Skip to content

ISO consulting & certification specialists/Supporting businesses right across Australia

ISOISO AccreditationAustralia

Educational Explainers

ISO Nonconformities and Corrective Action Explained

21 Mar 20266 min read

What ISO nonconformities are, the difference between major and minor, and how corrective action and root cause analysis turn findings into real improvement.

The word nonconformity makes a lot of people nervous, especially in the run up to a certification audit. It sounds like failure. In reality, nonconformities are a normal and even healthy part of any working management system, and how you handle them is one of the truest tests of whether your system is genuine or just for show. Handled well, a nonconformity becomes a small, contained improvement. Handled badly, the same problem comes back again and again. This guide explains what nonconformities are, the difference between major and minor, and how corrective action actually works.

In short: a nonconformity is simply a failure to meet a requirement, of the standard, of your own system, or of a customer or legal obligation. Corrective action is what you do to stop it happening again, which means finding and fixing the root cause, not just patching the symptom. The combination is sometimes called corrective and preventive action, or CAPA.

What is a nonconformity?

A nonconformity is a failure to meet a specified requirement. That requirement might come from the ISO standard itself, from your own documented procedures, from a customer contract, or from a legal obligation. If your system says inductions must be completed before a worker starts on site and one was not, that is a nonconformity. If the standard requires management review and you have not held one, that is a nonconformity. It is a gap between what should happen and what did.

Nonconformities are found in several ways: during internal audits, during certification audits, through customer complaints, through incidents, or simply through staff noticing that something is not right. A system that surfaces nonconformities is working. A system that never records any is almost always one where people are not looking, or are afraid to report what they find.

Major versus minor nonconformities

In the context of a certification audit, nonconformities are usually graded. The distinction matters because it affects what happens next.

Minor nonconformity

A minor nonconformity is an isolated lapse or a single failure to meet a requirement that does not undermine the overall system. For example, one training record is missing, or one document is out of date. At a certification audit, minor nonconformities typically require you to submit a corrective action plan, but they do not by themselves prevent certification.

Major nonconformity

A major nonconformity is more serious: a complete absence of a required process, a systemic failure, or a breakdown that calls the effectiveness of the system into question. For example, you have no internal audit process at all, or a requirement is being ignored across the business rather than missed once. A major nonconformity generally must be resolved, with evidence, before certification can proceed.

Why correction is not the same as corrective action

This is the distinction that separates real improvement from endless firefighting, and it is worth getting right. Correction is the immediate fix: you deal with the specific problem in front of you. Corrective action goes deeper: it addresses why the problem happened, so it does not happen again. If a delivery went to the wrong address, the correction is to resend it; the corrective action is to fix whatever in the process allowed the wrong address to be used. Without corrective action, you keep correcting the same problem forever.

How corrective action works, step by step

  1. Identify and record the nonconformity, clearly and against the specific requirement it breaches.
  2. Take immediate correction, dealing with the specific instance so no immediate harm continues.
  3. Investigate the root cause, asking why the nonconformity happened until you reach the real underlying reason rather than a surface symptom.
  4. Determine and implement corrective action, changing the process, training, controls or system so the cause is removed.
  5. Verify effectiveness, confirming after a suitable period that the corrective action actually worked and the problem has not recurred, then closing the nonconformity.

Getting to the real root cause

The quality of a corrective action depends entirely on the quality of the root cause analysis behind it. The most common failure is stopping too early, blaming human error and moving on. Human error is almost never the real root cause; the real question is why the system allowed the error to happen and reach a consequence. Simple techniques like repeatedly asking why, or mapping the contributing factors, help push past the symptom to the underlying cause. Fix the cause, and the symptom stops appearing.

Why this is the heart of continual improvement

Nonconformities and corrective action are not a sign that your system is failing; they are the engine that makes it improve. Every nonconformity properly investigated and corrected makes the system a little stronger and the business a little better. Certification auditors understand this well, which is why they are often more reassured by a business that records and resolves nonconformities maturely than by one that improbably claims to have none. A living system has findings; a dead one has silence.

How ISO Accreditation can help

We help Australian businesses build genuinely effective nonconformity and corrective action processes, the kind that find real root causes and stop problems recurring, rather than generating paperwork that never fixes anything. We coach your team on root cause analysis and make sure your corrective action process satisfies auditors and actually improves the business. Book a free consultation to discuss your system.

Book a free consultation → isoaccreditation.com.au/contact-us

Call 1800 577 060 · info@isoaccreditation.com.au

Frequently asked questions

What is a nonconformity in ISO?

A nonconformity is a failure to meet a requirement, whether of the standard, your own system, a customer contract or a legal obligation. It is a gap between what should happen and what did.

What is the difference between major and minor nonconformities?

A minor nonconformity is an isolated lapse that does not undermine the system. A major nonconformity is a systemic failure or complete absence of a required process, and generally must be resolved before certification can proceed.

What is the difference between correction and corrective action?

Correction is the immediate fix of the specific problem. Corrective action addresses the root cause so the problem does not recur. Both matter, but corrective action is what drives genuine improvement.

What is CAPA?

CAPA stands for corrective and preventive action, the process of addressing the causes of nonconformities and preventing their recurrence. It is central to continual improvement in ISO systems.

Is it bad to have nonconformities?

No. Recording and resolving nonconformities is a sign of a healthy, working system. Auditors are often more reassured by mature handling of findings than by a business that claims to have none.

Keep reading