Nonconformance

What a nonconformance is

A nonconformance (or nonconformity) is the non-fulfilment of a requirement — a product, material, process, or record that does not meet its specification, procedure, or regulatory expectation. The classic case is nonconforming material: a component, in-process material, or finished unit that fails a spec and must be dispositioned (use-as-is, rework, repair, scrap, return).

In device GMP it is anchored in 21 CFR 820.90 (control of nonconforming product) and ISO 13485 §8.3; the FDA QMSR carries the same expectation through the ISO clause. The defining features are consistent: identify it against the specific requirement it failed, segregate it so it can't be used unintentionally, document the disposition decision with justification, and decide whether a CAPA is warranted for the underlying cause.

The term sits within a family of overlapping concepts — deviation, nonconformance, defect, out-of-specification, quality event — that different quality systems slice differently. What matters is not the label but that your QMS defines the boundaries clearly and routes each event type consistently, because the routing determines the rigour applied.

Why the distinction is worth getting right

Mislabelling drives bad routing, and bad routing is where quality systems leak. Call a genuine process deviation a 'nonconformance' and you may skip the root-cause investigation it needed, treating a systemic problem as a one-off material disposition. Treat every nonconforming unit as a full deviation investigation and you bury the quality unit in process, slowing release and breeding shortcuts. Inspectors notice both patterns.

Control of nonconforming product (820.90) and review/disposition decisions are recurring inspection topics, and the findings cluster around predictable gaps: nonconforming material not segregated, so it risks unintended use; use-as-is dispositions granted without adequate justification or the right authority; rework performed without a procedure or without re-inspection; and — the systemic one — repeated nonconformities of the same type never escalated to a CAPA, so the cause is never addressed and the disposition treadmill runs forever.

The healthy pattern is a defined intake that classifies the event, applies proportionate rigour, records the disposition with justification and the approving authority, and escalates to CAPA when the cause — not just the instance — needs systemic action. Trend analysis across nonconformities is itself an expectation: a string of individually-dispositioned events that are never read together is a missed signal.

Where the requirements live

• 21 CFR 820.90 — control of nonconforming product: identification, documentation, evaluation, segregation, and disposition (carried into the QMSR via ISO 13485)
• ISO 13485 §8.3 — control of nonconforming product, including actions before and after delivery, rework, and concessions
• 21 CFR 211.192 — for drug products, review of any unexplained discrepancy or batch/component failure to meet specifications
• EU GMP Chapter 5 / Chapter 8 — production controls and handling of complaints, quality defects, and recalls
• ISO 9001 §8.7 — control of nonconforming outputs, for quality systems outside the device-specific frameworks
• ICH Q10 — the pharmaceutical quality system context in which nonconformity handling and CAPA operate

From detection to disposition

A workable nonconformance flow runs from detection to closure with a record at every step:

Detect and describe. Capture the nonconformity against the specific requirement it failed — not a vague “material rejected,” but which spec, which limit, what was observed. Vague descriptions undermine every downstream decision.

Segregate. Flag or physically separate the affected material or record so it cannot be used or shipped unintentionally while under evaluation. Segregation is a control, not a formality — unsegregated nonconforming product is a top finding.

Assess impact. One unit, a batch, or a trend? Does it affect other lots, products, or sites that share the cause? The impact assessment scopes the response.

Disposition with justification. Use-as-is (with a documented concession and the right authority), rework (to a procedure, with re-inspection), repair, scrap, or return. Record the decision, the rationale, and who approved it.

Decide on CAPA. Determine whether the underlying cause needs systemic correction or prevention. A correctly-dispositioned one-off may not; a recurring or systemic nonconformance should escalate, with the judgement documented either way. And periodically, trend the nonconformities to surface the patterns single events hide.

What strong nonconformance handling shares

Programs that handle nonconformities cleanly — and pass inspection on 820.90 / §8.3 — share these controls:

• Defined intake and classification — clear boundaries between deviation, nonconformance, OOS, and complaint, with consistent routing
• Enforced segregation — nonconforming material flagged or separated so unintended use is prevented, not just discouraged
• Requirement-specific descriptions — every nonconformity stated against the spec or procedure it failed
• Authority-gated dispositions — use-as-is and concessions require the right role to approve, with justification
• Procedure-controlled rework — rework to a defined procedure with re-inspection and records
• CAPA escalation criteria — defined rules for when an instance becomes a systemic action
• Trend analysis — nonconformities read together on a cadence, not only handled one at a time
• Full traceability — each event linked to its material/batch, its disposition, and any resulting CAPA

How Complere handles nonconformities

Complere captures nonconformities as governed quality events in CAPA & Deviations, with the intake, disposition, and escalation discipline the regulations expect — and whether your QMS calls a given event a deviation or a nonconformance, the controlled workflow and the evidence trail are the same.

Events are classified at intake so the right level of rigour applies; the disposition decision — use-as-is, rework, scrap, return — is recorded with its justification and routed for the appropriate authority's approval, so the “who approved this concession and why” question has a clean answer. Each event is linked to its material or batch context and to any resulting CAPA, giving the end-to-end traceability from the nonconformity to the systemic action. Root-cause investigation uses structured tools, and escalation to CAPA follows your defined criteria, captured as a deliberate, documented decision rather than an afterthought. Because the events are connected records rather than scattered forms, trend analysis across nonconformities — the signal single dispositions hide — becomes a query rather than a manual collation exercise.

Every step carries the platform's audit trail, so the disposition history, the approvals, and the CAPA linkage are attributable, time-stamped, and retrievable. What stays with your team is the quality judgement — the disposition decisions, the classification boundaries your QMS defines, and the escalation calls; Complere makes the workflow governed and the trend visible.

Terms related to nonconformance

Nonconformance sits within the event-handling family. Explore related terms to build a complete picture.

• Deviation — the departure-from-procedure sibling; the two overlap and blur
• CAPA — where systemic nonconformities escalate
• Out of Specification — a specific nonconformance type in the lab
• Root Cause Analysis — the method behind a real investigation
• Quality Event — the umbrella intake concept
• Investigation Management — how investigations are run and recorded