Guide regarding handling nonconformities to the clients:

The term “nonconformity” inspires fear in many people. It shouldn’t.

A nonconformity is simply an opportunity for the management system to improve. It should not be viewed as an indictment of any person or group, but rather as a factual statement that drives improvement. Before we get any further, it’s helpful to provide a clear definition of what a nonconformity is. A nonconformity is the failure to meet a requirement.

It’s a short definition, but it packs a lot of power. The first thing you should notice is the prerequisite. You need a requirement before you can ever have a nonconformity. When we write a nonconformity, you always write the requirement first. It sets the tone for everything else. If you can’t find a requirement for a situation, then categorically you can’t have a nonconformity. You might have a concern, observation, remark, or opportunity, but it’s not a nonconformity unless it’s clearly tied to a requirement

Nonconformities found shall be classified as follows:

Major: a nonconformity that affects the capability of the management system to achieve the intended results (for example, a significant doubt on the implementation of an effective process control, or a number of minor nonconformities associated with the same requirement or issue, which could demonstrate a systemic failure and thus constitute a major nonconformity).

Minor: that does not affect the capability of the management system to achieve the intended results.

Opportunity for improvement: a situation where, despite not being a nonconformity, a discrepancy or gap is identified (for example, requirements could be met in a better way, there is a potential for a future nonconformity though requirements are currently met).
Following the issuance of any nonconformities during the audit (classified as Major or Minor), it is mandatory to require from the organization a written Correction / Corrective Action plan.

During an assessment the audit team may identify non-conformances within your system and require you to complete a non-conformance report / corrective action plan - lets address this in more detail...

It is essential that you complete the Corrective Action Plan (CAP) correctly and in sufficient detail to give confidence to the certification body audit team that the non-conformances have been suitably addressed in terms of root cause analysis, long term corrective actions and that the non-conformance will not reoccur.

Handling corrective actions:

There are many different versions of non-conformance plans and corrective action forms and some may require more information to be documented over others, however, when completing you should always follow the same principles when taking corrective actions:

Correction/Immediate Corrective Action
Root Cause
Corrective Action/Long Term Corrective Action
Verification of Effectiveness

Correction/Immediate Corrective Action

This step is similar to containment, but it should be used to plan out the actions you are going to take to in order to bring the product or process back into conformance. It is typically expected that this process should be completed within 30 days but sooner if there is a high risk of product escaping or if it has already escaped.

The immediate corrective action can also be classified as the first “why” when using the “5 whys technique” and would be the action which is directly causing the non-conformance.

Direct Cause “The event or action that immediately results in or precedes the nonconformity.”

Magnitude

A critical step which is often missed is also an assessment to determine the magnitude of the detected nonconformance. You will need to identify and isolate all non-conforming products or processes to prevent growth. If you rework one part which was not conforming do you need to also rework other parts in the same batch or are there other batches which could potentially have similar issues. The issue may also impact other parts which have gone through the same process. It may just be a paperwork issue but in any case you need to review the magnitude of the non-conformance to determine if it is an isolated occurrence or far greater.

Communicate and Tasks

It is also important for you to communicate to relevant parties relating to the non-conformance which may include customers, management, suppliers and employees.

As part of the immediate corrective action you should identify task steps to bring the product or system back into conformance ensuring you assign responsibilities and timeframes for each of these. Setting out what verifiable evidence is required is also beneficial as everyone will then know what needs to be done and how the action being closed is evidenced.

Root Cause

This is probably the step which is most commonly wrong when addressing non-conformances and if this stage is not right then the chances are that the next stage of corrective action/long term corrective action will also be wrong.

The root cause is basically the underlying reason for why the non-conformance occurred, how did it happen in the first place? You must never move onto corrective actions/long term corrective actions before the root cause(s) have been correctly identified otherwise you will run the risk of implanting actions which do not fix the problem.

The root cause statement shall be a statement of fact (or facts if there are multiple root causes) and must address basic systemic issue(s) without any obvious embedded “why” questions and you achieve this statement by performing root cause analysis.

There are many tools which can be used to identify root cause such as:

5 Whys

Failure mode and effects analysis

Pareto analysis

Fault tree analysis

Bayesian inference

Ishikawa diagram, also known as the fishbone diagram or cause and effect diagram

You can use any technique or tool you wish as long as it has identified the root cause fully and there are no open questions as to what went wrong.

Many organizations fail to complete this process effectively which results in the corrective action plan being rejected and a majority of these rejections are due to organizations just copying what the non-conformance statement is.

For example, if a non-conformance was relating to a training record not being up to date, you do not then put as your root cause “the training record was not up to date”.

This is not a root cause, this is you highlighting what we already know and we can continue asking the question “why”.

5 Whys Technique

There are many different tools you can use as highlighted above and none are stipulated for use, however, the easiest to help with understanding is probably the 5 whys technique.

The idea is simple. By asking the question "Why" you can separate the symptoms from the causes of a problem. This is critical as symptoms often mask the causes of problems. As with effective incident classification, basing actions on symptoms is worst possible practice. Using the technique effectively will define the root cause of any non-conformances and subsequently lead you to defining effective long term corrective actions.

Often the answer to the first “why” uncovers another reason and generates another “why.” It often takes five “whys” to arrive at the root-cause of the problem. You will probably find that you ask more or less than 5 “whys” in practice.

How to Use the 5 Whys

Assemble a team of people knowledgeable about the area of non-conformance. Include as many personnel as possible.

On a flip chart, presentation board, or even paper; write out a description of what you know about the problem. Try to document the Problem and describe it as completely as possible. Refine the definition with the team. Come to an agreement on the definition of the Problem at hand.

Have the team members ask “Why” the Problem as described could occur, and write the answer down underneath the Problem description.

If the answer provided from 3 (above) does not solve the Problem, you must repeat steps 3 and 4 until you do.

If the answer provided from 3 (above) seems likely to solve the Problem, make sure the team agrees and attempt a resolution using the answer. You may find that there are more than one root causes to the problem.

The 5 Whys can help you uncover root causes quickly. However, making a single mistake in any question or answer can produce false or misleading results. You may find that there is more than one root cause for each non-conformance; corrective actions should be implemented for each of these.

Mastering the 5 Whys

To validate those potential root-causes that are under your control, you can apply the following validations to your answers or root causes. Ask the following questions for every possible root-cause you identify at all levels of the 5 Whys:

Is there any proof (something you can measure or observe) to support this root-cause determination?

Is there any history or knowledge to indicate that the possible root-cause could actually produce such a problem?

Is there anything “underneath” the possible root-cause that could be a more probable root cause?

Is there anything that this possible root-cause requires in order to produce the problem?

Are there any other causes that could possibly produce the same problem?

Example 1

Non-conformance

“Components are being delivered late to our customers.”

Why 1: Why were we unable to meet the agreed-upon timeline or schedule for delivery? The job took much longer than we thought it would.

Why 2: Why did it take so much longer? Because we under estimated the complexity of the job.

Why 3: Why did we underestimate the complexity of the job? Because we made a quick estimate of the time needed to complete it, and did not list the individual stages needed to complete the project.

Why 4: Why didn't we do this? Because we were running behind on other projects.

Why 5 and Root Cause: Why are we running behind on other projects? We do not allow enough manufacturing/lead time when issuing quotations to our clients.

Example 2

Non-conformance

“The CNC Machine keeps failing.”

Why 1: Why did the equipment fail? Because the circuit board burnt out.

Why 2: Why did the circuit board burn out? Because it overheated.

Why 3: Why did it overheat? Because it wasn’t getting enough air.

Why 4: Why was it not getting enough air? Because the filter wasn’t changed.

Why 5 and Root Cause: Why was the filter not changed? Because there was no preventive maintenance schedule in place informing the operator to do so.

Corrective Actions/Long Term Corrective Action

As mentioned above, do not start this step until the root cause has been fully identified. A really common reason for rejecting corrective actions submitted by organizations is due to the corrective actions not fixing the root cause or in most cases it does not match the identified root cause.

You should never raise a corrective action that does not use the root cause as the input to the plan. As an example, if the root cause is “We do not allow enough manufacturing/lead time when issuing quotations to our clients”, your corrective action should not be to get the maintenance manager to increase the filter changes. That address your root cause relating to lead times.

Just as you would in the immediate corrective action section, you need to highlight the tasks to complete in order to implement the corrective actions, who will be responsible, when the task will be completed and using what methods etc. You should reference any procedures which require updating or records which need to be presented.

The length or time for corrective action can vary dramatically depending on what the long term fix will be, maybe you need some intermediate corrective actions before the final corrective action task will be completed. By highlighting the tasks you will set out a clear plan on what will be achieved and when.

Verification and Effectiveness

This is the final step in the process of correcting non-conformances and is used to identify the records which need to be completed or provided to demonstrate that the tasks have all been completed. Maybe this is the updated procedures, completed training records or revised drawings etc. These documents and records would be used to show that you have done everything you should have done to hopefully prevent the reoccurrence of the non-conformance.

Tip: Documents such as planning, drawing changes, training records and purchase order changes are often used as verification of implementation.

Physical changes such as tool revisions, facility upgrades (lighting, floor mats, etc.), shadow boards or machine repairs are also common verifications.

FAQ