Clause 8.7 of ISO 9001 requires that an organization identify the outputs that do not conform to the requirements of the customer, and control these to prevent their unintended use or delivery. Outputs do not necessarily mean defective products or errors in service delivery, this could be any in-process output as well. This could include errors in the design document, issues with the invoice, issues in understanding the requirements of the customer, or a faulty product. The intent of the clause is that non-conforming process outputs, products or services are not delivered to the customer or used internally inadvertently.
Why is it important?
Identifying non-conforming process outputs, products and services, and taking adequate steps to ensure that it is not delivered to the customer in that form or is not used as an input to the next processing activity, is important to ensure the overall quality of the product or service. A non-conforming output when not identified or controlled can lead to a number of quality issues that will eventually reach the customer. A defective product or bad quality service is never appreciated by a customer, and can lead to customer dissatisfaction. Therefore, it is important that organizations identify all stages that generate process outputs, and put in place mechanisms to identify non-conforming outputs, and have a defined set of steps to handle such non-conforming outputs. Output here means any output from the process, product or service.
Addressing the Non-Conforming Outputs
The first step in getting this clause implemented is to identify the process outputs, products or services that do not conform to the requirements, be it customer requirement or other requirements. For each “nonconforming” process outputs, products or services, adequate controls should be established by the organization to ensure that such non-conforming outputs are not delivered to the customers or used unintentionally internally as part of the input to another process. These non-conforming outputs may be found during self-reviews, peer reviews, testing or inspection methods established at various stages of the process.
While non-conformities in an organization are expected at any stage of work, what ISO 9001 requires is that these are identified timely and handled efficiently whenever they are presented. In other words, non-conformity will eventually occur, but what is required is that the nonconformity is identified and addressed.
Adequate actions should be planned for each non-conforming output. It is not necessary that for each output, the same action may be required. The action should be proportionate to the nature of the nonconformity and the impact of the output on the final product or service. An erroneous invoice may just need to be corrected, but a defective part that is part of the final product should either be fixed or segregated or returned (if supplied by a supplier) to ensure that it is not used (as it is) to produce the final product.
This requirement also applies to nonconforming products or services that are identified after delivery to the customers. So, if a customer reports a defect in the software that you delivered, and he/she is not able to operate the system any further, it’s a showstopper and needs an immediate correction. On the other hand, a bug which is only a small issue that does not hamper his work, for example, a ‘button is not getting displayed at the right place', may be fixed in the next release. The action should be proportionate to the magnitude of the problem that you have in hand.
There are a number of ways that the organization can use to deal with nonconforming process outputs, products or services. The selection of the right methods depends on the necessity of the process. This may include one or multiple methods being applied to the non-conforming item:
- Correct the fault
- Segregate or contain the process output, product or service
- Return the process outputs, products or services
- Suspend the products and services
- Inform the customer
- Obtain a concession from the customer to use the nonconforming process outputs, products or services
- Obtain authorization to release the product or services or to re-provide the product or service
If the organization decides to correct a nonconforming process output, product or service, then it must verify that the action it has taken has restored the process output, product or service conformity to the requirement.
ISO 9001 standard also requires that an organization records non-conformities and how these were handled. Typically, a report is created to record all the non-conformities. This report, usually called as Non-Conformity Log, should include at least the below details:
- Description of the Issue: The problem or the issue identified should be clearly defined. All information gathered using techniques like 5Why’s and 1 How i.e., who, why, what, when, where and how will help in understanding the issue and creating the right action plans. The detail should include what non-conforming indicators were found.
- Describe the immediate actions taken to fix the issue. This should describe the procedures taken to correct the problem and prevent it from repeating in the future.
- Any concessions from the customer in accepting the non-conforming product. If you have such scenarios where the customer may authorize acceptance of a faulty product or service, the same shall be recorded. The customer could be either internal or external.
- Identify the person responsible who authorizes the fix. It is important to find out if the fix has eliminated the problem. This should be done by a person who is authorized to do so. He shall re-validate the output to ensure the fix is done appropriately.
All such non-conformance records that detail out the non-conformance and actions taken to fix such issues should be retained by the organization.
The whole process of identifying and controlling non-conforming products, services, and process outputs is intended to keep an organization alert on inputs and outputs of processes. With the help of the ISO 9001 standard, an organization can ensure that it achieves all its quality-related goals.