ISO9001 and the Control of Non-Conforming Outputs
Unless you are operating in some mystical nirvana the reality is at some point you are going to have rework in your organisation, you have rework because you have a non-conforming output and so ISO9001:2015 has some requirements for you to meet in order to ensure that you control these adequately. The other thing that tends to happen around non-conformances is the view that they are a bad thing, in fact in some places this causes them to be hidden away (or worse, ignored!) and discussed quietly in small rooms, in reality you should be embracing these as golden opportunities for your continuous improvement program. Think about it, if you can understand why you have this non-conforming output and solve it then you will eliminate rework and lost time, that means you will save time, possibly materials and reduce waste all of which do only 1 thing, send more money to your bottom-line.
Outputs not Products or Services
The other misunderstanding that happens with this clause is the belief it is about non-conforming products heading out the door, it's not. ISO9001:2015 Clause 8.7 is titled Control of Non-Conforming Outputs. It doesn't say products or services, it says outputs. This means that any output from any process should be considered and they should be considered for both internal customers and external customers. Now that's a pretty large thing to think about. Let's consider some examples.
- Your design team send out drawings to the manufacturing floor with incorrect tolerances
- Finance Team send out invoices that are incorrect
- The production plan issued is missing key products
- A new Documented procedure has the wrong header or references or is just riddled with errors
- The product from the machining department heading for painting is too rough for prep
- Product Fails final testing prior to shipment
- The product gets to the customer and you realise a part you fitted was incorrect
The list could go on but hopefully, you get the idea that the basis of the non-conforming output is that there was a standard that was expected, and you missed it.
Dealing with Non-Conformances
Clause 8.7.1 makes it clear that the organisation should have processes and systems in place that are designed to ensure that non-conforming outputs don't reach the customer, again remember this could be the internal customer or the external customer. Take our example about of the parts from machining, there should be a process in place to ensure these never reach painting since this will not only add cost to the part and increase the risk of it getting out the door it will also lose time at the painting operation segregating good and bad parts or reworking or working on product that isn't good enough to move on.
The standard requires you to separate these nonconforming outputs to ensure that don't reach the next step in the chain. This may be by attaching a tag, putting them into a quarantine area, stopping a process and so on.
The standard gives you some specific options about dealing with the non-conforming output but since it has the word SHALL in there it's a choice of the options provided as a minimum:
- Correction – so identify what is wrong and just fix it. Of course, after fixing it you need to verify that you have actually fixed it by putting it back through any testing or verification process you have.
- Segregation, Containment, return or suspension of products and services. So as we indicated earlier, essentially some form of quarantine and the ability to ensure that you know how many were created and what if any have escaped. You can return them to the previous
process orrequest your customer return them by way of a recall if they have escaped the process and of course, you should most defiantly stop producing the non-conforming output to limit the problem. To do that you should empower anyone in your organisation to have the ability and courage to put their hand up and say nope, stop the process.
- Informing the customer, remember this could be both internal and external. So you have an obligation to make sure they know what the situation is and what the risks are and of course how big the problem is. You need to be 100% open and honest here.
- Obtain authorisation for acceptance based on accepted criteria under a concession, i.e. Ok this once I'll accept the outputs if they ……
As we have said already, you must ensure that any reworked outputs do meet the original requirements of the process, you can't just fix and move it on without this re-verification.
Documented Information Requirements
Clause 8.7.2 of the ISO9001:2015 standard gives you the requirements for retaining the documented information to support your nonconforming output and the decisions that you have made. This documented information needs to do the following 4 things:
- Describe the nonconformity – it is best if you can do this in terms that anyone would understand rather than technical jargon.
- Describe what the actions are that you are taking as a result – so did you put everything on hold, recall, investigate how it happened, followed up with the supplier, reviewed the training of people and so on.
- Describe any concessions that have been obtained – What was allowed, what wasn't, was it for a limited quantity or limited time, where there are limits on what would be Ok and what wouldn't
- Identify who gave the authority for actions or acceptance under the concession, i.e. what were their name and position. You may, for example, have a list of those internal & external who are authorised to make this decision, so these are the names you are looking for.
Most organisations have a form to complete should a non-conformance occur that will cover all of the information required. ISO9001 doesn't state how you collect or record this information, it is entirely up to the organisation so it can be paper-based, spreadsheet-based or an integrated system. The key is that the system is used, and non-conforming outputs can be easily identified, traced and recorded to ensure that it cannot reach the next customer either internally or externally.
Control of Non-conforming outputs is a final element of meeting ISO9001:2015's Operations Clause and it's an important one. You need to ensure that the outputs from any source meet the requirements of the next, if it doesn't you need to be able to control these nonconforming outputs and rectify them and the problem taking what action you require and record all of the things you have done. You need to look at this as both an internal and external process, i.e. non-conforming outputs from one part of your organisation being given to the next part of your organisation is no more acceptable that just giving that nonconforming output to the end customer, ISO9001:2015 views them as equal. It is also important to set the culture of your organisation to look at these non-conformances as opportunities for improvement that should be out in the open and not hidden away and talked about in low voices.
Get In Touch
If you need any support in developing or improving your ISO or Quality Systems we'd love to hear from you, just click here to make an appointment and find out how we can help you Make Things, Better
You can also call John on 0211649739 to set up a meeting
Virtual Quality Management
© Many Caps Consulting | All Rights Reserved.