Blog

Auditing the Nonconforming Material Process-21 CFR 820.90-Part III

This blog, “Auditing the Nonconforming Material Process-21 CFR 820.90 identifies process interactions with the nonconforming material process. 

auditing for compliance 21CFR 829.90 Auditing the Nonconforming Material Process 21 CFR 820.90 Part III

Nonconforming material is not a “bad” thing in and of itself. In fact, having no nonconformities is conspicuous. There are three critical aspects to verify when you are auditing nonconforming materials:

  1. nonconforming materials are identified and segregated
  2. disposition of nonconforming materials is appropriate
  3. feedback from the nonconforming material process interacts with other processes

This article focuses on the third aspect–process interactions. The most efficient method for auditing process interactions is to use turtle diagrams, because turtle diagrams provide a systematic framework for identifying process linkages (http://bit.ly/Process-Approach).

Turtle Diagram Step 1

The first step of completing a turtle diagram involves identifying the process owner and obtaining a brief description of the process. This typically will not lead directly to identification of process interactions–unless the person being interviewed describes the process using a process flow diagram.

Turtle Diagram Step 2

The second step of completing a turtle diagram is where the auditor identifies inputs of raw materials and information to the process. For nonconforming materials, the key is to review the incoming inspection record and the trend of nonconformities from the supplier. In a thorough investigation of root cause for nonconforming raw materials, an investigator may recalculate the process capability for each dimension to determine if the process capability has shifted, since the original process validation by the supplier.

Turtle Diagram Step 3

In the third step of completing a turtle diagram, the auditor documents the flow of product and information when the process is done. The transfer from one process to another will often involve an in-process inspection, and updating of the product status. The best practice is to identify these in-process inspection steps in a risk control plan as part of the overall process risk controls for product realization. Although risk control plans are not required in most companies, they will become more prevalent as companies update their quality systems to a risk-based process for compliance with the 2015 version of ISO 9001.

Turtle Diagram Step 4

The fourth step of the turtle diagram identifies calibration, maintenance and validation that is applicable to the process being audited. It is common for nonconformities to occur when measurement devices are out-of-calibration, or equipment is not adequately maintained. Therefore, auditors should always ask what device was used to measure a nonconformity, and what equipment was used to manufacture product. Auditors should also review calibration and maintenance records for evidence that corrections are being made on a frequent basis.

Whenever frequent corrections are needed, the probability of devices being out-of-calibration and/or equipment malfunctioning increases. Auditors should also verify that the process parameters in use match the validated process parameters. Ideally, validation of process parameters is also directly linked to process risk analysis, and in-process inspections are performed whenever process capability is inadequate to ensure conforming parts. If an auditor observes a high frequency of nonconformities, then an in-process inspection should be implemented for containment and the validation report should be compared to current process performance.

Turtle Diagram Step 5

The fifth step of completing a turtle diagram involves identification of personnel and sampling training records. The procedure for control of nonconforming material should be required training for anyone that is responsible for initiating, investigating or completing a nonconforming product record (i.e., NCR). Critical interactions to verify for effectiveness are related to process changes. If a procedure changes, training may need to be updated. An auditor should verify that there is a mechanism for tracking which revision of the procedure each person is trained to. In addition, training records should verify that training requirements are documented, training is effective and that the person is able to demonstrate competency by correctly completing the sections of an NCR form. The auditor can review completed records to verify competency, but the auditor can also interview personnel and ask hypothetical questions.

Turtle Diagram Step 6

The sixth step of completing a turtle diagram involves identification of all applicable controlled documents, such as: procedures, work instructions and forms. The auditor should also verify that the process for control of external standards is effective. In the case of controlling nonconforming product, there are seldom any applicable external standards. However, it is critical to verify that the current forms and NCR identification methods are being used for control of nonconforming product.

Turtle Diagram Step 7

The seventh and final step of the turtle diagram is data analysis of metrics and quality objectives for a process. For control of nonconforming product, there should be evidence of statistical analysis of nonconforming product in order to identify the need for corrective actions. This is a requirement of 21 CFR 820.250. This data analysis should then be used to quantify process risks that may be used for decision-making and to explain those decisions during regulatory audits.

The above process interactions are just examples, and auditors may identify other important process interactions during the course of an audit. Each process interaction that touches a record of nonconforming product is a potential audit trail that could lead to value-added findings to prevent future nonconformities.

If you need help improving your own process for controlling nonconforming product, or with auditing in general, please email Rob Packard.

Posted in: ISO Auditing

Leave a Comment (0) ↓

Leave a Comment

Time limit is exhausted. Please reload the CAPTCHA.

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers:

Simple Share Buttons
Simple Share Buttons