Skip to main content
QMSQMS
QMS
  • Welcome to your QMS
  • Quality Manual
  • Procedures
    • GP-001 Control of documents
    • GP-002 Quality planning
    • GP-003 Audits
    • GP-004 Vigilance system
    • GP-005 Human Resources and Training
    • GP-006 Non-conformity, Corrective and Preventive actions
    • GP-007 Post-market surveillance
    • GP-008 Product requirements
    • GP-009 Sales
    • GP-010 Purchases and suppliers evaluation
    • GP-011 Provision of service
    • GP-012 Design, Redesign and Development
    • GP-013 Risk management
    • GP-014 Feedback and complaints
    • GP-015 Clinical evaluation
    • GP-016 Traceability and identification
    • GP-017 Technical assistance service
    • GP-018 Infrastructure and facilities
    • GP-019 Software validation plan
    • GP-020 QMS Data analysis
    • GP-021 Communications
    • GP-022 Document translation
    • GP-023 Change control management
    • GP-024 Cybersecurity
    • GP-025 Corporate Governance
    • GP-050 Data Protection
    • GP-051 Security violations
    • GP-052 Data Privacy Impact Assessment (DPIA)
    • GP-100 Business Continuity (BCP) and Disaster Recovery plans (DRP)
    • GP-101 Information security
  • Records
  • TF_Legit.Health_Plus
  • Licenses and accreditations
  • External documentation
  • Procedures
  • Records
  • Procedures
  • GP-006 Non-conformity, Corrective and Preventive actions

GP-006 Non-conformity, Corrective and Preventive actions

Procedure flowchart​

Purpose​

In this procedure we describe how we manage and control non-conformities, as well as actions to prevent non-conformities or their repetition, or to minimize their consequences.

Scope​

All the non-conformities regarding the specified requirements for all our products and processes.

Responsibilities​

JD-001​

To provide the organization with a set of appropriate documents and resources to guarantee the quality and non-conformities management.

JD-004​

To identify, keep record, segregate and manage the non-conforming product or materials and to control the non-conformities and their corrective and preventive actions.

JD-005​

To make the pertinent communications to the health authorities responsible in each case in the presence of serious incidents and/or modifications of the technical documentation, product, general safety and performance requirements and their intended purpose.

All team members​

To notify the existence of non-conforming products or materials to the JD-004 for their correct identification, documentation, segregation, evaluation and control.

Inputs​

  • Communication or finding of non-conforming or potential non-conforming products.
  • Communication or finding of non-conformities or potential non-conformities related to our activities or processes.
  • Non-conformities or potential non-conformities related to subcontractors, providers, materials or components, etc.

Outputs​

  • T-006-001 Non-conformity report
  • T-006-002 List of non-conformities, CAPA, claims and communications
  • T-006-003 CAPA report

Definitions​

  • Non-conformity (NC): unfulfillment of a system requirement. They can be non-conformities when detected, or potential non-conformities detected as observations or recomendations by the employees or auditors.
  • Corrective action (CA): action taken to eliminate the cause of a potential or actual non-conformity or another undesirable situation, to prevent them from happening again.
  • Preventive action (PA): action taken to eliminate the cause of a potential non-conformity or other potential undesirable situation, to prevent them from the possibility of happening.
  • Incident: any malfunction or deterioration of the characteristics or performance of a device made available on the market, including use-error due to ergonomic features, as well as any inadequacy in the information supplied by the manufacturer and any undesirable side-effect.

Procedure​

Non-conforming Product or Non-conformity​

The management of a non-conformity starts when someone identifies a problem or malfunction.

The record of each non-conformity is managed through JIRA, wherein the T-006-002 List of non-conformities, CAPA, claims and communications is contained, as well as every T-006-001 Non-conformity report and T-006-003 CAPA report. This tool allows us to segregate and identify the non-conformities through their status (NC reception, NC investigation, corrective and preventive action, efficacy verification, impact verification and solved), to assign the actions to the adequate responsible and to control every step and the advance of the status by digital verified signatures. In addition, within the tool we have developed a fixed template with a workflow that avoids to forget to include any important information about the NC and CAPA.

Reception of non-conformity​

Non-conformities (or potential non-conformities) may be raised through a number or channels, ranging from telephone or email communications with customers, to critical findings or observations from external auditors, internal detection of an issue, among many other channels.

Initially, all communications coming from customers are registered in the tickets management form according to GP-014 Feedback and complaints procedure, and are considered external communications.

Definition: 'external communication'

An external communication is a customer inquiry or complaint related to the product, but not related to its performance and/or safety.

When an employee becomes aware of an issue, they communicate the issue to the JD-004, who receives and evaluates the information, and decides whether it corresponds to a non-conformity.

All non-conformities and observations that can lead to non-conformities will be investigated and registered in the T-006-002 List of non-conformities, CAPA, claims and communications where all the data will be collected for subsequent evaluation.

If the problem is directly related to the device's specifications, performance, safety, software problem or if it requires actions to solve it, it will be considered as a non-conformity. The evaluation will also determine the need for actions and/or the need to apply the procedure GP-004 Vigilance system.

About customer support

Users of the device will find support forms in many points during the use of the device. These forms automatically create tickets in our tickets management tool (see GP-014 Feedback and complaints), wherein the user identification, description of the incident and the date will be automatically included. The tickets will be managed with a FIFO methodology with a maximum response time of 48 hours.

Non-conformity management​

Each non-conformity will be analyzed individually and recorded in its own T-006-001 Non-conformity report which contains at least the following:

  • Date of the occurrence of the NC (if it is known) or the date of the registration of the claim
  • Initial information and description of the non-conformity
  • The registration number and identification of all devices or processes involved
  • Investigation of the information, determination of causes and effects
  • Possible causes of this occurrence: customer claim, external or internal audits, from the management review activities, etc.
  • The analysis of the root causes
  • Description of the measures to be adopted (immediate action, need of implementing corrective actions)
  • Due date for implementation of the immediate actions
  • Classification of the non-conformity based on its criticality
  • Date and signature of the responsible person for the execution of the actions, as acceptance of these actions
  • Closure of the action by the JD-004 by signing the closing action. When the JD-004 was the responsible for the execution of the action, the closure of the action is verified by the JD-003.

The non-conformity management starts with the analysis and investigation of the non-conforming product or from the non-conformity detected, and the analysis of its origin. The NC is classified in accordance to its origin (customer claim, internal NCs, supplier's claim or audit deviation, internal or external).

The JD-004 is responsible for executing the root cause analysis, together with the responsible department when needed, using the 5 whys technique: it is a technique that iteratively asks why from the NC itself until its origin is found.

The JD-004 shall evaluate the criticality of the non-conformity according to its effect on safety and performance.

The categories of criticality are as follows:

  • High: nonconformities categorized as high impact represent the most critical failures in terms of safety and performance. These issues may result in misdiagnosis, delays in treatment and worsening of the patient's health status, impairment of the overall functionality of the software. High impact nonconformities could include failures that lead to incorrect diagnosis or treatment recommendations, compromised patient data security.
  • Medium: nonconformities categorized as medium impact represent failures that have a notable but not immediate impact on safety and performance. While they may not pose an immediate risk of severe harm, they still require attention to prevent potential complications or adverse effects on patient outcomes. Medium impact nonconformities could include software bugs that result in inaccurate or incomplete information provided to the users.
  • Low: nonconformities categorized as low impact represent minor failures that have minimal impact on safety and performance. While these issues may be undesirable and require correction, they are unlikely to cause significant harm to patients or impair the overall functionality of the software to a critical extent. Low impact nonconformities could include cosmetic issues, minor usability issues, or non-critical errors that do not affect the core functionality of the software or its ability to provide accurate diagnostic information.

The JD-004 is also responsible for supervising all the NCs that occur and decide whether a corrective action is required and, in case it is required, which corrective actions are pertinent. It is necessary to discriminate between immediate actions to continue the process and corrective actions that aim to prevent recurrence of the same non-conformity. All the conclusions and decisions will be reported to the JD-005, in case he/she finds some unacceptable hazard or uncontrolled risk.

Returns

Customer returns should be proposed by the JD-004 and/or JD-005and authorized by the JD-001. All the information will be collected in the T-006-001 Non-conformity report. In these cases, the activities are involved within the technical assistance activities that are described in the Procedure GP-017 Technical Assistance Service.

In cases where a supplier notifies a NC detected in the subcontracting process, their control, treatment and registration are responsibility of the external companies or subcontractors. These activities are described in their established procedures, being obliged to inform us of their causes, effects and consequences.

Product NCs detected in the GP-007 Post-market surveillance of medical devices will undergo this procedure.

Severe incidents and communications to the authorities​

In the cases that claims could become an incident, the non-conformities will be managed by our vigilance system. As such, we will follow the procedure GP-004 Vigilance system.

In this case, we proceed as follows:

  1. When a non-conformity is raised, the JD-004 will immediately inform the people involved, will collect all the information related to the fact and will prepare a T-006-001 Non-conformity report.
  2. Then, the JD-004 will analyze all the information and will detect which process, product, batch, service, component or document has caused the issue, collecting all the information and conclusions in the T-006-001 Non-conformity report.
  3. The non-conforming product service will be stopped, removing it from public access, according to the procedure SP-004-001 Product Withdrawal, until the required investigation is finished.
  4. If a NC or claim is not investigated, it will be duly justified in the corresponding T-006-001 Non-conformity report.
  5. With all the information and conclusions, the JD-004 decides which actions are necessary to tackle the non-conformity and its causes. These actions will be aimed at avoiding the recurrence of a non-conformity (corrective actions), to avoid the causes of other possible NC (preventive actions), or to minimize the consequences of a non-conformity (immediate action).
  6. Then, the JD-004, alongside the corresponding department, designs the actions aimed at resolving the origin and consequences of the non-conformity. When required, the JD-005 will notify it in accordance with the procedure GP-004 Vigilance system. The dates and responsibilities shall be stated, and they will be communicated by written ways to the people involved.
  7. If the JD-005, together with the responsible department, decides to authorize the use of a segregated product as non-conforming, provided that they do not represent any danger to their use, it will be released as it is a conforming product or material (GP-011 Production and service provision), stating the fact in the T-006-001 Non-conformity report by the JD-004. All the applicable requirements to the product will be guaranteed.

Corrective and preventive actions​

The corrective actions shall be taken without undue delay to avoid the recurrence of an already detected NC. On the other hand, the preventive action starts when activities that may become a NC are detected but have not occurred yet (possible sources of preventive actions can be improvement opportunities, recommendation from clients/auditors). Corrective and preventive actions are registered in Jira by using the T-006-003 CAPA report.

The JD-004, together with the responsible department when needed, will define a corrective (or preventive) actions plan by identifying the actions to be taken to avoid recurrence of the same non-conformity (or potential non-conformity), responsible person to implement the actions and due date for the corrective/preventive actions implementation.

After the implementation of the corrective/preventive actions, it shall be verified that the corrective/preventive action does not adversely affect the ability to comply with applicable regulatory requirements or the safety and performance of the medical device, as well as their effectiveness.

Actions before delivery​

Actions in response to the non-conforming product detected before delivery

We must ensure that if we detect a non-conformity during the development process, that product is not put on the market until the non-conformity management process has been completed and the product complies with all general safety and performance requirements.

To do so, we manage non-conformities through one or more of the following ways:

  • Taking actions to eliminate the detected non-conformities.
  • Taking actions to prevent the use of the product.
  • Authorizing the use of the product, but only under concession.

In the cases where we authorize the use of a non-conforming product under concession, we ensure that we provide justification, obtain approval and meet regulatory requirements. Records of the acceptance by concession and of the identity of the person authorizing the use are kept within the Design History File and following the process established in the procedure GP-011 Production and service provision.

Actions after delivery​

Actions in response to the non-conforming product detected after delivery

When the non-conforming product is detected after delivery or when its use has already begun, we take the appropriate action depending on the effects, or potential effects, of the non-conformity. Records of the actions taken are kept in the T-006-001 Non-conformity report, considering the possible link to the Procedure GP-004 Vigilance system.

Verification of the efficacy of CAPAs​

After the coorrective/preventive actions implementation, the JD-004 shall evaluate the effectiveness of the actions. The results and conclusions of this verification is recorded in the T-006-003 CAPA report.

This record contains, at least, the following points:

  • Description of the non-conformity
  • Source (Non-conformity, improvement opportunity, others)
  • CAPA plan
  • Resources needed that must be made available to the responsible for planning the action
  • Due date for CAPA implementation
  • Follow up on the status of CAPA implementation
  • Date and signature of the responsible person for the execution of the actions, as acceptance of these actions
  • Effectiveness verification plan
  • Effectiveness verification (if the action adopted has not been effective, new actions should be studied and implemented, restarting the process until its satisfactory resolution)
  • Impact verification to ensure that the implemented actions does not affect safety/performance of the device and compliance with regulatory requirements
  • Closure of the action by the JD-004 when the effectiveness of the actions and the impact are verified by signing the closing action. When the JD-004was the responsible for the execution of the action, the closure of the action is verified by the JD-003.

A record of all the NCs and CAPA will be kept through the T-006-002 List of non-conformities, CAPA, claims and communications, where the status of each one will be managed and the planned closing date will be initially registered, as well as the definitive date.

Verification of the impact of CAPAs​

When it is necessary to take preventive and/or corrective actions to accomplish all the aspects that are exposed in the previous points of this procedure, we establish the verification of impact documented in the T-006-003 CAPA report. This evaluation is carried out to verify that the corrective and/or preventive action does not adversely affect the ability to meet applicable regulatory requirements of the safety and performance of the medical devices that we manufacture.

Re-work​

According to the very nature of our product, we have no need perform re-work.

Associated Records​

  • T-006-001 Non-conformity report
  • T-006-002 List of non-conformities, CAPA, claims and communications
  • T-006-003 CAPA report
  • GP-004 Vigilance system
  • GP-007 Post-market surveillance
  • GP-011 Production and service provision
  • GP-017 Technical Assistance Service

Signature meaning

The signatures for the approval process of this document can be found in the verified commits at the repository for the QMS. As a reference, the team members who are expected to participate in this document and their roles in the approval process, as defined in Annex I Responsibility Matrix of the GP-001, are:

  • Author: Team members involved
  • Reviewer: JD-003, JD-004
  • Approver: JD-001
Previous
SP-005-001 Anti-corruption and anti-bribery
Next
GP-007 Post-market surveillance
  • Procedure flowchart
  • Purpose
  • Scope
  • Responsibilities
    • JD-001
    • JD-004
    • JD-005
    • All team members
  • Inputs
  • Outputs
  • Definitions
  • Procedure
    • Non-conforming Product or Non-conformity
    • Reception of non-conformity
      • Non-conformity management
        • Severe incidents and communications to the authorities
    • Corrective and preventive actions
      • Actions before delivery
      • Actions after delivery
    • Verification of the efficacy of CAPAs
    • Verification of the impact of CAPAs
    • Re-work
    • Associated Records
All the information contained in this QMS is confidential. The recipient agrees not to transmit or reproduce the information, neither by himself nor by third parties, through whichever means, without obtaining the prior written permission of Legit.Health (AI LABS GROUP S.L.)