Non Conformity in Audit: Missing Deputy Rule

Q

QMLady

#1
Hi there,

in our last audit we had a major non-conformity in our CAPA process and one part was "The CAPA form is signed and released by the QM-responsible in both cases (Remark by QMLady: one person in QM signed as CAPA responsible and as quality management responsible). A deputy rule for responsibilities and signatures is not available."

I already tried to answer this part of our major NC but our auditors were not happy. I referred to our job descriptions where every job has a defined deputy.

Has anybody an idea what our auditors could expect? Do they want a matrix? Has anybody an example I could look at to get an idea?

Thank you very much for your help in advance.

QMLady
 
Elsmar Forum Sponsor
Q

QMLady

#3
Hi Sidney,
thanks for your quick reply.
The NC is about a CAPA they looked at during the audit. They weren´t happy the way the CAPA was conducted, for example, it was written in a speculative way and does not show clear results and statements. Not all actions are signed and so on.
And one little part of the major NC was that the CAPA form is signed and released by the QM-responsible in both cases. A deputy rule for responsibilities and signatures is not available." And here is my question as already stated in my first post.
All little non-conformities were one big major non-conformity in the end. :(

Thank you.
QMLady
 

somashekar

Staff member
Super Moderator
#4
Authorizing its use, release or acceptance under concession;
The organization shall ensure that nonconforming product is accepted by concession only if regulatory requirements are met. Records of the identity of the person(s) authorizing the concession shall be maintained (see 4.2.4).

The above is the requirement in ISO13485.
It is about control of NC products.
A deputy rule or 2 deputy rule is a method an organization adopts and it is not the standards requirement.
As long as an authorization is evident and the same is by a competent person which can be demonstrated, there is nothing more you need to do.
An auditor must expect to see this and you are expected to demonstrate it effectively.
When accepting a product by concession, the standard requires you to have the identity of the person accepting, apart from being authorized.
Was this concerned to any acceptance by concession ?
If you have mapped this authority in your responsibility and authority document as required and said in clause 5.5.1 of ISO13485, and this matches to the noted authorization, nothing more is required.
If it is a major, (I guess it is not even an NC from what you say) please ask for explanation / justification to your satisfaction.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#5
A 1-employee ISO 13485 certified company would have no deputies, obviously.
Auditors likes and dislikes are their problems. They have to be able to CLEARLY identify a requirement that is being violated BEFORE they report a finding as a nonconformity. That is auditing 101.

I still don't see a clear statement of a requirement being violated.
 
Last edited:

sagai

Quite Involved in Discussions
#6
In most cases I would badly double kick any auditor's ass raising major non conformity in ISO world.
Sorry ... :p
 
Q

QMLady

#7
A 1-employee ISO 13485 certified company would have no deputies, obviously.
Auditors likes and dislikes are their problems. They have to be able to CLEARLY identify a requirement that is being violated BEFORE they report a finding as a nonconformity. That is auditing 101.

I still don't see a clear statement of a requirement being violated.
Hi Sidney, thanks for your remark. My problem is that I cannot post the whole Non-conformity. It contains company related confidential information. I hoped that someone can maybe still help me without knowing the whole story as the whole story in my point of view is irrelevant. I think the auditors had a good point, I just did not know how to present it. Now I think I got an idea. Thanks again. Best regards, QMLady
 
Q

QMLady

#8
In most cases I would badly double kick any auditor's ass raising major non conformity in ISO world.
Sorry ... :p
Well, sometimes it is not as easy as that especially when your notified body tells you they want to withdraw the certificates because of so many problems. In the end you depend on the certificates otherwise people can look for a new job and the company can close their doors!!!
 

Ronen E

Problem Solver
Staff member
Moderator
#9
Hi Sidney, thanks for your remark. My problem is that I cannot post the whole Non-conformity. It contains company related confidential information. I hoped that someone can maybe still help me without knowing the whole story as the whole story in my point of view is irrelevant. I think the auditors had a good point, I just did not know how to present it. Now I think I got an idea. Thanks again. Best regards, QMLady
Hi,

If you got what you were after, that's great.

If you didn't yet - I think what Sidney was trying to tell you is that we don't necessarily need the whole story. We probably need no story at all. All we need is a number - the ISO 13485 section number. That would help understand what exactly it is that your auditor is claiming you were not in compliance with. If you could pin-point the exact phrase under that section, that's even better.

"Show me the Shall..."

Cheers,
Ronen.
 
Q

QMLady

#10
Hi Ronan,
Thanks for the explanation. I understood now what Sidney meant.
We have received only the audit finding list from our notified body so far. They expect our answers to all major and minor non-conformities in 30 days (due date was end of February). Now they had further questions and the new due date is next week.
When they are satisfied with our answers then they will send us the audit report.
I do not know exactly which requirement we have not met. It is all about Improvement – CAPA. My collegue used to sign the CAPA forms in 2 different roles (as management responsible and as CAPA responsible). So they request a deputy/signature rule to avoid such double signatures from one person.
I think that Somashekar BV, INDIA explained it quite well in his/her post (please see above or below in this thread).
He or She is referencing 13485, “5.5.1 Top management shall ensure that responsibilities and authorities are defined, documented and communicated within the organization.” AND “8.3 […] b) by authorizing its use, release or acceptance under concession; […] The organization shall ensure that nonconforming product is accepted by concession only if regulatory requirements are met. Records of the identity of the person(s) authorizing the concession shall be maintained (see 4.2.4). […]”
I am creating a competences and powers matrix now (we haven’t have one) to define who is responsible for what and who is signing what and what happens when one person is on vacation/sick etc.

Or do you maybe have another idea?

Cheers,
Doris
 
Thread starter Similar threads Forum Replies Date
E Non Conformity due to Outsourced Internal Audit Error ISO 14001:2015 Specific Discussions 2
S Internal Audit - Non conformity not easily fixable (Sales and Contracts) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 30
D TS 16949: 2002 section 7.6.1 - MSA non conformity at registration audit IATF 16949 - Automotive Quality Systems Standard 2
K Major Non-Conformity During Initial TS16949 Audit Nonconformance and Corrective Action 2
G Dealing with non conformity caused by Supplier Components detected in the production line IATF 16949 - Automotive Quality Systems Standard 14
S Can we provide training plan as corrective action for IATF 16949 Non conformity? IATF 16949 - Automotive Quality Systems Standard 9
qualprod Non conformity, do nothing? Employee experiencing "hard times" ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
D Root Cause on Non-Conformity Against Quality Manual Problem Solving, Root Cause Fault and Failure Analysis 9
M Auditing a Contractor in EMS and Non Conformity Report General Auditing Discussions 1
A IATF 16949 - Non-conformity on 5.1.1.2 Process effectiveness and efficiency IATF 16949 - Automotive Quality Systems Standard 5
B IATF 16949: Definition Major/Minor Non-conformity IATF 16949 - Automotive Quality Systems Standard 6
J Non-Conformity Overreach - We recently switched our EU Authorized Representative ISO 13485:2016 - Medical Device Quality Management Systems 6
R Non-Conformity Report from Notified Body - MEDDEV Guide is not Legally Binding EU Medical Device Regulations 16
B A question of Non-conformity specifics - AQAP2120 (The MOD's equivalent to ISO9001) General Auditing Discussions 1
Q Non Conformity of Support Processes - Need another NC form? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
L Non Conformity (Nonconformance) Report & Preventive Action Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23
S Some departments don't have Quality Objectives - Non Conformity? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 68
S HR Manager refusing to create Quality Objectives - Is this a Non-Conformity? Quality Manager and Management Related Issues 11
H Product Non-Conformity and Document Change Request Forms - Corrective Action needed? Nonconformance and Corrective Action 16
A Declaration of Conformity for non-CE Mark products CE Marking (Conformité Européene) / CB Scheme 2
Q How do you define repeated non conformity (aka Recurrence)? Nonconformance and Corrective Action 24
T A confusing Non-conformity - No defined QMS processes intended for 'Management' ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
A Non-EU countries who use your EC Certificate & Declaration of Conformity Other Medical Device Related Standards 3
eternal_atlas Identification of ISO 9001 Clause to a specific Non-Conformity General Auditing Discussions 7
C Show cause letter given as a result of a minor non-conformity raised by CB Quality Manager and Management Related Issues 6
L Completed Non-conformity report examples needed! ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
T Non-conformity - Not performing Supplier Development on one specific supplier IATF 16949 - Automotive Quality Systems Standard 25
A Communicating to our employees: consequences to customer of non-conformity IATF 16949 - Automotive Quality Systems Standard 3
M Record Falsification - What clause to raise a non-conformity? Records and Data - Quality, Legal and Other Evidence 20
E Accredited vs. non-accredited labs for 60601 compliance in the US IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
E Accredited vs. non-accredited labs for 60601 compliance in the US Other Medical Device Related Standards 0
C Non-sterile reusable surgical instruments - FDA sterilization requirement Other Medical Device Related Standards 2
L Water requirement for Non-sterile topical OTCs Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 0
B Procedure packs with non-medical devices EU Medical Device Regulations 1
W Non Sterile Medical Device Environmental Tests Other Medical Device Related Standards 4
S Advice on how to reduce overhead of handling non-conforming material Nonconformance and Corrective Action 7
G Team to analyze a non conformance Customer Complaints 26
J Promoting and marketing of a non approved device 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 4
G 0 non conformities in registrar audits over 4 years Management Review Meetings and related Processes 12
K CE Marking Class 1 (Non sterile) medical device CE Marking (Conformité Européene) / CB Scheme 3
M Supplier requirements - Major supplier is a Non-Profit registered with ICCBBA (FDA UDI) Supply Chain Security Management Systems 12
S Non parametric test for semi-quantitative data. Statistical Analysis Tools, Techniques and SPC 5
B Free Sales Certificate for Non Medical Devices Other Medical Device Related Standards 2
P Ppk results shown as asterisk after the transformation of Non-normal data Using Minitab Software 4
I When is necessary to have RoHS declaration on non-electrical parts? REACH and RoHS Conversations 1
Johnnymo62 Non Aerospace topics - Anything for military trucks, trailers, Humvee type vehicles? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
M Who are the go to companies for non-destructive hardness testing? General Measurement Device and Calibration Topics 3
R Non conformance (NC) or Corrective & Preventive action (CAPA) CE Marking (Conformité Européene) / CB Scheme 7
M How does IEC-60601-1 apply to a non-medical device in the patient vicinity? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
A FDA guidance on non-sterile Medical Device Packaging Medical Device and FDA Regulations and Standards News 7

Similar threads

Top Bottom