Lessons from the First Nonconformity and Audit Criteria

Lessons from the First Nonconformity and Audit Criteria

When we think of nonconformities (NCs), our minds often jump to technical reports, quality manuals, and checklists. But what if the very first NC happened long before ISO standards were ever written—right in the Garden of Eden?

According to the biblical narrative, God gave Adam and Eve a clear requirement: “Do not eat of the tree of the knowledge of good and evil.” This singular, unambiguous instruction set the stage for what would become the first recorded failure to meet a requirement—what we now call a nonconformity, defined in ISO 9000:2015 as the “non-fulfilment of a requirement”.

When God made His routine “audit visit” to the garden, Adam and Eve’s response was telling: they hid. Adam, aware of his failure to meet the stated requirement, avoided the audit process. The evidence of nonconformity was not just the missing fruit, it was the behavioural shift, the fear, and the breakdown of the process.

But here’s the fascinating twist: there was no Bible at the time. No written audit criteria existed. So where was this “requirement” documented?

According to ISO 19011:2018, audit criteria are defined as “a set of requirements used as a reference against which objective evidence is compared.” These requirements don’t have to be written in ink and paper, they can be verbally communicated, culturally ingrained, or even inherently understood, as was likely the case in Eden. As ISO 9000:2015 clarifies, documented information means information that is “controlled and maintained” but can exist in any medium. It could be a physical document, a digital file, or even something retained in memory or passed down through tradition.

In today’s organisational audits, this concept has practical implications. Not all audit criteria need to come from ISO standards or documented procedures. Criteria can originate from:

1. Customer requirements (e.g., contract terms or specifications),
2. Regulatory or legal obligations,
3. Internal policies and process flows, or
4. Unwritten cultural norms existing within a team or organisation.

For instance, a hospital may not have a written procedure for greeting patients warmly, but if staff consistently behave this way and leadership expects it, a sudden lapse may warrant a performance review or process correction; even in the absence of formal documentation.

Key Takeaways:

1. Nonconformities arise from failing to meet any valid requirement—not just those documented in manuals.
2. Audit criteria can be derived from laws, standards, contracts, verbal instructions, or organisational expectations.
3. Documented information doesn’t have to be on paper; it must simply be controlled, maintained, and accessible in an appropriate medium.
4. Just like Eden, the “auditor” might not always be expected, but the evidence (or lack thereof) will always speak.

At QIIN, we emphasize these principles in our ISO certification training programs, helping participants understand that effective audits require more than checklists; they require contextual awareness, evidence-based judgement, and a deep understanding of what constitutes a requirement in real-world settings.

So, whether you’re building a formal QMS or leading a volunteer-driven initiative, ask yourself: What are the requirements? Where are they documented (or understood)? And how do you ensure they are fulfilled?

Because, like in Eden, hiding won’t change the audit result.

Start your quality professional journey with our Foundations Certification Course or become an authority in QMS through our Lead Implementer and Auditor Combined Certification Course by chatting us on +234 901 136 1012