SBS - The Best Value in QMS software

When audit NC requires only correction

Jane's

Involved In Discussions
#1
I was wondering how unusual is it to provide just a correction and no corrective action to an audit NC. The audit NC is minor and it is one of its kind, so there is no trend or multiple occurrences to establish a defined root cause.

TIA for your replies.
 
Elsmar Forum Sponsor

Jane's

Involved In Discussions
#3
Will do:)

Meanwhile it would be nice to know that other ppl have done that too. I should add that risk was calculated as low and our current process allows for this (it's just that we have never used that for an audit NC).
 

ScottK

Not out of the crisis
Staff member
Super Moderator
#4
Sure - it's up to the auditor and his organization's policies.

It's still pretty standard practice that if a one-off finding is corrected by the time of the closing meeting it won't count as a finding... whether the auditor makes you follow the full corrective action process is up to them and they would likely make that judgement base on potential risk.

If it's really super simple, like a page missing from a printed document where the pdf version is whole, I would let that go with just a correction... unless I saw a second instance.
 

Jane's

Involved In Discussions
#6
The NC is minor by definition and calculated risk is low due to low occurrence and high detection, but the issue itself is maybe not minor per se. My problem is that:

  1. there is no other occurrence of a similar NC,
  2. the NC precedes me (the content which contains an error was written by the former staff), and
  3. we already have a mechanism in place to prevent this from happening again - compliance with applicable standards and regulatory requirements is required throughout our processes. The NC was that retention time for certain records was set to be shorter than that required by the EU regs.
Any additional thoughts much appreciated.
 

Marcelo

Inactive Registered Visitor
#7
The NC was that retention time for certain records was set to be shorter than that required by the EU regs.
I'm not sure how this is a minor NC. Your company is already required, including by applicable regulations, to comply with regulations. If you are not complying, this is a very serious NC. Why did this happen? Why were your system not complying with something. It should? Did anyone check compliance with all applicable regulatory requirements? If so, why the person did not note this? How many more regulatory requirements is the company not complying with?

we already have a mechanism in place to prevent this from happening again - compliance with applicable standards and regulatory requirements is required throughout our processes.
Doing something that you should already be doing (as mentioned, this is already required by the standard and by the applicable regulations) is not something that controls the risk, and I don't see how it will prevent this from happening again as the NC itself already is a case of this not happening.
 
#8
I was wondering how unusual is it to provide just a correction and no corrective action to an audit NC. The audit NC is minor and it is one of its kind, so there is no trend or multiple occurrences to establish a defined root cause.

TIA for your replies.
What type of audit is it? External? Internal? When people answer, without knowing this information, it becomes very difficult to provide an accurate, "quality" answer.
 

Jane's

Involved In Discussions
#9
I'm not sure how this is a minor NC. Your company is already required, including by applicable regulations, to comply with regulations. If you are not complying, this is a very serious NC. Why did this happen? Why were your system not complying with something. It should? Did anyone check compliance with all applicable regulatory requirements? If so, why the person did not note this? How many more regulatory requirements is the company not complying with?
I agree with you that severity of the NC is high and that is how we evaluated it too, but this is still a minor NC. For all I know, that could have been a typo showing 3 where it should have been 5 in the table which specifies the records retention time. As i said, this was established by former staff, so i can't ask them what happened or re-train them or whathave you.

Note that a major NC/QMS breakdown would be not having any requirement for records retention. How do we know other EU req's are met? We completed the essential requirements checklist, Annex I (we are class II, so self-declared).

Doing something that you should already be doing (as mentioned, this is already required by the standard and by the applicable regulations) is not something that controls the risk, and I don't see how it will prevent this from happening again as the NC itself already is a case of this not happening.
I am not sure I understand what you are saying in this paragraph, but I appreciate the effort.

@AndyN: It's an external. I know, i'm feeling pretty brave just talking about it:)
 
Last edited:
#10
Most external auditors look at things as if they are an "iceberg" - by which I mean the auditor thinks "If I found it, it must be that there's much more below the surface". That's instead of them taking time to understand how systemic the issue is. So, they treat everything as if root cause is needed instead of allowing things to be corrected...
 
Thread starter Similar threads Forum Replies Date
marmotte Malaysia - Auditor Requires an Updated Audit Report Other Medical Device Regulations World-Wide 5
A Client requires to witness an Internal Audit of our Sub-Contractor Internal Auditing 4
B Gamma Quarterly Audit Medical Device and FDA Regulations and Standards News 0
A Anxiety - ISO Re-registration Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 66
Ed Panek Auditor MDR (Presub audit) finding EU Medical Device Regulations 2
Q Easy CARs for Internal Audit ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 14
D Question and advice for a supplier self audit questionnaire ISO 13485:2016 - Medical Device Quality Management Systems 6
S Quarterly Dose Audit Medical Device and FDA Regulations and Standards News 5
H When is a SOC 2 audit necessary? IEC 27001 - Information Security Management Systems (ISMS) 3
J NCR- Failure of contract review process - NADCAP audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
D Special IATF audit of sub-supplier IATF 16949 - Automotive Quality Systems Standard 5
A Internal audit plan and processes for ISO 14001:2015 ISO 14001:2015 Specific Discussions 3
D Question on using audit checklist ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 12
C API Q1 internal audit report Internal Auditing 3
P Filled in F48/F49 for internal audit ISO 17025:2017 Internal Auditing 1
A IRIS audit - Discussion about Special Processes General Auditing Discussions 11
J Internal audit random sampling methodology Internal Auditing 2
D Major NC from last audit not fixed not sure how to fix General Auditing Discussions 9
X Sample SOC2 audit report (or a redacted one) IEC 27001 - Information Security Management Systems (ISMS) 0
D Lead time to schedule an ISO 13485 audit General Auditing Discussions 2
G Organizing internal audit program for an Integrated QHSE Management System Internal Auditing 13
S Does anyone have a checklist to prepare for ISO 13485, Stage I audit? ISO 13485:2016 - Medical Device Quality Management Systems 1
W How do you phrase your internal audit questions? Internal Auditing 3
Z Steps to take before an MDSAP audit for Canada Canada Medical Device Regulations 2
V Csv, excel format - audit trail file of HPLC system ( Empower, openlab, EZchrom or any other ) Qualification and Validation (including 21 CFR Part 11) 0
G Not accepting a non conformity during an audit General Auditing Discussions 11
K IATF audit day requirements table 5.2 IATF 16949 - Automotive Quality Systems Standard 6
Q ISO 9001/IATF 16949 Audit Finding Question - Document Retention IATF 16949 - Automotive Quality Systems Standard 11
M IATF - Internal Audit 3 year span Internal Auditing 4
Q Audit report template ISO 9001/14001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
Q ISO 9001-2015 Internal audit finding Internal Auditing 12
lanley liao How to understand this words that the planning of internal audit shall take into consideration the results of previous audits? Oil and Gas Industry Standards and Regulations 10
P Audit check for IT company (ISO 9001) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
D Supplier audit Medical Device and FDA Regulations and Standards News 2
M Go Live With New ERP System before Recertification Audit General Auditing Discussions 6
A Add MDSAP to Internal Audit Schedule Medical Device Related Regulations 0
A Define timeline for Major and Miner Audit finding General Auditing Discussions 4
J IATF 16949 Internal Audit question - Auditor's responsibility Internal Auditing 6
A API Monogram audit review process Oil and Gas Industry Standards and Regulations 5
S IATF 16949 Internal Audit Example IATF 16949 - Automotive Quality Systems Standard 15
B Remote IATF 16949 audit preparation General Auditing Discussions 10
M AS9100D Registrar pre-audit requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 15
I Do I need to sign off my annual audit calendar? Internal Auditing 2
R AS9100D internal audit checklist or ISO 9001 2015 to AS9100 D AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
M Nice and simple invitation email to an audit kickoff meeting Internal Auditing 1
M IATF 16949 - Audit of Remote Location/Support Site and IT IATF 16949 - Automotive Quality Systems Standard 4
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
Q Self-assessment audit information Quality Management System (QMS) Manuals 6
Le Chiffre Online training available for ISO/IEC 17021-1: Requirements for bodies providing audit and certification of management systems Training - Internal, External, Online and Distance Learning 3
xfngrs NIOSH Audit for N95 respirators US Food and Drug Administration (FDA) 1

Similar threads

Top Bottom