How to Appeal a Non-conformance

A MAJOR problem exists with almost every Management System Standard published by ISO (e.g., ISO 9001:2015, ISO 14001:2015) and, through extension AS 9100:2016. This problem is the proliferation of ambiguous/nebulous/vague requirements that promote subjective interpretation and inconsistent application.

Consequently, when encountering these ambiguous/nebulous/vague requirements, some auditors will adopt their own subjective, and therefore arguable, interpretation of the “intent” behind the requirement. This often happens because it's beyond the comprehension of an experienced Quality Professional, and well-trained auditor, that the standard would have ignored (or left out) several “key” concepts essential to requirements for the effective implementation of a basic Quality Management System (QMS). Struggling to make sense of this, many auditor's minds will attempt to “fill in the gaps”… “imagining” requirements that don't actually exist.

When auditors issue nonconformities to organizations for not meeting (their interpretation of) the “intent”, rather than the “actual” (verbatim) requirement, they’ve violated ISO 17021-1:2015, “Conformity assessment — Requirements for bodies providing audit and certification of management systems — Part 1: Requirements”. This document contains some important requirements that the registrars/Certification Bodies (CBs) must comply with.

When encountering an auditor who is intent upon issuing a nonconformity for your organization violating (their interpretation of) the “intent” of a requirement – rather than the actual requirement, be aware that the registrar (and auditor) must comply with the following requirements of ISO 17021-1:2015:

9.4.5.3 A finding of nonconformity shall be recorded against a specific requirement, and shall contain a clear statement of the nonconformity, identifying in detail the objective evidence on which the nonconformity is based. Nonconformities shall be discussed with the client to ensure that the evidence is accurate and that the nonconformities are understood. The auditor however shall refrain from suggesting the cause of the nonconformities or their solution.

9.4.5.4 The audit team leader shall attempt to resolve any diverging opinions between the audit team and the client concerning audit evidence or findings, and unresolved points shall be recorded.

9.4.8.2 The audit team leader shall ensure that the audit report is prepared and shall be responsible for its content. The audit report shall provide an accurate, concise and clear record of the audit to enable an informed certification decision to be made and shall include or refer to the following:
k) audit findings (see 9.4.5), reference to evidence and conclusions, consistent with the requirements of the type of audit;

Unfortunately, some AS 9100 CBs may actually be promoting the issuance of invalid nonconformities. While I have no first-hand knowledge of this, I've “heard” that at least two major CBs are charging a fee for each NC issued… a portion of which is then paid to the auditor for follow-up and closure of those NCs. In effect, the CB has a “bounty” to incentivize auditors to issue invalid or questionable NCs. Going a step further, another major CB has established a “quota” for each auditor to issue at least 1 nonconformity per audit day. The source of this is “likely” AS9104/3:2007, "Requirements for Aerospace Auditor Competency and Training Courses", sec. 8.2.1a. The section reads:

8.2 Auditor Performance Criteria and Parameters
8.2.1 Performance monitoring shall address, at a minimum, the following mandatory criteria:
a. nonconformities per audit day;
a. upheld complaints;
b. upheld client nonconformity appeals; and
c. oversight/witness findings.

While AS9104/3 obviously doesn't mandate auditors to issue 1 nonconformity per audit day, the CB in question appears to have mistakenly interpreted the requirement that way.

Preparing for an Appeal

Every accredited CB is required to have an appeals process (as specified in ISO 17021-1:2015, section. 9.7, “Appeals”). However, they’re not required to post their appeals process on their web site or make it easy to find. You may need to phone or e-mail your CB to appeal an invalid nonconformity.

ISO 17021-1:2015 states:

9.7.4 The appeals-handling process shall include at least the following elements and methods:
a) an outline of the process for receiving, validating and investigating the appeal, and for deciding what actions need to be taken in response to it, taking into account the results of previous similar appeals;
b) tracking and recording appeals, including actions undertaken to resolve them;
c) ensuring that any appropriate correction and corrective action are taken.

During the Audit

Prior to the end of the audit, inform the auditor of any and all nonconformities that you disagree with (Ref. ISO 17021-1, sec. 9.4.5.4). In many cases, these issues can be resolved (and were often due to a misunderstanding on the part of the auditor).

If the auditor is steadfast in maintaining that an invalid nonconformity remains valid due to their “subjective” interpretation, then inform the auditor of your intent to appeal the nonconformance and why. This alone may prompt the auditor to withdraw any nonconformities that they're not confident in defending under scrutiny from the CB. This is especially true where the auditor has already had multiple appeals issued from clients against nonconformities that they've issued.

Clearly, the best and easiest way to win an appeal is to have the invalid nonconformity withdrawn by the auditor prior to the report being issued.

However, if the auditor insists upon issuing the invalid nonconformity, prior to issuance of the audit report, it will be most beneficial for you to ensure that, pursuant to ISO 17021-1, sec. 9.4.5.4, the disputed nonconformities are “recorded” in the audit report as “unresolved points”.

Issuing an "Appeal"

After the audit, issue a written “Appeal” to the CB with any objective evidence supporting your position.

Using ISO 9001:2015 & AS9100:2016 as examples, most invalid nonconformities involve requirements that do not require any associated records or other documentation. So, there may not be any objective evidence supporting either position (Remember that ISO 17021-1, sec. 9.4.5.3 states: “A finding of nonconformity shall be recorded against a specific requirement, and shall contain a clear statement of the nonconformity, identifying in detail the objective evidence on which the nonconformity is based.”). So, in these situations, the only “objective evidence” would be interviews recorded in the audit report.

Begin your “appeal” by identifying the audit report number, the date on which the audit report was issued, and the specific Nonconformity number(s). Then state:

“Contrary to ISO 17021-1:2015, section 9.4.8.2k”, the nonconformity was not “consistent with the requirements of” ISO 9001:2015, sec. x.x.“

The below example depicts how an appeal might be issued against an invalid ISO 9001:2015 or AS9100:2016 nonconformity relating to section 6.1.2:

Nonconformity:
6.1.2 The organization failed to demonstrate how it plans:
a. actions to address these risks and opportunities;
b. how to:
1. integrate and implement the actions into its quality management system processes (see 4.4);
2. evaluate the effectiveness of these actions.

Objective evidence:
The organization has not retained documentation (e.g., risk matrices, FMEAs), or any other evidence of how it plans actions to address risks and opportunities.

Customer Response:
Contrary to ISO 17021-1:2015, section 9.4.8.2k, the above nonconformity was not “consistent with the requirements of” ISO 9001:2015, sec. 6.1.2. This section does not require that planned “actions to address… risks and opportunities” be documented.

Evidence of our compliance is contained throughout our quality management system, every aspect of which was designed to address risks and opportunities. And in our management review meeting minutes (attached), where we evaluate “the effectiveness of actions taken to address risks and opportunities” (as per ISO 9001, sec. 9.3.2e). This objective evidence demonstrates that, while planning is undocumented, it is taking place; satisfying the requirements of ISO 9001:2015.

And another example depicts how an appeal might be issued against an invalid ISO 9001:2015 or AS9100:2016 nonconformity relating to section 10.2.1:

Nonconformity:
10.2.1b2
The organization failed to determine “the causes of the nonconformity”.

Objective evidence:
Reviewed five CAR’s and found there was no root cause documented in any of them.

Customer Response:
Contrary to ISO 17021-1:2015, section 9.4.8.2k, the above nonconformity was not “consistent with the requirements of” ISO 9001:2015, sec. 10.2.1. This section does not require “the causes of the nonconformity” to be documented.

ISO 9001:2015, sec. 10.2.2 requires the organization to: …retain documented information as evidence of:
a. the nature of the nonconformities and any subsequent actions taken;
b. the results of any corrective action.

Compliance with those requirements was verified by the auditor. Copies of CARs reviewed by the auditor are attached as objective evidence.

Ultimately, the success of your appeal will depend heavily on how compelling your argument and supporting objective evidence is in comparison to that provided in the audit report. The auditor who issued the nonconformity is rarely contacted or involved in the appeal process.

While this article was written with the assumption that an invalid nonconformity was issued, considering that many ISO 9001 Quality Managers receive little or no training in quality or ISO 9001, it is quite possible that the auditor may have been correct in their interpretation. If this was the case, then learn from the experience.

However, if your appeal is deemed valid by the CB, it's generally a good idea to inform the CB that you do NOT want that auditor to participate in future audits at your site. While many auditors are contractors, working for multiple Certification Bodies, all CBs have “Technical Reviewers” who “review” the audit reports prior to issuance. Each CB has its own “culture”; where invalid nonconformities are either tolerated or not. If the CB continues to utilize auditors who issue invalid nonconformities, then seek out a different registrar.