Chapter 28: Nonconformance Control vs. Corrective Action: Understanding the Critical Difference
The ISO 9001 standard separates these deliberately, and auditors test the separation ruthlessly.
Nonconformance control (Clause 8.7) is triage. When a defect is found—whether at incoming inspection, in-process, or detected by a customer—you need a process to:
- Identify and segregate the defect immediately
- Evaluate its impact (does it reach the customer? Is it a safety risk?)
- Decide: rework it, scrap it, or use it anyway (with documented justification and customer approval)
- Document what happened and what you did
This is urgent and tactical. Your plating operator finds a batch with poor surface finish at 2 p.m. You quarantine it, inspect the full batch, route acceptable parts to assembly, and scrap or rework the rest by end of shift. That's nonconformance control. The NCR gets opened, the facts get logged, containment is complete.
Corrective action (Clause 10.2) is investigation. It asks *why* the defect happened and what system change will prevent it from happening again. The same plating batch NCR now triggers a deeper sequence:
- Root cause analysis: Why was the temperature off? Was the probe miscalibrated? Was the setpoint drifted? Did the operator misread an analog gauge?
- Correction: Fix the immediate cause (e.g., recalibrate the probe, upgrade to a digital readout, adjust the process parameter setpoint)
- Control: Put preventive barriers in place (e.g., alarm settings, mandatory temperature log entries, weekly probe calibration schedule)
- Verification: Prove that the corrective action works and that the defect doesn't come back
This is strategic and systematic. It takes longer. It requires rigor. It's also the step that separates manufacturers who improve year over year from those who repeat the same defects with different NCR numbers.
The ISO 9001 standard is explicit on this in Clause 10.2.2: "The organization shall determine and implement any actions needed to address the causes of nonconformity, in order to prevent recurrence or occurrence in other similar situations." *Causes*, not symptoms. *Prevent recurrence*, not just respond to the current incident.
An auditor will pull five closed NCRs from your system and ask:
- "What was the root cause of this defect?"
- "How did you verify that your corrective action actually prevented it from happening again?"
- "What happened the next 30 times that process ran?"
If your answer is "We retrained the operator and closed it," you've failed the second and third question. If your answer is "We found that the temperature controller was drifting 1.5°C per shift, we replaced the controller, we monitored ten production runs after replacement, and we haven't seen that defect again in four months," you've passed.
Need guidance on your certification journey?
Our consultants have prepared more than 250 manufacturers globally — from growing businesses to large enterprises — for successful certification. Get a free, no-obligation consultation tailored to your industry.
Important
Many plants conflate "implementing a corrective action" with "closing an NCR." Implementation is the middle step. Verification is the gate that determines closure. You'll see this distinction matter most when you analyze your NCR data at the end of the year—plants that invest in verification have 40-60% fewer repeat defects than those that don't.
Chapter 27: Audit Findings to Corrective Action: The Handoff That Most Plants Break
This is where most internal audit programs collapse. The audit is done, the report is filed, and then... nothing happens with urgency. Findings sit in a queue.
Chapter 29: Root Cause Analysis Methods That Work on a Canadian Shop Floor
Root cause analysis sounds academic. On a factory floor, it's practical detective work. The method you use depends on the problem type and the team's analytical
Request a Consultation
Fill in your details and we'll get back to you.
