Last Updated on September 25, 2025 by Melissa Lazaro

Effective Non-Conformity Management for ISO/IEC 17043:2023

If you’ve ever scrambled to explain a finding during an audit, you know the stress that comes with the word “non-conformity.” But here’s the truth: Non-conformities aren’t the enemy. Poor non-conformity management is.

In my experience working with proficiency testing (PT) providers and labs accredited to ISO/IEC 17043, I’ve seen two common reactions—either teams panic and over-document, or they underplay issues and hope assessors don’t notice. Neither approach works.

This article is here to help you find that middle ground. We’ll look at what counts as a non-conformity under ISO/IEC 17043:2023, how to log and investigate it, and most importantly, how to use it as a tool for real improvement—not just audit survival.

What Qualifies as a Non-Conformity Under ISO/IEC 17043:2023

Let’s start with clarity. Not every error is a non-conformity—but when something breaks from your documented system, or from the standard itself, that’s a non-conformity.

Common types of NCs in PT schemes:

• Late or missing participant reports
• Use of outdated or uncontrolled documents
• Mislabeling of PT items
• Incorrect statistical evaluation
• Lack of follow-up on complaints
• Failure to follow scheme-specific procedures

It’s important to distinguish a non-conformity from an observation (a potential future risk) or a comment (a suggestion for improvement). Your team should know the difference—and apply consistent criteria.

Example: If your procedure says reports must be issued within 15 days of round closure, and you send them out after 25 days without documentation or justification—that’s a clear NC.

Identifying and Logging Non-Conformities

Non-conformities can come from anywhere:

• Internal audits
• Scheme reviews
• Complaints
• Customer feedback
• Routine monitoring

The key is to catch them consistently and document them quickly.

What you should log:

• The date of detection
• A clear description of the issue
• Where and how it was identified
• Who is responsible for resolution
• Reference to the clause or procedure violated

Avoid vague language like “issue with form” or “delayed report.” Write clearly and objectively: “Uncontrolled version of PT evaluation form used during Round 04-2023.”

A simple Excel or QMS-based NC log works perfectly—as long as it’s used regularly.

Root-Cause Analysis and Corrective Action Process

Now that the issue is logged, it’s time to understand why it happened. Not just what went wrong—but what allowed it to go wrong.

This is where ISO/IEC 17043:2023 clause 8.7 comes in:
You must investigate the cause, determine corrective action, and verify that the action was effective.

Popular RCA tools:

• 5 Whys: Ask “why” repeatedly until you get to the root system issue
• Fishbone diagram: Explore categories like methods, personnel, equipment, environment
• 8D method: Great for team-based investigation and documentation

What not to do:
Don’t stop at “staff forgot” or “mistake made.” Human error is rarely the root. Ask—why was the system unable to prevent or catch that error?

Then implement corrective action that:

• Is proportionate to the impact
• Fixes the underlying issue
• Includes updates to procedures, training, controls, or records

And yes—document every step.

Preventive Actions and System-Wide Improvement

This is where your QMS really matures.

Once you’ve addressed the specific issue, ask:
Could this happen elsewhere in our system? How do we prevent that?

Examples of preventive action:

• Updating templates across multiple PT schemes
• Adding extra checks to the dispatch process
• Introducing pre-round briefings to reduce oversight
• Revising risk assessments to reflect updated process controls

ISO 17043 emphasizes continual improvement. A good preventive action shows that you don’t just solve problems—you learn from them and build resilience.

How to Present NC Records During Audits

When auditors ask about how you handle non-conformities, they’re not just looking for forms—they’re looking for proof that your system works.

Here’s how to be audit-ready:

• Maintain a clean, current NC log that includes each case from discovery to closure
• Link each NC to specific ISO clauses (or internal procedures)
• Be able to explain root cause and action taken—briefly and confidently
• Show evidence of follow-up: internal audit results, training logs, effectiveness checks

Pro tip: Include a column in your log for “effectiveness review date.” This helps close the loop—and proves you’re not just reacting, but following through.

Pro Tips for Smoother Non-Conformity Management

• Pro Tip: Don’t wait for internal audits—empower staff to log NCs when they see something go wrong. Culture matters more than compliance.
• Pro Tip: Create a one-page summary for each NC that includes root cause, action taken, and follow-up. Keep it simple and consistent.
• Pro Tip: Track patterns. If a similar issue shows up three times, it’s time for system-level change—not isolated fixes.
• Pro Tip: Treat minor NCs with the same seriousness as major ones. Small leaks sink big ships over time.

Common Mistakes That We See (And You Can Avoid)

Writing vague or inconsistent NC reports

If someone else can’t understand what happened just from reading the report, it’s not complete.

Blaming individuals instead of systems

People make mistakes—but good systems are designed to catch them. Focus your energy on the process.

Skipping verification

You closed the action—but did it actually work? Always plan a follow-up check and document the result.

Ignoring repeat issues

Recurring NCs mean your corrective action didn’t work. Don’t hide them—use them as a prompt to rethink your approach.

FAQs

Q: Can we delete or revise a logged NC?
No. Changes must be traceable. If an error was made, add a correction or note—never erase.

Q: What if the NC came from a subcontractor?
You’re still accountable. Investigate how your controls failed to detect or prevent the issue and take corrective action accordingly.

Q: How long should we retain NC records?
At a minimum, keep them for the full accreditation cycle. Ideally, maintain trend visibility across multiple years to support improvement planning.

Non-Conformities Are a Sign of a Living System

If your lab never logs a non-conformity, something’s off. A zero-NC system either isn’t working—or isn’t being used honestly.

What ISO/IEC 17043:2023 wants to see isn’t perfection. It’s control, consistency, and improvement. Non-conformities give you a real-time look at where your system can grow.

Treat them as tools, not threats.

And if you want help? I’ve got a ready-to-use NC log template that fits ISO 17043 perfectly. Or we can review your current system together and make sure you’re ready for your next assessment—with confidence.

Just say the word.