During an inspection, an auditor identifies conformities with ISO 9001 standards – and any non-conformances. It’s common to find non-conformities; there’s no need to panic.
We outline six top reasons for failing an ISO 9001 audit in 2025, along with what to do if your business is not recommended for certification.
Types of non-conformance findings
There are three types of non-conformance findings an auditor might report after an assessment. They’re graded in severity:
A major non-conformity is defined as a total breakdown of a system that affects the capability to achieve the intended result. For example, effective process control may not be in place for products or services to meet specific requirements.
A business must rectify major non-conformities before an auditor will recommend certification. A second site visit may be necessary.
A minor non-conformity is a single observed failure or lapse in some part of the management system. A minor non-conformity doesn’t affect the capabilities of the management system and doesn’t directly impact the product or service.
An auditor can recommend a business for approval after reporting a minor non-conformity. However, the non-conformity must be corrected before certification.
Businesses must be aware that several minor non-conformities against one requirement could demonstrate a systemic failure and are therefore considered a major non-conformity.
An opportunity for improvement is exactly what it sounds like. It’s a recommendation from the auditor to clarify or investigate existing conditions that could improve the effectiveness of the management system.
Technically, OFIs are just suggestions or observations. They don’t have to be corrected for certification to be approved. However, a business should review them. Failure to do so might result in an OFI progressing to become a non-conformity, especially as a business grows and develops.
Most common reasons for failing an ISO 9001 audit
ISO doesn’t publish data on why companies fail audits, but experience and data show that many businesses fail because they don’t pay attention to common non-conformities.
Here are the six top reasons for failing an ISO 9001 audit.
1. Hidden and ineffective CAPA
Not having a well-structured and ordered corrective and preventive action (CAPA) process in a QMS – or hiding CAPAs – is one of the top reasons for failing an ISO audit.
ISO auditors don’t mind how many CAPAs an organization has. In fact, too few is a red flag.
CAPA is a process for continuous improvement. A quality-driven organization should be continually improving and updating – and documenting every corrective or preventive action.
2. Undocumented employee training
An auditor will request records of employee training. Organizations will fall short of standards if they can’t show centralized records for completed training and follow-ups.
A business must be able to show comprehensive and accessible documents of all aspects of employees, from qualifications to performance reviews.
3. Neglecting internal audits
An internal audit ensures a company’s processes and procedures meet quality standards and are being followed. It helps prepare the organization for an ISO audit.
Neglecting internal audits means a business is not alerted to non-compliances ahead of an ISO inspection. A robust internal audit program helps you pinpoint weaknesses, compliance gaps and areas of improvement that can be corrected before an ISO audit.
4. Absent management resources
Management is key to a quality-driven culture. ISO 9001:2015 expanded and clarified the requirements for management responsibility.
If senior management fails to take quality seriously, an organization will fail to gain certification.
5. Inadequate document control
ISO 9001 lists clear document control requirements and it allows significant flexibility. Unfortunately, many businesses fail audits because they don’t have adequate document control and an audit reveals inconsistencies.
Documents can be paper or digital but they must be easy to access, be identifiable, and show only the latest approved version with restrictive access to prior archived versions. This is easiest to achieve with document control software that offers ISO compliance.
6. Using the wrong QMS
Using quality management software isn’t required under ISO 9001:2015, but it is best practise, especially for highly regulated industries.
Software that’s too complex or too generic can make meeting ISO standards difficult. When an organization uses the wrong software, it can make compliance harder and lead to a failed audit.
What next if you fail an ISO 9001 external audit?
After an assessment, an auditor will review and discuss the inspection with you, outlining any non-conformances.
You will be given time – usually up to three months – to correct them. Once you’ve presented evidence of these corrections, the audit will be reviewed. Find out more about what to do if you fail an ISO 9001 external audit.
Avoiding non-conformance with the right QMS software
One of the best and most cost-effective ways to avoid the top reasons for failing an ISO 9001 audit is to use the right QMS software.
isoTracker’s QMS software is designed specifically to facilitate ISO 9001 compliance, making it easier for your business to achieve certification. The software is complex enough to meet all the requirements, but easy to implement and simple to use.
There are seven modules, for document control and the management of audits, risks, complaints, non-conformances, training and CAPA. Each module can stand alone or integrate seamlessly with other modules to provide a complete quality management system.
Contact us to find out more or sign up for a free 60-day trial.
