Non-Conformance Reporting – What is It and How Can You Use It?
Before we dive into non-conformance reporting and how to use it, let’s first answer a question that people often ask:
What is a NCR?
An NCR is a Non Conformance Report. Organizations use this document to record differences between actual conditions and quality standard requirements. The details of the difference that the company captures on an NCR can be for a process, service, or product.
You can create Non Conformance Reports for any area within an organization. Companies however mostly use them in operations, production, and manufacturing.
Organizations use Nonconformance Reporting or non-compliant reports to document any issues. Non-conformities (NCs) occur when products, processes, or services don’t comply with industry standards and internal company procedures.
You can identify NCs during normal operations, via a quality inspection process, customer complaints, or during an internal audit. Companies often use cloud-based corrective action request & tracking software to document the process.
Which ISO Standards Use NCRs?
The International Standards Organization (ISO) currently has more than 22,500 standards published covering a huge range of industries. Virtually each of these standards contains a clause that specifies how a company should handle NCs.
Some of the international quality management systems (QMS) standards are:
- ISO 9001:2015: The abbreviation ISO stands for “International Organization for Standardization”. This NGO is based in Geneva, Switzerland. Its aim is to develop standards for the maintenance of the quality and safety of products and services. ISO 9001:2015 is a framework for quality improvement. Any company that provides products or services can implement this standard to match customers’ expectations and requirements very efficiently.
- ISO 13485:2016 emphasizes the requirements for a QMS for the development and design of medical services and devices to standards.
- FDA 21 CFR Part 820: Device manufacturers that distribute commercial medical devices in the USA must comply with this standard. This standard outlines Current Good Manufacturing Practice (cGMP) regulations. People also know it as the quality system regulation (QSR).
Who Else Should Use NCRs?
ISO is however not the only organization that publishes standards. The food industry for example uses HACCP while the US Food and Drug Administration (FDA) has a host of standards that deal with specific industries.
The Code of Federal Regulations (CFR) is a collection of general and permanent rules. The Executive departments and agencies of the Federal Government publish these in the Federal Register. The Food and Drug Administration uses Title 21 of the CFR (21 CFR).
Many of those standards, including 21 CFR, also have requirements for handling NCs.
The construction industry also uses NCRs widely. You could for example use NCR meaning construction for a host of reasons including:
- Not following design drawings.
- Not following accepted methods.
- Not following inspection and test plans.
- Using wrong materials.
Any organization that uses any of the standards mentioned above must therefore have some system to handle NCRs.
Why Is the Non-Conformance Reporting Process Included In So Many Standards?
This question is easy to answer. The process is a very easy, yet extremely powerful way that companies can use to improve all the time.
Before you can fix anything you must know what to fix in the first place. That is what NCRs do. They provide a way to report issues and problems. Once you know those, you can do something about it.
Different standards define non-conformities (NCs) differently. ISO 9001 for example states that it is anything that strays from the QMS standard. On the other hand, FDA medical equipment standards define any problem with the performance of the equipment as NC.
Can I Include Issues Not Specified in the Standard as Part of My Non-Conformance Process?
Nothing is stopping you from expanding your definition of nonconformity beyond what the standard specifies. The key is that you can’t ignore what is in the standard but you may add to it.
With a QMS for example, you may decide that you want to include customer complaints as part of your NCRs. This will help you keep track of them and improve that aspect of your business. The same principle applies to any business operation or process.
Be careful when you do this though. If you include other aspects of your business in NCRs, external auditors will check that you follow those procedures. If not, they will lodge a finding against you.
With so many standards used, one would think that the requirements for nonconformance management software would be vastly different. This is however not the case. Although the exact definition of NC varies depending on the standard used, the process of dealing with NCRs is universal.
Even organizations that are not certified to any standards will benefit from using NCRs as it will improve quality assurance. This will help them improve their products, services, and processes all the time.
What Is Non-Conformance Reporting In Terms of an ISO 9001 Quality Management System?
The ISO 9001 standard defines non-conformance (NC) as an event when the company does not meet the requirements of the standard.
When an external regulatory ISO auditor identifies an NC in terms of the ISO system, they will issue a finding. The company must then in turn issue an NCR that will address the issue.
Depending on how severe the finding is, an auditor will specify the time the organization has to resolve issues. The company then has to submit proof that they have done this.
The regulatory authority may even revoke the ISO certificate of the organization. They may do this when they find that the NC is severe. A severe NC normally harms the integrity of the quality system of the company.
ISO 9001 quality control processes are however not the only place where NCs can occur. NCs can also occur in any operation and administration processes and procedures within a business.
Organizations design and implement processes and procedures to achieve desired results consistently.
These processes and procedures regulate all operations and functions of the business. This should therefore include things like HR, finances, marketing, inventory management, and technical operations.
If a person takes action that differs from standard processes and procedures, you won’t achieve the desired result. We call this a NC.
Companies use Non-Conformance Reports to document the NC. They often use non conformance report software or non-conformance software for this purpose.
What is Non-Conformance Reporting according to ISO-9001?
As mentioned before, NCR is simply an abbreviation for a Non-Conformance Report or Nonconformance Reporting. People also sometimes refer to it as a Non-Conformity Report or sometimes NCR software ISO.
As soon as you identify the NC, you need to create an NCR as part of the NC procedure. Organizations should always record NC details in a NCR. You can also use nonconformance reporting software or a non conformance reporting system to make this process simple.
An NCR provides proof to a quality management system auditor that the organization identifies and corrects those issues. The organization will also be able to identify:
- potential trends of either repeated NCs in specific functional areas or
- the reduction of NC events once it has taken actions to correct the problem.
What Should a Non-Conformity Report Contain?
The ISO standard does not specify the elements that an NCR should contain. The organization can therefore create a custom non-conformance report template as per their unique requirements. These reports, however, commonly contain the following information, especially if you use NCR software ISO:
Standard NCR Sections
- Classification or Type – Is this a minor NC or a major NC? The organization would define what they deem as minor and what they see as major.
- Description of the NC. Ideally, the person providing the description should make it as detailed as possible and include all facts and factors. Some organizations go so far as to include images and other documents to support the description.
- Corrective action taken. Learn more about Setting up a Corrective Action Plan.
- Root cause analysis of the problem. How well you do this will determine how successful you are when taking action to prevent the issue from recurring.
- Preventive actions taken.
If you’re not sure about the difference between corrective and preventive actions, read our article on corrective vs preventive action.
Additional NCR Sections
Further information could include:
- The location, equipment, or department where the issue occurred.
- Steps taken to place NC products separate from others and normal operations.
- Individuals responsible for the various aspects of fixing the problem.
- Dates by which the responsible parties should complete various actions.
You can keep track of and manage NCRs by giving each NCR a unique number. You then enter these details in a register. A cloud-based software solution like CAPA NCR software, non-conformance management software, or nonconformance report software will make this process simple.
Non-conformance Types Used in Non-Conformance Reporting
One of the items an NCR produced by non conformance software typically includes is the type of NCs. For this, organizations typically use two types of NC in a NCR – major and minor.
Major non-conformance
In an ISO 9001 quality control system, major NCs are those that lead to the QMS no longer being effective. There is however nothing to prevent management to define other criteria that would constitute a major NC. This could include things like:
- financial loss above a defined threshold
- damage to the reputation of the company, or
- neglect on the part of the key players involved.
Minor non-conformance
Minor NCs generally don’t have a big impact on the business and you can correct them easily via corrective actions.
When Should You Highlight an NCR
You should inform upper management of any NCR where you have decided that a NC is major. You can do this via regular quality management review meetings where you have already placed NCRs on the agenda.
Depending on the severity of the non-conformance, you may however decide to bring the major non-conformance to the attention of management sooner. This would for example be the case if the NC affects the integrity of a medical device. Nonconformance reporting software often has a feature that filters NCRs by how serious it is.
Why Is Non-Conformance Reporting Important?
NCRs are legal requirements in terms of ISO 9001 and other Quality Standards. They will not only prevent people from repeating the same mistake, but each NC also comes with risks and opportunities.
Risks associated with not reporting non-conformities
- When an organization doesn’t report NCs, it leads to not finding process parts that lower the efficiency of the operation.
- This decreases the efficiency and quality of operations.
- When the quality of processes or products decreases because the company doesn’t follow quality standards, it may have negative consequences. These include:
- reputation loss in the market
- customer complaints
- lower customer satisfaction
- increased running costs
- lost business.
- This may result in the company needing additional resources to run the faulty process.
- Every time an organization does not report an NC, they lose the opportunity for improvement.
Opportunities associated with not reporting non-conformities
- When a company reports NCs, it eliminates the possibility of hurting the efficiency of operations without someone fixing those issues.
- NCRs acknowledges that the company needs to improve in an area. It therefore allows employees to identify the root cause of the problem. They can then use that to define an action plan in corrective and preventive action software.
- This will help the company to improve process efficiency and product quality.
- It helps maintain the brand’s market reputation.
- It prevents findings in regulatory audits.
- It builds sustainable quality products and processes.
- All of this helps in increasing long-term profits by not losing business.
Conclusion
In the real world, there aren’t processes that will guarantee the delivery of a product or service that conforms every time. This is why reporting NCs that will lead to changes at the process level, and preventive measures are so crucial.
Putting a non conformance tracking system in place is the first step if you want to reach this goal. If you don’t address NCs they will always come back and have a negative impact. These could take the form of potential customer harm, legal penalties, and product recalls.
Good Quality Managers don’t avoid writing NCRs. They understand that they can boost the sustainability of a business, while at the same time improving the quality of the product. Try out our nonconformance management software today and log NCRs in real time. This will help you make the process so much easier and faster.
The process of managing nonconforming processes, products and services should be part of continuous improvement efforts of every organization.
