemic failures present or that are bound to happen.
  • It is a valuable indicator of the performance of quality management systems and operations already put in place.
  • Improve and promote better corrective action and preventive action (CAPA) as proactive risk assessment is better carried out with a more comprehensive backlog of non-conformance data.
  • Working out non-conformances will result in improvements in efficiency and reduce costs that would otherwise be incurred if any such nonconformity existed.
  • Lead to increases in quality of products and services, which will directly tie into improvements in customer satisfaction and reputation of products and impact the company’s subsequent sales.
  • It can be used to train and teach employees updated processes and guidelines later on. 

Issuing an NCR

When to issue an NCR 

NCR should be issued whenever there is any sort of deviation from the standard working procedures, for example – using non-standard methods that can bring into question the integrity of the organization. It can also be issued when not following standard process protocols. They are also issued whenever the project specs are failed to be satisfied by the product, or when there is a mismatch between specs required and the ones achieved, or when products do not function properly as they should have. NCR should also be issued whenever there is a failure to properly follow testing and inspection processes in the quality control system. Finally, an NCR can also be issued whenever there is a fall in customer satisfaction which might indicate subpar products and services. In essence, any time there is a deviation from standard practices in the work chain or a failure to make a standardized product or service, one should issue an NCR. 

Where can an NCR be issued from (and who can issue them)

Anyone in the organization can report any non-conformance, in fact, it is important that non-conformances in any level of the work chain or audit process be reported as soon as possible. The more issues the organization can straighten out, the better the efficiency and productivity of the organization. With that being said, it is typically the project managers, personnel in quality departments, or project consultants who issue such reports formally. Project managers will often use these NCR’s later to train employees to be more proactive and appropriately handle any similar problems if they ever arise again.

The makeup of an NCR

The basic format of an NCR consists of:

  1. The non-conformance report details such as the issue found, the date it was discovered and the person/s who discovered it, and those that signed off on it acknowledging these issues.
  2. Detail the non-conformance with factual evidence that describes the nature of the issue, where it is located and what it hampers in the function of the overall process and what can be done to fix it. Risks should be updated as well. If the non-conformance comes from the supplier side for non-conforming component/s of a product, then the supplier information and order data are tabulated. A non-conformance complaint that stems from the customer side sees the customer name, data and complaints tabulated into the report.
  3. A section that mentions what to do with the non-conforming product or process. This section contains what is often called the disposition action and is assigned to someone who decides what to do with the product or process. If it is a product, the disposition action can be to either release, or repair and rework, recall or even scrap the product entirely.
  4. Detail the Corrective action/s taken to address the problem. Typically assigned to individual/s in quality who will carry out the actions necessary after reviewing the non-conformance.
  5. Detailed evidence to assess whether corrective actions were undertaken and if so, were they successful in mitigating the problems.
  6. Sign off by appropriate personnel who verified that corrective actions were in place and are functional, acknowledging a closure to the non-conformances.
  7. A detailed RCA section or root cause analysis that attempts to uncover the true causes that set the non-conformance chain in motion in the first place.
  8. Detail Preventive actions and/or process level changes set in place to make sure that such spec or process failures do not occur again.

With that said, modern quality management system software often has features that allow organizations to create and manage their own unique templates tailored to their needs. Extra sections can be added according to user preferences. However, the basic sections outlined above are generally present and provide the necessary framework to most user-defined NCR templates.

How to resolve an NCR when one is issued

To deal with and close an NCR report (resolve one), one must follow certain methodical sequence of steps to fix the errors and address all effects:

  1. Discuss and review with the NCR issuer, which standards were deviated from according to the ISO-9001 quality checks. After verifying all the details of the non-conformance/s, assess the magnitude of the non-conformance/s encountered.
  2. Collaborate and discuss the aspects of the NCR with the project manager and any other personnel and relevant departments in charge or connected with the area directly impacted by the issue in question. Try to develop a containment or damage control scheme and a plan of action to combat the root issue directly. Once a plan of action (or the corrective action plan CAP) has been decided, notify and inform the appropriate personnel who will assist in dealing with the issues.
  3. Start implementing the damage control schemes and correction action/s and document the details of the action, such as when the action was initiated, what resources are needed and other important details in a clear, concise manner.
  4. Run a rigorous and thorough inspection process once the correction action has been taken. This is to make sure processes and/or products are once again up to conformance and to evaluate the effectiveness of the action. Once again, detail this and verify since this will serve as the objective verification for the NCR and will indicate that the appropriate corrective actions were taken.
  5. Search, identify, and record the root cause of the non-conformance. With a given problem statement it is important to find the underlying cause/s that led to the issue in the first place. The root cause must answer fully all questions regarding the problem and leave no open questions left unanswered. In this step, involve as many employees that are connected to the area of the non-conformance/s in question, to better deduce and shed light on the real reason. Make sure that the entire team assembled is in agreement with the root cause/s deduced thus far. There are several qualitative and statistical tools that can be employed for the RCA process such as, the “5 Why’s”, fault tree analysis or various charts and plots constructed from data of previous non-conformity reports.
  6. Implement a long-term corrective action, or more appropriately, a preventive one once the root causes have been satisfactorily identified. Again, needless to say, this section must also be well documented.
  7. Once the final countermeasures have been set in place to deter the issue, there should be periodic internal audits for some time that will need to specifically check-up whether any trace of the problem might still exist. If it does, go back and reevaluate point 6 and re-implement.  

Consequences of piling up non-conformances

The benefits of weeding out non-conformances listed above [section 5] should also give an idea of what would happen if non-conformances were ignored. For example, the efficiency and productivity of the organization might fall, the frequency of product failures would increase, which would also be responsible for more product recalls and falling customer satisfaction leading to increased operational costs (defective goods often incur more costs). A continual trend down the line of poor products, services and support would also lead to a falling reputation of the organization and even result in them being red flagged, indicating a poorly performing organization that clients should steer away from. Non-conformances could also hinder companies from being ISO-9001 certified.

A few things to consider when receiving an NCR 

While we know that non-conformances negatively impact the organization and we cannot stress enough that NCRs are a powerful tool in combating these issues, it should also be noted that non-conformance reports themselves introduce a certain level of complexity. Frequent NCR issuing leads to more paperwork and delays in the standard day-to-day and auditing processes as the inspection and data collection (of the conformances violated) aspect for a non-conformance can be quite substantial. Naturally, it can also mean delays from strict time schedules and a need for increased expenditure and requirements for additional resources (if any is needed to correct the non-conformance).

There are also costs associated with correcting non-conformance/s. Expenses are incurred whenever there is something that needs to be fixed or reworked. It takes time to figure out root causes and money to fix them; in the case of process non-conformities, entire processes need to be re-evaluated and corrected or even reformulated entirely. It isn’t too hard to imagine the monetary aspect of it all. In other cases, entire products and services might need to be scrapped and replaced since they strain the organizations’ production and profits. There are also increased appraisal costs since the frequency of audits and quality checks can rise when checking for non-conformities or when monitoring the implemented corrective actions for existing ones. These costs are often short-term costs and are admissible especially if we consider how unchecked non-conformities can lead to worser backlash in the form of falling revenue, product recalls, legal costs, warranties, and losing clients (lost business) in the long run.

Why non-conformances don’t get reported from time to time

  1. Not reporting problems
    Sometimes individuals within the organization might deem minimal errors as seemingly trivial issues that would not hinder operations or work. Whether it be minor customer complaints on cosmetic defects or delivery issues, or slightly off-timed processes, it might seem trivial to report such issues. However, it should still be important to track these deviations to make sure they don’t compound into larger issues in the future.
  2. Employees unwilling to raise non-conformances to avoid conflict
    There might be the stigma that raising issues reflect poor performance on the employees records and this might lead to upper management marking them negatively. They might also perceive that they would be blamed and their PI (performance indicator) would be adversely hit if they keep bringing up all the negative non-conformances. If this is the case, then the organization should rethink how they evaluate employees and realize that NCR’s can help the organization grow and progress.
  3. Thinking that “It’s too much work”
    Employees might also not raise issues since it is simply too much of a hassle and an increase in paperwork to do so. This is also a no-no, and employees should be informed to evaluate and monitor problems regardless of how small they seem. They may also think that minor issues that are easily corrected can be ‘covered up’ easily and need not be reported; after all, it is taken care of right? Wrong, these issues can recur if there is some underlying cause to be addressed and must not be brushed aside so easily.

The main point to take away is that these causes need to be treated otherwise, employees and management might get into the habit of skipping non-conformance findings. This can potentially impact the health and success of the organization directly.

How to reduce or minimize non-conformances

It is always best to prevent issues instead of reacting to them, in that spirit there should be a few key steps to take to prevent too many non-conformances that can potentially send the organization spiraling downwards. 

The steps to follow are:

  1. Know the specs
    The first priority is to know the standards your organization follows. Knowing the standards for the processes and/or the products that must be followed is important. They often include guidelines and reference materials that set an outline or at least help in creating an outline to follow. This makes sure everything is ok and operating within permissible ranges. Everyone in direct dealing and vicinity of a project must also be well versed in what is expected and must be kept in the loop and aware of the process all the time.
  2. Conduct Audits
    Internal audits allow quality systems to be stress-tested and at scheduled intervals. These audits can also be segmented into smaller, focused audits that check different parts of the processes. What this means is that areas with recent non-conformance findings can be inspected with priority. Data from past reports and findings can dictate which systems or products need to be tested first and which ones later. Internal audits can often help to find major and minor non-conformances beforehand that have the potential to turn nasty in the future. Hence, not only are such audits good for checking if quality systems are in place but also to promote proactive methodologies to combat problems instead of relying on reactive ones. Frequent audits ‘weed’ out redundancies and leggings in the organization.

    Similar to internal audits, companies can get 3rd parties to audit their processes to verify their quality standards are up to par and compliant with industry standards. This is especially in the case of certifying for the ISO-9001 specs.
  3. Discuss with Quality Control inspectors and other employees
    Discuss and review project or product aspects with more quality control personnel and assign such individual/s to as many key areas of development and resource procurement as possible. This directly leads to quicker non-conformance detection, reporting, and solving. The more areas they are closely tied to, the more robust the quality systems checks and the higher the company efficacy in processes and product development.

    A functional organization always has excellent communication and management throughout its entire hierarchy chain; communicating, reviewing and sorting through the process chains with all the involved employees at every level can lead to better analysis of the problems and help implement more concrete counter measures. Personnel in closest proximity to areas of non-conformances can often work out flaws before they can turn to something significant at later levels. Such people must be alert and updated at all times. It can also help to understand which chain of employees might need updated knowledge, training and work practices.
  4. Routine Management Review
    Routine management reviews can also help update quality systems via updating or implementing new company policies, processes, standards, and objectives. New processes put in place by upper management can replace defunct or deficient processes that may not be optimal for the organization, resulting in a rise in productivity and efficiency. They can also update policies and priorities to focus on critical areas that are usually more susceptible to non-conformances. With adequate data and reports to draw from, management reviews can provide better risk assessment and management leading to quality decisions that benefit the company in the long run.
  5. Feedback from customers
    If there is any feedback, whether positive or negative, will prove beneficial in improving the company’s products. After all, it is the customers the organization seeks to satisfy. Having their input can help to indicate market trends and features in demand allowing the product to grow to their likings. It can also help to point out defects or shortcomings that stem from underlying non-conformances.
    Points of failure in products can help to pinpoint deficiencies in the processes that lead to its development. This can trigger corrective actions in the process chain. Such feedback can be tabulated and used as data to improve product features and processes, furthering product development continually.
  6. Proper QMS and Document Control Processes
    A proper quality management system standardizes processes, promotes efficiency, and continuously regulates and monitors practices. An effective quality management system is one that provides fluent internal communication and upholds different process specs; quality management systems that are ISO-9001 certified are recognized to value these things. Embedded in an effective QMS is an equally competent document control process that regularly updates, records, organizes, and distributes data. While this won’t seemingly help minimize non-conformances, it can indirectly translate to the NCR register and reports being properly recorded, distributed, and updated. Keeping the flow of information smooth and running. An automated document control process would also virtually eliminate human error and mistakes (such as mishandling of files). An organization that is continually updated is a competent one that makes fewer mistakes.
  7. Inform and encourage employees
    Reassure employees that there will be no blaming if they report customer complaints and other non-conformances. Reporting non-conformances should not adversely impact Key Performance Indicators (KPI) for personnel/s; employees should be motivated to report issues and problems instead of covering them up or passing the issues onto others. As stated in section-11, a skipped non-conformance is one not dealt with. The more errors and deviations that get reported, the more scope for improvement and consecutively fewer non-conformances in the future.

NCR FAQ (Frequently Asked Questions)

What is an NCR

A document that details all the standards and specs violated from a set of standardized requirements.

What is an NCR in ISO-9001

An NCR that shows a violation of the specific rules set by the ISO-9001 guidelines 

Major vs Minor non-conformance

A major non-conformance occurs whenever there are issues that can majorly impact the operation of an organization. Minor non-conformance occurs when the issues do not cause serious consequences.

Can there be major and minor non-conformance with reference to ISO-9001?

Yes there can be, whenever the ISO standards are not met. Be it a minor non-conformance or a major one.

The non-conformance is minor and taken care of. Does it need to be recorded?

It is always a good idea to track non-conformances (minor or major) since they can provide insights to root causes. Seemingly minor non-conformances can also add up in cost if it is recurring, so it is better to record them.

Are there any benefits to tracking and recording non-conformance/s

Yes it can help to identify patterns in recurring issues and help provide insights for root cause analysis during audits and inspections.

What is CAPA and how does it tie into NCRs?

CAPA is an acronym for corrective and preventive action and denotes the actions taken to bring about conformance by eliminating the causes and effects of the non-conformances.

 Corrective action vs Preventive action in handling non-conformance

Corrective action will prevent an identified non-conformity from recurring again. A preventive action will eliminate any potential non-conformity (that hasn’t occurred or might occur). 

Correction action vs corrective action for non-conformities

Correction action is taken to bring about conformance and eliminate causes of failures and poor performance in a product/process. Corrective action is formulated after the root cause analysis is performed and is used to prevent the non-conformances from happening again.

Are there costs associated with NCRs?

The costs that are incurred from an NCR is usually the one needed to correct the non-conformance. Reporting an NCR itself has virtually no cost to it.

What is QMS (and one certified according to ISO-9001)?

QMS stands for quality management systems and is defined as the policies, processes and procedures that help the organization to identify its objectives and reach its desired results. It can be applied to every sector or industry that complies with the ISO standards. The requirements for a standard QMS are provided in – ISO 9001:2015 Quality management systems — Requirements.

What is RCA (root cause analysis)?

The root cause is the very base cause that caused the non-conformance in the first place. The analysis carried out to assess and evaluate these root causes is the RCA procedure

Is RCA necessary in NCRs

Eliminating them would mean preventing the future non-conformances. 

What is an objective/evidence verification?

The evidence that the steps carried out to bring about compliance or correction of the issue discovered were taken and whether they are effective or not.

Key performance indicator (KPI or PI)

A metric that measures progress and performance in an organization according to set goals and objectives. This metric is used at all levels; from measuring company performance as a whole to evaluating individual departments and personnel. 

How can non-conformance reports be used in training employees?

NCRs and their successful root cause analysis can help an organization update practices and train employees to handle issues more effectively, reducing or even eliminating such issues in the future.

Internal Audit

Internal audits are conducted independently within an organization and involve evaluating systems, processes, objectives to provide objective assessment of the risks, effectiveness and compliance to standards. Internal audits are always neutral and transparent and help provide the organization with insights on areas that need focus and improvement on. Internal auditors report to senior management.

What is the role of internal audits in non-conformance reporting?

To ensure if processes and products meet statutory requirements or whether they are non-conforming. Audits can also uncover new issues which generate new non-conformance reports. 

External Audits 

External audits are conducted by 3rd parties outside the organization and are needed to certify to standards like the ISO-9001. An external audit checks for the organization standards and reports their findings to shareholders outside the organization body.

Management review

A routine meetup of senior management where the QMS is reviewed and evaluated for effectiveness and efficiency and is used to update or rework policies, processes and systems entirely

How management reviews help in reducing non-conformance/s?

Management reviews draw on audits, customer feedback and NCRs to make quality decisions regarding operations of an organization. This can help to provide better risk assessment and management leading to decreases in non-conformance.

Document Control

A system for organizing, categorizing, tracking, and authorizing documentation and reports on various systems and processes within an organization. Document control keeps the flow of information within a company going smooth and is an integral part of modern QMS.

What is an NCR Register

A log or database of identified non-conformances (both resolved and open ones).

Operational Cost

Regular ongoing costs for running and maintaining an organization. Such costs may include rent, resource expenses, overhead costs, employee payroll, etc. Operational costs in the scope of non-conformances may include costs for any extra components needed, or increased budget expenses due to reworking the design of defective products.

Choose suitable software for your business from QISS essential software list. We are always ready to provide you ISO-based QMS services through QISS QMS software.