SBS - The Best Value in QMS software

Non-addressed Minor Finding elevated to Major Finding

T

Tyler C

#1
Fellow covers,

I was under the impression that if a minor nonconformance is found during an internal audit, and it is not addressed by the next internal audit, it is automatically elevated to a major nonconformance.

It is not in our internal procedure, nor is it in either ISO 9001:2008 or ISO 9001:2015 standards. I just cannot remember where I read this. Can anyone help me out on this? Is it just a 'best practice' type of thing?

If you want more info...
We are starting our next internal audit for our training process. During the last audit, a minor nonconformance was found against ISO 9001:2008, clause 6.2.2, a) "the organization shall determine the necessary competence for personnel performing work affecting conformity of product requirements." The finding was because we don't have the competencies determined for our trainers. The auditees accepted this finding and said they would correct it. Here we are, almost 1 year later, and it has not been corrected. A fellow internal auditor says they don't think it should be elevated because "it isn't that big of a deal", but I feel it should be elevated to ensure it gets addressed this time around. When asked where this requirement was, I could not find the answer. It is not often that I am stumped on something like this, so any help would be greatly appreciated!
 
Elsmar Forum Sponsor

Ninja

Looking for Reality
Staff member
Super Moderator
#2
Going by logic...not by clauses...:

You don't know what is required to consider a trainer "able to train".
Leads to more than a few questions about your employees being trained...
I would not apply "not a big deal" to that scenario.

Your internal audit system found a scenario considered unacceptable.
All agreed that it was unacceptable.
All agreed on who/when/why to fix it.
It wasn't fixed.
That's a pretty big deal.
What if that was in your pricing system? In your accounts payable system?

Internal audits are to find what needs fixing.
CA coming out of your audits are to fix that stuff.
If it wasn't done, your IA/CA system isn't working very well and you aren't closing the circle....that's sorta a big deal, no?

:2cents: HTH
 

howste

Thaumaturge
Super Moderator
#3
There is no requirement in ISO 9001 to classify nonconformities as major or minor, so you won't find it there. It is generally accepted practice for certification bodies to elevate NCs from minor to major if the same issue is found in consecutive audits. I know that the TS 16949 Rules document requires this, but it occurs in AS9100 and ISO 9001 audits too.

What ISO 9001 requires is that action is taken "without undue delay" for identified audit nonconformities:
ISO 9001:2008 clause 8.2.1 said:
The management responsible for the area being audited shall ensure that any necessary corrections and corrective actions are taken without undue delay to eliminate detected nonconformities and their causes.
ISO 9001:2015 clause 9.2.2e said:
The organization shall... e. take appropriate correction and corrective actions without undue delay;
Whether or not you elevate the NC to major is up to you, but I would at a minimum reissue the original nonconformity and also issue a new nonconformity against the clause above for untimely/ineffective actions.
 
T

Tyler C

#4
Thank you both for your input.

Ninja, I agree with you. I feel this is a huge issue that needs resolved, for the reasons you mentioned. Unfortunately, the rest of management and this particular internal auditor seem think we don't need to identify these competencies, but rather we can verify the training effectiveness through other methods. I did bring up the fact that everyone agreed it was a nonconformity last time, so one way or another, it needs to be addressed. I've come the hate the phrase, "We don't want to box ourselves in by putting it into ISO," but this is a common 'cop-out' in this organization.

Howste, I knew it wouldn't be in the standards because they don't specify between major and minor. I was starting to wonder if this came from our registrar. I will do some more research into TS 16949, so thank you for giving me another avenue to look into. Also, thanks for the ideas on other ways to handle it if we don't elevate it. I will leave the choice up to the audit team, as I am not actually on the team this time, but rather facilitating the process.

Thanks again!
 

Randy

Super Moderator
#5
Going by logic...not by clauses...:

Internal audits are to find what needs fixing.

:2cents: HTH
No they are absolutely not! I have issued NC's for that exact reasoning written into audit programs and identified during audits I've done across half a dozen different standards.

ISO 9001:2008
8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms
to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained.


ISO 9001:2015
9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the quality management system:
a) conforms to:
1) the organization’s own requirements for its quality management system;
2) the requirements of this International Standard;
b) is effectively implemented and maintained.


Nowhere is it stated that internal audits are to find what needs fixing!!! That statement in and of itself eliminates objectivity and impartiality from the process (Another NC I'd write)

The elevation to major and all that is someones made up dribble unless the audit or corrective action procedures have clearly stated that (which was correctly observed is not a 9001 requirement in any version old or new).

The excuses for not correcting the competency of trainers CA are lame. The organization, management or Red Riding Hood (if she's the correct person) has the authority to state what competency is and whether or not the criteria has been met. Do it, document/record it and move on to more important dribble. This isn't rocket science or synthetic DNA manufacturing because I've audited both and this ain't it.
 
T

Tyler C

#7
Thanks Golfman25. I would like to get away from major/minor, but that is how it is written in our procedure, so for now, that is what I have to abide by.
 
T

Tyler C

#8
No they are absolutely not! I have issued NC's for that exact reasoning written into audit programs and identified during audits I've done across half a dozen different standards.

ISO 9001:2008
8.2.2 Internal audit
The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms
to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and
b) is effectively implemented and maintained.


ISO 9001:2015
9.2.1 The organization shall conduct internal audits at planned intervals to provide information on whether the quality management system:
a) conforms to:
1) the organization’s own requirements for its quality management system;
2) the requirements of this International Standard;
b) is effectively implemented and maintained.
Randy, I see your point, but I respectfully disagree. As you pointed out in the ISO 9001:2008 standard, it says, "The organization shall conduct internal audits at planned intervals to determine whether the quality management system
a) conforms to the planned arrangements (see 7.1), to the requirements of this International Standard and to the quality management system requirements established by the organization, and...".


From my perspective, if the organization determines that internal audits are to be used for the reasons listed in the standard, in addition to finding what needs fixed, then there is no NC here, because the organization determined this to be an use of the audits.

I would also like to point out that by the standard explicitly stating that internal audits are to be used to determine whether the QMS conforms, it is implicitly stating that internal audits are to be used to determine whether the QMS doesn't conform. That's actually the other side of 'whether' (whether, or not).

Internal Audits are a part of continual improvement, but to be able to improve, you first need to know what needs improving. In other words, what needs fixing.

Now, on the other side of this, I do agree that this can be abused which would be a nonconformance to "...ensure objectivity and impartiality..." As an internal auditor, I know what "needs to be fixed", and I could use the audit as a way of "getting at the manager" of the process. So, instead of showing them that they have an issue that needs fixing, I instead allow them to defend their stance on not needing to fix the non-issue. If they can defend it, then it's not an issue, but if they can't then all parties agree to fix it. Whether or not it actually gets fixed is another story.
 

Coury Ferguson

Moderator here to help
Staff member
Super Moderator
#9
Fellow covers,

I was under the impression that if a minor nonconformance is found during an internal audit, and it is not addressed by the next internal audit, it is automatically elevated to a major nonconformance.

It is not in our internal procedure, nor is it in either ISO 9001:2008 or ISO 9001:2015 standards. I just cannot remember where I read this. Can anyone help me out on this? Is it just a 'best practice' type of thing?

If you want more info...
We are starting our next internal audit for our training process. During the last audit, a minor nonconformance was found against ISO 9001:2008, clause 6.2.2, a) "the organization shall determine the necessary competence for personnel performing work affecting conformity of product requirements." The finding was because we don't have the competencies determined for our trainers. The auditees accepted this finding and said they would correct it. Here we are, almost 1 year later, and it has not been corrected. A fellow internal auditor says they don't think it should be elevated because "it isn't that big of a deal", but I feel it should be elevated to ensure it gets addressed this time around. When asked where this requirement was, I could not find the answer. It is not often that I am stumped on something like this, so any help would be greatly appreciated!
Now back to your original post.

There is no requirement in ISO9001:2008/2015 that requires classification of defects (MAJ/MN). The step I would look at would be to elevate to the next layer in Management, and see if you get a response. If it stops there, then elevate it to the next level, until someone realizes there was something identified during the IA that needs to be addressed.

I have elevated, not just internally to the President/CEO and also to a Supplier's President/CEO to get an investigation going to determine RCCA.

In most organizations, the President/CEO have more important things to be concerned about, and usually will get the previous management level to respond, because him/her don't need something like this to take up more time from more important things like running an organization.

When I was performing 3rd Party Audits, if I saw this I would document a NC for an ineffective CA System, and depending on the reach/depth of non action, maybe even consider it a complete breakdown in the System.

Now from the 1st Party side, I would do exactly as I stated above.

Just my humble opinion here.
 
Thread starter Similar threads Forum Replies Date
J AS9101C - Scoring for Unjustifiable Non-Addressed Clauses (Exclusions) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
K Is Calibration Required for Non-Adjustable Commercial Inspection Devices? General Measurement Device and Calibration Topics 11
J Informal vs formal scope creep... managing non-medical devices through system processes ISO 13485:2016 - Medical Device Quality Management Systems 2
G Not accepting a non conformity during an audit General Auditing Discussions 11
J In-house (NHS) manufacture and use (by staff) of non-medical devices.. any regulations apply? UK Medical Device Regulations 6
B Does FDA Registration QSR need to cover non-medical devices for contract repackager? US Food and Drug Administration (FDA) 1
A Brexit Mandate for EU Authorised Representative for non medical devices CE Marking (Conformité Européene) / CB Scheme 7
E Accredited vs. non-accredited labs for 60601 compliance in the US IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
E Accredited vs. non-accredited labs for 60601 compliance in the US Other Medical Device Related Standards 4
C Non-sterile reusable surgical instruments - FDA sterilization requirement Other Medical Device Related Standards 2
L Water requirement for Non-sterile topical OTCs Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
B Procedure packs with non-medical devices EU Medical Device Regulations 1
W Non Sterile Medical Device Environmental Tests Other Medical Device Related Standards 4
S Advice on how to reduce overhead of handling non-conforming material Nonconformance and Corrective Action 7
G Team to analyze a non conformance Customer Complaints 26
J Promoting and marketing of a non approved device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
G 0 non conformities in registrar audits over 4 years Management Review Meetings and related Processes 12
K CE Marking Class 1 (Non sterile) medical device CE Marking (Conformité Européene) / CB Scheme 3
M Supplier requirements - Major supplier is a Non-Profit registered with ICCBBA (FDA UDI) Supply Chain Security Management Systems 12
S Non parametric test for semi-quantitative data. Statistical Analysis Tools, Techniques and SPC 5
B Free Sales Certificate for Non Medical Devices Other Medical Device Related Standards 2
P Ppk results shown as asterisk after the transformation of Non-normal data Using Minitab Software 4
I When is necessary to have RoHS declaration on non-electrical parts? REACH and RoHS Conversations 1
Johnnymo62 Non Aerospace topics - Anything for military trucks, trailers, Humvee type vehicles? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
G Dealing with non conformity caused by Supplier Components detected in the production line IATF 16949 - Automotive Quality Systems Standard 14
M Who are the go to companies for non-destructive hardness testing? General Measurement Device and Calibration Topics 3
R Non conformance (NC) or Corrective & Preventive action (CAPA) CE Marking (Conformité Européene) / CB Scheme 7
M How does IEC-60601-1 apply to a non-medical device in the patient vicinity? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
A FDA guidance on non-sterile Medical Device Packaging Medical Device and FDA Regulations and Standards News 7
E Qualification for non gmp service providers Supplier Quality Assurance and other Supplier Issues 1
R MDD x PPE Directive - Statement of Non-Applicability EU Medical Device Regulations 3
B Exclusions or justification for non-applicability of IEC standards Reliability Analysis - Predictions, Testing and Standards 1
C Non-EU Language Requirements Other Medical Device Regulations World-Wide 3
A Non-Conformances Found After 3rd Party Sorting Supplier Quality Assurance and other Supplier Issues 12
T ISO 13485 8.3 - Non-Conforming Materials - on-line rework or part of process? ISO 13485:2016 - Medical Device Quality Management Systems 11
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 8
D Using non-conforming components even though the final assembly is conforming? Manufacturing and Related Processes 5
N Competent Authority notification for non-EU manufacturer EU Medical Device Regulations 4
M CE marking for NON-EU EU Medical Device Regulations 0
E Non-GMP examples in Pharmaceutical industry Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
blile Increasing PFMEA occurrence ranking after non-conformance FMEA and Control Plans 4
S Non-Conformance and Deviations ISO 13485:2016 - Medical Device Quality Management Systems 4
B Risk Assessment Checklist for Non product Software IEC 62304 - Medical Device Software Life Cycle Processes 1
T Ideas for developing a Supplier Quality Management System, non automotive ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
N Audit non-compliance - API Spec Q1 9th Ed 5.6.1.2 b Oil and Gas Industry Standards and Regulations 10
R Applicability of new non-harmonized standards (MDD/MDR) EU Medical Device Regulations 14
M Scope of Combined ISO 9001 and IATF 16949 QMS - Non-automotive customers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
J Guidance on manufacturing non-surgical face masks US Food and Drug Administration (FDA) 3
D Do non-IATF customers need to be included in audit scope? IATF 16949 - Automotive Quality Systems Standard 23
C If it doesn't prevent a non-conformance, is it a preventive action? IATF 16949 - Automotive Quality Systems Standard 13

Similar threads

Top Bottom