ISO 9001 Clauses Explained - 8.7 Control of nonconforming outputs - Texas Quality Assurance

In this post “ISO 9001 Clauses Explained” we dive into Control of Nonconforming Outputs.

CONTROL OF NONCONFORMING OUTPUTS

(Consider reading HOW TO STANDARDIZE THE FUNDAMENTAL QMS TOOLS FOR OPERATIONAL EXCELLENCE)

Control of nonconforming outputs can be viewed and several different lights. For instance if we’re looking strictly at the quality of our products or services this is a traditional non conformance report form. Other variations may be nonconforming material report, a defect form or just a non conformity. All of these imply the same general intent.

A nonconformity is effectively output that did not conform to our previously identified requirements and we take note of it. A non-conformance report, NCR for common language, has really one or two main purposes. We want to identify how many times a part of our process did not conform to the expected outcome. Separately we may make a determination to quarantine the material until a decision can be made. This decision we often reference as our disposition code, with these common disposition codes

retrain / educate
rework
scrap
accept with concession
leave as is

The disposition codes above are taken as an interpretation of the following requirements from the ISO 9001 standard.

The organization shall deal with nonconforming outputs in one or more of the following ways:
a) correction;
b) segregation, containment, return or suspension of provision of products and services;
c) informing the customer;
d) obtaining authorization for acceptance under concession.
Conformity to the requirements shall be verified when nonconforming outputs are corrected.
ISO 9001:2015 8.7 Control of nonconforming outputs – 8.7.1

It is not uncommon to collect large volumes of data. By doing so you are able to develop trends, to find patterns, or find maybe clustering of defects. And the knowledge you can gain from analyzing this data is oftentimes unlimited and profound. You could learn something as simple as a machinist we have on 2nd shift is performing poorly. The process of reviewing and analyzing data over time can lead to a much better understanding of the problems in the process. Whatever it is that you learn from the analysis of your nonconformance is will allow you’d have a better input into your corrective action process.

Nonconformance Report vs Corrective Action Report

Let me be clear that a nonconformance report and corrective action report are two very very different processes. In the ISO 9001 standard the conformance of our production and service provision and control of nonconforming outputs are governed under clause eight. Clause eight is all about doing the work in the PDCA cycle. A nonconformance report comes from reporting on nonconformities in the “do” phase, this is the D and they do of our PDCA cycle. The Corrective Action takes place in the “act” phase, the A in the PDCA cycle.

Other purposes of Nonconformance Reports

A nonconformance report need not be limited strictly to the outputs of the production and service process, they can be issued against any number of points throughout various processes. For instance a purchase order that is missing the required SKU or a necessary sign off. These are excellent opportunities to issue a non conformance report, we want to track and trend these nonconformities as well as nonconformities identified through the production and service provision outputs. These types of nonconformities earlier in the process or through other ancillary processes can ultimately harm our reputation with customers, it can cause increase in rework, increase in confusion and delay. Some organizations do choose to issue non conformance reports in the production service provision process versus other processes such as HR, Safety, or Document Control for example.

Another great example is with health and safety. With health and safety your typical nonconformities are either in the identification of a near miss (which typically necessitates an investigation), or perhaps with unsafe conditions identified throughout the workplace. There is no requirement to utilize a separate form for these various types of non conformances, but in many instances it can be helpful. The simplest and easiest way to track these various types of nonconformities is through defect codes. Two tires of defect codes(included in QA Cloud) can often provide for greater control of what otherwise can turn into a mess of endless codes. For instance we may have a tier one defect code for shipping receiving, with several tier two defect codes associated with it regarding the packing list, regarding the material identification, regarding the counts of the materials and so forth. We may otherwise have a tier one defect code that identifies this as a health and safety issue, with a several tier two defect codes relating to a spill, a trip hazard, or failure to display appropriate warning signs, etc…

Minor vs Major Nonconformance in daily reporting

A process that has been observed before and is highly discouraged is separating our non conformance reports by significance or status. An example that we’ve seen a couple of times is where you would have a minor non conformance versus a major non conformance. This is understandable considering this is the nomenclature given during a an internal audit or an external audit. But during the regular course of the production process this is not an ideal solution. This implies a certain level of root cause analysis has been conducted in a certain level of risk assessment has been conducted on the issue at the point of issue to make the determination of minor versus major. During the course of an internal audit or an external audit the auditor does take substantial time to review any findings and make the judgement call of minor versus major, and there are strict criteria for governing minor versus major findings in an audit. Your typical shop supervisor or inspector does not have such training nor criteria available nor time to properly analyze the non conformance prior to its issue. It is best to take the opportunity to quarantine any defective material (or place services on hold), and then submit to leadership for review. At that point if this non conformance is determined to be significant, major, in any way the next course of action is either to quarantine, scrap, or in fact issue a corrective action if it is determined that this particular issue needs to be prevented from recurring in the future. Failure to treat non conformances in this manner can lead to what Edward Deming referenced as tampering. The average employee in an organization is not going to immediately be able to identify the difference between a common cause or a special cause and if we try to prevent every nonconformance treating it as correctable via simple corrective action we’re going to wind up tampering with the system to such degree that we introduce new inefficiencies and new sources of future defects.