ACCREDITATION RULE 16

Issue Date: 2007/12/10

Supersedes: Advisory 23, 2006/06/01

SUBJECT: Identifying and Documenting Nonconformities During Management Systems Audits

APPLIES TO: ANAB-Accredited and Applicant Certification Bodies

PREFACE
At the IAF Technical Committee (TC) meeting held in September 2005, two issues related to
nonconformities that are threats to the credibility and value of accredited certification were discussed.
(See Annex 1 of this Accreditation Rule for extracts of this meeting relating to these two issues.)
The first issue is that some CBs do not cite a nonconformance unless it is as defined in IAF guidance.
A second issue is soft-grading of a nonconformance. This may be manifested by a major
nonconformance being identified as a minor nonconformance, or as a minor nonconformance being
labeled as an opportunity for improvement.
The result of these two issues is that a nonconformance may not be identified or labeled as such, so a
client does not take action in response to it and the opportunity for improvement is lost. In other words,
the benefit and value of the audit is reduced.
The first paragraph in the definition of a nonconformity in IAF guidance (from IAF GD2:2003) is as follows:
“The absence of, or the failure to implement and maintain, one or more quality
management system requirements, or a situation which would, on the basis of available
objective evidence, raise significant doubt as to the quality of what the organization is
supplying.”
This definition is what most ABs or CBs consider to be major nonconformity. This is reinforced by the
second paragraph, which states:
“The certification/registration body is free to define different grades of deficiency and areas
for improvement (e.g. Major and Minor Nonconformities, Observations, etc.). However all
deficiencies which equate to the above definition of nonconformity should be dealt with as
laid down in G.3.5.3 and G.3.6.1.”
These two clauses, G.3.5.3 and G.3.6.1, relate to the certification decision. In essence, if there is
an open and unresolved major nonconformance, then certification should not be granted or may
be at risk for suspension or withdrawal.
In response to the first issue, as indicated in Annex 1, the IAF TC decided that a CB should use the
definition in ISO 9000:2000 (now ISO 9000:2005) for a nonconformance, which is:
“non-fulfillment of a requirement”
Please take note of the IAF TC decision, which states:
“There was consensus that the definition of a nonconformity is that which is in ISO
9000:2000 – which is non-fulfillment of a requirement – and not the definition in GD 2. A
CB should have a process for dealing with all nonconformities. The definition in GD 2
relates to those specific nonconformities that affect the certification decision.”

ANAB Accreditation Rules represent positions taken or policies established on operational issues related to programs ANAB operates.
Page 1 of 4
This decision by the IAF TC is also consistent with the expectations in the latest draft of ISO/IEC
17021, which is shown in Annex 2 of this Accreditation Rule.

ACCREDITATION RULE
ANAB does not require CBs to classify a nonconformity as major or minor and does not prevent a CB from
using a different term than nonconformity, but does expect any nonconformity to be dealt with as a
nonconformity regardless of the term used by the CB.
1. The definition for a nonconformity for a management system audit is as defined in ISO
9000:2005 and ISO 14001:2004, and is “non-fulfillment of a requirement.”
2. A CB shall have a process for identifying and dealing with all nonconformities.
3. For any nonconformity that is as defined in IAF guidance (GD2 for QMS or GD6 for EMS), the
CB shall deal with this appropriately in making decisions for granting or maintaining
certification.
Note: Some industry-sector programs have specific requirements for classification of nonconformities that
need to be addressed by the CB.

ANAB Accreditation Rules represent positions taken or policies established on operational issues related to programs ANAB operates.
Page 2 of 4
Annex 1
Extract from Minutes of IAF Technical Committee Meeting
Held 14-15 September 2005 in Auckland

6.4 Definition of Nonconformities and Effect on Certification Decision (TC-41-05, TC 61-05)

Dr. Croft presented a summary of his paper (TC-41-05) that arose from a discussion at the QuEST Forum
meeting in May 2005. He noted that there are significant variations in interpretation of what a
nonconformity (NCR) is, situations in which NCRs are recorded, and their effect on the certification
decision. Some CBs only write NCRs for NCRs as defined in GD 2, and this results in watering down
other negative findings to observations or opportunities for improvement, leading to audits without NCRs.
Dr. Croft presented two options for dealing with the problem, his preference being to align the definition of
NCR in GD 2 with that of ISO 9001, define “major” and “minor” NCRs, and make the presence of a major
NCR a criterion for the certification decision.
Mr. Dougherty said the definition in GD 2 had not been carried over to ISO/IEC 17021, but he said it was
an issue in regard to stakeholders being able to have a sense of equivalent certifications across the
board.
There was not consensus for developing guidance for the classification of nonconformities.
Action: There was consensus that the definition of a nonconformity is that which is in ISO
9001:2000 – which is non-fulfillment of a requirement – and not the definition in GD 2. A CB
should have a process for dealing with all nonconformities. The definition in GD 2 relates to those
specific nonconformities that affect the certification decision.

10.4 Third-Party Certification Meeting Expectations (TC-57-05)

Mr. Sutherland made a presentation on customer feedback and discussions with industry concluding that
certification to ISO 9001:2000 was not meeting industry’s expectations. He reported on analysis within his
organization and identified four problems:
1) the time problem (noting that CBs cannot address this without help by the ABs)
2) the soft grading problem (and elaborated on some of the causes)
3) the knowledge problem (noting that if you understand what the customer wants you can do a better
job)
4) the sampling problem (advocating a risk based approach to auditing with biased sampling to focus on
what is important.
Mr. Sutherland said there are things third-party CBs could do to improve their ability to consistently
improve customer and user expectations, but there are probably more things that CBs and ABs could do
together that would have even more impact. He stressed that it is essential to create an environment in
which the assessor can perform effectively.
The presentation was enthusiastically received by the TC, and there was consensus for identifying
initiatives to address these problems. Mr. Dougherty said TC members should give thought to concrete
proposals.

ANAB Accreditation Rules represent positions taken or policies established on operational issues related to programs ANAB operates.
Page 3 of 4
 Annex 2
Extract from draft of ISO/IEC FDIS 17021

9.1.14.2 The certification body shall confirm, prior to making a decision, that:

a) the information provided by the audit team is sufficient with respect to the certification
requirements and the scope for certification;

b) it has reviewed, accepted and verified the effectiveness of correction and corrective actions,
for all nonconformities that represent:

1) failure to fulfil one or more requirements of the management system standard; or

2) a situation that raises significant doubt about the ability of the client's management
system to achieve its intended outputs.

c) it has reviewed and accepted the client's planned correction and corrective action for any
other nonconformities.

ANAB Accreditation Rules represent positions taken or policies established on operational issues related to programs ANAB operates.
Page 4 of 4