Non Conformity in Audit: Missing Deputy Rule

Q

QMLady

Hi there,

in our last audit we had a major non-conformity in our CAPA process and one part was "The CAPA form is signed and released by the QM-responsible in both cases (Remark by QMLady: one person in QM signed as CAPA responsible and as quality management responsible). A deputy rule for responsibilities and signatures is not available."

I already tried to answer this part of our major NC but our auditors were not happy. I referred to our job descriptions where every job has a defined deputy.

Has anybody an idea what our auditors could expect? Do they want a matrix? Has anybody an example I could look at to get an idea?

Thank you very much for your help in advance.

QMLady
 
Q

QMLady

Hi Sidney,
thanks for your quick reply.
The NC is about a CAPA they looked at during the audit. They weren´t happy the way the CAPA was conducted, for example, it was written in a speculative way and does not show clear results and statements. Not all actions are signed and so on.
And one little part of the major NC was that the CAPA form is signed and released by the QM-responsible in both cases. A deputy rule for responsibilities and signatures is not available." And here is my question as already stated in my first post.
All little non-conformities were one big major non-conformity in the end. :(

Thank you.
QMLady
 
somashekar

somashekar

Leader
Admin
Authorizing its use, release or acceptance under concession;
The organization shall ensure that nonconforming product is accepted by concession only if regulatory requirements are met. Records of the identity of the person(s) authorizing the concession shall be maintained (see 4.2.4).
The above is the requirement in ISO13485.
It is about control of NC products.
A deputy rule or 2 deputy rule is a method an organization adopts and it is not the standards requirement.
As long as an authorization is evident and the same is by a competent person which can be demonstrated, there is nothing more you need to do.
An auditor must expect to see this and you are expected to demonstrate it effectively.
When accepting a product by concession, the standard requires you to have the identity of the person accepting, apart from being authorized.
Was this concerned to any acceptance by concession ?
If you have mapped this authority in your responsibility and authority document as required and said in clause 5.5.1 of ISO13485, and this matches to the noted authorization, nothing more is required.
If it is a major, (I guess it is not even an NC from what you say) please ask for explanation / justification to your satisfaction.
 
Sidney Vianna

Sidney Vianna

Post Responsibly
Leader
Admin
A 1-employee ISO 13485 certified company would have no deputies, obviously.
Auditors likes and dislikes are their problems. They have to be able to CLEARLY identify a requirement that is being violated BEFORE they report a finding as a nonconformity. That is auditing 101.

I still don't see a clear statement of a requirement being violated.
 
Last edited:
sagai

sagai

Quite Involved in Discussions
In most cases I would badly double kick any auditor's ass raising major non conformity in ISO world.
Sorry ... :p
 
Q

QMLady

Sidney Vianna said:
A 1-employee ISO 13485 certified company would have no deputies, obviously.
Auditors likes and dislikes are their problems. They have to be able to CLEARLY identify a requirement that is being violated BEFORE they report a finding as a nonconformity. That is auditing 101.

I still don't see a clear statement of a requirement being violated.
Click to expand...

Hi Sidney, thanks for your remark. My problem is that I cannot post the whole Non-conformity. It contains company related confidential information. I hoped that someone can maybe still help me without knowing the whole story as the whole story in my point of view is irrelevant. I think the auditors had a good point, I just did not know how to present it. Now I think I got an idea. Thanks again. Best regards, QMLady
 
Q

QMLady

sagai said:
In most cases I would badly double kick any auditor's ass raising major non conformity in ISO world.
Sorry ... :p
Click to expand...

Well, sometimes it is not as easy as that especially when your notified body tells you they want to withdraw the certificates because of so many problems. In the end you depend on the certificates otherwise people can look for a new job and the company can close their doors!!!
 
Ronen E

Ronen E

Problem Solver
Moderator
QMLady said:
Hi Sidney, thanks for your remark. My problem is that I cannot post the whole Non-conformity. It contains company related confidential information. I hoped that someone can maybe still help me without knowing the whole story as the whole story in my point of view is irrelevant. I think the auditors had a good point, I just did not know how to present it. Now I think I got an idea. Thanks again. Best regards, QMLady
Click to expand...

Hi,

If you got what you were after, that's great.

If you didn't yet - I think what Sidney was trying to tell you is that we don't necessarily need the whole story. We probably need no story at all. All we need is a number - the ISO 13485 section number. That would help understand what exactly it is that your auditor is claiming you were not in compliance with. If you could pin-point the exact phrase under that section, that's even better.

"Show me the Shall..."

Cheers,
Ronen.
 
Q

QMLady

Hi Ronan,
Thanks for the explanation. I understood now what Sidney meant.
We have received only the audit finding list from our notified body so far. They expect our answers to all major and minor non-conformities in 30 days (due date was end of February). Now they had further questions and the new due date is next week.
When they are satisfied with our answers then they will send us the audit report.
I do not know exactly which requirement we have not met. It is all about Improvement – CAPA. My collegue used to sign the CAPA forms in 2 different roles (as management responsible and as CAPA responsible). So they request a deputy/signature rule to avoid such double signatures from one person.
I think that Somashekar BV, INDIA explained it quite well in his/her post (please see above or below in this thread).
He or She is referencing 13485, “5.5.1 Top management shall ensure that responsibilities and authorities are defined, documented and communicated within the organization.” AND “8.3 […] b) by authorizing its use, release or acceptance under concession; […] The organization shall ensure that nonconforming product is accepted by concession only if regulatory requirements are met. Records of the identity of the person(s) authorizing the concession shall be maintained (see 4.2.4). […]”
I am creating a competences and powers matrix now (we haven’t have one) to define who is responsible for what and who is signing what and what happens when one person is on vacation/sick etc.

Or do you maybe have another idea?

Cheers,
Doris
 
You must log in or register to reply here.

Similar threads

Renea Koski QAM
Inspecting your own work--ISO unspoken no-no!?!?
2
Replies
12
Views
597
Sidney Vianna
Sidney Vianna
J
ISO 13485 - Control of Records (4.2.5) question
2
Replies
10
Views
545
Tidge
T
B
8.5.1.1. Control plan IATF non-conformity
Replies
9
Views
720
qusys
Q
D
QMS Overload
2 3
Replies
28
Views
1K
outdoorsNW
O
N.galt
Auditing strategy
2 3 4
Replies
39
Views
2K
ChrisM
ChrisM
Top Bottom