Question about Corrective Actions - Clause 7.10.3

david7763

Starting to get Involved
Looking for someone with extensive experience and insight into the interpretation of the standard's requirement for when corrective action must be performed.

ISO/IEC 17025 clause 7.10.3 appears to require that any time there is a possibility for recurrence of any nonconformity - regardless of nature, severity, consequences, or even if the chance for recurrence is minimal - the lab must implement corrective action. By definition, corrective action is something done to eliminate root cause, yet the standard in clause 8.7.1 allows that the lab should determine for itself whether the cause needs to be eliminated and in clause 8.7.2 states that responses should be appropriate to the effects of the nonconformity.

Thus, my interpretation is that if my assessment of a nonconformity is that it does not impact the customer and that its recurrence is an acceptable risk due to low severity or low probability of occurrence, then I am justified in not implementing corrective action.

Would this violate clause 7.10.3?
 

UncleFester

Involved In Discussions
7.10.3 contains a 'shall' requirement, but this relates to the evaluation of the significance of nonconforming work as seen in 7.10.1. So, if you have made an evaluation of the N/C and have concluded that there is little or no possibility of this N/C recurring then no corrective action is required. I'm assuming that your organisation doesn't have ISO9001 certification as if it did then it would already satisfy the requirements in clauses 8.2 to 8.9.
 

david7763

Starting to get Involved
7.10.3 contains a 'shall' requirement, but this relates to the evaluation of the significance of nonconforming work as seen in 7.10.1. So, if you have made an evaluation of the N/C and have concluded that there is little or no possibility of this N/C recurring then no corrective action is required. I'm assuming that your organisation doesn't have ISO9001 certification as if it did then it would already satisfy the requirements in clauses 8.2 to 8.9.
That is how I have been interpreting the standard for my clients, but wanted to check around and see if there are other interpretations. Would you say that the requirement in 7.10.3 to implement corrective action (if the NC could recur, regardless of probability of recurrence) is subordinate to the requirement in 7.10.1b to take action based on risk levels established by the lab? That is to say, should I read the standard to require that IF the lab's assessment indicates that the probability of recurrence exceeds the lab's risk threshold, only THEN would corrective action be required? I believe that this interpretation aligns with the language of ISO 9001 8.7.1 and 10.2.1, although ISO 9001 appears to permit correction (of the immediate cause) rather than to always require corrective action (addressing root cause). I prefer to help my clients design NC & CAPA processes that allow a response appropriate to the consequences rather than always requiring root cause analysis.
 

ennifer.fadell

Registered
Looking for someone with extensive experience and insight into the interpretation of the standard's requirement for when corrective action must be performed.

ISO/IEC 17025 clause 7.10.3 appears to require that any time there is a possibility for recurrence of any nonconformity - regardless of nature, severity, consequences, or even if the chance for recurrence is minimal - the lab must implement corrective action. By definition, corrective action is something done to eliminate root cause, yet the standard in clause 8.7.1 allows that the lab should determine for itself whether the cause needs to be eliminated and in clause 8.7.2 states that responses should be appropriate to the effects of the nonconformity.

Thus, my interpretation is that if my assessment of a nonconformity is that it does not impact the customer and that its recurrence is an acceptable risk due to low severity or low probability of occurrence, then I am justified in not implementing corrective action.

Would this violate clause 7.10.3?
Just make sure to have a written standard by which you evaluate risk. The auditor wants to see that risk was considered and consistently. Nothing wrong with documenting that no corrective actions were taken as long as you can justify it. Corrective actions should always address the 3-legged 5-why in 2 areas (Process issues aka why built. Detection aka why not caught in inspection or shipped... And Systemic issues aka why not well-defined, clear responsibility). If the issues begged addressing, do so thoroughly now or it'll be a bigger issue as an external audit finding.
 
Top Bottom