SBS - The best value in QMS software

What must be recorded? (ISO 9001:2015, subclause 10.2)

Ava Martin

Starting to get Involved
#1
Hi all,

I would like to ask for an advice, when it comes to the subclause 10.2.
Currently we are maintaining the Correction and Corrective action file for all our NC that we detect in our company. .Each our team is maintaining they own file and the perception of what must be recorded differs. At the same time we have also separate Action tracker for Audit findings and also for actions coming out from the Satisfaction survey.

So when it comes to the CCA file, our teams perception on what issues (NC) must be detected differs. In some teams it is only the leadership and respective ISO coordinators that are maintaining this file and recording only selected NC, in other all team members has the access and are entering every single issue they come accross.

My questions is:
1. How far do we have to go in recording of all issues? Do we have to really track/document/control every single issue detected (even with small severity, that does not need correction) Or is the standard giving us a sort of freedom in this matter? What is the best practice maybe in your organizations?

Thank you a lot for any comments.

Ava
 
Elsmar Forum Sponsor

Tagin

Trusted Information Resource
#2
We distinguish between nonconformances vs. corrective actions. A nonconformance requires some correction (e.g, a vendor shipped us the wrong item), whereas a corrective action indicates a more serious or systemic problem (e.g., a vendor has shipped us the wrong item 3 times in a row).

Nonconformances are documented, but are mostly just corrections (e.g, get an RMA to send the wrong item back and have the vendor send the correct one.) So documented are:
- Problem
- Containment, as needed.
- Activity to correct.

Corrective Actions are more extensively documented:
- Problem
- Containment
- Root cause
- Activity to correct
- Activity to prevent recurrence
- Effectiveness

Having all the NCs documented is important. Without that then how would I know that this is the 3rd time the vendor has sent the wrong item and I need to open a CA and SCAR them? Making NCs painless and efficient to document goes a long way to making sure that they get recorded.

There is no 9001 well-defined divide between these two. Sometimes a problem starts off as an NC and then upon examination is found to be more serious and is escalated to a CA. The divide is going to be created by your policies and judgements. You might, for example, choose to consider all complaints from customers as requiring CAs. Or, if defects get above X%, etc. But I argue that there should be room left in the policy for judgement and experience to play a role, so that the QMS works for you, and you don't pigeonhole yourself into unproductive or unnecessary activity and paperwork.
 

Ava Martin

Starting to get Involved
#3
Thank you Tagin.
The thing is, that we cant come to an agreement with our Managers on one standardized approach on how we track all NC. I mean some processes/teams track really every issue that happens in the team (like literally everything, even if keyboard does not work :))), another only those NC that have some impact. This is causing a big difference in the number of CCA entries and this was even pointed out by the External Auditor (One of the process has really high number of entries, around 2000 for last year, out of that 60% was with low priority...now here is the question whether they simply dont "overdo it much" wit unnecesary entries....)


btw I apologize for my english, I am not native speaker :), but I hope the above makes sense :)
 

Ava Martin

Starting to get Involved
#4
Just to clarify: The issue I have is in the number of issues we record. In what extend we do have to go when recording/ NC, so the one as you said need only Correction....What do we already call as NC? Even something as: "keyboard not working", Correction was : I called IT to get a new one? I know it is a simple example but I would like to understand on what level we really have to go when tracking the noncomformities.
Thank you a lot for your help.
 

Tagin

Trusted Information Resource
#5
The thing is, that we cant come to an agreement with our Managers on one standardized approach on how we track all NC.
Is it possible to look at it from a 'risk-based thinking' perspective, and find agreement that way? Perhaps some teams see a lot of risk to their processes so they record a lot of CAs, but the processes of other teams have a lower risk from NCs and so do not record as many CAs?

Ultimately, the point of documenting and acting on these CAs is to improve the organization. From that perspective, do the teams creating a lot of CAs have better performance, fewer issues, and showing improvement? And do the teams creating fewer CAs have lower performance, more issues, and no improvement? Those kinds of criteria could be a guide to adjusting the threshold level for creating CAs.
 

Tagin

Trusted Information Resource
#6
Just to clarify: The issue I have is in the number of issues we record. In what extend we do have to go when recording/ NC, so the one as you said need only Correction....What do we already call as NC? Even something as: "keyboard not working", Correction was : I called IT to get a new one? I know it is a simple example but I would like to understand on what level we really have to go when tracking the noncomformities.
Thank you a lot for your help.
I would not consider a keyboard failure on a workstation as requiring an NC, unless it was impactful to quality, uptime, etc. But even in that case, you could use problem tickets submitted to IT (if you had such a ticket system) as your NC evidence for that category of problem. The more that NC documenting/reporting can be built in to the existing processes, the less additional documenting needs to be done.
 

Ava Martin

Starting to get Involved
#7
Is it possible to look at it from a 'risk-based thinking' perspective, and find agreement that way? Perhaps some teams see a lot of risk to their processes so they record a lot of CAs, but the processes of other teams have a lower risk from NCs and so do not record as many CAs?

Ultimately, the point of documenting and acting on these CAs is to improve the organization. From that perspective, do the teams creating a lot of CAs have better performance, fewer issues, and showing improvement? And do the teams creating fewer CAs have lower performance, more issues, and no improvement? Those kinds of criteria could be a guide to adjusting the threshold level for creating CAs.
This is a good point and something to definitely consider as a criteria, thank you.
 

Ava Martin

Starting to get Involved
#8
I would not consider a keyboard failure on a workstation as requiring an NC, unless it was impactful to quality, uptime, etc. But even in that case, you could use problem tickets submitted to IT (if you had such a ticket system) as your NC evidence for that category of problem. The more that NC documenting/reporting can be built in to the existing processes, the less additional documenting needs to be done.
What exactly do you mean by: The more that NC documenting/reporting can be built in to the existing processes, the less additional documenting needs to be done.
 

Tagin

Trusted Information Resource
#9
What exactly do you mean by: The more that NC documenting/reporting can be built in to the existing processes, the less additional documenting needs to be done.
I meant, in this example, if the team was submitting problem tickets to IT (e.g., for a bad keyboard), then those tickets could act as a record of the NC problem & correction for IT-related issues, and so it would unnecessary to then write up the problem again on a separate NC form. Whether that works for your organization depends on your policies, etc. I'm just thinking about efficiency in recording NCs.
 

Ava Martin

Starting to get Involved
#10
I meant, in this example, if the team was submitting problem tickets to IT (e.g., for a bad keyboard), then those tickets could act as a record of the NC problem & correction for IT-related issues, and so it would unnecessary to then write up the problem again on a separate NC form. Whether that works for your organization depends on your policies, etc. I'm just thinking about efficiency in recording NCs.
I see :) We do have ticketing tools (for IT processes, also in other such as HR) And as you said we do use it in case of issues, and you are correct that in this way it is already recorded. Thank you so much for the advise, it helped me a lot and gave me some ideas on how to mover further in this. I appreciate it :agree1: Thank you and also all the best in 2021!;)
 
Thread starter Similar threads Forum Replies Date
John C. Abnet Must COPQ always be quantified as a monetary ($) amount? IATF 16949 - Automotive Quality Systems Standard 2
T What does AS9100 mean when it says you must establish a process to do X? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 24
B IATF16949 audit requirement - Auditor request UCL and LCL must be show Xbar-R, IATF 16949 - Automotive Quality Systems Standard 7
A Read instruction manual - What Graphic Symbol must I use? US Food and Drug Administration (FDA) 7
M What kind of instrument that must be calibrated? General Measurement Device and Calibration Topics 3
Q Must product name be listed the same name in FURLS, UDI, GUDID and Company Website? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
J Customer VDA Audit - We must provide refresher training? VDA Standards - Germany's Automotive Standards 4
J Any diverging opinions regarding audit findings or conclusions must be resolved no later than the closing meeting ISO 13485:2016 - Medical Device Quality Management Systems 13
I Sampling processes - Who must define the AQL level? AQL - Acceptable Quality Level 9
M Which documents must be updated upon product validation? Document Control Systems, Procedures, Forms and Templates 1
Q IATF 16949 - Product audit - Must each product be audited? IATF 16949 - Automotive Quality Systems Standard 6
G From an ISO 17025 auditor perspective must micrometer calibration check anvil flatness? General Measurement Device and Calibration Topics 4
C Must your reference standard provider be ISO17034 certified to meet your testing lab's ISO 17025 certification requirements? Other ISO and International Standards and European Regulations 2
R Changing Document Control software. Must I transfer EVERYTHING? Document Control Systems, Procedures, Forms and Templates 3
T Must all Disposable Medical Devices be DEHP Free for MDR? EU Medical Device Regulations 1
W Product Audit - It must be a separate and distinct activity (IATF 16949) IATF 16949 - Automotive Quality Systems Standard 4
P Quality objectives - must they include CAPA and internal audit topic? ISO 13485:2016 - Medical Device Quality Management Systems 28
S Record Retention - How long must a company keep the following records? Records and Data - Quality, Legal and Other Evidence 17
I Is risk acceptability really needed if all risks must be reduced as far as possible? ISO 14971 - Medical Device Risk Management 6
A ISO 9001:2015 Clause 9.3.2 - Management Review Inputs must be Documented? Management Review Meetings and related Processes 15
N Must Bioburden Sampling Procedures be Documented? Other Medical Device Related Standards 5
M Contacting a "Must Use" (aka Sole Source) Supplier's Registrar Supplier Quality Assurance and other Supplier Issues 6
T Auditor states my Oven Thermocouples must be Calibrated General Measurement Device and Calibration Topics 18
K Must I update the Quality Policy? (ISO 9001:2008) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
B Must a Design Outsourcing Company have ISO13485? ISO 13485:2016 - Medical Device Quality Management Systems 3
U Must every procedure be proceeded by a policy? Document Control Systems, Procedures, Forms and Templates 2
P Must all parts of a product be RoHS compliant? EU Medical Device Regulations 5
N Must electrodes for Rx/prescription stimulators be Rx only? Other US Medical Device Regulations 2
V Is there an approach to define the "must 'or' should" in supplier audits? US Food and Drug Administration (FDA) 2
F Electronic Signatures (21CFR Part 11) - Must They Appear on Printed Documents Document Control Systems, Procedures, Forms and Templates 9
R What are the "Must Have" Specs and Standards for AS9100 Certification AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
L Must we do Receiving Inspection for everything? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
U Once upon a QMS - Is a Statement of Uncertainty a must for ISO 17025 accredited labs? ISO 17025 related Discussions 8
C Must we identify steps taken to identify the Root Cause of a failure Nonconformance and Corrective Action 15
Y Must every Process have a Quality Objective? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
L Must the Signature on a Quality Record be Legible? Records and Data - Quality, Legal and Other Evidence 33
N Must Employees Be Evaluated Annually? Training - Internal, External, Online and Distance Learning 19
A Calibration system must meet ISO 10012, ISO 17025 or ANSI/NCSL Z540? ISO 17025 related Discussions 38
D How long must we provide service parts to Ford? IATF 16949 - Automotive Quality Systems Standard 7
E Must Patent Numbers be Shown on Product Labels? Other Medical Device and Orthopedic Related Topics 18
Ronen E FDA Must Have New Authorities to Regulate Pharmacy Compounding US Food and Drug Administration (FDA) 8
P Trip to the USA - Must-Eat Food? Holiday Planning Coffee Break and Water Cooler Discussions 57
Colin What QMS Internal Audits must cover and ISO 9001 Internal Auditing 19
R Is insulation between F type applied part and other parts a must? IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
D Must Forms be referenced in applicable Procedures? Supplier Quality Assurance and other Supplier Issues 6
U Must We Audit Critical Suppliers? How often? Supplier Quality Assurance and other Supplier Issues 7
S Integrating a Multi-Management System - What documents & records must we have? Various Other Specifications, Standards, and related Requirements 6
R Risks which must be Distinctly Identified - Harm, Hazard, Severity ISO 14971 - Medical Device Risk Management 7
O ISO 9001 requirements for what Internal Audits must cover Internal Auditing 7
Q Who must write Quality Manual as per ISO 9001 Clause 5.5.2? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 23

Similar threads

Top Bottom