Who is this article for?

Users who want to learn to raise, manage, and respond to non-conformances.

No elevated permissions are required.

This guide explains how to raise a Non-Conformance, send it to suppliers, and manage supplier responses.

1. Introduction to non-conformance management

The non-conformance management area provides a structured way to communicate with suppliers, collect root cause analyses, and implement preventative actions. The workflow follows standard ISO27001 or ITIL-based incident management processes.

Key concepts include:

• Non-Conformance details: Record all details and descriptions of the non-conformance to inform suppliers.
• Investigation summary: Suppliers can enter an investigation summary with evidence of steps taken.
• Root cause analysis: Suppliers provide information on the cause of the non-conformance and attach evidence.
• Corrective/preventative actions: Suppliers enter corrective and preventative actions. These are approved at the customer level and can also be raised against the supplier.
• Non-conformance approval: Set the status of the non-conformance to closed once all analysis and actions are resolved and accepted.

2. Raising a non-conformance

1. From the main menu, beneath the Tools section, select Site Actions.
2. Ensure the Non-Conformance tab is selected.

3. Select Create New Action and then click Create a Non-Conformance.

4. Complete the following fields:
   • Name: Enter a unique name to identify the non-conformance.
   • Severity: Select the severity level (minor, major, critical).
   • Non-Conformance Date: Record the date and time of occurrence.
   • Type & Sub-Type: Categorise the Non-Conformance.
   • Repeat Non-Conformance: Indicate if this has occurred before (Y/N).
   • Details: Provide details and attach files.
   • Affected Site(s): Select affected sites.
   • Assignee: Assignees and the creator are the only users who can close or edit details.

5. Send the non-conformance to your supplier or select your own company to provide a response. Complete the following fields:
   • Associated Site: Select from the Directory.
   • License/Registration Number.
   • Recipient: Select a contact or add recipient details.
   • Response Due Date: Specify when a response is required.
   • Product Details: Enter product details or select from mapped products.
   • Purchase Order Number.
   • Best Before Date.
   • Batch Number.
   • Quantity Affected.
   • Outcome: Set whether the product was accepted or rejected.
   • Share with Companies: Share information with customers or third parties.

6. Sending the non-conformance will generate an email to the selected recipient.

3. Supplier response

1. The recipient will receive an email with non-conformance details and the required response date/time. A task will also appear on their dashboard.

2. Suppliers select View Non-Conformance to see full details and download/view evidence.

3. Suppliers can enter:
   • Investigation Summary: High-level investigation details.
   • Root Cause Analysis: Explanation of the root cause and circumstances.
   • Corrective Actions: Immediate steps to prevent recurrence.
   • Preventative Actions: Long-term measures to eliminate the cause.
   • Attachments and evidence for investigation, root cause, and corrective/preventative actions.
4. Once completed, suppliers send the non-conformance back to the customer.
5. Suppliers can also reject a non-conformance by providing a comment explaining why they believe it is unfounded.