ISO 9001:2015 Requirements
8.7.1 The organization shall ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery.
The organization shall take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and services. This shall also apply to nonconforming products and services detected after delivery of products, during or after the provision of services.
The organization shall deal with nonconforming outputs in one or more of the following ways:
b) segregation, containment, return or suspension of provision of products and services;
c) informing the customer;
d) obtaining authorization for acceptance under concession.
Conformity to the requirements shall be verified when nonconforming outputs are corrected.
8.7.2 The organization shall retain documented information that:
a) describes the nonconformity;
b) describes the actions taken;
c) describes any concessions obtained;
d) identifies the authority deciding the action in respect of the nonconformity.
1) The organization shall ensure that outputs that do not conform to their requirements are identified and controlled to prevent their unintended use or delivery.
This clause requires that an organization identify the outputs that do not conform to the requirements of the customer, and control these to prevent their unintended use or delivery. Outputs do not necessarily mean defective products or errors in service delivery, this could be any in-process output as well. This could include errors in the design document, issues with the invoice, issues in understanding the requirements of the customer, or a faulty product. The intent of the clause is that non-conforming process outputs, products or services are not delivered to the customer or used internally inadvertently. Identifying non-conforming process outputs, products and services, and taking adequate steps to ensure that it is not delivered to the customer in that form or is not used as an input to the next processing activity, is important to ensure the overall quality of the product or service. A non-conforming output when not identified or controlled can lead to a number of quality issues that will eventually reach the customer. A defective product or bad quality service is never appreciated by a customer, and can lead to customer dissatisfaction. Therefore, it is important that organizations identify all stages that generate process outputs, and put in place mechanisms to identify non-conforming outputs, and have a defined set of steps to handle such non-conforming outputs. Output here means any output from the process, product or service.Identifying and controlling non-conforming output is a critical aspect of quality management within an organization. Non-conforming output refers to products, services, or processes that do not meet established quality standards or specifications. Here’s a step-by-step guide on how to identify, control, and prevent the unintended use or delivery of non-conforming output:
- Clearly define quality standards, specifications, and criteria for your products, services, or processes. These standards serve as the basis for determining what constitutes non-conformance.
- Develop and document standard operating procedures (SOPs) that outline the processes and criteria for quality control and assurance. Ensure that all employees have access to and are trained on these procedures.
- Implement regular inspections and testing processes throughout the production or service delivery cycle to identify non-conforming output. Use various tools and techniques, such as statistical process control (SPC) or Six Sigma methodologies, to monitor and measure quality.
- Establish a formal process for reporting non-conforming output. Anyone who identifies a non-conformance should document it and report it to the appropriate personnel, such as quality control teams or supervisors.
- Once non-conforming output is identified, segregate it from conforming output to prevent mixing. Clearly label or tag non-conforming items to ensure they are not inadvertently used or delivered.
- Conduct a root cause analysis to determine why the non-conformance occurred. Identifying the underlying causes helps in implementing corrective and preventive actions to avoid future occurrences.
- Develop corrective action plans to address the identified root causes. These actions may involve rework, repair, or disposal of non-conforming items. Ensure that corrective actions are effective in preventing recurrence.
- Implement preventive measures to proactively avoid non-conforming output in the future. This might involve process improvements, employee training, or equipment maintenance.
- : Maintain comprehensive records of all non-conforming output, including the actions taken to address each instance. This documentation is essential for audit purposes and continuous improvement efforts.
- Implement a robust change control process that ensures any changes to products, services, or processes are thoroughly reviewed and validated to prevent unintended non-conformance.
- Regularly review and assess the effectiveness of your non-conformance control procedures. Continuously seek ways to improve processes and reduce the occurrence of non-conforming output.
- Train your employees on the importance of identifying and reporting non-conforming output. Create a culture of quality and awareness throughout the organization.
- Extend your non-conformance control processes to include suppliers and their products or services. Ensure that your suppliers meet your quality standards and provide non-conforming material control processes for incoming materials.
By following these steps and maintaining a strong commitment to quality management, organizations can effectively identify, control, and prevent the unintended use or delivery of non-conforming output, ultimately improving customer satisfaction and minimizing quality-related risks.
2) The organization shall take appropriate action based on the nature of the nonconformity and its effect on the conformity of products and services.
The first step in getting this clause implemented is to identify the process outputs, products or services that do not conform to the requirements, be it customer requirement or other requirements. For each “nonconforming” process outputs, products or services, adequate controls should be established by the organization to ensure that such non-conforming outputs are not delivered to the customers or used unintentionally internally as part of the input to another process. These non-conforming outputs may be found during self-reviews, peer reviews, testing or inspection methods established at various stages of the process. While non-conformities in an organization are expected at any stage of work, what ISO 9001 requires is that these are identified timely and handled efficiently whenever they are presented. In other words, non-conformity will eventually occur, but what is required is that the nonconformity is identified and addressed. Adequate actions should be planned for each non-conforming output. It is not necessary that for each output, the same action may be required. The action should be proportionate to the nature of the nonconformity and the impact of the output on the final product or service. An erroneous invoice may just need to be corrected, but a defective part that is part of the final product should either be fixed or segregated or returned (if supplied by a supplier) to ensure that it is not used (as it is) to produce the final product. Taking appropriate action based on the nature of nonconformities is a fundamental principle of quality management systems. Here’s how organizations can determine appropriate actions based on the nature of nonconformities and their impact on product or service conformity:
- Begin by thoroughly assessing the nonconformity. This involves understanding the nature and extent of the deviation from established quality standards, specifications, or requirements.
- Evaluate the potential impact of the nonconformity on the conformity of products or services. Consider factors such as safety, customer requirements, regulatory compliance, and the severity of the issue.
- Categorize the nonconformity based on its severity. Common categories may include critical, major, and minor nonconformities. These categories help prioritize corrective actions.
- Implement immediate containment measures to prevent the nonconforming product or service from reaching the customer or causing further issues within the organization. This may involve quarantine, rework, or removal of affected items.
- Conduct a root cause analysis to identify the underlying reasons for the nonconformity. Understanding the root causes is crucial for implementing effective corrective and preventive actions.
- Develop and implement corrective actions to address the root causes and eliminate the nonconformity. These actions aim to correct the immediate issue and prevent its recurrence.
- Implement preventive actions to proactively address any systemic or potential issues that could lead to similar nonconformities in the future. This helps improve overall process stability and quality.
- Communicate the nonconformity and the actions taken to relevant stakeholders, including customers if necessary. Transparency is essential for maintaining trust and ensuring appropriate response.
- Maintain comprehensive records of the nonconformity, actions taken, and their effectiveness. Proper documentation is essential for tracking progress, demonstrating compliance, and facilitating continuous improvement.
- Review and verify the effectiveness of corrective and preventive actions. Ensure that the actions taken have indeed resolved the nonconformity and prevent its recurrence.
- Encourage feedback from employees and stakeholders to identify further opportunities for improvement in quality management processes.
- Include nonconformities and their resolution in internal and external audits to demonstrate adherence to quality standards and regulatory requirements.
The specific actions taken will vary depending on the nature and impact of each nonconformity. Organizations should have documented procedures and guidelines in place to ensure consistency and effectiveness in responding to nonconformities and continuously strive to improve their processes to minimize the occurrence of nonconformities in the first place.
3) This shall also apply to nonconforming products and services detected after delivery of products, during or after the provision of services.
This requirement also applies to nonconforming products or services that are identified after delivery to the customers. So, if a customer reports a defect in the software that you delivered, and he/she is not able to operate the system any further, it’s a showstopper and needs an immediate correction. On the other hand, a bug which is only a small issue that does not hamper his work, for example, a ‘button is not getting displayed at the right place’, may be fixed in the next release. The action should be proportionate to the magnitude of the problem that you have in hand. Addressing nonconforming products and services detected after delivery or during/after the provision of services is crucial for maintaining customer satisfaction and upholding the organization’s quality standards. Here’s how organizations can take appropriate action in these situations:
- Isolate the Nonconforming Product or Service: Immediately segregate and isolate the nonconforming product or service to prevent further distribution or use.
- Document the Nonconformity: Thoroughly document the nonconformity, including its nature, location, and the circumstances of its discovery. Detailed documentation is essential for investigations and corrective actions.
- Investigate the Root Cause: Conduct a root cause analysis to determine why the nonconformity occurred. Identifying the underlying reasons is critical to preventing similar issues in the future.
- Notify Relevant Parties: Inform all relevant parties, including customers if necessary, about the nonconformity. Transparent and timely communication is essential for managing customer expectations and resolving issues.
- Corrective Actions: Develop and implement corrective actions to address the root causes and rectify the nonconformity. This might involve repairs, replacements, refunds, or other appropriate measures.
- Preventive Actions: Implement preventive actions to prevent the recurrence of similar nonconformities in the future. This could involve process improvements, employee training, or quality control enhancements.
- Customer Feedback and Resolution:If the nonconformity affects a customer, work closely with the customer to resolve the issue to their satisfaction. This may involve addressing their specific needs and concerns.
- Documentation and Records:Maintain detailed records of the nonconformity, actions taken, and their effectiveness. Proper documentation is critical for tracking progress and demonstrating compliance.
- Continuous Improvement: Use the lessons learned from addressing nonconforming products and services to drive continuous improvement in your organization’s processes and systems.
- Audit and Compliance: Include nonconforming products and services, as well as the actions taken to address them, in internal and external audits to ensure adherence to quality standards and regulatory requirements.
- Feedback Loop: Establish a feedback loop to collect and analyze data on nonconformities and their resolution. This information can be invaluable for preventing future issues.
- Supplier Feedback: If the nonconforming product or service is linked to a supplier, provide feedback to the supplier to ensure they address the issue and prevent its recurrence.
Addressing nonconformities detected after delivery or during/after the provision of services is not only a requirement for quality management but also an opportunity to demonstrate commitment to customer satisfaction and continuous improvement. Organizations that effectively handle such situations can build trust with their customers and stakeholders while minimizing the impact of nonconforming products and services on their reputation and operations.
4) The organization shall deal with nonconforming outputs in one or more of the following ways correction; segregation, containment, return or suspension of provision of products and services; informing the customer; obtaining authorization for acceptance under concession.
There are a number of ways that the organization can use to deal with nonconforming process outputs, products or services. The selection of the right methods depends on the necessity of the process. This may include one or multiple methods being applied to the non-conforming item:
a) Correction: Correction involves taking action to rectify the nonconformity so that it meets the required quality standards. This may include rework, repair, adjustment, or any other appropriate measures to bring the nonconforming output into conformity.
b) Segregation, Containment, Return, or Suspension: Depending on the severity of the nonconformity, organizations may choose to:
- Segregate: Physically separate nonconforming products or services from conforming ones to prevent mixing.
- Containment: Implement immediate measures to prevent the nonconforming product or service from reaching customers or causing further issues.
- Return: If applicable, return nonconforming products to the supplier or manufacturer.
- Suspension: Temporarily suspend the provision of products or services until the nonconformity is addressed.
c) Informing the Customer:In situations where the nonconformity has the potential to affect the customer, it is important to transparently communicate the issue to the customer. This allows them to make informed decisions and may involve providing options for resolution, such as replacement, repair, or refunds.
d) Obtaining Authorization for Acceptance under Concession: Sometimes, organizations may seek authorization from relevant parties, including customers or regulatory authorities, to accept nonconforming outputs under specific conditions or concessions. This typically occurs when the nonconformity poses minimal risk or when alternative solutions are not readily available.
The choice among these options depends on factors such as the nature and severity of the nonconformity, customer requirements, regulatory compliance, and the organization’s quality management procedures. It’s important for organizations to have well-documented processes and guidelines in place to ensure that appropriate actions are taken to address nonconforming outputs effectively and in accordance with established standards and requirements.If the organization decides to correct a nonconforming process output, product or service, then it must verify that the action it has taken has restored the process output, product or service conformity to the requirement.
5) Conformity to the requirements shall be verified when nonconforming outputs are corrected.
Verifying conformity to requirements is a crucial step after correcting nonconforming outputs. This verification ensures that the corrective actions taken have effectively addressed the nonconformity and that the product or service now meets the specified quality standards. Here’s how organizations typically verify conformity after correcting nonconforming outputs:
- Correction of Nonconforming Output: First, implement the necessary corrective actions to address the nonconformity. This may involve rework, repair, adjustments, or other measures to bring the product or service into conformity with the requirements.
- Documentation: Properly document the corrective actions taken, including details of what was done, who performed the actions, and when they were completed. Documentation is essential for traceability and audit purposes.
- Verification Process: After the correction is completed, initiate a verification process to confirm that the nonconforming output has been successfully corrected. This process may include a combination of the following steps:
- Inspection and Testing: Conduct inspections and tests to ensure that the corrected product or service meets the specified requirements. This may involve using the same criteria used during initial inspections.
- Review and Approval: Depending on your organization’s procedures, involve relevant personnel in reviewing and approving the corrected product or service to ensure it aligns with the requirements.
- Records Review: Examine the documentation related to the corrective actions to confirm that all necessary steps were taken and that the actions were effective in addressing the nonconformity.
- Release for Use or Delivery: Once verification confirms that the corrected product or service conforms to the requirements, it can be released for use or delivery. Ensure that there is a clear process in place for releasing products or services from correction to regular workflow.
- Record Keeping:Maintain comprehensive records of the verification process, including the results of inspections, tests, reviews, and approvals. These records serve as evidence of conformity and can be valuable for audits and quality monitoring.
- Feedback Loop: Establish a feedback loop to continuously monitor the effectiveness of corrective actions. If any issues or nonconformities reoccur, take additional corrective and preventive actions as necessary.
By verifying conformity after correcting nonconforming outputs, organizations ensure that the product or service meets the required quality standards and reduces the risk of recurring nonconformities. This verification step is integral to maintaining quality, satisfying customer expectations, and adhering to requirement of quality management system .
6) The organization shall retain documented information that describes the nonconformity; describes the actions taken; describes any concessions obtained; and identifies the authority deciding the action in respect of the nonconformity.
SO 9001 standard also requires that an organization records non-conformities and how these were handled. Typically, a report is created to record all the non-conformities. This report, usually called as Non-Conformity Log, should include at least the below details:
- Description of the Issue:Document a clear and detailed description of the nonconformity. This should include information about what the nonconformity is, where it was identified, its severity or impact, and any relevant details that help in understanding the nature of the nonconformity. The problem or the issue identified should be clearly defined. All information gathered using techniques like 5Why’s and 1 How i.e., who, why, what, when, where and how will help in understanding the issue and creating the right action plans. The detail should include what non-conforming indicators were found.
- Describe the immediate actions taken to fix the issue. Document the actions taken to address and correct the nonconformity. This includes a step-by-step account of the corrective actions implemented, who performed them, when they were executed, and any other pertinent details regarding the resolution process.This should describe the procedures taken to correct the problem and prevent it from repeating in the future.
- Any concessions from the customer in accepting the non-conforming product. If you have such scenarios where the customer may authorize acceptance of a faulty product or service, the same shall be recorded. The customer could be either internal or external.If the organization has obtained any concessions, waivers, or authorizations related to the nonconformity, document these details. Describe the conditions, terms, and reasons for obtaining these concessions.
- Identify the person responsible who authorizes the fix. It is important to find out if the fix has eliminated the problem. This should be done by a person who is authorized to do so. He shall re-validate the output to ensure the fix is done appropriately. Clearly identify the authority or individual responsible for deciding the appropriate actions in response to the nonconformity. This includes specifying who authorized the corrective actions, concessions, or other measures related to the nonconformity.I
All such non-conformance records that detail out the non-conformance and actions taken to fix such issues should be retained by the organization. The whole process of identifying and controlling non-conforming products, services, and process outputs is intended to keep an organization alert on inputs and outputs of processes.t’s important to emphasize that proper documentation is critical for traceability, transparency, and compliance with quality management system standards. Documented information related to nonconformities provides a historical record that can be valuable for audits, continuous improvement, and ensuring that the organization consistently follows its quality management procedures.Here are the key documents and records associated with Clause 8.7:
- Procedure for Control of Nonconforming Outputs: Organizations are typically required to have a documented procedure that outlines how nonconforming products or services will be identified, evaluated, segregated, corrected, and verified.
- Records of Nonconforming Outputs: Organizations must maintain records of nonconforming products or services. These records should include information about the nature of the nonconformity, its identification, its location, and any relevant details about its impact or severity.
- Corrective and Preventive Action Records: When nonconforming outputs are identified and corrected, records of the corrective and preventive actions taken should be maintained. This includes details about what actions were taken, who performed them, when they were executed, and their effectiveness.
- Records of Concessions Obtained: If the organization obtains concessions or authorizations for acceptance of nonconforming products or services, records of these concessions should be documented. This includes the conditions, terms, and reasons for obtaining such concessions.
- Verification Records: Records of the verification process to confirm the conformity of corrected nonconforming outputs should be maintained. This includes information on inspections, tests, reviews, and approvals related to the verification process.
- Authority Designation Records: Records should identify the authority or individual responsible for deciding the appropriate actions regarding nonconforming outputs. This helps establish accountability within the organization.
- Feedback and Improvement Records: Organizations should maintain records related to the feedback loop for nonconforming outputs. This includes records of any recurring issues and the corresponding corrective and preventive actions taken to address them.
- Documentation of Customer Communication: If nonconforming outputs have the potential to affect customers, organizations should document the communication with customers regarding the nonconformities, including any agreed-upon resolutions.
These documents and records are critical for demonstrating conformity with ISO 9001:2015 requirements and for ensuring effective control of nonconforming outputs. They also serve as valuable tools for tracking and improving the organization’s quality management processes. Properly maintained records are essential for audit purposes and for continuous improvement efforts.
Example of Procedure for Control of Nonconforming Outputs
Objective: To define the process for identifying, evaluating, and controlling nonconforming outputs to ensure that they are addressed in a manner consistent with quality requirements and regulatory standards.
Scope: This procedure applies to all employees and processes within the organization that have the potential to generate nonconforming products or services.
- Quality Manager: Responsible for overall oversight of the procedure.
- Department Heads/Supervisors: Responsible for identifying, documenting, and reporting nonconforming outputs within their respective departments.
- Corrective and Preventive Action Team: Responsible for implementing corrective and preventive actions as required.
1. Identification of Nonconforming Outputs: a. Nonconforming outputs may be identified through internal inspections, customer complaints, process monitoring, or other sources. b. Any employee who identifies a nonconformity should immediately document it and report it to their supervisor or department head.
2. Documentation of Nonconformity: a. The individual who identifies the nonconformity should document it using the Nonconforming Output Report Form. b. The form should include details such as the nature of the nonconformity, its location, date of identification, and any relevant information about its impact.
3. Evaluation and Categorization: a. The department head or supervisor reviews the Nonconforming Output Report to assess the severity and impact of the nonconformity. b. The nonconformity is categorized as critical, major, or minor based on predefined criteria.
4. Corrective Action: a. For critical nonconformities, immediate containment measures are implemented to prevent further distribution or use. b. A Corrective Action Team is assigned to investigate the root cause and develop corrective action plans. c. Corrective actions are documented, including what was done, who performed the actions, and when they were completed.
5. Verification of Corrective Action: a. The Corrective Action Team verifies the effectiveness of corrective actions through inspections, tests, or other suitable means. b. Once verified, the nonconforming output is re-evaluated to ensure it meets quality requirements.
6. Records and Documentation: a. All records related to nonconforming outputs, corrective actions, and verifications are properly maintained and stored. b. Records are made available for internal and external audits as required.
7. Communication: a. If the nonconformity affects a customer, communicate the issue transparently, along with proposed resolutions and timelines.
8. Continuous Improvement: a. Periodically review the procedure and associated processes to identify opportunities for improvement in nonconformity identification, evaluation, and corrective action.
9. Authority Designation: a. The Quality Manager is responsible for authorizing the final disposition of nonconforming outputs.
10. Concessions: a. Any concessions or authorizations for acceptance of nonconforming outputs are documented and maintained as per the organization’s policies.