SBS - The Best Value in QMS software

Internal Approval of Deviations - ISO 9001:2008 & ISO 13485:2003



Ok so here is a tricky question...
Our company (9001:2008 & 13485:2003) builds capital equipment that is 'design & build' or 'build to print' with minor engineering adjustments as needed to correct customer drawings (with sign-offs). Every project & customer is unique and they span across several industries.
We exempt some parts from inspection process due to long-term experiences with the parts and supplier performance. Other parts, if problematic on repeat builds, we will of course inspect.

Recently inspection flagged a part as nonconforming because its two dowel-pin holes were +0.0004 out of tolerance. The project manager was notified, he reviewed the part and the specifications and made an informed decision based on experience with the product, the customer and his masters in engineering that the part would work and would not impact the function of the machine.
Our registrar audit was being conducted the same day and the instance was discovered, we were flagged a non-conformance for control of nonconfroming product as a result. The auditors logic is that we did not confirm the change in specification from the part's drawing (one of 800+) with the customer prior to approving it for use.

I understand the perspective of the auditor, however, it is our experience that this exact type of approval is what the customer doesn't want to be bothered with and that they hire us to address. Similarly, this customer (and many others) are slow to respond to drawing changes when we do submit them and as a result, one department in a customer organization can impact our delivery commitments to other business units in the customer organization.

How does everyone mitigate this? Surely others building custom machines do not have to get sign off for every (+,-) 0.00001 tolerance issue... do they?

We define "materials" as the items that contribute to the product (parts) and we define "product" as a machine that has passed all designated functional tests. We define "customer specifications" as the customer provided drawings and information needed to build the machine. Should we just redefine 'specifications' as the product dimensions and requirements specified in the proposal?

We have pulled a ton of benefits from the ISO standards and have a near flawless audit history with a very involved and committed management. if I can't resolve this nonconformance without having to petition customers for every ten-thousandth out may have to drop our certifications. Any suggestions for navigating some very murky water?

crossing my fingers for help... :cfingers:
Elsmar Forum Sponsor

Big Jim

Super Moderator
I think you already know the answer. You were not authorized to make the change. You didn't bother to ask for a deviation. How can you expect this to be OK?


Staff member
Super Moderator
[ The project manager was notified, he reviewed the part and the specifications and made an informed decision based on experience with the product, the customer and his masters in engineering that the part would work and would not impact the function of the machine. ]
If the auditor does not have the competency to ask more questions and assess the informed decisions and review your records of this decision, then you are dealing with a young and unseasoned auditor. If this does not change, you escalate and even consider working with better CB.
We work in a ISO9001 + ISO 13485 environment and are contract manufacturing. We make informed decisions on deviations, record them, and signoff. We do an adverse effect study and only if we find there is no adverse effect, the same is recorded and moved further. The records also govern certain batch or volume or quantity and are closed off.
Last edited:


I appreciate the perspective and as I said, I understand where the auditor and you are coming from in this regard.
My question is more to how I can address this and retain our certifications. It isnt just that our management would refuse to get customer sign off for nominal drawing issues, it is that our customers will not respond to requests for redraws or revisions when we submit them, unless they are related to form, fit, or function. If the part had a change or if it was a critical measure it would certainly have sign off, but isnt it the PMs job to act as customer-advocate for decisions like this?

At the end of the day, our product is the machine we deliver to the customer, and the specifications they provide are the dimensions, functions, cycle rates, duty-times, and outputs of the machine. In literally every circumstance there is no set of drawings that if followed to precise detail would actually assemble to a functioning machine that meets the outlined product specifications. We update their drawings and they have the feedback but simply won't respond to this type of request. In the customer's eyes, this is the minutia they hire us to navigate.

If the customer won't respond to requests for drawing revisions, is it our job to give them a list of conforming parts assembled or is it our job to give them a functioning machine that meets the proposal and the performance specifications?


I tend to agree with your assessment, it was an inexperienced auditor and we are looking at appealing the entire audit, however, I also have to approach it from the perspective that we will lose the appeal and have to respond to the corrective. That way we are covered regardless. It is a real challenge to resolve unless we can define that drawings are not product specifications.
thank you for the input!

Sidney Vianna

Post Responsibly
Staff member
and we define "product" as a machine that has passed all designated functional tests.
Your definition of product contravenes the normative ISO 9000 definition of the term. Product is NOT only the finished good, but all of its contributing components as well.

Having said that, if the nonconforming dimension does not affect the product performance nor compliance with regulations AND the customer has not indicated/requested to be involved with the disposition of nonconforming products, you have the authority to disposition it, without involving the customer.


Thanks for the reply. Where are you pulling that definition from? I'm not questioning it, I would just like the source to cite to our management team. I am walking a fine line stuck between the registrar and the company.

We are currently working from the definition located here:
stating "Product: Output (3.7.5) of an organization (3.2.1) that can be produced without any transaction taking place between the organization and the customer (3.2.4)"

Sidney Vianna

Post Responsibly
Staff member
I stand corrected. As far as I remember, in a previous definition of the term product, ISO 9000 clarified via a note that the term applied to the whole product realization cycle from raw materials all the way through finished goods.

The definition no longer makes that clarification, but, in my opinion, it still applies. If we were to (mis) understand product only as the finished product, a lot of the requirements would not make sense.

So, despite the definition not matching my previous comment, we should understand "product" as components, software, sub assemblies, etc... and not ONLY the finished product.

Big Jim

Super Moderator
Can you at least get the client to respond by email that this small deviation is OK? If not can you get them to give you such authority in writing?

As it is now, at very best, you are on very thin ice.
Thread starter Similar threads Forum Replies Date
S Internal Calibration Laboratory Inspection/Approval General Measurement Device and Calibration Topics 3
A Methods for Approval of Internal and Outsourced Manufacturing Processes 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
C First Round of QMS Internal Audits - Ethical Dilemma Internal Auditing 7
T How to conduct combined internal audits (9001 and 13485) Internal Auditing 1
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
C API Q1 internal audit report Internal Auditing 3
AllTheThings ISO-17025 accredited TEST lab performing internal calibrations (Yes: Here is how) ISO 17025 related Discussions 6
M Must a company be 17025 accredited to perform internal calibrations? ISO 17025 related Discussions 7
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 1
A ISO 9001 Internal Audits - No production right now due to furloughs Internal Auditing 5
J Internal audit random sampling methodology Internal Auditing 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
W How do you phrase your internal audit questions? Internal Auditing 3
M IATF - Internal Audit 3 year span Internal Auditing 4
Thee Bouyyy Internal NCR - API Q1 5.4.2b - API 16C Clause 4.1.3 Internal Auditing 9
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
M ISO13485:2016, MDSAP and Internal Audits ISO 13485:2016 - Medical Device Quality Management Systems 8
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 13
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
S Would this be a second site for the purposes of internal and third party audits? General Auditing Discussions 4
V Internal Auditor Competency KPI IATF 16949 - Automotive Quality Systems Standard 15
J ISMS - Internal Audits Internal Auditing 5
M ISO 13485:2016 internal audit checklist Medical Device and FDA Regulations and Standards News 8
S ISO 9001:2015 Internal Auditing Internal Auditing 8
A Internal Audit Questions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
L Documented Information in Internal Audits Process (9.2) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
salaheddine96 Internal audit planning Internal Auditing 2
D CB and customer audits considered as internal audits? General Auditing Discussions 9
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
E MDR internal audit Internal Auditing 1
B Internal Auditor Competency - Product Auditors Internal Auditing 9
U Internal Auditor not trained but done Audit for some process Nonconformance and Corrective Action 5
F Internal transfer of work from one line to another? Qualification and Validation (including 21 CFR Part 11) 3
B Looking for 10 Internal Audit Online Training Participants ISO 17025 related Discussions 2
R Monitor production quality - Internal KPIs Manufacturing and Related Processes 5
R IATF 16949 - Outsourcing of internal audits Internal Auditing 11
M Major vs. Minor for Internal Audits? Internal Auditing 10
T Internal Nonconformance procedure thoughts (AS9100) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
M Tips on preparing for IATF 16949 Internal Lead Auditor exam Manufacturing and Related Processes 1
C Internal Audits in a tiny Dx Company Internal Auditing 33
H AS9100 Checklist for Internal Audit needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
A What are the pros and cons of using an audit software for internal auditing? General Auditing Discussions 7
F Internal Audit before Pre-Assessment ISO 17025 related Discussions 2
Q Internal audit plan template Internal Auditing 12
E PEMS Hazards - IEC 60601 Clause 14.6 - Internal data use - Pressure sensor IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
L Internal audit during COVID-19 restrictions ISO 13485:2016 - Medical Device Quality Management Systems 5

Similar threads

Top Bottom