Management system guidance
ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018.
Our range of templates cover the requirements of ISO 9001:2015, ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement your next management system.
8.7 Non-conforming outputs
This requirement is comparable to the requirements from ISO 9001:2008 Clause 8.3 – Control of Non-conforming Product but it now includes as a new requirement, the terms ‘process outputs’ and ‘services’ as well as products.
It should be noted that there is no need to maintain a documented procedure but your organization may still choose to operate one. You should seek and record evidence that your organization has retained documented information concerning non-conformities and the actions arising.
Define how your organization verifies conformance where process outputs, products and services are corrected following non-conformance. What are the arrangements for defining corrective actions for non-conforming outputs detected after delivery (see 10.2) e.g. reaction to the non-conformity, evaluation of necessary action(s), implementation and monitoring of identified action(s), review of effectiveness and sustainment of action(s) taken.
What documented information does your organization keep following actions taken to address non-conformities, including any concessions obtained and, on the person, or authority that made the decision regarding dealing with the non-conformance?
Generally, this information is contained the Non-conformance report of log. Consider your organization’s arrangements for retaining documented information that:
- Describes the non-conformity e.g. statements, illustrations, reports, objective evidence;
- Describes actions taken e.g. dispositions relating to correction, concession, scrap;
- Describes any concessions obtained e.g. accepted concession, waiver, deviation, production permit, service alleviation;
- Identifies the deciding authority e.g. authorized signatories, non-conformance control authorities, delegated technical authorities, customer.
No matter how you resolve a non-conformity, you must keep records of each non-conformance and how it was dealt with. Records of product non-conformity should be periodically reviewed to determine if a chronic problem exists with the production process, it’s all about improvement!
By keeping records of your non-conformities, it is easier to spot negative trends and examine the root cause, and eliminate the cause of your problems. This, in turn, should result in fewer defective products or process outputs and could lead to more satisfied customers.
If you have manufactured a product, inspected it and found it to be out of specification, it is most likely to be deemed nonconforming product. In some instances, you will have to scrap the defective product but in other situations you may be able to do some remedial work and bring it back into specification.
What the clause is telling us is that the product should then be subject to further inspection to verify that it is now correct. As for records, if you documented the non-conforming product there should normally be somewhere to verify that you successfully (or not) cured the problem and that it is now conforming.
Re-verification simply means that you cannot assume that because someone tells you they have corrected the problem then it is ok. The clause is asking you to re-verify by whatever means you originally chose.
If you used inspection as a method of verification then re-inspect in the same method. If not, use whatever method suits you (or your customer). Just make sure it is ok before it leaves!
The re-verification after remedial work might involve testing as well as inspection. The reason is not just to verify that the defect has been removed, but also to assure that fresh defects have not been introduced by the rework. Records would be as appropriate for the re-inspection or re-testing performed.
Re-verification is equivalent to re-inspection and records could include a signature of approval or a more formal test report. Whichever format is chosen, it must be defined in the Control of Non-conformance procedure.
Generally, you could take two routes. If you have an internal non-conformance then depending on your documentation, your verification could be documented on your non-conformance report. If your non-conformance is external, you should supply evidence of conformance to your customer.
You may need to supply new evidence of conformance to your customer along with corrective action documentation if requested. The method that you use in either of these situations should be defined in your procedures, that way you relieve yourself and your auditor from guessing how you would address them.
Where necessary, any product or process outputs that do not conform to specified requirements should be properly identified and controlled to prevent unintended use or delivery. Improvements are then implemented to ensure the non-conformance does not reoccur. Control non-conforming products by:
- Defining how non-conforming products and processes are identified;
- Defining how non-conforming products and processes are dealt with;
- Removing or correcting non-conformities;
- Preventing the delivery or use of non-conforming products and processes;
- Verifying how non-conforming products and processes were corrected;
- Providing evidence that corrected products and processes now conform to requirements;
- Keeping records that catalogue non-conforming products and processes.
Controlling non-conformity applies to services just as much as it does to tangible goods. Reports, data, test results and intellectual property, to name just a few service outputs, can all be potentially non-conforming, in which case all the disciplines of this process apply. It is the company’s policy is to detect, control and rectify any aspect of non-conformance as quickly and efficiently as possible.
In the case of service processes that directly involve the customer, the control of non-conforming outputs is the way the organization deals with non-conformities in the service provision until the appropriate corrective action can be defined and implemented.
When non-conformities are identified, you should examine whether the personnel involved are sufficiently empowered with the authority to decide the disposition of the service, for example:
- To immediately terminate the service;
- To replace the service provided;
- To offer an alternative.
You should also examine:
- Your organization's customer claims and complaints processes;
- Any temporary corrections that are implemented to mitigate the effect of the Non-conformity (e.g. refund, credit, upgrade, etc.)
- The identification, segregation and replacement of the service
- Equipment, service providers and environment.
This will enable you to judge whether the control of such non-conforming services is effective. In such situations the processes should have provisions to capture data on the non-conformities and to feedback information, at the appropriate management level, for the effective definition and implementation of corrective actions. Evidence will need to be sought to justify effective implementation of these techniques.
More information on PDCA
Free internal audit checklists
Check out our free internal audit checklists. The audit checklist template is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the necessary requirements.
Over 8,000 companies and globally recognized brands have relied on our templates to provide a path to improve, collaborate, and to enhance their operations to achieve certification, please see our client list for more information.