Non-conformance Register vs Corrective Action Register

#1
Hi All,

I know there are a few threads on this and I have gone through them but I'm still not 100% clear on the process. I have been tasked with project lead on achieving ISO 9001 certification for my organisation (health services but back office - don't deal with medical issues, we process claims and pay health service providers). I have no previous experience in ISO or Quality. We have our Stage 1 audit in November this year.

Our current process is as follows:
We have 9 completely separate processing units each headed up by a unit manager. On a day-to-day basis managers / staff keep an eye on the running of the unit and can raise a non-conformance at any point that it is required. They request a NCR (non-conformance register) unique number from me, then they complete a non-conformance report which includes the following headings:
- Issue description
- Actions taken to fix
- Corrective verification
- Root cause analysis (if required)
- Corrective actions (if required)

Once the form is completed it is submitted to me and I put a summary of the information provided onto a non-conformance register (excel sheet), listed by NCR unique reference number. I will then follow up with the unit to ensure that the non-conformance is closed and signed off within 30 days of it being raised.

My question is: we are about to start with our internal audits, which may find an opportunity for improvement, minor or major non-conformance. How do I deal with those and ensure I’m recording the correct information?
- Does a non-conformance report have to be completed for each one raised from internal audit?
- If not, can I assign an NCR number and just include the summary information on my register without having a backing report as the IA report will be sufficient?
- Do I need to have a separate corrective actions register, or can this all be included on the Non-conformance register?

Sorry for the essay and all the questions – I’m hoping it makes sense to someone out there!
Thanks
Hannah
 
Elsmar Forum Sponsor

Jim Wynne

Staff member
Admin
#2
A couple of observations: The report, as you describe it, is missing an important component--the requirement that was not fulfilled. The ISO definition of nonconformance is "non-fulfillment of a requirement." If there is no documented requirement, there is no nonconformity. Next, I strongly suggest that you eschew classification of nonconformities (major, minor, etc.) resulting from internal audits. It serves no purpose and will likely devolve into inescapable subjectivity. All audit nonconformities must be addressed.

If you follow the "normal" algorithm for these things, there will be an audit report that lists each nonconformity encountered, which should beget at least a corrective action effort, if not a separate NCR. So long as the CA is tied to the audit report, a separate NCR isn't necessary. As far as separate NC and CA registers are concerned, it's your choice.
 

Mark Meer

Trusted Information Resource
#3
We have separate NCR & CAPA registers as the two have independent purposes, and there are cases where CAPA is issued independent from a specific non-conformity.

NCR
- What is the non-conformity (what requirement is not met, and what is the evidence)?
- What, if any, remedial action is taken?
- Is investigation/corrective action required? If so, CAPA issued.

CAPA
- What is the issue (or potential NC)?
- Details of investigation/root-cause analysis
- Proposed corrective or preventive action
- Followup (to assess effectiveness of action(s))
 

contigo123

Involved In Discussions
#4
Does your internal audit procedure say what to do? Our Internal Audit SOP says that identified non-conformances require a CA, and thus they go into our CAPA system. In general we separate out product related issues that need correction into NCMRs and then other stuff goes into CAPAs (including product related issues that escalate to needing CA/PA as well as quality system related issues)
 
#5
Try to keep it as simple as possible. You don't need two systems unless you see a benefit from it and want to.

Keep in mind that not all nonconformances need corrective actions. Reference element 10.2b. After reacting to the nonconformance, taking action to control and correct it, and dealing with the consequences, you "evaluate the need for action to eliminate the cause(s) of the nonconformity . . . "

You may be doing more than you need to. You get to decide if corrective action is necessary or not. If not, it ends there.

My first suggestion is to add a line to your form stating something like "Corrective Action needed? Yes or No after the "take action to control and correct" and "deal with the consequences" and end it there if correction isn't needed.

Keep in mind though that if the nonconformance is an audit finding conventional wisdom (or the wisdom of the certification body) usually requires corrective action. The standard doesn't say so, but if you don't, expect a fuss from the auditor as that is how they are trained.

Only the actual audit nonconformances should be treated as nonconformances. Observations and Opportunities for Improvement are not nonconformances. It is inappropriate for auditors to "soft grade" nonconfirmances by calling them Observations or Opportunities for Improvement. Also you do not need to respond to them or report back to the auditor as to how you treated them. It is probably wise to address them, but it need not be formal nor does a record of how you address them need to be kept.

My second suggestion is to start using the same forms and logs to deal with audit nonconformances as you are using now. It would be a good idea to reference it to the audit in the opening line or somewhere near the top.
 

John Broomfield

Staff member
Super Moderator
#6
I recommend separating your logs of:

A. Service/Material/Product nonconformities

from your:

B. Preventive/Corrective Action Requests

Log A. would include customer complaints.

Let us not completely forget preventive actions flowing from data analysis, planning and risk assessments.
 
#7
A couple of observations: The report, as you describe it, is missing an important component--the requirement that was not fulfilled. The ISO definition of nonconformance is "non-fulfillment of a requirement." If there is no documented requirement, there is no nonconformity. Next, I strongly suggest that you eschew classification of nonconformities (major, minor, etc.) resulting from internal audits. It serves no purpose and will likely devolve into inescapable subjectivity. All audit nonconformities must be addressed.

If you follow the "normal" algorithm for these things, there will be an audit report that lists each nonconformity encountered, which should beget at least a corrective action effort, if not a separate NCR. So long as the CA is tied to the audit report, a separate NCR isn't necessary. As far as separate NC and CA registers are concerned, it's your choice.
Thanks so much for all of your replies, they are very much appreciated. We are not long finished with our training and I've gone back through my notes and the 'non-fulfillment of a documented requirement' in relation to non-conformances was not something that was highlighted so thank you for mentioning that. To expand on that point - is the 'documented requirement' the information contained in our standard operating procedures and KPI's? For example, one of our KPIs is to pay 100% of valid claims submitted. If for whatever reason that doesn't happen then the non-conformance is raised because the documented requirement (KPI) to pay 100% of valid claims wasn't met. Do the 'documented requirements' normally come from the SOPs, or can they come from the KPIs and other documents as well?
I agree with you regarding the classification of nonconformities - I'll take that out - didn't realise that was allowed as the training from the certification body went on a bit about minor and major nonconformities so I thought we had to classify them as such.
 

Thee Bouyyy

Involved In Discussions
#8
is the 'documented requirement' the information contained in our standard operating procedures and KPI's? For example, one of our KPIs is to pay 100% of valid claims submitted. If for whatever reason that doesn't happen then the non-conformance is raised because the documented requirement (KPI) to pay 100% of valid claims wasn't met.
What we do in our organization in this scenario is that if any of the KPIs are not met for any given period, we record it in a separate sheet that includes the root cause and action plan. This is not being treated as a non-conformance.

Do the 'documented requirements' normally come from the SOPs, or can they come from the KPIs and other documents as well?
It could originate from any documentation pertaining to your company's business scope and licence.

P.S : I'm in a hurry right now. Please accept my apologies if I misinterpreted. I haven't read all of the threads and responses from other users.
 

Randy

Super Moderator
#9
Without all the "this and that" and explanations, theory, and interpretations the simple answer is NO, not everything might mandate a CAR! Just take the time to read 9001:2015 - 10.2.1, it clearly states you get to decide what's important and what's not. There's some good information above
 

Cari Spears

Super Moderator
Staff member
Super Moderator
#10
I have a log for nonconforming product - this is where we keep all of the documented information required in AS9100D 8.7.2. I do not put process nonconformances in this log - product rejections only.

Then I have a corrective action log. Sometimes nonconforming product results in a corrective action request - not always. I log all corrective actions in this log, regardless of how they were initiated - nonconforming product, customer complaint, internal audit findings, management review action items, etc.

You can do whatever makes sense for your organization.
 
Thread starter Similar threads Forum Replies Date
L Non Conformance Register (aka Tracking Nonconformances and Corrective Actions) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
S Electronic Signatures - Non-Conformance - ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 29
G Team to analyze a non conformance Customer Complaints 26
R Non conformance (NC) or Corrective & Preventive action (CAPA) CE Marking (Conformité Européene) / CB Scheme 7
blile Increasing PFMEA occurrence ranking after non-conformance FMEA and Control Plans 4
S Non-Conformance and Deviations ISO 13485:2016 - Medical Device Quality Management Systems 4
C If it doesn't prevent a non-conformance, is it a preventive action? IATF 16949 - Automotive Quality Systems Standard 13
T Non conformance product identification and traceability 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
I Non-Conformance vs OFI -- your best descriptions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 61
W Non-Conformance from recent Audit carried out on Purchasing AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
M What to do about Non Conformance forms that are deleted or missing? Nonconformance and Corrective Action 4
C Neglect or legitimate deferral? Is excessive workload or lack of resources in a department or a team a valid root cause for a non-conformance? Problem Solving, Root Cause Fault and Failure Analysis 12
G Non Conformance During ISO 9001 Audit - Not All Internal Audits Completed General Auditing Discussions 19
C Fact or fiction - Repeat minor becomes a major IATF non-conformance IATF 16949 - Automotive Quality Systems Standard 7
P Line accums as a non-conformance? Supplier Quality Assurance and other Supplier Issues 2
S Returned product due to Customers fault, is it a Non-Conformance? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
I AS9100D Non-conformance for 10.2.1 b 2 and 10.2.1. b 3 e and f - Corrective Action AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
P Are red non-conformance bins required anywhere in the ISO or IATF standards? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
I "We don't have enough resources" as an Audit Non-conformance Response General Auditing Discussions 14
G Informational Is Past due calibration a non-conformance if tagged "Do Not Use"? General Measurement Device and Calibration Topics 9
D Minor non-conformance for not receiving a CofC from a heat treater Manufacturing and Related Processes 10
P Minor Non-Conformance - Maintenance Records Not Fully Completed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
qualprod Minor non-conformance for not controlling local regulation laws? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
GoSpeedRacer How to handle operator involvement in the non conformance ISO 13485:2016 - Medical Device Quality Management Systems 5
M Non-Conformance Report for Concession ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
qualprod An uncontrolled record is it a non-conformance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
V Difference between Non-Conformance, Variance and Deviation ISO 13485:2016 - Medical Device Quality Management Systems 7
M Closing of a Non Conformance Nonconformance and Corrective Action 5
K Corrective and preventive action for Non Conformance on PFMEA FMEA and Control Plans 30
D Is Failure to achieve a Goal a Major Non-Conformance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
W Can you have a Corrective Action without a Non-Conformance? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
K Bottle Labeling Machine Problems - Non conformance in FCMG industry Nonconformance and Corrective Action 8
M Procedure Non-Conformance=Corrective Action? Document Control Systems, Procedures, Forms and Templates 14
M Class II Medical Device Design Control Non Conformance 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 5
L Root Cause for Minor Non-conformance regarding Supplier Delegation Nonconformance and Corrective Action 5
D Calibration & Test Laboratory Non-Conformance Procedure Example wanted General Measurement Device and Calibration Topics 3
J Non-Conformance for Not Taking Exclusion AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
V Is non-conformance (incident) required for any observation in equipment qualification Nonconformance and Corrective Action 5
N Non conformance Report to Risk Management-Plan ISO 14971 - Medical Device Risk Management 16
C The prudence of combining non-conformance reports with corrective/preventive action Nonconformance and Corrective Action 10
P Definition Nonconformance or Non-Conformance? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 4
T Non Conformance Report Training Suggestions Training - Internal, External, Online and Distance Learning 5
B Combining both Deviation and Non-Conformance Processes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
J Non Conformance Area Policies Misc. Quality Assurance and Business Systems Related Topics 8
P Non Conformance Reporting in GMP in the Control of Materials Nonconformance and Corrective Action 1
G Writing up BRC audit non-conformance Internal Auditing 9
M Definition Major vs. Minor Non Conformance Definitions Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 14
J Can An External Auditor Also Write The Same Non-Conformance As An Internal Auditor? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
G Management Review Non-Conformance - Meeting Measurable Goals and Objectives ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
T External Communications - Should this have been raised as a Minor Non-Conformance? Miscellaneous Environmental Standards and EMS Related Discussions 12

Similar threads

Top Bottom