Over the last six years we have been involved in a lot of certification and surveillance audits with our clients, to achieve certification to ISO 9001 and other ISO standards. We thought we would pull together the three most common non-conformances or NCR’s raised during the ISO 9001 certification and surveillance audits.

NCR’s aren’t always a bad thing, as they give us an opportunity to identify and correct things that could be better within our organisations. That said it can be a little frustrating sometimes, having worked so hard to prepare for an audit. Below you will find highlighted the main NCR’s raised and offer guidance on what you can do to fix them.

No 1 – Internal Audits

Internal audit NCR’s seem to be an issue that can be a bit of a headache. The standard requires us to monitor the whole of the quality management system against the requirements of ISO 9001 over a defined period. It is a great way to make sure that the system is working the way you want it to work people doing what you want them to do and addressing and fixing any problems before they arise.

I think the challenge with internal audits is, that it can be a scary thing to address and to stay on top of, however there is a couple of tips that you can use to address this issue and keep the NCR’s at bay. The best place to start to design a simple internal audit schedule, with the months along the top and clauses or areas of the standard down the side and then plots when you are going to do them. The next thing to consider are some template questions for each of those areas. And lastly, sometimes it can be easy to bring in a third party like QBH Solutions to do your audits for you. There are also some really good internal audit training qualifications and courses that you may want to consider.

No 2 – Management Review

Then there is the management review. This seems to cause a problem resulting in NCR’s being issued, because unless you schedule these meetings and make sure you hold them and they are attended, they tend to drift by the wayside. Section 9 of the standard “monitoring and measuring” states that we should monitor and review the performance of the management system at set intervals.

We recommend certainly for clients new to ISO, a quarterly management review meeting to make sure things are working the way we want to and then, as the system matures and grows, we move to every six months. This gives us a great opportunity to stay on top of things. When designing the management review agenda it can be helpful to align these sections to the requirements of the standard this way you are always monitoring and staying on top of what you need to do. If you struggle to get senior management to the meetings, it is now a requirement in the 2015 version of the standard, that these meetings are attended by the most senior people available. It is also a great opportunity to bring together the senior team and maybe include other items into a general management meeting.

No 3 – Asset or Equipment Register

The ISO 9001 standard requires us to have a list of assets and/or equipment needed by an organisation for us to be able to provide our services. The idea behind this is that by having an asset

register or equipment list we can stay on top of things like calibration and maintenance as well as knowing the value and condition of assets and equipment in the event of theft loss or damage.

A really simple fix is to have a simple spreadsheet, listing the equipment and assets used by the organisation. This can include IT equipment, tools, plant, machinery, vehicles, the list goes on. Once listed, we then might have a column highlighting any unique identification numbers for example serial numbers, vehicle registration number etc.

In the next column, we then identify when that piece of equipment was last inspected or where required tested, and when it is due for its next inspection or test and on the final column we will include where this piece of equipment is located or housed. There are many more things that you can add but this is a good starter to address the non-conformance.


If you have struggled with an audit recently, please do get in contact. We are more than happy to help and if you have got any questions, please do come back to us and check out another blog we made covering NCR’s in further detail