NQA-1-1989 - Nonconformances - Supplier Audit for a Nuclear Waste Application

SteelMaiden

Super Moderator
Super Moderator
#1
Need some help, folks. We were recently audited to the NQA-1-1989 standard as a supplier audit for a nuclear waste application. As we are not NQA-1 certified (registered or whatever) I do not have a copy of the standard so I asked the customer to make sure to quote the exact phrasology of the standard in their audit report so we could make sure our response to their corrective action requests would meet the standard. Needless to say, what I received in somewhat vague. Can anybody give me a better feel for what the standard says (show me the shall, to quote one of our illustrious members?) for the following?

1. Nonconformance: "XXXXX" software is not validated...there are no records of validation for the "XXXX" software used with the tensile testers.

Their quote from the standard says " NQA-1 Section 12 Determine the program has control measures for tools, gages, instruments, and other measuring and test equipment to be calibrated at specific intervals and adjusted to maintain accuracy within specified limits"

I read program as being our quality system not software program. Can you offer me any insights? My thoughts at the time of the audit as stated to the auditor were: The software was able to read the electrical current used in the calibration of the load cells and convert it into digital readout that could be comprehended by human beings and within the allowable variance of the appropriate ASTM requirements and traceable to NIST.

2. Nonconformance: "Suppliers are evaluated by the use of a mail-in questionnaire and/or ISO 9001:2000 certifications"

Their reference "NQA-1 Section 7 Control of purchased items and services The procurement of items and services shall be controlled to assure conformance with specified requirements. Such chontrol shall provide for the following as appropriate: Source evaluation and selection, evaluation of objective evidence of quality furnished by the supplier, source inspection, audit, and examination of items or services upon delivery or completion."

They are telling me that because we do not perform actual audits to our calibration suppliers we are not in compliance with NQA-1. But, we select our suppliers using their registration/certification to ISO 9001:2000, NAVLAB, A2LA, 17025 or whatever other lab certification they hold. We can show that not a single customer complaint has been validated where the root cause of the problem was found to have been the failure to physically go to a supplier and audit them. They say that ISO and all the other certifications do not mean anything to the government, we as their supplier must be held responsible for ensuring for ourselves that our suppliers quality systems. :frust:

3. Nonconformance: Purchase orders do not reference quality program requirements or alternatively the supplier's quality manual or program.

Their reference: NQA-1-1989 Section 4 Procurement document control "Applicable design bases and other requirements necessary to assure adequate quality shall be included or referenced in documents for procurement of items and service. To the extent necessary, procuremnt documents shall require suppliers to have a quality assurance program consisten with the applicable requriements of NQA-1"

Once again, we have already approved our supplier based on their quality systems (and our other criteria) and know that they have a quality system (ISO) and lab accreditation (see number 2). We refer to the applicable ASTM specifications that work is to be performed to and NIST traceability requirements, and can show the auditor a copy of, or the Registrar and Certificate number to look up our calibration supplier's certs. I am confused, cuz this seems like redundant work, and just because I don't put it on my PO, doesn't mean that the supplier is going to perform their work outside of THEIR quality system. They even list their certs on the calibration certs we receive. I see this as "to the extent necessary" and since we already know their status....


If anyone can shed some light, or pound this through my thick skull, please jump in here. I just don't really understand where their reference to the standard really backs up their claim that we are in nonconformance? I am sure that I am missing something, and certainly we will change our documentation as needed to meet the customer's requirements if needed.

Thanks in advance, I know my friends at the Cove will set me on the right path.
 
Elsmar Forum Sponsor

howste

Thaumaturge
Super Moderator
#2
The question that I have is why were they using NQA-1 1989? There have been four revisions of the standard since that time - 1994, 1997, 2000, and 2004. I have a copy of the 2004 standard, but I have no way to get the obsolete version from 1989.

Although the document is copyrighted, it's probably OK to copy small parts of the 230-page current standard (as fair use) that might apply. I hope this helps...
REQUIREMENT 12
Control of Measuring and Test Equipment

***snip***
300 CALIBRATION AND CONTROL
301 Calibration

Measuring and test equipment shall be calibrated, at prescribed times or intervals and whenever the accuracy of the measuring and test equipment is suspect. Calibration shall be against and traceable to certified equipment or reference standards having known valid relationships to nationally recognized standards, or to international standards known to be equivalent to corresponding nationally recognized standards. Where no such standards exist, the basis for calibration shall be defined.
302 Reference Standards
Reference standards shall have a minimum accuracy four times greater than that of the measuring and test equipment being calibrated to ensure that the reference standards contribute no more than one-fourth of the allowable calibration tolerance. Where this 4:1 ratio cannot be maintained, the basis for selection of the standard in question shall be technically justified.
303 Control
Calibration procedures shall identify or reference required accuracy and shall define methods and frequency of checking accuracy. The calibration method
and interval of calibration shall be based on the type of equipment, stability characteristics, required accuracy, intended use, and other conditions affecting performance. Measuring and test equipment, which is overdue for calibration or found to be out-of-calibration, shall be tagged and/or segregated, or removed from service, and not used until it has been recalibrated. Measuring or test equipment consistently found to be out-of-calibration shall be repaired or replaced.
***snip***
REQUIREMENT 7
Control of Purchased Items and Services

***snip***
200 SUPPLIER EVALUATION AND SELECTION
Prior to award of a contract, the Purchaser shall evaluate the Supplier’s capability to provide items or services in accordance with the requirements of the procurement documents. Supplier evaluation and selection and the results therefrom shall be documented and shall include one or more of the following:
(a) Supplier’s history of providing an identical or similar product that performs satisfactorily in actual use. The Supplier’s history shall reflect current capability.
(b) Supplier’s current quality records supported by documented qualitative and quantitative information that can be objectively evaluated.
(c) Supplier’s technical and quality capability as determined by a direct evaluation of the facilities, personnel, and the implementation of the Supplier’s quality assurance program.
***snip***
REQUIREMENT 4
Procurement Document Control

***snip***
200 CONTENT OF THE PROCUREMENT DOCUMENTS
***snip***
203 Quality Assurance Program Requirements
Quality assurance program requirements shall be specified in the procurement documents. These requirements shall be consistent with importance and/or complexity of the item or service being procured. The procurement documents shall require the Supplier to incorporate appropriate quality assurance program requirements in subtier procurement documents.
***snip***
 

SteelMaiden

Super Moderator
Super Moderator
#3
Hey! thanks Howste! I specifically asked our customer to quote the exact requirment in their audit report, as we are not an NQA-1 certified company. As you can see, what I got was some generalities that didn't help me much in assessing how to correct their "findings". They hired a third party contracted auditor to perform this audit. He looked only at our lab, not our entire system and spent two hours here. The funny thing is, three days earlier, their competitor was here to audit us for the very same end product that we are supplying material for both. Company B's auditor spent two days here, looked at our entire system. There were no nonconformances at all (I know, snapshot in time and all that).

The 2 hour audit with the findings was a disaster from the start. The auditor came in, managed to berate two of our clerical staff in the first five minutes, and alienated every auditee he interviewed. I really wanted to stop the audit (I would have if it would have been someone we were paying and not a customer) this man was rude. He pulled out some papers that contain nonconformances found in other companies, and sets to work digging until he can find an incident that falls into one of his list of nonconformances. Guess it makes it easy for him, he doesn't even have to write anything up, just cut and paste from some other company's audit. He even sent me an audit report for another company he had audited "so I could get a feel for what he was looking for." I found that really disturbing that he would be sending audit reports of one company to another.
 

Jim Wynne

Staff member
Admin
#4
SteelMaiden said:
The funny thing is, three days earlier, their competitor was here to audit us for the very same end product that we are supplying material for both. Company B's auditor spent two days here, looked at our entire system. There were no nonconformances at all (I know, snapshot in time and all that).
When I was doing my first ISO 9000 implementation in the late eighties the company I worked for was concurrently courting some government business which required a preliminary audit by the potential "purchasing activity," as the government likes to call "customers." The ISO effort had previously foundered under the tutelage of a person who was, to put it mildly, in over his head, and I had been hired to clear away the wreckage and build a system.

I met with the expected stubborn recalcitrance on the part of a few key people, and I thought that the government audit would provide substantial evidence that things needed to change. I had a plan: I was going to show the auditors what had been completed up to that point, and let them know in the opening meeting that the system was a work in progress. I had laid out a plan for everything that hadn't been implemented yet, and my expectation was that there would be audit findings that would reinforce the need to follow through, and for everyone to cooperate.

Boy, was I wrong. The audit went smoothly enough and there were no surprises. The auditors asked the expected questions and verbally noted the obvious deficiencies. But about three days after the auditors went home I was called into the CEO's office and congratulated(!?)--there were no findings, no suggestions for improvement, no followups--nothing. What I thought would be a persuasive weapon in my pursuit of change turned out to be a crude, homemade pipe bomb that blew up in my face. Now the naysayers had the advantage--if the government said everything was OK (and the products were life-protecting instruments used in nuclear production), who was I to say what we were doing wasn't good enough?

It was apparent that the government "purchasing activity" had made a predetermined decision to buy our product, the audit was playacting and its results were a foregone conclusion. They were from the government, but they sure weren't there to help me.
 
Last edited:
G

Gerry Quinn

#5
I do have a copy of the 1989 verson of NQA-1. The requirements quoted by the auditor are taken directly from the Basic Requirements section and are accurate and complete.

In addition to the Basic Requirements there are a series of Supplements that go in to greater detail for each of the basic requirements.

With respect to Software verification; basic requirement 11 and supplement 11s-2 require that software used in testing be verified along with some other things. It is possible that he referenced the wrong requirement.

Supplier Selection is governed by Supplement 7s-1, 3.1 It says in part "...Measures for evaluation and selection of procurement sources, and the results therefrom, shall be documented and shall inculude one or more of (a) through (c) below:
(a) Evaluation of the suppliers's history of providing an identical or similar product which performs satisfactorily in actual use. The suppliers history shall reflect currrent capability.
(b) Supplier's current quality records supported by documented qualitative and quantitative informantion which can be objectively evaluated;
(c) Supplier's technical and quality capability and personnel and the implementation of his quaity assurance program."

If my memory serves me right, there is an NRC Reg Guide that specifically prohibits the acceptance of certificates as evidence of the implementation of a suppliers quality management system. Prior to the issuance of this Reg Guide we used to accept N type certificates of authorization issued by the ASME and just add a supplier to our AVL. 'Not so', says the NRC. Check for Reg guides around 1979 to 1985.


Supplement 4s-1, 2.3 Says in part, "...Procurement documents shall require that the supplier have a documented quality assurance program that implements protions or all of the requirement os theis standard." This means that your purchase documents must state something like this: The supplier shall perform on this contract in accordance with his approved quality system ABC Revision 23 that was approved by us on mm/dd/yyyy. When you approve the suppliers manual you ensured that it met the requirements of NQA-1.

If you haven't worked in the Nuclear field you can't appreciate the level of detail that went into the specifications. Do not assume anything. Always write everything down. With respect to your comment "...just because I don't put it on my PO..." In the nuclear world, if you don't put it on your PO then it isn't going to happen. If they don't document that they used a particular revision of a procedure, then they didn't do it. Document, Document, Document and Document again.
 

SteelMaiden

Super Moderator
Super Moderator
#6
Gerry, thanks for the info! I appreciate the effort. Yes, I agree that working with 1) govt. 2) nuclear, creates a lot of regulatory governmentspeak.

Gerry Quinn said:
I do have a copy of the 1989 verson of NQA-1. The requirements quoted by the auditor are taken directly from the Basic Requirements section and are accurate and complete.

In addition to the Basic Requirements there are a series of Supplements that go in to greater detail for each of the basic requirements.

With respect to Software verification; basic requirement 11 and supplement 11s-2 require that software used in testing be verified along with some other things. It is possible that he referenced the wrong requirement.
So, we do evaluate our software and have proof that we evaluated it, (thanks to sarbonne-oxley or however you spell it) and that should be sufficient even though the auditor wouldn't take the time to go to IT to see it?

Supplier Selection is governed by Supplement 7s-1, 3.1 It says in part "...Measures for evaluation and selection of procurement sources, and the results therefrom, shall be documented and shall inculude one or more of (a) through (c) below:
(a) Evaluation of the suppliers's history of providing an identical or similar product which performs satisfactorily in actual use. The suppliers history shall reflect currrent capability.
(b) Supplier's current quality records supported by documented qualitative and quantitative informantion which can be objectively evaluated;
(c) Supplier's technical and quality capability and personnel and the implementation of his quaity assurance program."

If my memory serves me right, there is an NRC Reg Guide that specifically prohibits the acceptance of certificates as evidence of the implementation of a suppliers quality management system. Prior to the issuance of this Reg Guide we used to accept N type certificates of authorization issued by the ASME and just add a supplier to our AVL. 'Not so', says the NRC. Check for Reg guides around 1979 to 1985.
OK, we evaluate our suppliers based on historical capabilities, and this also should suffice? We do have a CAR system for vendors, and multiple CARs would lead to a supplier visit (if we decided we wanted to keep the supplier).

Supplement 4s-1, 2.3 Says in part, "...Procurement documents shall require that the supplier have a documented quality assurance program that implements protions or all of the requirement os theis standard." This means that your purchase documents must state something like this: The supplier shall perform on this contract in accordance with his approved quality system ABC Revision 23 that was approved by us on mm/dd/yyyy. When you approve the suppliers manual you ensured that it met the requirements of NQA-1.

If you haven't worked in the Nuclear field you can't appreciate the level of detail that went into the specifications. Do not assume anything. Always write everything down. With respect to your comment "...just because I don't put it on my PO..." In the nuclear world, if you don't put it on your PO then it isn't going to happen. If they don't document that they used a particular revision of a procedure, then they didn't do it. Document, Document, Document and Document again.
The addition of a statement saying you must be ISO XXXX or NAVLAP, A2LA, 17XXXX is very easy. Each of our services/procurement items is in a database, and we have a field that contains statements to print out on PO's (calibration always gives the appropriate ASTM spec and must be traceable to NIST, etc.) pretty much a no brainer, just think it is kind of redundant after we already did the research, but like I said, we can do it easily enough due to the way we "group" our product/service item numbers.

The funny thing is that this customer accepted delivery of the product before they sent anyone in. What if they would have hated us after the audit? LOL

Anyway, I really don't mind doing what needs to be done, I just hated the fact that I specifically asked for the standard requirement references to be spelled out so we could check to make sure we covered everything, and not get a response back saying, oh, you also need XYZ. I guess if the auditor they sent in would have been a little pleasant, a little tactful, and a little professional it would have made the whole process a lot easier. If you look in the ISO definitions under Bad Auditor, I am sure you will find this guy's picture and resume`. Nothing like issuing a nonconformance when your auditee has told you there were records showing the results you want to see but refusing to look at them.
 
H

Hemi999

#7
Shelly: Call me if you still need more input.

Moderator note: Jim can be contacted through information in his User Profile: Hemi999.
 
Last edited by a moderator:
Thread starter Similar threads Forum Replies Date
C Budgetary cost to obtain ASME NQA-1 Quality Program Certification Quality Management System (QMS) Manuals 0
D NQA-1 Standard Applied to Services rather than Items for Nuclear Power Various Other Specifications, Standards, and related Requirements 3
C Detailed NQA-1 Audit Checklist Other ISO and International Standards and European Regulations 1
C Commercial Grade Supplier Surveys - Not qualifed 10CFR50 Appendix B or NQA-1 Other ISO and International Standards and European Regulations 2
P NQA-1 Requirement 17 Quality Records - Facility Types and Temporary Storage Various Other Specifications, Standards, and related Requirements 5
R Storage Procedure per NQA 1 Storage and Handling Requirements Document Control Systems, Procedures, Forms and Templates 6
S Document Process Flow though the company - NQA-1 Supplier Document Control Systems, Procedures, Forms and Templates 1
R Customer requesting NQA-1 supplement, ZS-1 w/appendix, ZA-1 compliance Various Other Specifications, Standards, and related Requirements 4
N NQA-1 List of Approved Manufacturers Various Other Specifications, Standards, and related Requirements 11
R NQA-1 Quality Manual vs. Standard - How much should they differ Quality Management System (QMS) Manuals 7
R Looking for NQA-1-2008 Audit Checklist Various Other Specifications, Standards, and related Requirements 11
M ASME-NQA-1-2008 - Quality Assurance Requirements for Nuclear Facility Applications Other ISO and International Standards and European Regulations 8
T 10 CFR 50 App B, NQA-1, NCA-3800 - Separate Manuals? Various Other Specifications, Standards, and related Requirements 4
T ASME NQA-1-1994 Standard Supplement 17S-1: Dual Storage Various Other Specifications, Standards, and related Requirements 5
M ASME NQA-1 and Interface Control Various Other Specifications, Standards, and related Requirements 34
M ASME NQA-1-1994 Standards - Struggling with the supplement references Various Other Specifications, Standards, and related Requirements 16
F Definition Malcom Baldrige NQA Vs European's EFQM Model Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 4
O Environmental conditions per ASME NQA-1 2000 QA records? Records and Data - Quality, Legal and Other Evidence 4
A Rights of Access per ASME/NQA-1 2000 Misc. Quality Assurance and Business Systems Related Topics 17
A ISO 9001 vs. NQA-1 (Nuclear Quality Assurance) - Similarities between the two? Misc. Quality Assurance and Business Systems Related Topics 26
T NQA Laboratory Services General Auditing Discussions 1
B How many nonconformances have you received on average during IATF audits? General Auditing Discussions 24
Tagin Evaluating nonconformances for escalation using Bayesian methods? Statistical Analysis Tools, Techniques and SPC 2
G Differences - Nonconformances vs CAPA, Corrections vs Corrective Actions ISO 13485:2016 - Medical Device Quality Management Systems 16
R Extension of product nonconformances - Construction project Nonconformance and Corrective Action 7
I Audit Nonconformances - Can reported corrective actions be incomplete? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
J EU ISO 13485:2016 Recertification Audit - Effect of 10 Minor Nonconformances EU Medical Device Regulations 2
W Closing of Stage 2 Audit Nonconformances AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
M User Errors and Product Nonconformances Nonconformance and Corrective Action 22
K Notified Body - Minor Nonconformances - They have withheld all certificates General Auditing Discussions 3
Q Several Nonconformances with same Root Cause with just one CA ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
V 21 CFR 820 Compliant way to use Kaizen to address Nonconformances Nonconformance and Corrective Action 9
N Nonconformances in the Construction Industry Nonconformance and Corrective Action 6
T Perishable Tooling Supplier - Nonconformances and Metrics AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
H NADCAP Audit Nonconformances - Vacuum Furnace Load Sensors AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
L Internal Audit Nonconformances - Your opinion? Internal Auditing 8
M Supplier Nonconformances - Key Points to ask a Metal Stamping Supplier Supplier Quality Assurance and other Supplier Issues 7
L Insurance to cover for nonconformances ? Misc. Quality Assurance and Business Systems Related Topics 2
T Defining Nonconformances in a Service Organization ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
C ISO 9001 Nonconformances an how to handle them ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
N Second Registrar Visit to Confirm Major Nonconformances Fixed ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
L Definitions for Minor & Major Nonconformances ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
F Response to ISO 13485 Audit Minor Nonconformances ISO 13485:2016 - Medical Device Quality Management Systems 6
M Seven Document Review Nonconformances Document Control Systems, Procedures, Forms and Templates 9
J KPI for time to close NCs (Nonconformances) Quality Manager and Management Related Issues 17
R Internal Audit Cancellation when Nonconformances are Found Quality Manager and Management Related Issues 13
J Question about GM special requirement - Open Major Nonconformances IATF 16949 - Automotive Quality Systems Standard 2
K CAPA Training for Process Nonconformances Nonconformance and Corrective Action 2
A Nonconformances and Rework in a Machine Shop Nonconformance and Corrective Action 6
Fender1 Nonconformances that do not require Corrective Action Nonconformance and Corrective Action 21

Similar threads

Top Bottom