Minor vs. Major

Why do most internal audit programs classify reported nonconformities as minor or major? Especially when it is not a requirement of ISO 9001 and related quality standards.

It may be the audit manager attended an auditor course where the instructor made it seem like classifying the severity of nonconformities was a requirement. Or, it may be the audit manager knows certification body auditors categorize nonconformities as minor or major and wants internal auditors to follow suit.

Identifying the severity of nonconformities helps third party auditors decide whether or not to recommend the quality management system for initial certification, continued certification, or recertification. Finding one or more major nonconformities means the auditor would not recommend certification.

Before defining the difference between minor and major, we need to understand that a nonconformity is the nonfulfillment of a requirement. In other words, a specified requirement is not being met.

A Minor Nonconformity would be the failure to conform to a requirement that in the auditor’s judgment and experience is not likely to result in a failure of the quality management system. It may be a single observed lapse or isolated incident where there is minimal risk of nonconforming product being released to the customer.

Examples of minor nonconformities would be a document with an unauthorized change, a missing training record, a purchase order released without approval, or an instrument past its calibration date.

A Major Nonconformity would be the total breakdown of the quality management system or one of its processes, or the failure to address a key ISO 9001 requirement. It would be a nonconformity that in the auditor’s judgment and experience would likely result in the system failure or materially reduce its ability to assure controlled processes and products.

It would also be a major nonconformity if the failure would result in the probable shipment of nonconforming or uninspected product, or materially reduce the usability of the product for its intended purpose. Minor nonconformities against the same ISO 9001 clause may be the “trivial many” that are grouped into a major nonconformity.

Examples of major nonconformities would be the absence of a required documented procedure, critical purchases made from unapproved suppliers, document changes routinely made in an unauthorized way, or product being shipped without completion of required tests.

Some organizations have dropped minor and major designations due to the difficulty in classifying them and the resulting debate with the audited areas. However, some organizations use the minor and major designations to match the approach of their certification body and to require a more rapid response for serious nonconformities. Regardless of the severity level, the nonconformities must be addressed with corrective action.

If you want to classify a nonconformity as minor or major, one approach is to look at the frequency, detection, and impact of the nonconformity.

Frequency: How often is the problem likely to be repeated?
Detection: Would the system likely detect it before release?
Impact: What would be the impact if it remains uncorrected?

If a problem rarely happens, is easily detected, and has no direct impact on the customer, it would be recorded as a minor nonconformity. If a problem frequently happens, is difficult to detect, and will impact the customer if not corrected, it would be identified as a major nonconformity.

What about a minor nonconformity that continues to be found after corrective action has completed? You should write up the nonconformity again and write a separate nonconformity against the corrective action process. If the minor nonconformity continues to repeat, then a major nonconformity should be written against the ineffective corrective action process.

In some cases, a process may be found conforming, but still an area of concern. These observations may be written as Opportunities for Improvement. Since they are potential problem areas, the organization can consider taking preventive actions for these observations. Corrective actions are taken for the reported nonconformities.

Many nonconformity reports are poorly written. Follow these 6 C’s for improved statements:

1. Complete (contains all the related facts)

  • why – unmet requirement
  • what – objective evidence
  • where – which work area
  • when – the date and shift
  • who – by title, if relevant

2. Correct (accurately conveys the facts)
3. Concise (fully explained in brief terms)
4. Clear (understood for prompt action)
5. Categorized (minor or major, if used)
6. Confirmable (traceable and verifiable)

An audit is only successful if it is the catalyst for prompt and effective corrective action for nonconformities and possible preventive action for opportunities for improvement. A complete and correct nonconformity report is essential. It must be clearly and concisely expressed to initiate the right action.

If you are interested in one of our auditor courses, please see our Training page for course listings, description and class schedule.