Internal Approval of Deviations - ISO 9001:2008 & ISO 13485:2003

[WilBryan]

Ok so here is a tricky question...
Background:
Our company (9001:2008 & 13485:2003) builds capital equipment that is 'design & build' or 'build to print' with minor engineering adjustments as needed to correct customer drawings (with sign-offs). Every project & customer is unique and they span across several industries.
We exempt some parts from inspection process due to long-term experiences with the parts and supplier performance. Other parts, if problematic on repeat builds, we will of course inspect.

Recently inspection flagged a part as nonconforming because its two dowel-pin holes were +0.0004 out of tolerance. The project manager was notified, he reviewed the part and the specifications and made an informed decision based on experience with the product, the customer and his masters in engineering that the part would work and would not impact the function of the machine.
Our registrar audit was being conducted the same day and the instance was discovered, we were flagged a non-conformance for control of nonconfroming product as a result. The auditors logic is that we did not confirm the change in specification from the part's drawing (one of 800+) with the customer prior to approving it for use.

I understand the perspective of the auditor, however, it is our experience that this exact type of approval is what the customer doesn't want to be bothered with and that they hire us to address. Similarly, this customer (and many others) are slow to respond to drawing changes when we do submit them and as a result, one department in a customer organization can impact our delivery commitments to other business units in the customer organization.

How does everyone mitigate this? Surely others building custom machines do not have to get sign off for every (+,-) 0.00001 tolerance issue... do they?

We define "materials" as the items that contribute to the product (parts) and we define "product" as a machine that has passed all designated functional tests. We define "customer specifications" as the customer provided drawings and information needed to build the machine. Should we just redefine 'specifications' as the product dimensions and requirements specified in the proposal?

We have pulled a ton of benefits from the ISO standards and have a near flawless audit history with a very involved and committed management. if I can't resolve this nonconformance without having to petition customers for every ten-thousandth out may have to drop our certifications. Any suggestions for navigating some very murky water?

crossing my fingers for help... :

 

[Big Jim]

I think you already know the answer. You were not authorized to make the change. You didn't bother to ask for a deviation. How can you expect this to be OK?

 

[somashekar]

[ The project manager was notified, he reviewed the part and the specifications and made an informed decision based on experience with the product, the customer and his masters in engineering that the part would work and would not impact the function of the machine. ]
If the auditor does not have the competency to ask more questions and assess the informed decisions and review your records of this decision, then you are dealing with a young and unseasoned auditor. If this does not change, you escalate and even consider working with better CB.
We work in a ISO9001 + ISO 13485 environment and are contract manufacturing. We make informed decisions on deviations, record them, and signoff. We do an adverse effect study and only if we find there is no adverse effect, the same is recorded and moved further. The records also govern certain batch or volume or quantity and are closed off.

 

[WilBryan]

Jim,
I appreciate the perspective and as I said, I understand where the auditor and you are coming from in this regard.
My question is more to how I can address this and retain our certifications. It isnt just that our management would refuse to get customer sign off for nominal drawing issues, it is that our customers will not respond to requests for redraws or revisions when we submit them, unless they are related to form, fit, or function. If the part had a change or if it was a critical measure it would certainly have sign off, but isnt it the PMs job to act as customer-advocate for decisions like this?

At the end of the day, our product is the machine we deliver to the customer, and the specifications they provide are the dimensions, functions, cycle rates, duty-times, and outputs of the machine. In literally every circumstance there is no set of drawings that if followed to precise detail would actually assemble to a functioning machine that meets the outlined product specifications. We update their drawings and they have the feedback but simply won't respond to this type of request. In the customer's eyes, this is the minutia they hire us to navigate.

If the customer won't respond to requests for drawing revisions, is it our job to give them a list of conforming parts assembled or is it our job to give them a functioning machine that meets the proposal and the performance specifications?

 

[WilBryan]

Somashekar,
I tend to agree with your assessment, it was an inexperienced auditor and we are looking at appealing the entire audit, however, I also have to approach it from the perspective that we will lose the appeal and have to respond to the corrective. That way we are covered regardless. It is a real challenge to resolve unless we can define that drawings are not product specifications.
thank you for the input!

 

[Sidney Vianna]

and we define "product" as a machine that has passed all designated functional tests.

Your definition of product contravenes the normative ISO 9000 definition of the term. Product is NOT only the finished good, but all of its contributing components as well.

Having said that, if the nonconforming dimension does not affect the product performance nor compliance with regulations AND the customer has not indicated/requested to be involved with the disposition of nonconforming products, you have the authority to disposition it, without involving the customer.

 

[WilBryan]

Sidney,
Thanks for the reply. Where are you pulling that definition from? I'm not questioning it, I would just like the source to cite to our management team. I am walking a fine line stuck between the registrar and the company.

We are currently working from the definition located here: https://www.iso.org/obp/ui/#iso:std:iso:9000:ed-4:v1:en:term:3.8.10
stating "Product: Output (3.7.5) of an organization (3.2.1) that can be produced without any transaction taking place between the organization and the customer (3.2.4)"

 

[Sidney Vianna]

I stand corrected. As far as I remember, in a previous definition of the term product, ISO 9000 clarified via a note that the term applied to the whole product realization cycle from raw materials all the way through finished goods.

The definition no longer makes that clarification, but, in my opinion, it still applies. If we were to (mis) understand product only as the finished product, a lot of the requirements would not make sense.

So, despite the definition not matching my previous comment, we should understand "product" as components, software, sub assemblies, etc... and not ONLY the finished product.

 

[WilBryan]

I agree, its a very valid point. If my product is a hamburger I still care about the quality, content, & origin of the meat.

 

[Big Jim]

Can you at least get the client to respond by email that this small deviation is OK? If not can you get them to give you such authority in writing?

As it is now, at very best, you are on very thin ice.