What does the standard require?

As quality professionals, we are all familiar with manufacturing non-conformances. Operational irregularities, wrong sizes, colors, scratches, and the like. These issues are the bane of quality managers everywhere and cause many sleepless nights. However, this paper is centered on ISO audit non-conformances an organization’s omissions/failures to comply with the requirements of ISO 9001:2015 and what are examples of ISO audit non-conformances?

The meat and potatoes of ISO 9001:2015 are centered around clauses 4-10 that form the nucleus of the standard. Each section has specific required elements that many organizations fail to comply with within the QMS operations. This paper will quickly examine each clause and common omissions of necessary actions to which organizations can fall prey.

In clause 4, ISO introduced the concept of the organization, specifically the identification of interested parties and their relationships with an organization’s QMS. The parties need to be defined, and their relationship to the organization needs to be documented, monitored, and measured – many organizations fail to properly perform this task and suffer audit findings as a result. Furthermore, failure to properly perform this required action can lead to issues related to QMS performance and quality objectives being insufficiently determined and measured.

Clause 5 dramatically expands the required performance of management leadership in the daily operations of an organization. Also, these required additions play a significant role in management review. Many organizations do not fully implement the management requirements or adequately define the roles and responsibilities of management as required by this section. This can lead to audit findings and an overall insufficient leadership role within the QMS. 

Clause 6, organizations must plan and define actions when changes are being made to the QMS. Additionally, organizations are required to evaluate risk throughout their QMS. This area of ISO is often not adequately assessed or updated as needed and can cause QMS risk to go undetermined and may create audit issues in the future.

Section 7 deals with several aspects of the QMS but, of note, are the calibration requirements and the introduction of knowledge management. ISO mandates accuracy with measuring devices. Some organizations run afoul of this requirement because they are not using the appropriate tool/measuring device for a measurement taken, so the result is inaccurate. Additionally, some organizations have difficulty protecting their instruments from damage, as required by the standard, leading to incorrect results and audit headaches.

Organizational knowledge is required for an organization to define, capture, and preserve its knowledge of its operations. Types of knowledge include organizational ability, engineering, training records, etc., and organizations must capture this knowledge, but auditors frequently find that it’s not. 

Section 8 focuses on the control of operations, which should be carefully monitored and measured, especially when preparing for an audit. In-process inspections often are not adequately documented and can cause harm to the product and the organization’s QMS performance.

Receiving inspections can also be ineffective if not documented procedurally. The procedure for approving and disqualifying vendors is often not defined, which is a frequent finding among auditors.

Section 9 contains management review requirements and a laundry list of mandatory considerations. Often, organizations fail to include required information related to this section and not show proof of quality objectives measurement results adequately. Additionally, adequate data of measurement results is often absent and fails to give a true picture of the organization’s QMS and can lead to audit findings.

Section 10 contains sets forth the requirement of dealing with all non-conformances and their consequences. Root cause analysis and corrective actions, and effectiveness evaluations are required and often not documented by an organization, leading to audit non-conformances.

This paper touches on several of the more commonplace types of audit non-conformance findings. A more detailed examination of these types of non-conformances with be forthcoming in future publications.