Non Conformance for Adding to Control Plan

Howard Atkins

Forum Administrator
Staff member
Admin
#1
Non Conformity!!!!!!


I just had a survellance audit and the auditor tried to give me a non conformance because I had added to the control plan as a result of corrective actions. I told him that I can add what I like to the control plan with out permission. In the end he accepted this.
Just shows .!!
 
Elsmar Forum Sponsor

Marc

Hunkered Down for the Duration
Staff member
Admin
#4
I've been thru plenty of audits - doesn't surprise me one bit. It has been one of my complaints for a number of years.
 

Kevin Mader

One of THE Original Covers!
Staff member
Admin
#5
We are all human I guess, even Registrars. I have had a few issues myself, but so far I have been able to work through the issues. My advice to those who have or haven't been through it: be nice, explain your position well. If that does not work, differ the issue to the next level for consideration. If that doesn't work, satisfy any Corrective Actions request, don't invite that auditor back, and consider searching for a new Registrar. It's your money.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#6
Kevin:

I disagree with interpretations being a matter of all of us 'being human'. It is an issue of experience and understanding mixed with intent. I have worked with many standards over the years. I cut my teeth on military specifications. I got my first job in quality because I told the company I understood them (MIL SPEC). I studied the appropriate ones for the product as required by contracts. I often had to explain how the company I worked for 'meets the intent' of a spec. I got into ISO as I thought it was comparatively easy - and it is.

We come down to interpretations. And with QS came rediculousness (spelling?). But then, QS is a customer requirement and ISO is an international specification, if you will.

Anyway, I approach every client from the First meeting with a diatribe which approximates the following:

"I cannot do this for you. QS9000 and ISO900x are, as a group, requirements in so far as registration is concerned. I have to transfer my knowledge to someone. And - when that person is ready, that person will understand the requirements and the intent of the details of the requirements with respect to their business and company systems."

"Auditors are often problematic in part because there has been a rush by marginally qualified people to and thru the Lead Auditor Certification Process."

I had one auditor who was a college professor who smelled money. When it came to interpretations, he was often a wash. Yes - I know the 'time in business' aspect but even that does not ensure consistent interpretations.

I do admit the college professor would listen to reason and we often 'worked through it' to a convergent point as you say.

"You will have to be ready to fight with the auditor over points of contention. Auditors are often simply not right in their interpretation. In my very first ISO9001 audit, within 30 minutes of the start of the audit we were given our first 'minor'. The auditor said it was not easy for him to tell the differences between the current quality manual and the last version. I had written a documentation database for the company. All revisions were detailed except for that one. We had taken the old quality manual and completely revised it - like major, major revision. In the database field where we listed the changes, we simply put a statement which said "Due to the dramatic and extensive changes, the changes are not listed here. Please compare the two manuals if you need to tell differences." We did this because it didn't make much sense to list 100 pages of changes (which is what it would have taken if each specific change had been listed and addressed). I asked the auditor where in ISO9001 it said it has to be easy for him to tell the differences. He hemmed and hawed and thumbed the spec and finally said "It's implied". Well, now, bull shit. He never did buy off on it - we kept that minor. I can say, however, the rest of the audit went quite well. I think I cowed the guy. Attacked him right off the bat with a Show Me Where.... But then - we were all ready to explain how we complied. We were ready!

The point is you have to understand the spec and the intent and be ready to explain and argue your position or auditors will end up running right over you and you'll end up doing things to your systems 'because the auditor said so'. Choose your battles well, but there are times when battle is neccessary.

It's not 'human nature' - it's a matter of interpretation, understanding of intent, and being Ready To Explain! Don't get me wrong - I have run into a lot of very qualified auditors. None the less, one must be ready.

I tell clients: I'm little more than a piano teacher. I can teach you how to play faster than you can learn yourself. I can teach you how to read music. I can teach you what the conventions are. I can teach you how to play the game. BUT - when the concert starts my fingers cannot be on the piano keys. You must play your own concert. And you have to be ready for it. I can't do it for you.

Every client I have had has been 'first audit' successful. And they know their stuff - they are READY! Much like Formal Logic and Debate in college, this is a game any company can win.

Nor do I mean to detract from the 'goodness' of ISO9001 (or many aspects of QS9000). I believe there is 'goodness' in them both. This is to say, for example, a defined, substantial, 'robust' design process is 'goodness' just as well designed and executed Nonconformance and Corrective Action systems have 'goodness'. They are beneficial and important systems to any business.

OK - now rip me up!
 
D

Don Winton

#7
Good show, Howard.

Marc,

Rip you up - I cannot. You made all points very well. I also grew up with MIL standards. Interpretation is not a problem with GSA auditors, IT IS A WAY OF LIFE! During my experience, the GSA ( o )’s did not even want to see the standard. They had their minds made up and did not want to hear your side. But that is another story.

I agree that with QS came ridiculousness (sp) which is part of the reason I try to shy away from QS issues. But, then again, to this point that has not been a problem for me. My company is going for ISO with the FDA’s QSR. But interpretation is going to be an issue with the FDA inspectors anyway, so I draw on my MIL experience. I found that out during my ISO preassessment. My auditor was a former FDA inspector with EU qualifications. She kept wanting my system to comply her interpretation of the QSR (This was an ISO preassessment), which I successfully defended as not being required. I will deal with the FDA during an FDA assessment. In short: If you need it, have it. If you do not need it, do not have it, but be ready to explain WHY you do not and how you meet the intent of the standard.

Your handling of the auditor during the first assessment you mention struck a nerve. Not with what happened, but it appears from your account that this assessor’s attitude may be typical of some (not all). They come into YOUR facility to examine YOUR system, but set themselves up as the experts. Your ‘Show Me Where’ should have been enough to drop the noncompliance, but it would seem he did not want to admit an error in front of what he now perceives as a peer. Once you demonstrated your knowledge and experience, he appears to have backed off somewhat. Perhaps my interpretation is not accurate.

One last item: “The point is you have to understand the spec and the intent and be ready to explain and argue your position or auditors will end up running right over you and you'll end up doing things to your systems 'because the auditor said so'. Choose your battles well, but there are times when battle is necessary.” On this item and others when dealing with interpretation, I draw from Sun-Tzu:

“One Who Knows When He Can Fight, and When He Cannot Fight, Will Be Victorious.”
“One Who Recognizes How to Employ Large and Small Numbers Will Be Victorious.”
“One Whose Upper and Lower Ranks Have the Same Desires Will Be Victorious.”
“One Who, Fully Prepared, Awaits the Unprepared Will Be Victorious.”
“One Whose General Is Capable and Not Interfered With by the Ruler Will Be Victorious.”

Regards,
Don
 

Kevin Mader

One of THE Original Covers!
Staff member
Admin
#8
Marc,

Perhaps I did stretch the definition of a human being a bit to far. Good points on the qualifications of an auditor, I can't rip you there (or anywhere really). I agree that with the explosion of ISO900x, Registrars bent the guidelines for hiring auditors too much. You also make an excellent point that by defending your contentions you may cause the auditor to do some silent reconsideration (even if it is not at the point at hand but rather future points of consideration). I think a good auditor wouldn't be discouraged enough not to probe, but one that does not have the understanding and confidence probably would. I guess the advice I gave is based on the fact he has the power, right or wrong, to sway the outcome (honey vs. vinegar, an NFL referee).

You raised an interesting question (at least to me) about QS9000 and the registrar. All of us have read a lot about the qualifying of QS auditors. The question I have for you (and anyone wanting to contribute) is how have these auditors faired in comparison with the ISO auditors you have encountered? Better or worse? Knowledgeable or Not? How about their interpretations on the "should" items as there is room for interpretation and implementation? Of course these questions can be answered some better, some worse. What I wanted to see was more in line with the actual experiences and solutions. Perhaps this should have been raised as a new topic, I will leave that at your discretion.
 

Marc

Hunkered Down for the Duration
Staff member
Admin
#9
Don:

The auditor we had at the first audit who 'it was not easy for...' was a retired GM person (this was an ISO audit, remember, not QS, and it was 6/94 as I remember). He was a nice guy but his expectations were off the wall.

Now - I think there are good auditors - I do not mean to condemn them all.

I see each auditor as a person with a specialty that they are good at. During my time with Motorola we learned several things early:

1. You have to have a single responsible auditor who attends *EVERY* audit (project manager, if you will). That person becomes the 'expert' on your company for the registrar. If the audit is a Singapore facility, s/he is there. If the next one in in Scotland, s/he is there. Before we did this the interpretations issues were really an impossibility to deal with. Again, that single individual *HAD* to be the Lead Assessor at every audit at every facility - NO Exceptions!!!!!!

2. Team composition may change but we reserved the right to (and for the most part did) 'interview' each prospective auditor with rejection power and with the input of where that auditor should be checking. (For example, one person we 'interviewed' was terrible on calibration. I mean that person was BAD. We asked that that person NOT be involved in review of any part of the calibration system(s)). We found each auditor had strengths and weaknesses and wanted to ensure we had people familiar with fabs auditing fabs, etc. A few auditors did not work out, almost all did, however.

That implementation effort taught me a lot about auditors and what happens with interpretations. Understand that many of the systems were 'master Motorola systems' and thus at each facility they were identical. One auditor would agree to compliance of a specific system while another auditor at another facility 'saw things differently' with regard to compliance of that same system. Obviously a nightmare can erupt.

We also, by the way, had an 'interpretations list' where we posed questions to LRQA (Motorola's registrar) about monthly. I must admit most of their responses, however, were so vague I was, well, I'll just say I was 'seriously disappointed'.

Kevin, you comment about the 'should' - heck - look around the site at some of my ramblings. I believe a couple of years ago I had a line which read something like "Coming Soon! QS9000 as a foreign language!" wherein I lambasted them for using the word SHOULD where SHALL was the word they should have used with regard to their expectations. This also illustrates something else I tell (and try to drill into) my clients - 'Every Word has a meaning (taken in context). Every word is important'. This is part of my 'You better understand the intent and be ready to explain' diatribe which I throw at my clients at least 5 times every time I visit. You can't understand the intent unless you have read it and pondered every word (my opinion - no kidding).

I also admit that a big part of the problem also comes from companies which do not put a person in charge of the program who has the background to do this or the company fails to recognize that there is time involved in doing all this.

As a last comment, the idea is not to stiffle an auditor. Hey - let them look and probe. I believe if you're compliant that is a non-issue.

The bottom line is we are experiencing (and are involved in) an evolution at a time when things like this (business systems) evolve at a quite rapid rate unlike anything the world has ever known. The faster the rate of evolution, the higher probability of failure (my opinion - I don't have evidence). Our defense in this 'game' is knowledge and readiness (understand and be ready to explain).

I have not noticed a big difference between QS and ISO auditors. QS just has a lot more vagaries than are apparent at first blush leading to more confusion and interpretation issues. Hell, look back at the QS "Fax in your questions and we'll (maybe) address it in an interpretations document which will eventually exceed the size of the document (qs9000) its self" stupidity. ISO has much more reason in it and vagaries (including SHOULD statements) make much more sense (remember, ISO9001 is an International Spec while QS9000 is strictly a Customer Requirement).

To finish up - folks, I set this site up specificaly because of the this issue of interpretations. I even called it (and still do) an information forum. From the main page:

-----snippo----
The Cove is Your Beacon for Direction Thru
The ISO900 - QS9000 Fog and 'Intent' Blurrr-r-r...
Do You... Understand the Intent?
Are You... Ready to (Can You) Explain?
Site Mission Statement:
To serve as an ISO9000 / ISO14000 and QS9000
Information Exchange and Co-Operative
-----snippo-----

I used the words "Fog and 'Intent' Blurrr-r-r..." for a very specific reason - Interpretation Confusion.

So - we're off to fight some more good fights!

[Whew...]

Who's next???

[This message has been edited by Marc Smith (edited 12-28-98).]
 

Kevin Mader

One of THE Original Covers!
Staff member
Admin
#10
Marc,

I shall not use "should" again * 100. I vaguely remember a back-and-forth discussion you posted at your old site to that point (also remember other postings between you and the award winning Plexus, another bad word).

Thanks for the feedback on ISO vs. QS auditors. I suspected as much but had heard that they are generally "very" literal and often opinionated (QS auditors that is) in their interpretations. I see this as a potential problem as an organization may find itself in the position of trying to meet a registrar's opinion rather than satisfying the intent of the standard (and requirements) as it suits an organization. To your point, being compliant should eliviate any debate. Still, we will fight the good fight when we must.

Regards,

Kevin
 
Thread starter Similar threads Forum Replies Date
blile Increasing PFMEA occurrence ranking after non-conformance FMEA and Control Plans 4
S Non-Conformance and Deviations ISO 13485:2016 - Medical Device Quality Management Systems 4
C If it doesn't prevent a non-conformance, is it a preventive action? IATF 16949 - Automotive Quality Systems Standard 13
T Non conformance product identification and traceability 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
I Non-Conformance vs OFI -- your best descriptions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 61
W Non-Conformance from recent Audit carried out on Purchasing AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 11
M What to do about Non Conformance forms that are deleted or missing? Nonconformance and Corrective Action 4
C Neglect or legitimate deferral? Is excessive workload or lack of resources in a department or a team a valid root cause for a non-conformance? Problem Solving, Root Cause Fault and Failure Analysis 12
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
C Fact or fiction - Repeat minor becomes a major IATF non-conformance IATF 16949 - Automotive Quality Systems Standard 7
P Line accums as a non-conformance? Supplier Quality Assurance and other Supplier Issues 2
S Returned product due to Customers fault, is it a Non-Conformance? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 7
I AS9100D Non-conformance for 10.2.1 b 2 and 10.2.1. b 3 e and f - Corrective Action AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 10
P Are red non-conformance bins required anywhere in the ISO or IATF standards? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
I "We don't have enough resources" as an Audit Non-conformance Response General Auditing Discussions 14
G Informational Is Past due calibration a non-conformance if tagged "Do Not Use"? General Measurement Device and Calibration Topics 9
D Minor non-conformance for not receiving a CofC from a heat treater Manufacturing and Related Processes 10
P Minor Non-Conformance - Maintenance Records Not Fully Completed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
Q Minor non-conformance for not controlling local regulation laws? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
GoSpeedRacer How to handle operator involvement in the non conformance ISO 13485:2016 - Medical Device Quality Management Systems 5
M Non-Conformance Report for Concession ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Q An uncontrolled record is it a non-conformance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
V Difference between Non-Conformance, Variance and Deviation ISO 13485:2016 - Medical Device Quality Management Systems 7
M Closing of a Non Conformance Nonconformance and Corrective Action 5
K Corrective and preventive action for Non Conformance on PFMEA FMEA and Control Plans 30
D Is Failure to achieve a Goal a Major Non-Conformance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
W Can you have a Corrective Action without a Non-Conformance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
K Bottle Labeling Machine Problems - Non conformance in FCMG industry Nonconformance and Corrective Action 8
M Procedure Non-Conformance=Corrective Action? Document Control Systems, Procedures, Forms and Templates 14
M Class II Medical Device Design Control Non Conformance 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
L Root Cause for Minor Non-conformance regarding Supplier Delegation Nonconformance and Corrective Action 5
D Calibration & Test Laboratory Non-Conformance Procedure Example wanted General Measurement Device and Calibration Topics 3
J Non-Conformance for Not Taking Exclusion AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 14
V Is non-conformance (incident) required for any observation in equipment qualification Nonconformance and Corrective Action 5
N Non conformance Report to Risk Management-Plan ISO 14971 - Medical Device Risk Management 16
C The prudence of combining non-conformance reports with corrective/preventive action Nonconformance and Corrective Action 10
P Definition Nonconformance or Non-Conformance? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 4
T Non Conformance Report Training Suggestions Training - Internal, External, Online and Distance Learning 5
B Combining both Deviation and Non-Conformance Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
J Non Conformance Area Policies Misc. Quality Assurance and Business Systems Related Topics 8
P Non Conformance Reporting in GMP in the Control of Materials Nonconformance and Corrective Action 1
G Writing up BRC audit non-conformance Internal Auditing 9
M Definition Major vs. Minor Non Conformance Definitions Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 9
J Can An External Auditor Also Write The Same Non-Conformance As An Internal Auditor? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
G Management Review Non-Conformance - Meeting Measurable Goals and Objectives ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
T External Communications - Should this have been raised as a Minor Non-Conformance? Miscellaneous Environmental Standards and EMS Related Discussions 12
W Internal Audit Non Conformance Tracking Logs and NC Systems ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
Q Non Conformance Closure by including it on another Corrective Action ISO 13485:2016 - Medical Device Quality Management Systems 8
B FDA Requirements for Retaining Non-Conformance Tags (Medical Device Manufacturers) 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
V Categorization and Impact Assessment of Non Conformance Nonconformance and Corrective Action 3
Similar threads


















































Top Bottom