QMS Certification Blog

“8.7 control of non-conforming outputs” and “10.2 non-conformity and corrective action” in ISO 9001:2015

“Non-conformance” is an example of those that appear in more than one moment in ISO 9001:2015: in requirement 8.7, it appears as “Output non-conforming”, whereas in item 10.2, as “Non-conformity and corrective actions”. In today’s article, we’re going to talk about nonconforming and nonconforming output control.

And that can bring a lot of confusion in how this term should be treated. Within the structure of Annex SL, requirement 8.7 “Control of non-conforming outputs” is in the execution stage, and requirement 10.2 “non-conformities and corrective actions” is found in the Improvement stage.

Sounds confusing, doesn’t it? But in practice, this means that the control of non-conforming outputs is carried out during the operation, by the plant floor team. While non-conformities are analyzed in moments of critical analysis, with the involvement of multidisciplinary teams.

Let’s understand this better!


Interpreting Requirement 8.7

Non-conforming output is a non-conformity that occurs at the end of product production or service provision, which is why it is called non-conforming output.

For the control of non-conforming outputs, the standard makes it a good practice to identify any product or service that is not done as planned in its requirements, taking actions to deal with these non-conformities and their consequences, both soon after the output from the production line or at the end of service provision, when after delivery to the customer.

Actions to deal with these non-compliances, the standard proposes:

  • that the correction of products and services is carried out;
  • that the provision is stopped, contained or segregated;
  • that the customer is informed about what is happening;
  • that, if necessary, there is an authorization to deliver the product and service even in non-compliance;
  • that after correction, the product or service undergoes compliance verification again;
  • and that documented information is retained about what happened, where, when, why, what actions were taken, whether this non-compliant output was used, and who made the decisions in this regard.

In other words, the requirement to control non-conforming outputs, as the name implies, calls for control of what is different from the planned production of products and provision of services by the company. The organization must identify, react and deal with it.

Going back to our example from the beginning, if a cover designed to be a star leaves the production line with an animal print, it must be identified as wrong, the production must be analyzed to see if other covers are not coming out with the wrong print , the customer needs to be informed that this has happened and have the option to choose: whether he wants to take the animal one or whether he wants the star one to be produced, with the consequences of delayed delivery, for example.


Interpreting Requirement 10.2

In this requirement, the standard speaks of non-conformity without specifying a detailed step. In other words, here we must analyze everything that happens in the company, and not just production outputs. The standard states: “including those arising from complaints”, that is, even what was not identified by the company, but came from an interested party.

When a non-conformity occurs, the requirement text proposes:

  • that the company reacts to this NC, controlling it, correcting it, and dealing with the consequences;
  • that the need for actions to eliminate the causes is evaluated, critically evaluating it and acting preventively (yes, the standard does not require corrective action for all non-conformities. This decision is made by the organization, according to its context );
  • that any necessary actions are implemented and that the effectiveness of these actions is analyzed;
  • that risks and opportunities are analyzed and system changes are implemented when necessary;
  • that the organization retain documented information about the properties of that NC, what has been done and the result it has generated.

In other words, in this requirement, the standard proposes that the organization think about what is out of planning and, if necessary, act so that it does not happen again in the same way or in a similar way. It proposes learning from the organization.

Returning to the example at the beginning, if a nonconforming output was identified in production, we must analyze whether immediate actions were taken satisfactorily and whether this nonconformity needs to undergo a deeper analysis, and only then, enter into cause analysis.


Difference between requirements

Note that requirement 10.2 is much broader than requirement 8.7. While requirement 8.7 talks only about production outputs, requirement 10.2 asks for an analysis of the entire management system.

In addition, requirement 8.7 deals with non-conformities immediately, proposing that the non-conforming output is only delivered to the client with his consent and that any other non-conforming output be made at that same moment. Requirement 10.2, in addition to asking for these immediate actions, also talks about the correction and prevention of the company’s problems.

In requirement 10.2 we must list all the non-conformities that happened, and the systemic problems must be analyzed, the problems that happen the most, so that they can be treated.


Too much control, too little action

The treatment of non-conformities is one of the main points of the standard, as it brings a lot of learning to the company, but even so it is seen as bureaucracy and with fear on the part of employees.

In the reality of companies, it is impossible for production to be stopped for any non-conforming output so that the cause can be analyzed by the operators. But at the same time, non-conforming output needs to be handled carefully so that the customer is not harmed.

By putting a nonconforming output and a nonconformity “in the same bag”, we end up bureaucratizing this management, making employees work more on records than actions, and that they do it only because it is being asked, and not for learning.

That’s why ISO 9001 is very wise in separating things, and treating each one with the responsibility it needs.

QMS Certification

QMS Certification

QMS is an accredited third party certification body, it is currently present in 33 countries and focuses on the certification of management systems. QMS America is managed by the US office and has consistently grown in market recognition by technical level, customer satisfaction and competitive pricing.

Join the newsletter!

Subscribe to get latest content by email.

Non-Conformity Management Root Cause Analysis

Non-Conformity Management: Root Cause Analysis

In the world of quality management, one of the most crucial aspects is the effective management of non-conformities. Root cause analysis is an indispensable procedure in this context, providing a path to prevent their recurrence. Learn more!

Greenwashing and Social Washing Understand What They Are and Their Relationship

Greenwashing and Social Washing

The terms “Greenwashing” and “Social Washing” are interconnected, as both involve deceptive practices adopted by companies aiming to give the impression that they are committed to environmental and social sustainability when, in reality, their actions are not as beneficial as they appear.

Whistleblowing in Compliance Programs

Whistleblowing in Compliance Programs

The so-called “Whistleblowers” are aimed at promoting transparency, and their disclosures often have significant implications for the organization, helping to expose unethical, illegal, or harmful practices.

Scroll to Top