Understanding Sections 8.7 and 10.2

By Jared Clark | September 1, 2025

Nonconformities and Corrective Actions

This is an educational article on Sections 8.7 of ISO 9001, entitled “Control of nonconforming outputs” and 10.2, entitled “Corrective Actions”.

The purpose of this article is to give you an understanding of what sections 8.7 and 10.2 require.

This article is directed towards:

  • Those responsible for compliance to sections 8.7 and 10.2.
  • Those responsible for identifying and resolving nonconformities.
  • Others interested in understanding sections 8.7 and 10.2.

Section 8.7 is entitled “Control of nonconforming outputs” aka “nonconformities” and it requires you to identify and control nonconformities.

The purpose is to prevent the unintended use or delivery of nonconforming products or services.

What is a nonconformity?

Sometimes it is thought of as a defect in a product or service, which is true.

But a nonconformity is defined a bit more broadly than that for the purposes of ISO 9001.

A nonconformity is a failure to meet a requirement. A requirement is any need, expectation, or obligation, whether stated or implied.  

So you are required to 1) identify, and 2) control, any failure to meet a requirement.

You are required to take immediate action in response to nonconformities, including:

  • Correction (if you correct, you must reverify conformance after a correction)
  • Segregation or containment
  • Return
  • Suspension of production or service provision
  • Informing the customer
  • Obtaining acceptance of the nonconformity under concession

You are required to retain records of the following:

  • The nonconformity
  • The actions taken
  • Any concessions obtained
  • The identity of the authority deciding the action to be taken

And then section 10.2 of ISO 9001, entitled “Nonconformity and Corrective Action,” requires you to determine whether further corrective action is required by:

  • Reviewing and analyzing the nonconformity
  • Determining the cause of the nonconformity
  • Determining if similar nonconformities already exist
  • Determining if similar nonconformities could potentially occur
  • Determining the proportionate response to take give the nature and effect of the nonconformity

You are then required to:

  • Implement any action needed
  • Review the effectiveness of any action taken
  • Update risks and opportunities as part of risk planning
  • Make changes to the QMS, if necessary
  • Retain records of:
    • The nature of the nonconformity
    • Any actions taken
    • The results of any actions taken

If you were to combine all of those requirements together, from identifying the nonconformity through to closing the corrective action, it might look something like this.

[SLIDE 8]

For more information on how to implement this section, watch our implementation videos for sections 8.7 and 10.2, and review our template library for examples.

Posted in Understanding ISO 9001 and tagged , , , ,