SBS - The Best Value in QMS software

Addressing Non-Conformances from an Internal Audit that are not product related

#1
We had an outside company come in last year to perform our Internal Audit. They found 25 NC's which are all procedure related that have no effect on product. These NC's are mainly "you should have added this statement to adhere to the standard" or the need to add or clarify verbiage to procedures or the Quality Manual to meet the standard expectations. What process has been used to address these types of NC's? If we write a CAPA, how would we verify the effectiveness of adding a statement to a procedure to better align with the standard? Again, the findings were not apart of any procedures that had a direct impact on product. The NC's found have no risk to the performance of the device. We are currently in our recertification audit and received a major non-conformance for not formally addressing last year's 25 Internal Audit findings. We stated in this year's management review that we plan to close them out by Mid April.

Desperate for suggestions.....
 
Elsmar Forum Sponsor

John Broomfield

Staff member
Super Moderator
#2
Implying that some nonconformities are okay could result in a permissive work environment* that allows employees to see and keep quiet about nonconformities.

Your system’s nonconforming processes may result in nonconforming services or products. So do not disparage the reporting of processes not conforming to their procedures or procedures not conforming to their processes.

All nonconformities need correction if not corrective action so apply your risk assessment criteria to decide which nonconformities deserve investment in the removal of their root causes from your system.

* The only bad nonconformity is the one you do not know about.
 

RoxaneB

Super Moderator
Super Moderator
#3
If you have multiple NCs along the same lines, I question why they weren't lumped into one over-arching finding that would encompass the observed systemic issue.

My initial thought - without knowing all of the details - would be to offer one response and indicate the group of individual findings that the correction action will address.

It's also one thing to add a statement to "adhere to the standard", but it's something else to actually do it. Is your organization actually meeting the requirements? At a quick glance, I'd offer the answer is 'no' based on the additional finding of not formally addressing the previous internal audit findings. The finding may be that they were invalid and someone in senior leadership will likely need to sign off on that. But if they are valid, you may wish to re-consider how your organization documents their processes.

There may not be a direct impact on the product, but what about an indirect/supportive relationship? We still need those processes to ensure the right product gets out the door at the right time.
 

Jim Wynne

Staff member
Admin
#4
We had an outside company come in last year to perform our Internal Audit. They found 25 NC's which are all procedure related that have no effect on product. These NC's are mainly "you should have added this statement to adhere to the standard" or the need to add or clarify verbiage to procedures or the Quality Manual to meet the standard expectations. What process has been used to address these types of NC's? If we write a CAPA, how would we verify the effectiveness of adding a statement to a procedure to better align with the standard? Again, the findings were not apart of any procedures that had a direct impact on product. The NC's found have no risk to the performance of the device. We are currently in our recertification audit and received a major non-conformance for not formally addressing last year's 25 Internal Audit findings. We stated in this year's management review that we plan to close them out by Mid April.

Desperate for suggestions.....
There's enough here to suggest that your external source for auditing might not be competent. If you could give us an example or two of the nonconformity statements you're concerned about it will be easier to give you advice. Please give the complete verbatim statement(s).
 

ScottK

Not out of the crisis
Staff member
Super Moderator
#5
Sounds like your organization is in a tough position.
Should have done something on these - at least had an initial response and plan for each one - for your re-registration audit. Even if your company did not agree with the findings. If you're in the middle of your re-registration it's a bit late for that.
Right now - Stop thinking about "direct impact on the product". Product is only one piece of the pie when doing a quality system audit. It's a quality system... that's all the processes that go into your operation of making the product in accordance with the standard. If the findings were about accounting/finances - you have a point as that's not covered. But just about everything else in a manufacturing operation is.

Honestly, if I was auditing one of my suppliers and found that there were 25 open NC's, with no action, from a single audit done last year I would rate that as a major too. Without knowing what they are I can't really say if I'd also be skeptical that the organization would be able to close them in 2 months.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#6
There's enough here to suggest that your external source for auditing might not be competent.
In vehement agreement. The OP tries to make a case that none of the NC's point to a risk in product conformity, but how do we even know the outsourced internal auditor knows ANYTHING about the product realization process to adequately assess the risks? The tone of the NC's disclosed so far point to the typical situation where the "internal auditors" were focusing on........wait.........documentation; the easiest piece of a system to assess; the low hanging fruit, opportunity-rich for likes, dislikes and "suggestions". Auditors tend to gravitate to their comfort zones and avoid controversy. Comments such as "...you should have added this statement..." shows superficiality in assessment and poor reporting technique.

Unfortunately, many times, the results of a system audit, be it internal or external, depends much more on the caliber/competence/knowledge of the auditor than the system itself. And a semi-competent auditor might "mask" some serious flaws of a system and give the organization an erroneous "bill of health".
 

Golfman25

Trusted Information Resource
#7
We had an outside company come in last year to perform our Internal Audit. They found 25 NC's which are all procedure related that have no effect on product. These NC's are mainly "you should have added this statement to adhere to the standard" or the need to add or clarify verbiage to procedures or the Quality Manual to meet the standard expectations. What process has been used to address these types of NC's? If we write a CAPA, how would we verify the effectiveness of adding a statement to a procedure to better align with the standard? Again, the findings were not apart of any procedures that had a direct impact on product. The NC's found have no risk to the performance of the device. We are currently in our recertification audit and received a major non-conformance for not formally addressing last year's 25 Internal Audit findings. We stated in this year's management review that we plan to close them out by Mid April.

Desperate for suggestions.....
Sounds like the just did a stage 1 type document review. Not really and effective internal audit. So it begs the question, what did you do with the results? Why or why not? I don't know if ISO 13485 requires a full 8D type process or not, but standard ISO would allow you just to make a correction and update your docs. as you saw fit.
 
#8
There's enough here to suggest that your external source for auditing might not be competent. If you could give us an example or two of the nonconformity statements you're concerned about it will be easier to give you advice. Please give the complete verbatim statement(s).
NC#5
The organization does not define the period for which at least one copy of obsolete documents are retained.

NC#10
The QMS does not address UDI “7.5.8 Identification requirement”
—— this is not applicable as we are a contract manufacturer. Adding a statement to our Manual would satisfy this NC. Correct? What would be the verification of effectiveness? How can this be monitored?
 

ScottK

Not out of the crisis
Staff member
Super Moderator
#9
NC#5
The organization does not define the period for which at least one copy of obsolete documents are retained.

NC#10
The QMS does not address UDI “7.5.8 Identification requirement”
—— this is not applicable as we are a contract manufacturer. Adding a statement to our Manual would satisfy this NC. Correct? What would be the verification of effectiveness? How can this be monitored?
In NC 5 do they cite the requirement? I mean it's a typical practice to keep prior revisions archived but there are several ways to that. How do you keep your revision history?

NC 10. Contract manufacturer or not, you need to consider UDI. Your procedure or quality manual may state that as a contract manufacturer it is the customer's responsibility to provide UDI information for you to apply to the product.... or that the customer will apply UDI after your operation... I agree that as a CM you should not own the UDI, but you need to have a process for controlling what is provided by your customers for their needs. Even if it's just a blurb in your Quality Manual.
 

Johnnymo62

Haste Makes Waste
#10
I worked for a medical device contract manufacturer years ago and we had to be able to trace from component part lots to individual device serial number we made, to the part delivered to the customer. The customers usually defined all marking and labeling requirements.

This traceability can reduce the number of units to recall, if it gets to that.
 
Thread starter Similar threads Forum Replies Date
K Addressing Missing Documentation Document Control Systems, Procedures, Forms and Templates 7
qualprod Addressing poor commitment in people Misc. Quality Assurance and Business Systems Related Topics 23
R Addressing training requirements - 21 CFR Part 820.25 (1) & (2) Other US Medical Device Regulations 4
H Addressing of Undesirable side-effects, harms, risks and side-effects in clinical evaluation report (CER) EU Medical Device Regulations 12
P Interesting Discussion Addressing Human Factors in Corrective Action AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 23
JoshuaFroud Addressing wet ink signatures when more than one site is involved 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 8
J IATF 16949 Cl. 7.5.1.1 d - Customer Requirements - How are people addressing? IATF 16949 - Automotive Quality Systems Standard 10
Q Risk (closeout and options for the addressing) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
Q ISO9001:2015 Cl. 6.1 - What evidences of risk addressing is needed? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
A Addressing every clause in ISO 17025 ISO 17025 related Discussions 1
Sam Lazzara Experiences with Notified Bodies addressing EN ISO 14971:2012 Annex Zs ISO 14971 - Medical Device Risk Management 5
D CAPA Follow-up - Format for Addressing the Assessment ISO 13485:2016 - Medical Device Quality Management Systems 4
J Suggestions for addressing Printed Paper Documents Document Control Systems, Procedures, Forms and Templates 3
J AS9100 Rev C Internal Audit Procedure/Plan - Addressing 8.2.2 - Customer Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
F Document Control - Addressing control of content stored on web sites Document Control Systems, Procedures, Forms and Templates 9
B Addressing Lots that were measured with Out of Tolerance Gage Pins Nonconformance and Corrective Action 5
Sidney Vianna Public Comments Requested on ISO Standard Addressing Six Sigma - ISO 13053 Other ISO and International Standards and European Regulations 9
R Addressing Inspection in PFMEA (Process FMEA) FMEA and Control Plans 2
S ISO 9001:2008 Addressing the "Notes" in my quality Manual ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
T Addressing ISO 9001 Section 7 in the Quality Manual when Design is Excluded Design and Development of Products and Processes 6
K Compliance of Control Plans to Annex A - Addressing Error Proofing FMEA and Control Plans 13
R Addressing Training in ISO 9001:2000 Process Documents Training - Internal, External, Online and Distance Learning 21
S Philip Crosby's Cost of Quality - James Harrington's Book Addressing COQ Book, Video, Blog and Web Site Reviews and Recommendations 18
R Customer Focus - Level 1 Procedure - Addressing ISO 9001 Clause 5.2 Document Control Systems, Procedures, Forms and Templates 3
M Design Input - 820.30(c) - Addressing incomplete, ambiguous... requirements Design and Development of Products and Processes 1
M Selling non-CE marked devices for evaluation EU Medical Device Regulations 4
T Non API products need to comply to API Q1? Oil and Gas Industry Standards and Regulations 3
L "Shelf-Life" Class I Non-Sterile Products Expiration Date? CE Marking (Conformité Européene) / CB Scheme 3
B Process / Procedure - Radiographic (X-Ray) Non-Film Document Control Systems, Procedures, Forms and Templates 0
N How to find column number for the last non-empty column? Using Minitab Software 0
A Need to calculate tolerance Intervals with a set of non-normal data and 3-Parameter Weibull distribution Using Minitab Software 0
3 Non-conformance Register vs Corrective Action Register ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
G Competent Authority non-EU Manufacturer EU Medical Device Regulations 7
F Non conforming locked? Manufacturing and Related Processes 13
M Changing Investigational Device from Non-Sterile to Sterile - what are the implications? Other Medical Device and Orthopedic Related Topics 3
K Is Calibration Required for Non-Adjustable Commercial Inspection Devices? General Measurement Device and Calibration Topics 11
J Informal vs formal scope creep... managing non-medical devices through system processes ISO 13485:2016 - Medical Device Quality Management Systems 2
G Not accepting a non conformity during an audit General Auditing Discussions 11
J In-house (NHS) manufacture and use (by staff) of non-medical devices.. any regulations apply? UK Medical Device Regulations 6
B Does FDA Registration QSR need to cover non-medical devices for contract repackager? US Food and Drug Administration (FDA) 1
A Brexit Mandate for EU Authorised Representative for non medical devices CE Marking (Conformité Européene) / CB Scheme 7
E Accredited vs. non-accredited labs for 60601 compliance in the US IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
E Accredited vs. non-accredited labs for 60601 compliance in the US Other Medical Device Related Standards 4
C Non-sterile reusable surgical instruments - FDA sterilization requirement Other Medical Device Related Standards 2
L Water requirement for Non-sterile topical OTCs Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
B Procedure packs with non-medical devices EU Medical Device Regulations 1
W Non Sterile Medical Device Environmental Tests Other Medical Device Related Standards 4
S Advice on how to reduce overhead of handling non-conforming material Nonconformance and Corrective Action 7
G Team to analyze a non conformance Customer Complaints 26
J Promoting and marketing of a non approved device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4

Similar threads

Top Bottom