Greetings

I am having a debate with management, the question being do nonconformities ALWAYS result in corrective action or are there cases where a nonconformity DOES NOT result in a corrective action. Any examples you might have would be greatly appreciated.

Thank You

:lmao:

Greetings

I am having a debate with management, the question being do nonconformities ALWAYS result in corrective action or are there cases where a nonconformity DOES NOT result in a corrective action. Any examples you might have would be greatly appreciated.

Thank You

:lmao:

I would say not always. For example, there are times when a simple correction is sufficient to address the nonconformance. It could be a simple, silly mistake that someone made - not due to a lack of training or competence, just a mistake, as in human nature.

There are probably other more specific examples, I'm sure, but I can't think of any at the moment...:notme:

In our QMS, a nonconformance always triggers the Corrective Action process flow.

That said, there is room within that flow for an "informal" corrective action. The correction gets documented to close out the NC tag, but the whole process of direct and root causes, actions, follow-ups, etc normally required is simplified significantly. If the same informal action comes up multiple times though, a formal action must be taken.

Categorically - NO

Let's say a finding was "The form XYZ isn't filled in completely" - IMHO isn't worthy of a corrective action. Actually, there are a number of threads being discussed here where auditors have written findings that don't warrant a CAR

From the requirements, a nonconformity ALWAYS needs a corrective action

corrective action
action to eliminate the cause of a detected nonconformity (3.6.2) or other undesirable situation


8.5.2 Corrective action
The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence.
Corrective actions shall be appropriate to the effects of the nonconformities encountered.

But my opinion is that a lot of what people call nonconformities in fact are not because they can´t have their root causes eliminated.

Just for clarification - do you mean a documented corrective action?

Becasue any the minor correction due to human error as indicated by GStough is a corrective action.
This type probably fails inot the "informal" corrective action of domingue's process.

I imagine that you would want to look at it as does this make good business sense. What value does it add to document an "informal" corrective action?

There may be a people managment component that your question does not reveal. Taking AndyN's example of an incomplete form, is the same person not correctly completing the form? Would it warranty an examination of the training process or at least a look at why the form is not correctly filled out? Sometimes a form is essential from a traceablity stand point to help with a recall or proof that something was done correctly.

So, can you flesh out you and the management's concern with the non-conformity process? It would help with an answer to know whether or not you are applying it to pencils or implantable devices, as I believe the approach would be on a sliding scale.

Greetings

I am having a debate with management, the question being do nonconformities ALWAYS result in corrective action or are there cases where a nonconformity DOES NOT result in a corrective action. Any examples you might have would be greatly appreciated.

Thank You

:lmao:

It depends on the specific circumstances. (I am not a Subject Matter Expert on ISO 13485.)

You must document the nonconformance, and what the next actions, to be taken, will be defined.

The organization must determine when a Corrective Action is required. It could be a blanket statement as Domingue mentioned, in his organization, it requires that a Corrective Action is required on any and all non-conformances.

What I feel deserves a Corrective Action may not be how/when someone else would issue a Corrective Action. That is why it needs to documented on how the Organization will meet the intent of the standard.

corrective action
action to eliminate the cause of a detected nonconformity (3.6.2) or other undesirable situation

8.5.2 Corrective action
The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence.
Corrective actions shall be appropriate to the effects of the nonconformities encountered.


One of the operative statements is that corrective actions shall be appropriate. A minor or incidental (to the customer) cosmetic defect that is easily detected and corrected, but requires significant capital investment to eliminate the cause, may have corrective action that amounts to "we will eliminate this cause the next time the process is re-engineered, and take steps to assure that any reoccurance is detected and corrected in the interim." You are allowed to take economics into account! Which may be your management's point.

Geoff Withnell

Along the lines of mmantunes....if we think of the number of times a non-conforming product is encountered, would you take corrective action for each occasion? Let's say a drill breaks and the part is now scrap. Is anyone saying that a corrective action is required for that? I hope not, sincerely.

The item would be recorded, reviewed and dispositioned. However, if parts were found to be scrapped time and again for broken off drills, it then becomes a $$ issue, which is likely to result in a corrective action. Hence are corrective actions required for ALL non-conformities - NO!

Why can't the same apply to audit non-conformities?

NO. Definitely not.

If you held to that point of view, you could end up with a blindly rigid or authoritarian system that drove people bananas.

I recently cleaned up a system where the previous consultant would do the internal audits, find a tiny little 'NC' and then as far as I could see spend at least 30 minutes handwriting out a CAR that reported gobsmacking issues such as 'form XYZ was missing its issue date'. I figure he spent more time writing them out than fixing!

Andy's examples are good ones, highlighting the difference between when one might write up an NC and when one might not.

Ah hah, will say the rigid authoritarian, if you don't write up everything, then how will you know if there is a trend or not? It's an OK question on the one hand, but on the other, you have to keep in mind risk management, status and importance, as well as commercial considerations. And it is a question you need to have a reasonable answer to.

Agree with mmantunes, in that all Non conformities should trigger a Corrective Action.

Yes, in one of the previous threads or discussion, we identified that it either need a 'corrective action' or just a 'correction'.

Yes, in one of the previous threads or discussion, we identified that it either need a 'corrective action' or just a 'correction'.

I agree Harry :agree1:

Yes, in one of the previous threads or discussion, we identified that it either need a 'corrective action' or just a 'correction'.
im with harry on this one. not all nonconformances require Corrective action. in our audit system we have the probable outcomes. corrective actions, correction and Opportunities for improvement

Greetings

I am having a debate with management, the question being do nonconformities ALWAYS result in corrective action or are there cases where a nonconformity DOES NOT result in a corrective action. Any examples you might have would be greatly appreciated.

Thank You

:lmao:

I would agree with some of the other posters that all nonconformities do not require a corrective action. Your procedures should be detailed enough to provide guidance. TR 14969 offers the following on the subject:

The organization's corrective action procedures should clearly establish
- who is responsible for taking corrective action
- when and how this corrective action will be carried out, and
- how the effectiveness of the corrective action will be verified

also

The degree of corrective action taken should be dependent upon and
related to the risk, size and nature of the problem and its effect(s) on
product quality.

I agree completely with Geoff. I would take it one step farther however and say that in all cases when a nonconformance is documented, the Corrective Action block of the document should not be left blank. There should be some statement written into it that states why corrective action is not required in this particular case. Unless this is done, it is a flag for an auditor.

Bob

I am having a debate with management, the question being do nonconformities ALWAYS result in corrective action or are there cases where a nonconformity DOES NOT result in a corrective action.

Interesting, isn't it, that in the various posts, there is such a diversity of opinion on the subject, with strong opinions for and against? No wonder you are having a debate with your management, Maxwell. :)

We all know it's possible for Quality Nazis (or whoever) to retreat to their Quality Corner and issue a blanket 'Thou Shalt Issue a Corrective Action in every instance of Nonconformity'... even if that were decided to be the rule for your organisation or wherever, I'd like to suggest that we consider the outcomes we presumably want and call to mind some of the underlying principles of quality.

I have certainly seen the results of such a black and white insistence on a 100% rule. And one of the problems is that if people think something is stupid or overkill, they will almost certainly work to subvert or bypass the system, actively or passively.

I want good outcomes and I want to have people 'involved at all levels'. I want improvement - which means I try to bring people in & have them buy in. Then there's an infinitely better likelihood that they'll work with the system, because they had a say in it and they understand the why.

One way of perhaps moving the debate along, or opening it up in a positive way, might be to collect a number of reasonably representative examples of NCs in your particular organisation, plus perhaps a few that are a bit 'outside the norm'. These could be used to have a really interesting discussion with management (presuming they are involved and interested), to see who believes for which example that a CA should be raised - and why - and who doesn't, and why.

If you can get from there to a reasonable consensus on when one does and when one might not, or that one always would because of X and Y and Z, then you've got a much better chance of getting to where you want to get to - ie, improving.

Mr. Geoff:

I was reading through this thread and following the info flow right up until you threw in the comment about the 'economics'. I'm now confused. "Somebody" may be considering the 'economics' at some future point after I complete my audit, but it certainly isn't going to be me while I'm doing the audit.

What am I missing here?:(

Thanks for any additional enlightenment.

Bob

I'm going to step in here and offer some thoughts, I've no doubt Geoff will too.

When doing an audit (the whole of the audit, that is, including planning and preparation) it's always important to keep 'economics' in mind. One of the best reasons for doing an audit is to diagnose why there's a problem (read lost $$) with a process - non-conforming output or such like. Being able to go to management with an audit report which states, "we're losing this money due to 'x' in the process" is a very powerful statement. I've had internal auditors find as much as $8M in savings, because they 'got past' the simple 'Are we following procedures?' mentality to focus on what it cost to have an issue.

In another way, internal auditors who have a clear grasp of the Toyota Manufacturing Principles (or Lean) tend to be aware of the economics of the process they're auditing and often find opportunities to reduce waste.

Geoff, I believe, is also looking at the results of audits as needing the auditor to be aware of the likely cost/benefit ratio of any corrective action - which is often overlooked. It's a bit like a manager saying, "O.K, I know we've got a (strict) NC here, but it costs us this much 'Y' $$ to tolerate it, but 10x 'Y' to fix it......." Therefore it's unlikely to be addressed with any real enthusiasm!

Please read 21 CFR 820. I cannot remember which section exactly but the FDA has some explanation.

I'm with Jane on this one. If you tried to applie full blown correctivie action on every minute nonconformance you would get nothing else done. Forget about making money so you can survive.

To add to the discussion, from ISO 9000:2005, Quality management systems -- Fundimentals and vocabulary:

3.6.5
corrective action
action taken to eliminate the cause of a detected nonconformity or other undesirable situation

NOTE 1 There can be more than one cause for a nonconformity.

NOTE 2 Corrective action is taken to prevent recurrence whereas preventive action is taken to prevent occurrence.

NOTE 3 There is a distinction between correction and corrective action.

3.6.6
correction
action taken to eliminate a detected nonconformity

NOTE 1 A correction can be made in conjunction with a corrective action.

NOTE 2 A correction can be, for example, rework or regrade.

I should add that the audit nonconformance form used by some certification bodies requires the auditor to describe the nonconformance including objective evidence and a citation of the applicable element of the standard. The form then requires the auditee to respond with 1) correction, 2) root cause, and 3) corrective action. The corrective action is to speak to the root cause.

Many companies procedures provide for an appropriate authority to determine if a discrepant material report (DMR) (or whatever term your company uses) requires elevation to a corrective action report (CAR).

I guess that this whole thing turns on how you read element 8.5.2. "The organization shall take action to eliminate the cause of nonconformities . . . " Perhaps if you read that as ALL nonconformities you will have a different opinion than me.

…I do agree with most posters here… for me, nonconformance requires either correction or corrective action itself, to eliminate the cause of a detected nonconformity or other undesirable situation - if it is really a nonconformance…

:2cents:

OK - let's step back. Big Jim is correct to bring up the following:

there is a difference between a nonconformance to the QMS and a product that has is nonconforming to specifications. both are being discussed here without clear distinction.

there is a difference between a simple ISO9000 QMS and all the others up to and including the FDA. the requirements are not the same...

and the old bugaboo of definitions comes into play with differering meanings of the word "correct".

let's be clear about which QMS system and which type of nonconformity and which definition of the word correction we are discussing.

OK - let's step back. Big Jim is correct to bring up the following:

there is a difference bewteen a noncormance to the QMS and a product that has is nonconforming to specifications. both are being discussed here without clear distinction.

there is a difference between a simple ISO9000 QMS and all the others up to and including the FDA. the requriements are not the same...

and the old bugaboo of definitions comes into play with differering meanings of the word "correction".

let's be clear about which QMS system and which type of nonconformity and which definition of the word correction we are discussing.

Could you expand on that? I picture a product nonconformance as a QMS nonconformance, especially in the light of element 8.3, control of nonconforming product.

Could you expand on that? I picture a product nonconformance as a QMS nonconformance, especially in the light of element 8.3, control of nonconforming product.

This section of ISO9000 only addresses what to do with the product that is found to be nonconforming to specifications (i.e. defective); it does not in any way deal with actions related to the cause of the nonconforming or defective product.

The mere fact that defective product exists is not a nonconformance to the QMS; in fact the existance of 8.3 is a testament to the fact that some amount of nonconforming or defective product is to be expected. Section 8.3 addreses what to do with it when it occurs.
Failure to control defective product would be a nonconformance to the QMS (e.g. not identifying NC product as NC, knowingly shipping to a customer without the customers' agreement - or concession, etc.

There is no QMS that I am aware of that states that a defective product is a nonconformance to the QMS itself. The design and development section only requires that product be capable of meeting requirements - there is no statement about how capable it must be and certainly it never says that the product must be capable of meetign requirements 100% of the time. Section 8.2.4 does require testign to verify product conformance to requriements but does not say that all product must meet the requirements; in fact, this section is directly followed by 8.3 which addresses what to do with product that doesn't meet requirements.
There is no QMS that I am aware of that requires corrective action as to cause for every instance of a defective product or defect type. This would surely cripple an organization.

The phrase "Corrective action" as applied to internal audit findings (nonconformances to the QMS) or certain types of defective product as addressed by section 8.5 in ISO9000 is meant to be corrective action as to cause in order to prevent reocurrence....section 8.3 does not address this at all.

The way I read it, ISO 13485 gives us the flexibility to determine when we will take corrective action. Clause 8.5.2c says we must be:...evaluating the need for action to ensure that nonconformities do not recur...

I'm a big proponent of using the corrective action process effectively when it's needed. Prioritize how you'll use your limited resources. I think the type of nonconformity and the effects of the nonconformity will help us to decide if taking corrective action is appropriate. If it's a significant customer contract requirement or regulation that's being violated, yes. If it's a safety issue, definitely.

However, if we impose a non-value-added requirement on ourselves, then find a nonconformity against it, it would be better to eliminate the requirement (correction) instead of wasting time evaluating root cause of why the requirement wasn't met. Also, a $10,000 solution to a $10 a year problem would be rediculous. Use common sense! (Even though sometimes it's not so common...)

Howste, you have wisdom beyond your years. I couldn't agree with you more.

Right ON!

Bob

This section of ISO9000 only addresses what to do with the product that is found to be nonconforming to specifications (i.e. defective); it does not in any way deal with actions related to the cause of the nonconforming or defective product.

The mere fact that defective product exists is not a nonconformance to the QMS; in fact the existance of 8.3 is a testament to the fact that some amount of nonconforming or defective product is to be expected. Section 8.3 addreses what to do with it when it occurs.
Failure to control defective product would be a nonconformance to the QMS (e.g. not identifying NC product as NC, knowingly shipping to a customer without the customers' agreement - or concession, etc.

There is no QMS that I am aware of that states that a defective product is a nonconformance to the QMS itself. The design and development section only requires that product be capable of meeting requirements - there is no statement about how capable it must be and certainly it never says that the product must be capable of meetign requirements 100% of the time. Section 8.2.4 does require testign to verify product conformance to requriements but does not say that all product must meet the requirements; in fact, this section is directly followed by 8.3 which addresses what to do with product that doesn't meet requirements.
There is no QMS that I am aware of that requires corrective action as to cause for every instance of a defective product or defect type. This would surely cripple an organization.

The phrase "Corrective action" as applied to internal audit findings (nonconformances to the QMS) or certain types of defective product as addressed by section 8.5 in ISO9000 is meant to be corrective action as to cause in order to prevent reocurrence....section 8.3 does not address this at all.

Thank you for helping me to better understand 8.3.

In light of 8.5.2 I still don't see how product nonconformance is not a QMS nonconformance. I think you comment about 8.3 being a testiment that junk happens when dealing with product is correct, but I think a similar argument can be made about QMS nonconformances as well in that the entire standard helps provide remedy when QMS nonconformances are found.

So perhaps we are still centered on how you read the opening of 8.5.2. "The orgainzation shall take action to eliminate the cause of nonconformities in order to prevent recurrence." If you read that as ALL nonconformities then it would be very difficult to live with.

Thank you for helping me to better understand 8.3.

In light of 8.5.2 I still don't see how product nonconformance is not a QMS nonconformance. I think you comment about 8.3 being a testiment that junk happens when dealing with product is correct, but I think a similar argument can be made about QMS nonconformances as well in that the entire standard helps provide remedy when QMS nonconformances are found.

So perhaps we are still centered on how you read the opening of 8.5.2. "The orgainzation shall take action to eliminate the cause of nonconformities in order to prevent recurrence." If you read that as ALL nonconformities then it would be very difficult to live with.

I think you're over thinking this. defective product in and of itself has never been interpreted to be a nonconformance to the QMS. a corrective action as to cause to prevetn reocurrence for every defect would be completely onerous and absurd. the entire purpose of 8.3 is to deal with the inevitability that defective product will be made. 8.5.2 does not say ALL. in fact the second sentence says "Corrective actions shall be appropriate to the effects of the nonconformities encountered", meaning that sometimes corrective action is simply rework or throw away and move on...teh nonconformities in this case refer to both QMS and product requirements. you must read the standard as a whole and not as stand alone bits and pieces.

A nonconformance with the product or the process or the QMS is irrelevant. A failure is a failure...end of story. Which path we follow in the treatment or the resolution of the failure is key to ensure that we add value to our Stakeholders (of which the Customer is one).

There are times when Corrective Action is required...a full blown root cause analysis, an action plan, a verification plan, etc.

There are times when (working for a steel mill) I say it's a 'quick wham-bam-let's-get-back-to-making-steel' approach. This means we implement a correction and get back to making our product.

The question becomes, however, when is Corrective Action required and when is a Correction appropriate?

The answer is..."What ever works for your organization." Data analysis will tell you where your largest problems are occurring. I'd adopt Correction Action for the top 20% of the problems and Corrections for the remaining 80.

To ensure consistency, develop, document and implement Nonconformance Triggers. This is a matrix that shows for each process/department within your organization when a failure requires a Correction or Corrective Action.

For example, in your manufacturing process, you may deem that less that 5 pieces scrapped on one order will result in a Correction but >= 5 will prompt Corrective Action. In your Customer Complaint process, you may state that any complaint < x $ is a Correction but anything higher will be a Corrective Action.

Each process owner(s)/department should define their own set of triggers, but it is great to consolidate this information. By structuring the processes/departments in a sequential flow that mimics the creation of your product or service, this Matrix helps to show how a failure in one process can adversely impact their internal Customer (i.e., the next process/department in line).

The good part about this approach is that if you focus and properly apply your problem solving skills and resources on those top issues, your organization will get them under control and they will cease to be problems. As part of a regular data analysis program (e.g., annual review of trends, indicators, etc.), a new "top 20" list may arise and you can revise your triggers for the following cycle.

ah - but you're trying to apply logic and reason!

The difference between a nonconformance to the QMS or of the product to requirements is the key to the OP's question: the question being: "do nonconformities ALWAYS result in corrective action or are there cases where a nonconformity DOES NOT result in a corrective action".

If we accept that his use of the phrase of "Corrective Action" means the standard definition = "corrective action to prevent recurrence" then we must be aware that for ISO9000, section 8.2.2 internal audit (which addresses nonconformities to the QMS) states very clearly "The management responsible for the area being audited shall ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes. Internal audit is focused on QMS compliance and not product conformance. In this case, corrective action is generally interpreted to be required.


internal auditors tend to fudge about with the definition of what constitutes a 'finding' of nonconformance. isolated instances of a signel clerical error or mistake may not be deemed a finding of nonconformance by some auditors so as to avoid corrective actions, but this approach is subject to intense debate...

Bev D - you maybe right about what's generally interpreted - and that's where conventional wisdom is often incorrect!

A few years back, At the ASQ conference, a keynote address was given by Jack West which (basically) said that he external audit model was to balme for 'over interpreting' the need for corrective action (including root cause analysis) instead of allowing for correction.

I'd go further and say the whole internal audit model needs to change (away from current 'wisdom'), including ensuring that auditors only report non-conformities (and effectiveness is key, here) and allow management to decide on how to treat the actions. After all, it's their business.

If they fail to get serious about this, no internal auditor is going to change anything, no amount of threats about the CB auditor finding the same or grading nc's as major/minor will drive any actions! Indeed, treating all audit findings as needing (root cause) corrective actions, is IMHO, one of the fastest ways to bring the system down to simply keeping a certificate on the wall

Bev D - you maybe right about what's generally interpreted - and that's where conventional wisdom is often incorrect!


yes - it's just soooooo difficult to get past the statemetn in the internal audit section "The management responsible for the area being audited shall ensure that actions are taken without undue delay to eliminate detected nonconformities and their causes". If the statement stopped at eliminate nonconformities, simple correction would be accepted as allowable. but alas "and their causes" takes us beyond simple correction...:(

I think you're over thinking this. defective product in and of itself has never been interpreted to be a nonconformance to the QMS. a corrective action as to cause to prevetn reocurrence for every defect would be completely onerous and absurd. the entire purpose of 8.3 is to deal with the inevitability that defective product will be made. 8.5.2 does not say ALL. in fact the second sentence says "Corrective actions shall be appropriate to the effects of the nonconformities encountered", meaning that sometimes corrective action is simply rework or throw away and move on...teh nonconformities in this case refer to both QMS and product requirements. you must read the standard as a whole and not as stand alone bits and pieces.

I think you and I are closer than you realize. I'm the one who first posted that I don't believe that ALL is the intent of the standard.

The point in which we may need to agree to disagree is about product nonconformance being included in QMS nonconformance. Reading the entire standard as a whole, I don't understand how it could be any other way. In either case, we both have lots of company.

If the statement stopped at eliminate nonconformities, simple correction would be accepted as allowable. but alas "and their causes" takes us beyond simple correction...:(

Only if you let it..........

Too many QMS folks spend way too much time agonizing over root cause. Often the cause is right under our noses, so I fail to see why it can't be considered as part of the correction. Just like how we treat non-conforming product really! Don't forget, Mr. West is on TC 176, so I take it they talked at length about this! I'm sure they didn't all mean root cause for all audit non-conformities.

Of course, if I ruled the world, the audits would tackle issues that management have a vested interest in, so their responses wouldn't rely on any wording in the standard - they'd get on with it because their (personal functional) performance depended on it! Maybe the next revision of ISO 9000 might address a more robust focus for internal audits!

There are times when Corrective Action is required...a full blown root cause analysis, an action plan, a verification plan, etc.

There are times when (working for a steel mill) I say it's a 'quick wham-bam-let's-get-back-to-making-steel' approach. This means we implement a correction and get back to making our product.

Each process owner(s)/department should define their own set of triggers, but it is great to consolidate this information. By structuring the processes/departments in a sequential flow that mimics the creation of your product or service, this Matrix helps to show how a failure in one process can adversely impact their internal Customer (i.e., the next process/department in line).

The good part about this approach is that if you focus and properly apply your problem solving skills and resources on those top issues, your organization will get them under control and they will cease to be problems. As part of a regular data analysis program (e.g., annual review of trends, indicators, etc.), a new "top 20" list may arise and you can revise your triggers for the following cycle.

Yes - great advice and a very practical approach. I couldn't agree with you more.

Some organisations may choose a 'corrective action' for every nonconformity. That's their choice, and hopefully for sound reasons. But it's not one I'd recommend in 99% of circumstances, and I'd really want to discuss with any company proposing it their reasons for doing so. 80/20 rule tends to be more valuable.

I have seen companies impose this kind of blanket, B&W rule... and also seen that in many cases, it can take far longer to fill the form in than to actually fix whatever the issue is... and for virtually zilch value! At times it seriously does become 'quality gone mad'. Definitely the kind of thing that tends to turn people off.

If only common sense were more common. :(

I'm with RC and Jane. There are issues that really are indicators of a broken system, and there are issues that are just a bug on the windshield of progress. A bug on the windshield does not necessitate removing the windshield to wipe it off.

I'm going to step in here and offer some thoughts, I've no doubt Geoff will too.

-Snip-

Geoff, I believe, is also looking at the results of audits as needing the auditor to be aware of the likely cost/benefit ratio of any corrective action - which is often overlooked.

Mr. Andy:

Thank you for the additional information. I've shared this thread with Dr. P, my Audit Manager. The Cove has helped generate some lively interaction for us.:applause:

However, Dr. P says, sorry, no, as the concept of the OP's original question has been shifted somewhat. Some of this is putting the cart before the horse. It is not up to me to be influenced by possible "economic" considerations while doing our (Regulatory) Audits. As far as the Results of the Audit and any Corrective Actions and dealing with Management, that's his job, not mine (as the Auditor). :)

BobA5835

[quote=AndyN]I'm going to step in here and offer some thoughts, I've no doubt Geoff will too.

-Snip-

Geoff, I believe, is also looking at the results of audits as needing the auditor to be aware of the likely cost/benefit ratio of any corrective action - which is often overlooked.

Mr. Andy:

Thank you for the additional information. I've shared this thread with Dr. P, my Audit Manager. The Cove has helped generate some lively interaction for us.:applause:

However, Dr. P says, sorry, no, as the concept of the OP's original question has been shifted somewhat. Some of this is putting the cart before the horse. It is not up to me to be influenced by possible "economic" considerations while doing our (Regulatory) Audits. As far as the Results of the Audit and any Corrective Actions and dealing with Management, that's his job, not mine (as the Auditor). :)

BobA5835

The OP didn't state anything about doing regulatory audits, which is a different kettle of fish.

However, I still maintain, that any internal auditor should have their antenna up regarding the cost impact of what they're seeing.

Dr. P may not see it that way, not many do (IMHO) and, as a result, organizations tend to get little to no benefit from their audits.......

I want to thank everyone who contributed to the discussion (Do non conformances always result in corrective action). I appreciate being able to get different so many different opinions from so many quality professionals (thank you cove). In the end I guess it is ultimately the organizations choice. :thanks:

I want to thank everyone who contributed to the discussion (Do non conformances always result in corrective action). I appreciate being able to get different so many different opinions from so many quality professionals (thank you cove). In the end I guess it is ultimately the organizations choice. :thanks:

Absolutely!

If you dont have a source for corrective /preventive action, then it is not a non-conformance. In our QMS,every non-conformance will have some root cause and corrective/preventive action .

If you dont have a source for corrective /preventive action, then it is not a non-conformance.

Sorry, but this sentence simply does not make sense to me. What do you mean?

Let's have a look at ISO 9001 standard!

8.5.2 states that "..organization shall take action to eliminate the cause of the nonconformity ..." . OK, up to this point it seems that we need to be very stringent about nonconformities !!

But wait ... going forward in 8.5.2, we see that there is a process-like steps for elimination of root causes.

if we get the hurt of requirement stated in subclause (c), there should not be any doubt about nonconformities and subsequent actions.

It says "...Evaluation the need for action to ensure that nonconformities do not recure..."

I think (personally) that ISO 9001, provides an opportunity to re-think about necessity to take further actions.

:cool:

I've seen instances where minor non-conformances have occurred due to circumstances that are unique/isolated/unusual situations. The QA Manager decided that a CAPA was not needed. The non-conformance was simply documented, along with the root cause, the reason that the root cause was isolated and not likely to recur, and the resolution for the particular instance of non-conformance. The QA Manager signed off explicitly that a CAPA was not required for the situation.

Note: The QA Manager only did this for very minor non-conformances. However, you were looking for instances where CAPAs were not issued, so these are instances that I have seen.

IMNSHO, the best way to address this type of thing is before it happens, in your SOPs and reporting forms. The SOP should explicitly identify conditions where a CAPA may not be required, and should identify what explanations and sign-offs are needed when choosing not to issue a CAPA. Any forms used to document non-conformances should include a check-off for whether a CAPA was issued, and if not, should include a fillable field for the explanation for not issuing the CAPA.

Sorry, but this sentence simply does not make sense to me. What do you mean?

there is no non-conformance without corrective or preventive action. thats what i mean..

there is no non-conformance without corrective or preventive action. thats what i mean..

What if the root cause is an anomaly that cannot be prevented or mitigated, and if the result of the non-conformance is an anomalous deviation that is acceptable and that can be explained?

I grant that this is an unusual set of circumstances, but I've seen this happen, so it's not outside the realm of possibility.

there is no non-conformance without corrective or preventive action. thats what i mean..

? tautology, oh tautology...

:bonk:

In our small organisation, sometimes a minor nonconformance is addressed via an explanation of the root cause and impact of the nonconformance which may include a risk assessment but no further action. I advocate the tracking and trending of nonconformances and taking further action if the trend indicates, rather than corrective active action for every nonconformance. We need to bear in mind the frequency, cost, impact on quality/regulations/business/customer etc when deciding to take further action.

In our small organisation, sometimes a minor nonconformance is addressed via an explanation of the root cause and impact of the nonconformance which may include a risk assessment but no further action. I advocate the tracking and trending of nonconformances and taking further action if the trend indicates, rather than corrective active action for every nonconformance. We need to bear in mind the frequency, cost, impact on quality/regulations/business/customer etc when deciding to take further action.

Risk Assessment is a preventive action. so non-conformance doesnt exist without any corrective or preventive actions.

though u tracking the small non-conformances, altast if u take a corrective action/preventive action which is a action taken common for all those small non-conformances..

Or else , cite one example of non-conformance without any corrective or preventive action in any field..

Cite one example of non-conformance without any corrective or preventive action in any field..

The company in question, Company X, had SOPs for assembling and transporting product. The SOPs were very specific about exactly what types of equipment and supplies were to be used, right down to the shipping companies and protocols. However, due to an extraordinarily unusual confluence of events, including a plant move among other things, neither of the standard shippers could pick up the product in time, and a different shipping partner had to be used.

The QA Manager reviewed the series of events, and determined that the likelihood of that particular confluence of events happening again was almost nil, so the QAM wrote an Incident Report that explained what happened, why it was unlikely to happen, and how it was essentially impossible to predict that particular series of events, let alone prevent it.

There was no corrective action needed, as the deviation did not interfere with the satisfactory delivery of the product to the buyer. There was no preventative action that could be taken, because of the inability to even predict, let alone prevent, that series of events.

there is no non-conformance without corrective or preventive action. thats what i mean..

What if the root cause is an anomaly that cannot be prevented or mitigated, and if the result of the non-conformance is an anomalous deviation that is acceptable and that can be explained?

I grant that this is an unusual set of circumstances, but I've seen this happen, so it's not outside the realm of possibility.

well I would say that you actually have determined cause and determined a corrective action. You can't know that the occurence an "anomoly" without knowing something about it's cause - even it's just it's occurence rate and knowledge that it's an error / catastrophic event. If you know that the resulting deviation is "acceptable" then the corrective action would be to change the system to either allow the event - why is it a nonconformance fi nothing bad happens? there in lies your corrective action.

I would say that all nonconfromances have a viable corrective action - it's just that occassionally the corrective action isn't against the cause, nor does it have to be.

Our approach is:

A) for all in-house non-conformances:
a)Take 100% disposition actions at the earliest, in MANY cases immediately. (We compare this situation to giving a 'First-aid' to an injured person)

b) Record all nonconformances and assess for :
1. Repeating problems
2. Problems with very high RISK (life / Person)
3. Problems with very HIGH MAGNITUDE' (monetary loss- organisation)
If the review answer says 'yes' to any one of the three options, THEN TAKE CORRECTIVE ACTION VIA ROOT CAUSE ANALYSIS and FMEA.

We have a weekly review on in-house quality performance and also a Quality Status report every month to check for any missed actions.

----------------------------------

B) NO SUCH EXECPTIONS for:
1. Customer complaints
2. Audit Non-conformances

Not only immediate correction is required, a detailed analysis followed by several actions are required to be implemented.

Any comments please.....

I'm not sure we agree about what a corrective action plan might be.

As I understand it, a corrective action plan details what actions are to be taken to fix what went wrong. In the situation I described, there was no corrective action plan created, because there was no corrective action needed.

We did a root cause analysis, and I would say categorically that all non-conformances *do* require a root cause analysis. However, under some circumstances, preventative actions might not be necessary or even possible, and corrective actions might not be required.

well I would say that you actually have determined cause and determined a corrective action. You can't know that the occurence an "anomoly" without knowing something about it's cause - even it's just it's occurence rate and knowledge that it's an error / catastrophic event. If you know that the resulting deviation is "acceptable" then the corrective action would be to change the system to either allow the event - why is it a nonconformance fi nothing bad happens? there in lies your corrective action.

What you're suggesting is that when a nonconforming condition is an obvious outlier--and it does happen--then some sort of correction is necessary, even if it's only to allow for the event in question. I disagree--if the cause is either understood and considered negligible or unknowable (and that happens too), it should be enough to record that fact in answer to the NC and go on with life. There's nothing to be gained from correcting things that don't need to be corrected.

I would say that all nonconfromances have a viable corrective action - it's just that occassionally the corrective action isn't against the cause, nor does it have to be.
If it's not against the cause, it's generally not worth pursuing, imo.

Risk Assessment is a preventive action. so non-conformance doesnt exist without any corrective or preventive actions.

though u tracking the small non-conformances, altast if u take a corrective action/preventive action which is a action taken common for all those small non-conformances..

Or else , cite one example of non-conformance without any corrective or preventive action in any field..

No I disagree. Risk assessment can be performed at any time, whether nonconformance CA or PA. Also, just because you have lots of minors, if there is no common threads, and the impact assessment is minor, then there is no action needed.

What you're suggesting is that when a nonconforming condition is an obvious outlier--and it does happen--then some sort of correction is necessary, even if it's only to allow for the event in question. I disagree--if the cause is either understood and considered negligible or unknowable (and that happens too), it should be enough to record that fact in answer to the NC and go on with life. There's nothing to be gained from correcting things that don't need to be corrected.


If it's not against the cause, it's generally not worth pursuing, imo.

well to clarify I was thinking primarily of internal audit NCs which require corrective action and not the general case where a product NC to a spec might have occured (the good old "use as is" or scrap it and move on).

I do agree with you that there are times when isolated events with trivial consequences can and should be stepped over.

However, when the NC is an audit finding (as was my assumption in my response) and a Corrective Action is issued (as ISO strongly implies is required) often the best thing to do is to take corrective action to eliminate the source of the nonconformance which is often a poorly written / over specified procedure.


When the NC is a product nonconformance to a spec and the cause is isolated and the effect is not harmful - we often don't get corrective actions. so those were not in my thought process. and in these cases I agree with you totally that corrective action is not warranted. There are times when the cause is not isolated or there are many unrealted causes and the effect is not harmful. These cases typically result in documentation of that fact and a "use as is" disposition. there is some value to changing the spec and gettign away from the documentation. Of course this must be weighed against all other problems...

well to clarify I was thinking primarily of internal audit NCs which require corrective action and not the general case where a product NC to a spec might have occured (the good old "use as is" or scrap it and move on).

I do agree with you that there are times when isolated events with trivial consequences can and should be stepped over.

However, when the NC is an audit finding (as was my assumption in my response) and a Corrective Action is issued (as ISO strongly implies is required) often the best thing to do is to take corrective action to eliminate the source of the nonconformance which is often a poorly written / over specified procedure.


When the NC is a product nonconformance to a spec and the cause is isolated and the effect is not harmful - we often don't get corrective actions. so those were not in my thought process. and in these cases I agree with you totally that corrective action is not warranted. There are times when the cause is not isolated or there are many unrealted causes and the effect is not harmful. These cases typically result in documentation of that fact and a "use as is" disposition. there is some value to changing the spec and gettign away from the documentation. Of course this must be weighed against all other problems...

In the case of an internal audit finding, I agree that there should be some form of CA. If an auditee disagrees with a finding, or thinks it's not worthy of CA, it should be worked out with the auditor or some higher authority.

Any non-conformance requires investigation irrespective of the source (internally identified, customer complaint, (internal) audit, product inspection, lab investigation, etc). The investigation should results in:
The severity of the non-conformity, especially all potential hazards to patients or users of the device;
The root cause;
The occurence rate and the likelyhood of re-occurence. The non-conformance identified may not have been the only occasion it occured, or on the other hand could have been an incident. The root cause determination may help in identifying other occurences. Especially in case of a product non-conformance, all non-conforming products must be identified.

The severity and occurance rate are input to a risk analysis to determine the risks associated to the non-conformity. The acceptability of the risks should be evaluated. In case of low severity and/or unlikely re-occurence, the risk may be acceptable and no corrective actions required. If the non-conformity has severe impact to patients safety or has a high likelyhood of reoccurence, the risk is intollerable and must be adressed by risk control measures (i.e. the corrective actions)
In case of medical devices a risk management file is associated to each product (as required per ISO 14971). The risk management file specifies which (design, process, application) risks are identified with the product, the associated hazards, the severity, the likelyhood of occurence and how they are controlled. The risk management file is generated during the design of the product, but should be maintained throughout the life cycle of the product. In other words, if the risk controls have proven ineffective by the non-conformity investigation they should be improved (i.e. the corrective action) and if needed the risk management file updated. These activities are critical in assuring only safe product are put into the market, therefore they have full attention during FDA inspections and Notified Body audits.

I do agree with you that there are times when isolated events with trivial consequences can and should be stepped over.

However, when the NC is an audit finding (as was my assumption in my response) and a Corrective Action is issued (as ISO strongly implies is required) often the best thing to do is to take corrective action to eliminate the source of the nonconformance which is often a poorly written / over specified procedure.

...

NNoooooooooooo!

Never 'step over' an audit finding! - put it in the summary report. It may not warrant any action at the time it was found (in isolation) but if it goes unrecorded, you may be missing an opportunity to 'see' it occuring in other places, each time as 'isolated' situations. Hence, the audit manager won't be able to detect a trend and, say after 3, 4, 5 or 6 audits, focus attention on the system which is causing these not so isolated findings.......

The wording of ISO is a moot point since the 08 version allows, specifically, for corrections. I'd be very wary of jumping to the conclusion that the root cause is the procedure being too specific! That, itself, has a root cause........

Greetings

I am having a debate with management, the question being do nonconformities ALWAYS result in corrective action or are there cases where a nonconformity DOES NOT result in a corrective action. Any examples you might have would be greatly appreciated.

Thank You

:lmao:

:confused: With all of the comments I am a little confused because I am not sure which standard we are talking about. Some comments address ISO9001:200x and others talk about ISO 13485.

Which one are we talking about here: ISO 9001:200x or ISO 13485. Can you please enlighten me?

NNoooooooooooo!

Never 'step over' an audit finding! - put it in the summary report. It may not warrant any action at the time it was found (in isolation) but if it goes unrecorded, you may be missing an opportunity to 'see' it occuring in other places, each time as 'isolated' situations. Hence, the audit manager won't be able to detect a trend and, say after 3, 4, 5 or 6 audits, focus attention on the system which is causing these not so isolated findings.......

The wording of ISO is a moot point since the 08 version allows, specifically, for corrections. I'd be very wary of jumping to the conclusion that the root cause is the procedure being too specific! That, itself, has a root cause........

AndyN - reread my post - I believe I clearly differentiated between audit findings and product NCs. I clearly said that audit NCs must have corrective action and they would therefore be documented in a corrective action. IF and when ISO 08 is released I would advocate for documenting trivial findings that are 'corrective action worthy' in the audit report...

I do not jump to the conclusion that a procedure is too specific. I would have to have proof. I am especially sensititive to people going around procedures because they feel the procedure is too 'restrictive'. However in the example of the shipping company given earlier that procedure was clearly too proscriptive - everybody did the right thing for the right reasons but were still in violation of a self imposed procedure. Should we go after the root case of overly proscriptive procedures? well maybe - if there are enough of them to warrant such action - remember too that the current released version of ISO says that for audit findings "actions are taken without undue delay to eliminate detected nonconformities and their causes". It does not say action must be taken against ROOT or SYSTEMIC causes. And if we have an overly proscriptive procedure and we change it to allow for actions that are perfectly acceptable yet are 'nonconformances' to the proscriptive version of the procedure we have in fact eliminated the nonconformance and it's cause without undue delay...

we MUST prioritize our work. not all problems are of equal effect on the organization. and no organization that I know ahs the manpower to deal with every little thing that isn't perfect. (that's not to say that I am opposed to continual improvement - I'm not - but it's a continual process not one big giant leap)

Bev, I did re-read your post and now I'm even more confused! Non-conformities, whether for internal audits or products, should not be 'stepped over'!

What people 'feel' about a procedure being too restrictive is not what the auditor is there to report. It may be a symptom, not the reason. There's a lot of information an auditor can gather to discover why the people aren't doning what the documentation says......

To assign a corrective action each and every time there's an internal quality system audit finding is an old fashioned, external audit based technique, which shouldn't be emulated internally........IMHO

Bev, I did re-read your post and now I'm even more confused! Non-conformities, whether for internal audits or products, should not be 'stepped over'!

What people 'feel' about a procedure being too restrictive is not what the auditor is there to report. It may be a symptom, not the reason. There's a lot of information an auditor can gather to discover why the people aren't doning what the documentation says......

To assign a corrective action each and every time there's an internal quality system audit finding is an old fashioned, external audit based technique, which shouldn't be emulated internally........IMHO

OK I really think you are misinterpreting waht I've written so let's take a different approach: what is your definition of "stepping over" and specifically why do you think I'm advocating it?

(I agree with you on issuing a CA for every internal audit NC - but the current released version of ISO9000 does require it...)

:confused: With all of the comments I am a little confused because I am not sure which standard we are talking about. Some comments address ISO9001:200x and others talk about ISO 13485.

Which one are we talking about here: ISO 9001:200x or ISO 13485. Can you please enlighten me?

I have the same question...

Please help.

Stijloor.

Going back to the original question, I would use the guidance of "The degree of corrective action taken should be dependent upon and
related to the risk, size and nature of the problem and its effect(s) on product quality" to state that all NC's should have Corrective Action considered.

If there is an action - no matter how trivial (eg enter a missing but recorded-elsewhere piece of information on a form) or complex (Re-engineeded the business) then by definition you have taken Corrective Action. If in your considerations you and the management team decided to do nothing then I would strongly recommend documenting this (briefly) and why.

There is whole lot of difference between not impementing a Corrective Action and making a decision not to implement a Corrective Action.

Hi Allan66,

Welcome to the Cove :bigwave:

Well said :applause:

I have the same question...

Please help.

Stijloor.
ISO 13485:2003 is the quality mangement system standard for the medical device industry. It basically has the same requirements (text) as ISO 9001:2000 with a few adaptations specifically for the medical device industry. Interestingly for corrective action it adds the requirement of recording of the results of any investigation.:cool: