Non-addressed Minor Finding elevated to Major Finding

T

Tyler C

#1
Fellow covers,

I was under the impression that if a minor nonconformance is found during an internal audit, and it is not addressed by the next internal audit, it is automatically elevated to a major nonconformance.

It is not in our internal procedure, nor is it in either ISO 9001:2008 or ISO 9001:2015 standards. I just cannot remember where I read this. Can anyone help me out on this? Is it just a 'best practice' type of thing?

If you want more info...
We are starting our next internal audit for our training process. During the last audit, a minor nonconformance was found against ISO 9001:2008, clause 6.2.2, a) "the organization shall determine the necessary competence for personnel performing work affecting conformity of product requirements." The finding was because we don't have the competencies determined for our trainers. The auditees accepted this finding and said they would correct it. Here we are, almost 1 year later, and it has not been corrected. A fellow internal auditor says they don't think it should be elevated because "it isn't that big of a deal", but I feel it should be elevated to ensure it gets addressed this time around. When asked where this requirement was, I could not find the answer. It is not often that I am stumped on something like this, so any help would be greatly appreciated!
 
Elsmar Forum Sponsor

Ninja

Looking for Reality
Trusted Information Resource
#2
Going by logic...not by clauses...:

You don't know what is required to consider a trainer "able to train".
Leads to more than a few questions about your employees being trained...
I would not apply "not a big deal" to that scenario.

Your internal audit system found a scenario considered unacceptable.
All agreed that it was unacceptable.
All agreed on who/when/why to fix it.
It wasn't fixed.
That's a pretty big deal.
What if that was in your pricing system? In your accounts payable system?

Internal audits are to find what needs fixing.
CA coming out of your audits are to fix that stuff.
If it wasn't done, your IA/CA system isn't working very well and you aren't closing the circle....that's sorta a big deal, no?

:2cents: HTH
 

howste

Thaumaturge
Super Moderator
#3
There is no requirement in ISO 9001 to classify nonconformities as major or minor, so you won't find it there. It is generally accepted practice for certification bodies to elevate NCs from minor to major if the same issue is found in consecutive audits. I know that the TS 16949 Rules document requires this, but it occurs in AS9100 and ISO 9001 audits too.

What ISO 9001 requires is that action is taken "without undue delay" for identified audit nonconformities:
ISO 9001:2008 clause 8.2.1 said:
The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes.
ISO 9001:2015 clause 9.2.2e said:
The organization shall... e. take appropriate correction and corrective actions without undue delay;
Whether or not you elevate the NC to major is up to you, but I would at a minimum reissue the original nonconformity and also issue a new nonconformity against the clause above for untimely/ineffective actions.
 
T

Tyler C

#4
Thank you both for your input.

Ninja, I agree with you. I feel this is a huge issue that needs resolved, for the reasons you mentioned. Unfortunately, the rest of management and this particular internal auditor seem think we don't need to identify these competencies, but rather we can verify the training effectiveness through other methods. I did bring up the fact that everyone agreed it was a nonconformity last time, so one way or another, it needs to be addressed. I've come the hate the phrase, "We don't want to box ourselves in by putting it into ISO," but this is a common 'cop-out' in this organization.

Howste, I knew it wouldn't be in the standards because they don't specify between major and minor. I was starting to wonder if this came from our registrar. I will do some more research into TS 16949, so thank you for giving me another avenue to look into. Also, thanks for the ideas on other ways to handle it if we don't elevate it. I will leave the choice up to the audit team, as I am not actually on the team this time, but rather facilitating the process.

Thanks again!
 

Randy

Super Moderator
#5
Going by logic...not by clauses...:

Internal audits are to find what needs fixing.

:2cents: HTH
No they are absolutely not! I have issued NC's for that exact reasoning written into audit programs and identified during audits I've done across half a dozen different standards.

ISO 9001:2008
8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms
to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained.


ISO 9001:2015
9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the quality management system:
a) conforms to:
1) the organization’s own requirements for its quality management system;
2) the requirements of this International Standard;
b) is effectively implemented and maintained.


Nowhere is it stated that internal audits are to find what needs fixing!!! That statement in and of itself eliminates objectivity and impartiality from the process (Another NC I'd write)

The elevation to major and all that is someones made up dribble unless the audit or corrective action procedures have clearly stated that (which was correctly observed is not a 9001 requirement in any version old or new).

The excuses for not correcting the competency of trainers CA are lame. The organization, management or Red Riding Hood (if she's the correct person) has the authority to state what competency is and whether or not the criteria has been met. Do it, document/record it and move on to more important dribble. This isn't rocket science or synthetic DNA manufacturing because I've audited both and this ain't it.
 
T

Tyler C

#7
Thanks Golfman25. I would like to get away from major/minor, but that is how it is written in our procedure, so for now, that is what I have to abide by.
 
T

Tyler C

#8
No they are absolutely not! I have issued NC's for that exact reasoning written into audit programs and identified during audits I've done across half a dozen different standards.

ISO 9001:2008
8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms
to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained.


ISO 9001:2015
9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the quality management system:
a) conforms to:
1) the organization’s own requirements for its quality management system;
2) the requirements of this International Standard;
b) is effectively implemented and maintained.
Randy, I see your point, but I respectfully disagree. As you pointed out in the ISO 9001:2008 standard, it says, "The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and...".


From my perspective, if the organization determines that internal audits are to be used for the reasons listed in the standard, in addition to finding what needs fixed, then there is no NC here, because the organization determined this to be an use of the audits.

I would also like to point out that by the standard explicitly stating that internal audits are to be used to determine whether the QMS conforms, it is implicitly stating that internal audits are to be used to determine whether the QMS doesn't conform. That's actually the other side of 'whether' (whether, or not).

Internal Audits are a part of continual improvement, but to be able to improve, you first need to know what needs improving. In other words, what needs fixing.

Now, on the other side of this, I do agree that this can be abused which would be a nonconformance to "...ensure objectivity and impartiality..." As an internal auditor, I know what "needs to be fixed", and I could use the audit as a way of "getting at the manager" of the process. So, instead of showing them that they have an issue that needs fixing, I instead allow them to defend their stance on not needing to fix the non-issue. If they can defend it, then it's not an issue, but if they can't then all parties agree to fix it. Whether or not it actually gets fixed is another story.
 

Coury Ferguson

Moderator here to help
Staff member
Super Moderator
#9
Fellow covers,

I was under the impression that if a minor nonconformance is found during an internal audit, and it is not addressed by the next internal audit, it is automatically elevated to a major nonconformance.

It is not in our internal procedure, nor is it in either ISO 9001:2008 or ISO 9001:2015 standards. I just cannot remember where I read this. Can anyone help me out on this? Is it just a 'best practice' type of thing?

If you want more info...
We are starting our next internal audit for our training process. During the last audit, a minor nonconformance was found against ISO 9001:2008, clause 6.2.2, a) "the organization shall determine the necessary competence for personnel performing work affecting conformity of product requirements." The finding was because we don't have the competencies determined for our trainers. The auditees accepted this finding and said they would correct it. Here we are, almost 1 year later, and it has not been corrected. A fellow internal auditor says they don't think it should be elevated because "it isn't that big of a deal", but I feel it should be elevated to ensure it gets addressed this time around. When asked where this requirement was, I could not find the answer. It is not often that I am stumped on something like this, so any help would be greatly appreciated!
Now back to your original post.

There is no requirement in ISO9001:2008/2015 that requires classification of defects (MAJ/MN). The step I would look at would be to elevate to the next layer in Management, and see if you get a response. If it stops there, then elevate it to the next level, until someone realizes there was something identified during the IA that needs to be addressed.

I have elevated, not just internally to the President/CEO and also to a Supplier's President/CEO to get an investigation going to determine RCCA.

In most organizations, the President/CEO have more important things to be concerned about, and usually will get the previous management level to respond, because him/her don't need something like this to take up more time from more important things like running an organization.

When I was performing 3rd Party Audits, if I saw this I would document a NC for an ineffective CA System, and depending on the reach/depth of non action, maybe even consider it a complete breakdown in the System.

Now from the 1st Party side, I would do exactly as I stated above.

Just my humble opinion here.
 
Thread starter Similar threads Forum Replies Date
J AS9101C - Scoring for Unjustifiable Non-Addressed Clauses (Exclusions) AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 4
D Using non-conforming components even though the final assembly is conforming? Manufacturing and Related Processes 5
N Competent Authority notification for non-EU manufacturer EU Medical Device Regulations 4
M CE marking for NON-EU EU Medical Device Regulations 0
E Non-GMP examples in Pharmaceutical industry Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
blile Increasing PFMEA occurrence ranking after non-conformance FMEA and Control Plans 4
S Non-Conformance and Deviations ISO 13485:2016 - Medical Device Quality Management Systems 4
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
T Ideas for developing a Supplier Quality Management System, non automotive ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
N Audit non-compliance - API Spec Q1 9th Ed 5.6.1.2 b Oil and Gas Industry Standards and Regulations 10
R Applicability of new non-harmonized standards (MDD/MDR) EU Medical Device Regulations 8
M Scope of Combined ISO 9001 and IATF 16949 QMS - Non-automotive customers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
J Guidance on manufacturing non-surgical face masks US Food and Drug Administration (FDA) 3
D Do non-IATF customers need to be included in audit scope? IATF 16949 - Automotive Quality Systems Standard 23
C If it doesn't prevent a non-conformance, is it a preventive action? IATF 16949 - Automotive Quality Systems Standard 13
G Addressing Non-Conformances from an Internal Audit that are not product related ISO 13485:2016 - Medical Device Quality Management Systems 11
T Non conformance product identification and traceability 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
I Non-Conformance vs OFI -- your best descriptions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 61
G Question about Non-conformances during New Product Introduction Nonconformance and Corrective Action 14
B Bioburden monitoring for surgical instrument provided non-sterile EU Medical Device Regulations 3
Y Packaging validation for non-sterile Medical Equipment Other Medical Device Related Standards 1
S Can we provide training plan as corrective action for IATF 16949 Non conformity? IATF 16949 - Automotive Quality Systems Standard 9
J Medical System with non-medical device and FCC US Food and Drug Administration (FDA) 5
L PMA and Non-PMA parts in same finished goods area? Federal Aviation Administration (FAA) Standards and Requirements 1
W Non-Conformance from recent Audit carried out on Purchasing AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 11
D Do purchasing controls apply to non-medical parts? ISO 13485:2016 - Medical Device Quality Management Systems 5
S Service record requirements for Non-Serviceable Medical Devices CE Marking (Conformité Européene) / CB Scheme 1
S Industry Labelling Standards - non medical Manufacturing and Related Processes 0
B Using non CE parts in a machine CE Marking (Conformité Européene) / CB Scheme 1
B To detect the non standard variable IATF 16949 - Automotive Quality Systems Standard 5
A Single use non-sterile syringe used in the oral cavity - Laboratory test advice US Food and Drug Administration (FDA) 7
K Relying on mitigations implemented in non-medical device IEC 62304 - Medical Device Software Life Cycle Processes 5
M What to do about Non Conformance forms that are deleted or missing? Nonconformance and Corrective Action 4
Marc A 20 Hour Non-Stop Flight - (October 2019) Travel - Hotels, Motels, Planes and Trains 19
C On spontaneous but non-standard rankings FMEA and Control Plans 3
N Non traumatic edge - Remark in some of my company drawings EU Medical Device Regulations 1
Q Internal Audits - Categories of non conformances Internal Auditing 12
C Neglect or legitimate deferral? Is excessive workload or lack of resources in a department or a team a valid root cause for a non-conformance? Problem Solving, Root Cause Fault and Failure Analysis 12
D Standard guide for shelf life determination of non sterile component with degradation materials Reliability Analysis - Predictions, Testing and Standards 1
S What's meant by ISO9001 clause 8.7 non conforming output? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
A Information on good laboratory practices (GLP) for the non-medical or food industry wanted Manufacturing and Related Processes 1
C Fact or fiction - Repeat minor becomes a major IATF non-conformance IATF 16949 - Automotive Quality Systems Standard 7
Ed Panek Are audit non conformances also risk based? ISO 13485:2016 - Medical Device Quality Management Systems 1
Q Non conformity, do nothing? Employee experiencing "hard times" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
W ISO standards /Social Audit Franchise (Accredited & Non Accredited) Service Industry Specific Topics 6
P Line accums as a non-conformance? Supplier Quality Assurance and other Supplier Issues 2
P IATF 16949 Clause 8.4.2.3 - Justification for non-certified suppliers IATF 16949 - Automotive Quality Systems Standard 12
S Returned product due to Customers fault, is it a Non-Conformance? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 7
Similar threads


















































Top Bottom