During internal audit - finding poor action plans

Mikey324

Quite Involved in Discussions
If not, then you would not give a NC?

I think maybe you are hung up about whether or not to write an NC. Corrective actions not implemented and evaluated for effectiveness is a problem for sure. Same as the system allowing them to go unnoticed. That's another nonconformance. Writing an official NC wont really matter unless your system is strong enough to work through the root cause, determine and implement an action plan, AND follow up for effectiveness.
 

Mikey324

Quite Involved in Discussions
9.2.2 d and e

Those are related to internal audits and their findings. I think that would be an issue if you can show no evidence that internal audit results were reported, and that appropriate actions were not taken.

I still think you are overlooking the problem in search for a clause to tie it to.
 

Graciel

Involved In Discussions
Those are related to internal audits and their findings. I think that would be an issue if you can show no evidence that internal audit results were reported, and that appropriate actions were not taken.

I still think you are overlooking the problem in search for a clause to tie it to.
But in this case there was no appropriate actions taken. So, If they didn't do actions to correct last internal audit findings,what was the purpose of that audit ? How did they get better,improved , after one year of this findings?
 

Mikey324

Quite Involved in Discussions
This is all true. It would appear that your corrective action process and oversight are lacking. That is what needs to be addressed, whether you call out 9.2.2, 10.2.2 b), or 9.3.2 4), etc.

You should look at how the system allowed multiple NC's to go without action and follow up for a year (or more, i'm not sure). That would be a problem that would be value added upon correction.
 

Zero_yield

"You can observe a lot by just watching."
If not, then you would not give a NC?

Absolutely. If there was a nonconformance last audit that was not corrected, it needs to be called out. IMO, checking the problem areas from last time is Auditing 101. If the nonconformances identified in an audit aren't being corrected, there's little point in doing audits.

There's some wiggle room. Say they did a short term correction that mitigates the worst of the issue, and there's an ongoing action to fully resolve the issue, I would probably describe what's being done in the audit report without issuing a new nonconformance (depending on the risk and impact of the original nonconformance).

However, if this is the situation:

1. Previous audit finds a nonconformance.
2. Nothing was done / the actions taken were not effective / there is no evidence that anything was done to correct the issue.
3. You have objective evidence that the original issue cited in the nonconformance is still present.

...then I would unambiguously and strenuously state that is a nonconformance.
 

Graciel

Involved In Discussions
Absolutely. If there was a nonconformance last audit that was not corrected, it needs to be called out. IMO, checking the problem areas from last time is Auditing 101. If the nonconformances identified in an audit aren't being corrected, there's little point in doing audits.

There's some wiggle room. Say they did a short term correction that mitigates the worst of the issue, and there's an ongoing action to fully resolve the issue, I would probably describe what's being done in the audit report without issuing a new nonconformance (depending on the risk and impact of the original nonconformance).

However, if this is the situation:

1. Previous audit finds a nonconformance.
2. Nothing was done / the actions taken were not effective / there is no evidence that anything was done to correct the issue.
3. You have objective evidence that the original issue cited in the nonconformance is still present.

...then I would unambiguously and strenuously state that is a nonconformance.
Ok,thanks for your reply.
But doesn't ISO asks us to treat with cause analysis? What if they show they did something about the findings bit without changing any procedure or using root cause analysis tools?
 

Zero_yield

"You can observe a lot by just watching."
Ok,thanks for your reply.
But doesn't ISO asks us to treat with cause analysis? What if they show they did something about the findings bit without changing any procedure or using root cause analysis tools?

I'm in the med device field, so take this with a grain of salt (as ISO 13485 is similar to ISO 9001 but not identical). Those expectations to determine the cause of nonconformities and document a correction are definitely in ISO 13485. If I was auditing a med device company to 13485 and they had no documentation of how they evaluated the nonconformance and the corrective actions taken, I would write it up as a nonconformance. I don't have a copy of ISO 9001 in front of me, so I'm not sure if the requirement is shared.

I wouldn't necessarily get too hung up on whether they changed a procedure or not (unless that's a specific ISO 9001 requirement); there's only so much you can fix by changing a procedure, and there's often highly effective actions to fix problems without changing a procedure. For an audit, I'd gather objective evidence on what the results of their actions were.
 

RoxaneB

Change Agent and Data Storyteller
Super Moderator
9.2.2 d and e

I realize that I'm being overly picky here, yet "9.2.2 d and e" is not a nonconformance. Those are requirements from the standard. What I'm trying to do is push you to actual frame and phrase the nonconformance you believe exists.

You say no actions were taken - is this truly the case OR is it a case that actions were not documented in a software system? Who were the recipients of these previously issued nonconformances? What do they say regarding actions? Did they even know about the software system? If they were unware of the software, that's one issue. If no evidence exists that they took action, that's a totally different issue.

What I'm trying to do, @Graciel , is push you to truly understand what the situation is so that IF there is a nonconformance, it is properly framed and actually will benefit your organization's management system.
 
Top Bottom