Non Conformance report

An effective non-conformance report process can add significant value to your business as well as helping you meet regulatory requirements.

In this article, we’ll take a look at what a Non Conformance Report is, what it’s used for, an example report and how the humble NCR can actually help your organization. We’ll also take a look at its good points and some things to watch out for when your setting up your NCR process.

In this post, we’ll discuss

  • Non Conformity and ISO 9001
  • Reporting Issues & deviations with a Non-conformance report
  • When is a Non-Conformance Report Issued?
  • What happens after a Non-conformity has been identified.
  • Which organizations issue non conformance reports
  • Who releases a Non-conformance report
  • What does a Non-conformance report contain
  • Common Issues with non-conformance reports

Ok, let’s get started.

Non-conformance reporting and ISO 9001 

To begin with, let’s take a look at when things go wrong within a standards-based environment.

In ISO 9001, non-conformity is defined as a state where requirements have not been met. Requirements can mean various things, examples include:

  • Regulatory requirements
  • Customer requirements
  • Quality standards within the organization.

So a non-conformance is when one of these things has not been achieved, such violations are usually classified in two ways:

  • Minor Non-conformances – A quality management system failure is unlikely as a result of the issue
  • Major Non-Conformances – a significant breach of requirements (i.e. does not meet ISO standard, failure to meet customer requirements)

It’s important to remember that non-conformance can happen anywhere within the organization at any level/function.

Pertaining to NC’s there are certain requirements for record-keeping within 9001, and you need to keep your eye on exactly what part of the regulation is being broken – i.e., why the non-conformance report is being raised in the first place.

Reporting Issues & deviations with a Non-conformance report

Often abbreviated to NCR, a Non-conformance report is used to document and describe deviation(s) from a standard when they’ve been identified.

Usually, there is a specific control process within your Quality Management System that describes the process for non-conformance reporting. It’s typically used to: 

  • Document an issue
  • Describe how it happened
  • Detail containment actions
  • Describe Prevention measures.

In utilizing NCR’s to document issues, the resultant non-conformance report can then be used at a variety of interfaces both within the organization and outside it. So it can be used to discuss issues with customers, suppliers, and internal members of staff. 

When is a Non-Conformance Report Issued?

Depending on the industry that you work in, there might be various points at which an NCR gets raised. Some of these include:

  • Output (i.e., manufactured part) fails to meet specified specifications/requirements (this could be internal or customer specification). This could be generated, for example, via:
    • Failure of Inspection
    • Failure during testing 
  • Output includes the use of non-approved methods or material (i.e., a supplier has outsourced a process to a non-approved subcontractor).
  • Procedures/processes were not followed, placing the process deliverable at risk.

Utilizing any form of Non-Conformance report leads to an element of documents being gathered and processed. The party that issues the NCR needs to gather the pertinent data (including standards, specifications, perceived gaps), which can take time.

To this end, in many organizations, there is an allowed processing time for the NCR (e.g., 14 days). While this may initially be seen as causing additional delays, it does enforce the process and help ensure that any reporting is accurate.

What happens after a Non-Conformity has been identified.

When a non-conformance has been identified, a process similar to the following is then utilized:

  1. A non-conformance report is documented.
  2. This information is passed to the respective quality stakeholders within the business. The NCR is then entered into the NCR system allowing tracking and follow up. 
  3. Containment actions are taken
  4. A recovery plan is established. 

The precise processes which undertake the capture, reporting, and control of NCR’s vary from organization to organization; however, they are likely to be based around these above key points.

Which organizations raise Non-conformance reports

NCR’s can be gathered at any stage in the process. And the NC (Non-conformance) can be raised by anyone.  

Most organizations extend beyond their own boundaries, and NCR’s can be raised within each of the following points.

  • Suppliers
  • Internally within the organization
  • Customer

Where a company accepts an NCR from a supplier, they may well have to share it with a customer and gain guidance or approval.

In these cases, the NCR facilitates discussion, providing sufficient information and data has been captured along the way.

Who raises and issues an Non Conformance Report? 

The answer here should be anyone.

Where an issue has been identified, the business should encourage the whole organization to be responsive and complete issue (NC) capture forms.

However, who raises the document can vary between industries. In many cases, the NCR is raised by the quality department (typically a Quality Engineer) following the issue being identified. However, for a robust system, this needs to be introduced so that anyone can capture issues.

Whoever is responsible, a process should exist within the organization for the controlled release of NCR’s enabling the following to be managed effectively:

  • Issue Capture
  • NCR release
  • NCR tracking
  • NCR closure

What does a Non-Conformance report contain

While non-conformance reports may vary (slightly) between industry, they tend to follow a theme.  

Note that not all sections need to be completed on issue capture – for example – corrective actions to be taken may take time to review and decide upon, whereas containment actions may be more immediate.

A typical non conformance report includes information such as:

1/ A problem statement (what went wrong)

The problem statement should document the rationale for the Non-Conformance report being raised. 

2/ Details of the Specific deviation(s) from the required standard

This could be a regulation (i.e., the specific clause within ISO 9001), a customer requirement (i.e., the part must be made out of ABC material), A company process, or other similar issues.

3/ Containment actions taken

Containment actions document specific tasks that are required to contain the current issue. For example, where parts have been manufactured using incorrect material, these would be gathered and placed in quarantine until the NCR process had been concluded and a decision made about their use.

4/ Corrective actions taken to correct this instance

This section details what corrective actions can be taken to correct this issue. For example, in the event of parts made incorrectly, they could be several choices to consider they could be

  • Accepted as is
  • Rectified
  • Scrapped and new ones made.

5/ Preventative actions taken to prevent future occurrences

This section details plans to prevent repetitions of the problem. This section should detail the steps being taken and those responsible for them. Any actions should be time-bound and feature when the tasks should be completed.

As you can no doubt see, there is likely to be a range of inputs from different functions into the non conformance report.

While it’s usually administered by a specific function (e.g., Quality) or a certain individual (Quality Engineer), these individuals will need to liaise with stakeholders in order to get data and follow up on key actions.

Benefits of an effective Non Conformance report

When you have a fully functioning non conformance reporting & management system, there are various important benefits. These include: 

  • Reduction in non-conformance through capture and eradication.
  • Protection of organizational reputation
  • Protection of cost & resources
  • Health & Safety 
  • Adjustments & improvements to processes
  • Reduced levels of customer complaints.

As a result of the above, it makes absolute sense for you to invest time and resources in developing a non-conformance system that works and is effective.

The effectiveness of your Quality Management system is at risk if you don’t.

Common Issues with Non-Conformance reports

NCRs are a critical part of the Quality management system, and as with many processes, there can be issues which need to be considered; these include:

  • NCR’s are seen as indicating poor performance, and therefore, people can be reluctant to raise issues.
  • People can be concerned that NCR’s lead to further scrutiny or punishment
  • Suppliers may consider NCR’s as leading to commercial issues, consequences/damages
  • Without proper attention, the non-conformance process may place bottlenecks in ongoing activity.
  • Failure to engage sufficiently with stakeholders to gather accurate data to support the various stages of the process
  • Cumulative NCR data not utilized for continuous improvement processes.

It goes without saying that where people do not utilize the non-conformance system, they are putting the wider business at risk. This includes the potential for:

  • Non-conforming product reaching customers.
  • Increases in non-conformances going unrecognized
  • Regulatory certification being withdrawn
  • Inability to capitalize on issues and drive continuous improvement

So while it might seem that it’s just a report to complete “so, why bother?”, the consequences of not following the process can be business-critical (consider again an aerospace manufacturer issuing defective parts that cause an airline to crash).


As you can see from today’s post, an effective non conformance report & process can underpin the success of your organization.

We hope you found the article informative and gave you some food for thought about your own NCR processes and systems.

As ever, we’d love some feedback – you can fire us a message on Twitter or leave us a comment below.