This article covers clause 10.2 Nonconformity and corrective action. This clause is going to be broken down and turned into something you can all understand and implement in your own organization or industry. Keep on reading as I can show you just how easy this is!
Before I get started on the clause, I think it’s important to understand the definition of nonconformity. After all, if we don’t know how to recognise one then we won’t know when to take action, will we?
ISO 9000, which is the Fundamentals and vocabulary guide for ISO 9001, states that 'a nonconformity is a non-fulfillment of a requirement, and the definition of a requirement is a need or expectation that is stated, generally implied, or obligatory'.
These requirements that we are bound to conform with may come from our customers, product or legal requirements, ISO Standard requirements, or even our own quality management system requirements. Put simply, we need to identify and understand what our requirements are and then follow them. When we don’t, that is a nonconformance.
This will now help us as we move through the clause requirements so let’s get started.
Let’s take a look at what Clause 10.2 wants us to do. The clause starts off with sub-clause 10.2.1 stating:
When a nonconformity occurs, including any arising from complaints, the organization shall
a) react to the nonconformity and, as applicable
1) take action to control and correct it
2) deal with the consequences
This action and dealing with the consequences come from the actions identified and conducted from clause 8.7 Control of nonconforming outputs. These few little points here in clause 10.2 just reiterate and summarise what clause 8.7 requirements are. I’m not going to go into detail again here, so be sure to watch that video later if you need more information.
So now, we know that we have to deal with the consequences of a nonconformance as the first step. This is normally referred to as a correction. It is not a long-term fix or corrective action. It is just getting it under control initially.
The next part of the clause is where we look at the long-term fix or corrective action. Therefore, this clause states that the organization shall:
b) evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:
1) reviewing and analysing the nonconformity;
2) determining the causes of the nonconformity;
3) determining if similar nonconformities exist, or could potentially occur.
You will have noticed that the overarching goal is to prevent the nonconformity from recurring or occurring elsewhere. This is done by reviewing and analysing the nonconformity to determine the cause or causes of the nonconformity.
By doing this we also have the opportunity to find out whether there have been similar nonconformities that have already occurred or have the potential to occur.
For example, if we have a piece of equipment, just some small non-descript item that is meant to come out of the production process green. But on this particular occasion, it has come out red. That is a nonconformance.
Our first step is to deal with the consequences, that might be to put the now red item in a quarantine section so that it is not used. We might also tag it appropriately just to make sure. We then also isolate the machine that produced the red item to ensure that no more comes out the wrong colour.
The next step is to review and analyse what occurred and how it actually happened. This might involve following the set process, interviewing operators, pulling the machine apart, checking paint stock and codes, checking the order, and so on.
Once we have gone through this process, we should have identified the root, and core cause of this issue. And then we can move on to implementing a corrective action that should prevent it from recurring or occurring elsewhere. This leads us to the next part of this clause which states that the organization shall:
c) implement any action needed
d) review the effectiveness of any corrective action taken
So, not only do we implement the corrective action, but we should also be giving it sufficient time to be followed and used so that we can review whether it has effectively prevented the issue from recurring.
Therefore, in this example, if we identified that the root cause of this issue was the process for setting up the machine matching to a correct colour code, then the process would be updated, training may be conducted and then the new process is followed and monitored for a period of time (normally based on risk) to ensure that the new process does ensure that the correct colour code is always matched to the correct job.
Then to finalise the considerations for this subclause of 10.2.1, the last few points state that the organization shall:
e) update risks and opportunities determined during planning, if necessaryf) make changes to the quality management system, if necessary
Corrective actions shall be appropriate to the effects of the nonconformities encountered.
These few points are saying that when there has been a nonconformity does this mean that there are additional risks or opportunities that may have been missed in your initial assessment of the process or operations? And if so, does this change your quality management system and associated procedures?
This provides that final loop back from an Operations level up to a Systems level. And of course, the corrective action taken should be at a level that is suitable for what actually occurred.
For example, a corrective action of firing all of the machine operators for that single item coming out red instead of green is not proportionate to the actual issue and in particular even the root cause.
The next subclause section 10.2.2 goes on to state that:
The organization shall retain documented information as evidence of:
a) the nature of the nonconformities and any subsequent actions taken;
b) the results of any corrective action.
Ok, simple! Any nonconformities identified need to be recorded as to what they were and what actions were taken, including the results (successful or otherwise) of the corrective action taken. This is normally in the form of a Nonconformance Register or Improvement Register – you can call it whatever you want, as long as it does record this information at a minimum.
Other information that this register might also include that is helpful is:
- who is responsible
- created or occurrence date
- the due date for corrective action
- the due date for review of implemented corrective action
- any links to photos or investigations
- identified by category (which might be an internal audit, external audit, daily operation, customer complaint, and so on)
These are just a few additional fields that I have come across that help with analysing ongoing improvements.
Now that you have a better understanding of these requirements, it's time to take action and implement them in your own organization and ISO 9001 quality management systems.
If you prefer watching over reading, head to our ATOLTV ISO 9001 playlist on YouTube. And if you're interested in becoming an ISO 9001 specialist, check out our range of ISO 9001 quality management systems courses and qualifications today.
