What This Guide Covers

• Plain-English method to write nonconformities without opinions or speculation.
• Correct use of conformity/nonconformity vs compliance/non-compliance.
• Four original, worked examples (different clauses and scenarios).
• Copy-paste templates for both nonconformities and conformities.

What Is a Nonconformity?

An audit is objective when evidence is evaluated solely against criteria. Conformity = fulfilment of a requirement. Nonconformity = non-fulfilment of a requirement.

Conformity vs Compliance — Which Term to Use

• When the criteria are standards (e.g., ISO 13485), use conforming/nonconforming.
• When the criteria are statutory or regulatory (e.g., MDR/IVDR), use compliant/non-compliant.

Evidence Rules — Stay Neutral

• Write a finding only when you have sufficient, verifiable evidence.
• Quote the requirement; do not add obligations that are not in scope of the evidence.
• State facts (who/what/where/when). Avoid intent, impact estimates, or advice in the finding text.

Four-Step Phrasing Method

1. Start with the exact requirement text.
2. Remove the clause number and any part you cannot evidence.
3. Negate precisely: replace “shall” with “has not” (or equivalent).
4. Add minimal evidence context (record ID, date, location) after the statement.

Example A — ISO 13485 §7.4.1 (Purchasing Process)

Requirement (excerpt): “The organization shall establish criteria for the selection, evaluation, and re-evaluation of suppliers, and shall maintain records of the results.”

Scenario: Approved supplier S-014 (critical component) shows last re-evaluation 26 months ago; the procedure requires annual re-evaluation. No record of re-evaluation since then.

Nonconformity (final):
“The organization has not maintained records of supplier re-evaluation.”
Evidence: Supplier review log SRL-2025, entry S-014, last record dated 2023-06-18.

Example B — ISO 13485 §7.6 (Control of Monitoring & Measuring Equipment)

Requirement (excerpt): “Measuring equipment shall be calibrated or verified at specified intervals… and records shall be maintained.”

Scenario: Torque wrench TW-07 used for final assembly on 2025-08-10; calibration due date was 2025-06-01.

Nonconformity (final):
“Measuring equipment used for product acceptance has not been calibrated at the specified interval.”
Evidence: Device history record DHR-A112, line 14; calibration certificate CAL-TW-07 (due 2025-06-01).

Example C — ISO 13485 §7.3.3 (Design and Development Inputs)

Requirement (excerpt): “Design inputs shall be complete, unambiguous, and not in conflict, and shall include functional and performance requirements and applicable safety considerations.”

Scenario: For the home-use monitor project HM-3, the design input list lacks an alarm audibility requirement for typical home ambient noise levels.

Nonconformity (final):
“Design inputs for the product have not been made complete.”
Evidence: Design input register DIR-HM-3 v0.6 reviewed 2025-08-12; no alarm audibility requirement present.

Example D — ISO 13485 §8.2.1 (Feedback)

Requirement (excerpt): “The organization shall gather and review information relating to whether the organization has met customer requirements as one of the measurements of the QMS.”

Scenario: The procedure requires quarterly feedback review meetings. No minutes found for Q1 and Q2 2025.

Nonconformity (final):
“Information relating to whether customer requirements are met has not been reviewed at the defined interval.”
Evidence: Procedure QP-FB-01 (rev 5) requires quarterly reviews; no meeting records for Q1/Q2 2025 in FR-Logs.

Writing Conformities (When Required)

Do / Don’t — Quick Guardrails

Bottom Line

Objective nonconformities are short, specific, and anchored to the clause you audited. Use the four-step method, keep scope limited to the evidence, and your findings will stand up to scrutiny—internally and with regulators.