Grading of non-conformities for ISO17025:2017

blueicecube2

Involved In Discussions
#1
Hi All,

Can you please share any guidelines related to the grading of nonconformities for ISO17025:2017? I am trying to setup a guideline for our own process for grading of nonconformities and wondering if there is any reference I can use.

Thank you.
 
Elsmar Forum Sponsor

Jean_B

Trusted Information Resource
#2
The most valuable though singularly non-helpful piece of advice: what works for you (in getting a view on what parts of your system to focus on to get the non-conformities resolved and prevent critical mishaps from occurring).

Don't be persuaded by major or minor from external audits. They are followed up because they are external, not because they are graded.
Don't be persuaded by a clause based, clause recurrence based, point-calculation system like MDSAP's (though I do like the "did non-conforming (unsafe) product make it uncontrolled to the field" modifier; it's something you can get management to care about without the need to)

Find out what management regards as important (and whether they are sufficiently primed on what they must regard as important due to regulations) and 'grade' on those. Some care way less about what are technically non-conformities but do not see it as something that needs to be fixed right now/by the system, and slapping a thou shallt flag on it will not get you what you need until the externals step in, by which time usually the value has gone. On the other end some detest the heavy labels of major, or critical or somesuch, because they don't base priority on that but know that the externals will and hate you for drawing (in their eyes) undue attention to it.

Simple questions to management:
Do you want me to assure a minimum level of certification audit NC's, warn you of major effort to avert certification dangers, or only when the complete loss of certification is at stake? (Some happily do the annual merry-go-round of remediation the same old over and over).
Do you want to know whether actual NC product has left the facility, whether there was a chance actual NC product could have left, or whether you are at risk of NC product being made that might escape? (Some only care about actual fall-out, some only about when the issue turns 'real' and some actually in preventing it by design)
Do you care only about risks now, or risks in the near (6-month) or far (2-year) horizon? (we'll cross that bridge when we get there vs I want it to be done before it starts)
Do you care about any single mishap, a trend, or a repeating trend? (sometimes they know about issues, but will accept the minor details and will get tired of needing to justify the acceptance as-is again and again)
etc.

You'll find that typically (though acknowledging not always) management is somewhat myopic, and you'll be expected on risks that have or could materialize within a few months. They'll want evidence of mishaps, not suspicions, or they will side with the people they work with daily and rely on for the revenue stream. They'll care about certification in so far as it impacts the ability to distribute/sell/service.
Yet if you are a professional auditor, you have a duty towards honesty and hiding away matters is not part of that. Making a grounded allegation is, and if the grounds are not enough you might be able to mention it, but state you did not have enough evidence to concretely state this. It is perhaps good to get that given focus down in a charter or policy, so the auditor can build on and defend with evidence why they did or did not record something as an NC.

(Note: I abhor the thinking and wouldn't like to run a company where such matters do not get registered at all, but can accept rationalizing based on risk)
 

lawcch

Involved In Discussions
#3
The most valuable though singularly non-helpful piece of advice: what works for you (in getting a view on what parts of your system to focus on to get the non-conformities resolved and prevent critical mishaps from occurring).

Don't be persuaded by major or minor from external audits. They are followed up because they are external, not because they are graded.
Don't be persuaded by a clause based, clause recurrence based, point-calculation system like MDSAP's (though I do like the "did non-conforming (unsafe) product make it uncontrolled to the field" modifier; it's something you can get management to care about without the need to)

Find out what management regards as important (and whether they are sufficiently primed on what they must regard as important due to regulations) and 'grade' on those. Some care way less about what are technically non-conformities but do not see it as something that needs to be fixed right now/by the system, and slapping a thou shallt flag on it will not get you what you need until the externals step in, by which time usually the value has gone. On the other end some detest the heavy labels of major, or critical or somesuch, because they don't base priority on that but know that the externals will and hate you for drawing (in their eyes) undue attention to it.

Simple questions to management:
Do you want me to assure a minimum level of certification audit NC's, warn you of major effort to avert certification dangers, or only when the complete loss of certification is at stake? (Some happily do the annual merry-go-round of remediation the same old over and over).
Do you want to know whether actual NC product has left the facility, whether there was a chance actual NC product could have left, or whether you are at risk of NC product being made that might escape? (Some only care about actual fall-out, some only about when the issue turns 'real' and some actually in preventing it by design)
Do you care only about risks now, or risks in the near (6-month) or far (2-year) horizon? (we'll cross that bridge when we get there vs I want it to be done before it starts)
Do you care about any single mishap, a trend, or a repeating trend? (sometimes they know about issues, but will accept the minor details and will get tired of needing to justify the acceptance as-is again and again)
etc.

You'll find that typically (though acknowledging not always) management is somewhat myopic, and you'll be expected on risks that have or could materialize within a few months. They'll want evidence of mishaps, not suspicions, or they will side with the people they work with daily and rely on for the revenue stream. They'll care about certification in so far as it impacts the ability to distribute/sell/service.
Yet if you are a professional auditor, you have a duty towards honesty and hiding away matters is not part of that. Making a grounded allegation is, and if the grounds are not enough you might be able to mention it, but state you did not have enough evidence to concretely state this. It is perhaps good to get that given focus down in a charter or policy, so the auditor can build on and defend with evidence why they did or did not record something as an NC.

(Note: I abhor the thinking and wouldn't like to run a company where such matters do not get registered at all, but can accept rationalizing based on risk)
Hi Jean
Yes, I always believe some external auditors are not familiar with some technical requirements in a standard and misinterpreting them. Some auditors are bias too because they had audit other companies with comprehensive and impressive system in place and implemented and then this auditor has a bias opinion on other companies how those weak companies should have to comply or implement those requirements stated in the technical standards or instructions. Just like ISO/IEC 17025:2017 standard for laboratory accreditation system, which require at least 2 auditors to audit the laboratory accreditation system which one auditor is technically competent on the laboratory technical operation like calibration or metrology measurement or chemical analysis. Then aothoer auditor focuses on general quality management standard requirements based on ISO 9001:2015 standard.
 
#4
Grading of nonconformity is not addressed by any QMS standard, including ISO 19011 (Guideline for auditing a QMS). The grading is provided by accreditation or certification agency only.
 

lawcch

Involved In Discussions
#5
Classifying an Audit non conformity is a subjective matter. It is up to the auditor's discretion and expertise or working experience in that industries base on his or her own experience or Certification Body's (CB) policy guideline on grouping the auditor finding of a ISO standard compliance. Any NC that can give potential big impact to your quality issue to your end product or services or affect your customer satisfaction may classify as MAJOR NC. or a group of MINOR NC concentrated in one work area or one process may grouped together or constituted as MAJOR NC.
Most general QMS auditors do not have all the technical expertise in auditing technical processes or engineering processes, unless technical expertise must audit a technical standard like API Spec 6A or 6D specification for valves use in the oil and gas industries or offshore platform pipelines.
That is why as an auditee or client , you can always select who are your auditors by requesting your CB to send you a list of competent and experience auditors when come to audit your factory or company.
 

lawcch

Involved In Discussions
#6
Hi Jean
Great though. Many ISO 9001 certified organisations are there to please the auditors and not pleasing the customers. Since customer wants a cettified organisations and it does not mean other non-ISO 9001 certified organisations can not deliver good quality products. I believe that many public people had been misled and believed that ISO 9001 certified companies produce better quality products or services than non ISO certified companies. ISO 9001 certification is a gimmick and made billion dollar money for CB, consultant, trainers and resulted in useless or worthless piece of certificate hanging to the wall without real effort to improve efficiency and effectiveness of work processes or service delivery processes.
 
Thread starter Similar threads Forum Replies Date
B 19011 - Reporting Non-conformances: Grading of findings ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
R CPM grading by thinkstep vs. IMDS IATF 16949 - Automotive Quality Systems Standard 0
J What is soft auditing and soft grading in the IATF Rules 4th Edition? IATF 16949 - Automotive Quality Systems Standard 1
ScottK Soft Grading - What's your stance for the standards you work with? General Auditing Discussions 17
I Retro Grading Product for use in Workshops and Training - Medical Devices ISO 13485:2016 - Medical Device Quality Management Systems 4
N COSHH Risk Assessment - Defining a grading system Miscellaneous Environmental Standards and EMS Related Discussions 4
Sidney Vianna Aerospace auditors are told to stop soft grading NC's. Or else! AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 42
Jim Wynne A guide to grading final exams Funny Stuff - Jokes and Humour 3
Steve Prevette Scoring / Grading scheme for Effectiveness Reviews for Corrective Actions Nonconformance and Corrective Action 12
E Wall Internal Audit - Grading Scheme? Internal Auditing 14
E Accredited vs. non-accredited labs for 60601 compliance in the US IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
E Accredited vs. non-accredited labs for 60601 compliance in the US Other Medical Device Related Standards 0
C Non-sterile reusable surgical instruments - FDA sterilization requirement Other Medical Device Related Standards 2
L Water requirement for Non-sterile topical OTCs Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
B Procedure packs with non-medical devices EU Medical Device Regulations 1
W Non Sterile Medical Device Environmental Tests Other Medical Device Related Standards 4
S Advice on how to reduce overhead of handling non-conforming material Nonconformance and Corrective Action 7
G Team to analyze a non conformance Customer Complaints 26
J Promoting and marketing of a non approved device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
G 0 non conformities in registrar audits over 4 years Management Review Meetings and related Processes 12
K CE Marking Class 1 (Non sterile) medical device CE Marking (Conformité Européene) / CB Scheme 3
M Supplier requirements - Major supplier is a Non-Profit registered with ICCBBA (FDA UDI) Supply Chain Security Management Systems 12
S Non parametric test for semi-quantitative data. Statistical Analysis Tools, Techniques and SPC 5
B Free Sales Certificate for Non Medical Devices Other Medical Device Related Standards 2
P Ppk results shown as asterisk after the transformation of Non-normal data Using Minitab Software 4
I When is necessary to have RoHS declaration on non-electrical parts? REACH and RoHS Conversations 1
Johnnymo62 Non Aerospace topics - Anything for military trucks, trailers, Humvee type vehicles? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
G Dealing with non conformity caused by Supplier Components detected in the production line IATF 16949 - Automotive Quality Systems Standard 14
M Who are the go to companies for non-destructive hardness testing? General Measurement Device and Calibration Topics 3
R Non conformance (NC) or Corrective & Preventive action (CAPA) CE Marking (Conformité Européene) / CB Scheme 7
M How does IEC-60601-1 apply to a non-medical device in the patient vicinity? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
A FDA guidance on non-sterile Medical Device Packaging Medical Device and FDA Regulations and Standards News 7
E Qualification for non gmp service providers Supplier Quality Assurance and other Supplier Issues 1
R MDD x PPE Directive - Statement of Non-Applicability EU Medical Device Regulations 3
B Exclusions or justification for non-applicability of IEC standards Reliability Analysis - Predictions, Testing and Standards 1
C Non-EU Language Requirements Other Medical Device Regulations World-Wide 3
A Non-Conformances Found After 3rd Party Sorting Supplier Quality Assurance and other Supplier Issues 12
T ISO 13485 8.3 - Non-Conforming Materials - on-line rework or part of process? ISO 13485:2016 - Medical Device Quality Management Systems 11
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 8
D Using non-conforming components even though the final assembly is conforming? Manufacturing and Related Processes 5
N Competent Authority notification for non-EU manufacturer EU Medical Device Regulations 4
M CE marking for NON-EU EU Medical Device Regulations 0
E Non-GMP examples in Pharmaceutical industry Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
blile Increasing PFMEA occurrence ranking after non-conformance FMEA and Control Plans 4
S Non-Conformance and Deviations ISO 13485:2016 - Medical Device Quality Management Systems 4
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
T Ideas for developing a Supplier Quality Management System, non automotive ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
N Audit non-compliance - API Spec Q1 9th Ed 5.6.1.2 b Oil and Gas Industry Standards and Regulations 10
R Applicability of new non-harmonized standards (MDD/MDR) EU Medical Device Regulations 14
M Scope of Combined ISO 9001 and IATF 16949 QMS - Non-automotive customers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5

Similar threads

Top Bottom