Nonconformance to a Note in ISO13485 clause 6.2 Human Resources Effectiveness

[SMBIZZQA]

I was recently given a noncompliance against ISO 13485: 2016, clause 6.2 Human resources because of the NOTE " The methodology used to check effectiveness is proportionate to the risk associated with the work for which the training or other action is being provided."
I am a contract converter with simple processes, all training has been documented but not identified as one process riskier to the end product than another process.

First of all, can I get a noncompliance for a NOTE???? I'm confused.

 

[Golfman25]

Who gave you the NC? What does it actually say?

 

[SMBIZZQA]

Given by registrar auditor.
He specifically referenced the above mentioned note.

 

[SMBIZZQA]

" Training guide was reviewed. Training records were reviewed. No evidence was found to show that training effectiveness checks are required to be proportionate to the risk associated with the work for which the training or other action is being provided."
and he references the note.

 

[Golfman25]

I'm not a ISO 13485 person, but with ISO 9001 and IATF 16949 standards you can't be held to a non-conformance based on a note. Others will chime in, but I think you have a case to contest it. Good luck.

 

[Sidney Vianna]

First of all, can I get a noncompliance for a NOTE???? I'm confused.

In principle, no. Any competent management system auditor knows that you can only report a finding as a nonconformance, if there is a requirement associated with the finding AND evidence of lack of conformity. This should be an easy appeal.

ISO 13485:2016, Section 0.2, last paragraph states: Information marked as "Note" is for guidance in understanding or clarifying the associated requirement.

 

[yodon]

This is a new item in the standard (added to the :2016 version) and it's apparently a focus of the registrar auditors. I wouldn't expect that an appeal would be all that easy. This is tightly coupled with the "risk based approach," a fundamental tenet of the standard. So while this is a note, it's how the risk-based approach is implemented for this aspect.

 

[Sidney Vianna]

Do you have a source for that claim?

 

[yodon]

Which claim? The risk-based approach is established in 4.1.2(c).

The note specifically states:

NOTE The methodology used to check effectiveness is proportionate to the risk associated with the work for which the training or other action is being provided.

That seems to indicate a clarification of the requirement.

In all 3 ISO 13485:2016 audits I've been involved in (2 different registrars), evidence of how effectiveness of the actions taken were proportionate to the risk.

To me, it makes sense. If you're being trained on an action that could result in a defect that could harm a patient, the training effectiveness should be assessed at a higher level than things that wouldn't.

 

[Sidney Vianna]

Which claim?

Your claim this is a focus of registrar auditors. Is there any source for that claim?

As for the NC, it is BOGUS, unless the auditor can substantiate his/her implication that higher risk processes have not been determined and commensurately robust competence establishment not been provided. The auditor has to identify what REQUIREMENT is not being complied with. According to the OP, they have assessed the processes.

I am a contract converter with simple processes, all training has been documented but not identified as one process riskier to the end product than another process.

So, the CB auditor now has to provide EVIDENCE that this assessment is flawed, to start with and, once again identify the REQUIREMENT being violated; not the note.

That's how conformity assessment of management system standards is supposed to work.