Should Potential Customer Complaint Outcome Define Registrar NC Rating?

MrPhish

ISOLove to Dance
#1
I didn't see any existing thread this issue fits in, so here goes: On a recent surveillance audit, the Registrar was reviewing my listing of customer complaints that were actively being managed via my internal process (i.e. CAR had been created, root cause identified, actions being taken, and managed). The subject of a specific complaint caught his eye. Let's say for example, the complaint had to do with an issue that could have but did not cause any death or injuries to personnel. The Registrar wanted to write this up as a automatic MAJOR nonconformance because of the severe potential of the event (even though the worse case never happened). Now remember, the complaint was actively being worked through the QMS ... the Registrar did NOT uncover the issue for the first time. Can anyone explain to me WHY this should be a MAJOR nonconformance solely based on a potential outcome that never happened, for an already identified issue? What am I missing? BTW: the Registrar did confirm the MAJOR NC was being issued because of the potential "gravity" of the complaint.
 
Elsmar Forum Sponsor

Sidney Vianna

Post Responsibly
Staff member
Admin
#2
Based on what you describe, it seems that the auditor might not be reacting appropriately.

The severity and criticality of the problem should be taken into account by your organization on how to respond to it. Actually ISO 9001:2015, par. 10.2.1 states:
Corrective actions shall be appropriate to the effects of the nonconformities encountered.
As long as you can demonstrate that you have reacted with the urgency and seriousness of the risk at hand, the CB auditor should not write up anything, because you would have demonstrated that your system is working.

Now, on the other hand, if the auditor believes that your organization was not taking the issue seriously, expeditiously enough, etc..he could have written up a NC against the requirement I mentioned above.

That's my take on your scenario.
 

MrPhish

ISOLove to Dance
#3
Thanks for the "sanity check". My records on this issue were documented nine ways to Sunday ... and then some. Had e-mails from all Top Leadership and Contracts folks to show full involvement. Had a matrix of all identified CAs and the current status of all CAs and their projected due dates and/or completion dates. IMHO, all was compliant with clause 10.2.1.

In the end, I gave him some additional info/data and he dropped the issue (i.e. no MAJOR NC).
 

MrPhish

ISOLove to Dance
#5
No minor NC either. He dropped the whole issue ... but it took me a while to show him he was wrong. Purpose for this thread was to obtain a "sanity check" from the experts here at the Cove to make sure my thought process wasn't flawed.
 

Randy

Super Moderator
#6
I wouldn't raise one and I've refused to allow one in the past when the organization had identified a "problem", and was working it through their corrective action system...Which helps to provide evidence that the process works...DUH!

Legalities aside...Even if someone had been killed, as long as the organization/client was following their corrective action process, and as long as the CA process meets requirements, and there is evidence to show that the org/client was striving to correct whatever, then at the most you say "Good Job" and move on to something else, like worrying if the tape measures are calibrated.

Over reaching auditor for sure, but looks like everything came out OK
 

Big Jim

Trusted Information Resource
#7
You had a very sick auditor. He needs educating. You should still consider having a conversation with your registrar. He was out of place and don't forget that you get what you tolerate.
 

MrPhish

ISOLove to Dance
#8
Randy: you've hit on a secondary concern I had about this instance. If the Registrar is going to write me an new NC for an existing active CA I am currently processing, then why not just ask for my active CA list and write up an NC for every open CA on the list ... then move on tho the rest of the audit ... like making sure the 12 inch ruler is calibrated too ... LOL.

Big Jim: That is exactly why I continued to question his Major NC finding and got him to rescind it ... didn't want to set a precedent for the future.
 

Randy

Super Moderator
#9
CB's are supposed to check status of complaints at all audits and nonconformities identified during previous audits. The Duh factor says to look at the corrective action process evey audit but it's not an absolute (except for the CB I audit for, and review of CA's is supposed to be at every audit and you can see that in all of my plans & reports going back to 2002)
 
Thread starter Similar threads Forum Replies Date
MrTetris Should potential bugs be considered in software risk analysis? ISO 14971 - Medical Device Risk Management 5
S Should an auditor document potential nonconformities in the audit report? General Auditing Discussions 41
N ISO 19011:2018 - 5.4.2 "...audit program should engage in appropriate continual development..." Training - Internal, External, Online and Distance Learning 4
G Should I perform Gage R&R only at the beginning of a new project? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 6
DuncanGibbons Should the requirements FAA/EASA Part 21 be addressed within the QMS and AS9100D quality manual? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
M Should 510(k) Predicates be Actively Listed Devices? Other US Medical Device Regulations 12
B Why the Greek god Hephaestus should have done a design FMEA (DFMEA) on his giant robot APQP and PPAP 1
J On PFMEA for danger labels - Label always should be assigned severity 10 ? FMEA and Control Plans 3
H Who should be listed as the manufacturer/distributor on the box? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 15
M MDR, RED and LVD - Should our device comply with them? EU Medical Device Regulations 2
BeaBea How Many Processes should be created for each Department? Process Maps, Process Mapping and Turtle Diagrams 5
M Should volume of sales be factored into risk probability assessments? ISO 14971 - Medical Device Risk Management 33
S Should safety checks be included in the Control Plan? IATF 16949 - Automotive Quality Systems Standard 5
M Which incubation condition should be selected to recover both bacteria and fungus effectively Miscellaneous Environmental Standards and EMS Related Discussions 3
D Is there a specific location for PPE such as safety glass holders and glove dispensers should be mounted Occupational Health & Safety Management Standards 10
Robert Stanley Which Registrar Should I Choose for ISO 9001:2015 registration? Registrars and Notified Bodies 10
M Who should receive the bills from suppliers and vendors, account payable or procurement? Consultants and Consulting 4
V IATF 16949 8.4.1 Control of externally provided processes, products and services - Should the CB be on our Approved Supplier List? IATF 16949 - Automotive Quality Systems Standard 10
A We are ISO 13485:2016 should we be audited to ISO 14971 ISO 13485:2016 - Medical Device Quality Management Systems 16
E Received a Major finding during IATF Surveillance audit for loss of BIQS Level 3 (more than 6 SPPS in 6 months)...how should we address SYSTEMIC CA? IATF 16949 - Automotive Quality Systems Standard 11
J Organization merger. Should we keep two separate ISO 13485 certificates? ISO 13485:2016 - Medical Device Quality Management Systems 6
S Companies that maintain your machine should be in ASL? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 2
S Use of "Shall" versus "Should" in Procedures ISO 13485:2016 - Medical Device Quality Management Systems 21
D Class II medical device - When should a complaint be closed? Customer Complaints 6
Sidney Vianna IATF 16949 News Presentations from the latest IATF Stakeholder Event - Expectation that IATF 16949 certification should equate with product quality. Misguided? IATF 16949 - Automotive Quality Systems Standard 7
L Clause 0.4 of ISO 9001 and EHS - Where should I stop the inclusion of EHS in my QMS ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
Ed Panek Part 11 Self Certify Memo - What else should it cover? Qualification and Validation (including 21 CFR Part 11) 5
H Should I mention machine/Equipment password In SOP? Qualification and Validation (including 21 CFR Part 11) 4
D How long should we keep the spare parts available for our medical device, after we have stopped the production? ISO 13485:2016 - Medical Device Quality Management Systems 0
H Statistical Techniques Procedure - What should be included Document Control Systems, Procedures, Forms and Templates 4
Q How should I analyze measurement correlation between me and customer? Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 12
Sidney Vianna Interesting Discussion ISO 9001:2024 - What should be changed in the next Edition of ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 75
N Should it even be on the hazard analysis (software)? FMEA and Control Plans 2
V Which batches should or could be considered for design validation and design verification? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 0
L A Taiwan company want to sell Class I medical device (510(k) exempt) on Amazon, should we register with FDA? US Food and Drug Administration (FDA) 4
M Routine testing of medical electrical systems - What specific electrical safety tests should be performed? IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
G ISO 17025:2017 7.1.2 - Should I produce a document for the customer? ISO 17025 related Discussions 8
F Quality Objectives - Where in the QMS Quality Objectives should be located ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
P ISO 80369-7 standard - Interpreting which Parts should be in scope Other Medical Device Related Standards 7
V Who should define and own the Design and Development Plan and how to maintain the updates and revisions. ISO 13485:2016 - Medical Device Quality Management Systems 2
A How should the Medical Device OEMs be declared to ANVISA? Other Medical Device Regulations World-Wide 0
D Should "Waste" be included as Output in SIPOC Chart? Process Maps, Process Mapping and Turtle Diagrams 8
N Control plan evaluation methods - Which methods should be carried over from the PFMEA? FMEA and Control Plans 3
A PFMEA - How long should the recommended actions remain in the recommended actions column? APQP and PPAP 3
M Should Quality be an independent organization in aerospace company? Quality Manager and Management Related Issues 25
S Should there be a SOP on Cybersecurity? ISO 14971 - Medical Device Risk Management 1
B AS9102 FAI & Lower Level Drawings - How should we perform the FAI? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
I Imaging Services - Which standard should we be certified to? ISO 13485:2016 - Medical Device Quality Management Systems 4
D Design FMEA for a component - Should I make the following assumptions? FMEA and Control Plans 7
M Medical Device News FDA's Policies and Procedures Should Better Address Postmarket Cybersecurity Risk to Medical Devices Other US Medical Device Regulations 0
Similar threads


















































Top Bottom