A non-conformity is a failure to meet a requirement defined in a standard, law, regulation, or the organisation's own policies and procedures. In the context of ISO management system standards, non-conformities are identified during internal audits, external audits, or management reviews, and are classified by severity as either major (systemic failure or complete absence of a required control) or minor (isolated lapse that does not compromise the overall system).
When a non-conformity is identified, the organisation must perform a root cause analysis, implement corrective actions to address the underlying issue, and verify the effectiveness of those actions. Proper non-conformity management demonstrates a commitment to continuous improvement and is closely examined during certification audits, making it a cornerstone of any effective management system.