Pushback on a Nonconformance Found in a Supplier Audit

Golfman25

Trusted Information Resource
#11
Just to add in my $0.02, I would also write it as a single NC, however I would give serious consideration to making it a major - failure to follow 4 of their own procedures (particularly if they are related) could point to a systematic breakdown of their QMS.

Again, I would suggest working with your supplier - the goal of supplier auditing is to DEVELOP them, not to punish them. How can you make this audit finding a 'good' thing for them?
Really? A major in a supplier audit?

Without knowing what was not followed and what impact is has on the operation, it's all just an exercise. In reality, if following the procedure was important, you should see issues in the output of that procedure. If there are no issues, then who cares? This could only be an inartfully written procedure rather than any real issue.
 
Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Staff member
Admin
#12
In reality, if following the procedure was important, you should see issues in the output of that procedure. If there are no issues, then who cares?
So, you are basically saying: as long as we do not detect a quality problem, who cares if the supplier have a system?

Obviously, the lack of a problem detection is no guarantee that one doesn't exist.

What if this supplier audit was to qualify the supplier and they have no work history with them? Audit nonconformities for 2nd party purposes not always have to be graded, but considering the fact that this organization was assessed against ISO 13485 leads me to believe they are in the medical device supply chain. Just that fact alone leads me to believe that what they do is critical and might have life-threatening implications. A supplier of critical components in the medical device context that does not follow their own established procedures processes is worrisome. Highly worrisome.
 

Golfman25

Trusted Information Resource
#13
So, you are basically saying: as long as we do not detect a quality problem, who cares if the supplier have a system?

Obviously, the lack of a problem detection is no guarantee that one doesn't exist.

What if this supplier audit was to qualify the supplier and they have no work history with them? Audit nonconformities for 2nd party purposes not always have to be graded, but considering the fact that this organization was assessed against ISO 13485 leads me to believe they are in the medical device supply chain. Just that fact alone leads me to believe that what they do is critical and might have life-threatening implications. A supplier of critical components in the medical device context that does not follow their own established procedures processes is worrisome. Highly worrisome.
We are way over procedured these days. Again it would depend upon what procedures we are talking about. But let me give an example. We have a procedure that says for tracking purposes machines need to be identified with the job, part, etc. But we run some jobs at 50,000 pcs. for several days and some at 50 pcs. for a few minutes. So they setup the 50 pc. job, it's approved, run it, ID the finished parts and then 1 min later someone comes out with the tags to ID the machines -- but the job is done. Technically, we didn't follow procedure. I suppose we could wordsmith our procedure to not apply to 50 pcs. jobs, but in the grand scheme of things it's no harm, no foul.

Or maybe the order entry isn't "faxing" order acknowledgements (that's so 90s) per procedure and is instead it emailing them. Again, probably not a big deal - need an update, that's all.

So yes, I want to know the risk of not following the procedure and if that has come up as an issue before. If they are supposed to use 1 lb. of chemical A, but they use 1/2 lb. instead and now their product is not effective, that's a bigger issue to me.
 

Ron Rompen

Trusted Information Resource
#14
Really? A major in a supplier audit?

Without knowing what was not followed and what impact is has on the operation, it's all just an exercise. In reality, if following the procedure was important, you should see issues in the output of that procedure. If there are no issues, then who cares? This could only be an inartfully written procedure rather than any real issue.
POSSIBLY a major - I do agree that it would depend on what was not followed, what impact it had, whether the 4 procedures were inter-related, etc. However I would at least consider it.
 

Big Jim

Super Moderator
#15
What's the purpose of calling it a major?

CBs require a determination as to if a nonconformance is a major or minor so that the audit receives more scrutiny when it is reviewed.

It is becoming more common on internal audits to just call them nonconformances, without grading them. This is a choice that the organization gets to make for themselves.

As for a supplier audit, that determination would be up to the customer performing the audit. Again, what purpose would be served? If they want to provide some emphasis that that's a great idea, or not. It is their choice.

The example given here, if grading the nonconformance were to be done, would qualify as a major based on the doctrine of the trivial many on the same topic indicating a substantial system breakdown.

If I were auditing a supplier that had that sever of a breakdown, I think I would classify it as a major to get their attention. Every situation is different.
 

GStough

Staff member
Super Moderator
#16
Wow, thanks, everyone for responding. Great information here. To give a little more detail and hopefully answer some of your questions while still protecting my company's and the supplier's info, I can say that our supplier audit procedure does not classify nonconformances into major or minor. A finding is one of three things: positive comment, nonconformance, or a concern. Some may interpret this as positive, major, minor. We only require a response to the nonconformances, while we may follow-up on concerns in a future audit.

This supplier had recently undergone a restructuring/regrouping at a "corporate" level, so there was some shifting of personnel/positions. In the process, some job titles were changed and/or eliminated/expanded, and as happens sometimes, procedures weren't updated accordingly. And also as sometimes happens with the shifting of staff, procedures weren't followed in all cases. Add to that the fact this supplier provides a service and does not manufacture a product for us, which is in itself a bit different.

Oh, and add to all of this the fact that the account manager/general manager is extremely customer satisfaction driven, and not so much one to follow procedures and document everything (although, he is very responsive and quick to make things happen, he didn't document those actions, as he should have), so that all communication was via phone and/or email. It was difficult for them to provide objective evidence (records, etc.) that procedures were followed, although we knew that the issues we had previously had been resolved because we monitor incoming shipments from our suppliers. There simply wasn't enough evidence to connect the dots.

So, I'm rewriting the audit report in a way that is specific and more detailed than the original version. Hopefully, the revised report will be acceptable.

Again, thank you to all who took time to respond. This is why the Cove is my favorite go-to source for help! :cool::agree1:
 

BradM

Staff member
Admin
#17
My response is one from the Simpleton Camp, so it may not be worth the bits/bytes represented by it. :tg:

Let's suppose I am receiving this audit report. Now... let's get past the point that no one likes having audit findings. It's kind of like getting speeding tickets. But within audit findings there are ridiculous, silly freaking things that really don't matter much (or is subjective), and then there are those things that really need fixing. Knowing you... these are things that need to be addressed.

So did they have four different processes/activities that were lacking, or one with four examples? If the FDA audited their facility, would they write up four or just one?

If this was all related to... say... lack of documented training in four different areas/procedures, then 1 would suffice. If there were four procedures that lacked adequate revision, then 1. But if this was four different areas and processes that failed, I would say four findings.

It's certainly managements decision to reduce headcount. It's also their responsibility to address that impact to their processes.
 

Ron Rompen

Trusted Information Resource
#18
With the added information that you provided I would definitely consider this a minor. I know from bitter experience how easy it is to over look changing job titles when there is a revamping in the structure.

Wow, thanks, everyone for responding. Great information here. To give a little more detail and hopefully answer some of your questions while still protecting my company's and the supplier's info, I can say that our supplier audit procedure does not classify nonconformances into major or minor. A finding is one of three things: positive comment, nonconformance, or a concern. Some may interpret this as positive, major, minor. We only require a response to the nonconformances, while we may follow-up on concerns in a future audit.

This supplier had recently undergone a restructuring/regrouping at a "corporate" level, so there was some shifting of personnel/positions. In the process, some job titles were changed and/or eliminated/expanded, and as happens sometimes, procedures weren't updated accordingly. And also as sometimes happens with the shifting of staff, procedures weren't followed in all cases. Add to that the fact this supplier provides a service and does not manufacture a product for us, which is in itself a bit different.

Oh, and add to all of this the fact that the account manager/general manager is extremely customer satisfaction driven, and not so much one to follow procedures and document everything (although, he is very responsive and quick to make things happen, he didn't document those actions, as he should have), so that all communication was via phone and/or email. It was difficult for them to provide objective evidence (records, etc.) that procedures were followed, although we knew that the issues we had previously had been resolved because we monitor incoming shipments from our suppliers. There simply wasn't enough evidence to connect the dots.

So, I'm rewriting the audit report in a way that is specific and more detailed than the original version. Hopefully, the revised report will be acceptable.

Again, thank you to all who took time to respond. This is why the Cove is my favorite go-to source for help! :cool::agree1:
 

Golfman25

Trusted Information Resource
#19
Wow, thanks, everyone for responding. Great information here. To give a little more detail and hopefully answer some of your questions while still protecting my company's and the supplier's info, I can say that our supplier audit procedure does not classify nonconformances into major or minor. A finding is one of three things: positive comment, nonconformance, or a concern. Some may interpret this as positive, major, minor. We only require a response to the nonconformances, while we may follow-up on concerns in a future audit.

This supplier had recently undergone a restructuring/regrouping at a "corporate" level, so there was some shifting of personnel/positions. In the process, some job titles were changed and/or eliminated/expanded, and as happens sometimes, procedures weren't updated accordingly. And also as sometimes happens with the shifting of staff, procedures weren't followed in all cases. Add to that the fact this supplier provides a service and does not manufacture a product for us, which is in itself a bit different.

Oh, and add to all of this the fact that the account manager/general manager is extremely customer satisfaction driven, and not so much one to follow procedures and document everything (although, he is very responsive and quick to make things happen, he didn't document those actions, as he should have), so that all communication was via phone and/or email. It was difficult for them to provide objective evidence (records, etc.) that procedures were followed, although we knew that the issues we had previously had been resolved because we monitor incoming shipments from our suppliers. There simply wasn't enough evidence to connect the dots.

So, I'm rewriting the audit report in a way that is specific and more detailed than the original version. Hopefully, the revised report will be acceptable.

Again, thank you to all who took time to respond. This is why the Cove is my favorite go-to source for help! :cool::agree1:
Wonder how helpful he'll be now that he's been "nailed."
 

GStough

Staff member
Super Moderator
#20
My response is one from the Simpleton Camp, so it may not be worth the bits/bytes represented by it. :tg:

Let's suppose I am receiving this audit report. Now... let's get past the point that no one likes having audit findings. It's kind of like getting speeding tickets. But within audit findings there are ridiculous, silly freaking things that really don't matter much (or is subjective), and then there are those things that really need fixing. Knowing you... these are things that need to be addressed.

So did they have four different processes/activities that were lacking, or one with four examples? If the FDA audited their facility, would they write up four or just one?

If this was all related to... say... lack of documented training in four different areas/procedures, then 1 would suffice. If there were four procedures that lacked adequate revision, then 1. But if this was four different areas and processes that failed, I would say four findings.

It's certainly managements decision to reduce headcount. It's also their responsibility to address that impact to their processes.
Hi Brad, and thank you....:bigwave:

They are registered with the FDA, so if they have not yet been visited by that agency, I would expect it will be in their future at some point. And yes, I would imagine that the FDA would indeed issue a few 483s for the things we found (as well as a few others that were not within the scope of our audit, but came out in discussions during), as they are key processes.

However, keeping in mind that this organization does not manufacture anything for us, they use materials provided by us to perform a service for us, I get that the risk is not as high. But if they use our findings to improve their processes for their other customers for whom they do manufacture products, then it will be a good thing for them to do. And, throughout the audit as we were discussing the things we were finding, they kept saying that they were glad that these things were found in a customer audit and not in an ISO audit or an FDA inspection.

:)
 
Thread starter Similar threads Forum Replies Date
N Nadcap AC7101/2 Rev. E Section 3.2 - Nonconformance AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M ISO 9001 Major Nonconformance Internal Audit Schedule/COVID-19 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 18
T Internal Nonconformance procedure thoughts (AS9100) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
C NCR (Nonconformance System) Software Nonconformance and Corrective Action 7
L How to deal with an ISO 13485 Supplier Audit nonconformance ISO 13485:2016 - Medical Device Quality Management Systems 17
E When to generate a nonconformance report ISO 13485:2016 - Medical Device Quality Management Systems 6
K Counterfeit parts prevention - Audit Nonconformance - AS9100 8.2.2 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 25
qualprod When to write up a nonconformance and require a NCR - We produce labels ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
PhilM Nonconformance report, Customer complaint investigations and RMAs ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
M Medical Device Directive - Seeking common nonconformance write up scenarios CE Marking (Conformité Européene) / CB Scheme 2
CPhelan Nonconformance opened as incorrect expiration date placed on received product. Escalate to CAPA? Nonconformance and Corrective Action 4
qualprod Ineffective follow up of people performance - Audit Nonconformance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
Q AS9120 7.5.3.2 Control of Documented Information - Audit Nonconformance AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 20
qualprod Criteria to raise a Nonconformance based on KPI values ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 39
L AS9100 D- Handling Nonconformance Documentation for an organization that outsources most of the work. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
G Timing allowed by IATF to close a Remote Site Minor Nonconformance IATF 16949 - Automotive Quality Systems Standard 2
R Visually impacting graphics for Nonconformance status metrics for Management Report Nonconformance and Corrective Action 5
J ISO 13485 Audit Nonconformance written against 6.3 Infrastructure ISO 13485:2016 - Medical Device Quality Management Systems 25
PastorBee13 IATF 16949 Audit Nonconformance Responses per 5.1.1.2 - Format IATF 16949 - Automotive Quality Systems Standard 11
A What ISO 9001:2015 clause could be used to write nonconformance for not updating licensed driver list? General Auditing Discussions 8
S Nonconformance to a Note in ISO13485 clause 6.2 Human Resources Effectiveness ISO 13485:2016 - Medical Device Quality Management Systems 13
A API Spec Q1 9th Edition - 12 month Internal Audit Schedule Audit Nonconformance Oil and Gas Industry Standards and Regulations 10
A Where are the rules for when a repeat minor nonconformance becomes a major? IATF 16949 - Automotive Quality Systems Standard 36
R ISO 9001:2015 9.3 - Required inputs to the management review - Audit Nonconformance Manufacturing and Related Processes 14
K Which clause would best fit this Nonconformance? (Supplier Related) Internal Auditing 2
W Minor Audit Nonconformance Against Determining the scope of QMS IATF 16949 - Automotive Quality Systems Standard 12
J IATF 16949 registration - Major Nonconformance Finding IATF 16949 - Automotive Quality Systems Standard 9
Ajit Basrur Are inputs to the nonconformance process required to be identified? Nonconformance and Corrective Action 21
N Responding to NADCAP nonconformance - Control of External Documents AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
P Examples of Nonconformance, Corrective Action Requests, and Root Cause Analysis Nonconformance and Corrective Action 2
qualprod Should I initiate CAPA for a nonconformance not recorded? Nonconformance and Corrective Action 25
K Nonconformance on training - Not following own processes (IATF 16949) Internal Auditing 14
J Audit opportunity for improvement raised to nonconformance months after the audit General Auditing Discussions 7
K NCR or CA? We're taking any issue we have and saying its a nonconformance Nonconformance and Corrective Action 11
GStough Nonconformance Found Outside the Audit Scope - Supplier Audit General Auditing Discussions 16
R Closing out an API/ISO QMS Audit Nonconformance - Magnetic Particle Examination Inspection, Prints (Drawings), Testing, Sampling and Related Topics 5
Q Nonconformance Raw Material Treatment in ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
C Recurring Nonconformance - Missing Deadline for Closing a Corrective Action Problem Solving, Root Cause Fault and Failure Analysis 14
N Laboratory Audit Nonconformance - Maintenance of Standards ISO 17025 related Discussions 10
K Internal Auditing a previous Nonconformance? Internal Auditing 19
D Interpretation of new IAQG ruling - Audit duration for nonconformance verification AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
Q Customer Complaint Vs. Nonconformance - CAPA SYSTEM Customer Complaints 2
D Nonconformance on document control - Unapproved document on production server Document Control Systems, Procedures, Forms and Templates 4
P Ratio of Supplier with a nonconformance vs. Supplier without a nonconfomance Supplier Quality Assurance and other Supplier Issues 10
W Nonconformance Recurrence Response Help General Auditing Discussions 4
dubrizo If Quality Objectives are not known to employees, is it a Nonconformance? General Auditing Discussions 7
xfngrs Automotive Industry Nonconformance Database wanted - Preferably SharePoint based Quality Assurance and Compliance Software Tools and Solutions 5
Gman2 Processes sharing the same nonconformance during an audit General Auditing Discussions 13
T Audit Nonconformance - ISO 9001:2008 Clause 6.2.2 - Competencies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 20
J Audit Nonconformance for Design of Choke Manifold Oil and Gas Industry Standards and Regulations 4

Similar threads

Top Bottom