Home / Nonconformance / Nonconformance Report (NCR): Definition, Example, and Process

Nonconformance Report (NCR): Definition, Example, and Process

Published:

Updated:

Nonconformance Report Illustration

A nonconformance refers to any deviation from approved specifications, procedures, or regulatory requirements affecting product, process, or system performance.

A Nonconformance Report (NCR) is a controlled quality record used to formally document, investigate, and resolve nonconformities identified during any phase of the product or service lifecycle.

NCR formats may vary depending on the type of organization, industry sector, or region.

A Nonconformance Report (NCR) includes several key components, including a clear description of the nonconformance, the nonconformance type, and a reference to the unmet requirement or specification. An NCR also records the associated risk level (e.g., minor, major, or critical), immediate containment actions to control the nonconforming output, and disposition decisions (such as rework or reject). In addition, the NCR may document the results of a root cause analysis and define any required corrective actions. A final quality review and approval step ensures accountability and confirms closure in line with QMS requirements.

A typical nonconformance report process follows a structured workflow. The workflow begins with detection and initiation by QA, production, or inspection teams. The issue is documented with clear evidence, such as photos, process data, or logs. Containment measures are applied to prevent further use or release of the affected material. QA performs an initial assessment to determine the scope, potential impact, and whether further investigation or escalation is required. If the issue appears isolated or low risk, it may be resolved through immediate correction without further investigation. If the evaluation indicates that deeper analysis is needed, a formal root cause investigation is initiated. Based on the investigation results, QA then determines CAPA requirements. The NCR proceeds to final disposition and record closure, confirmed by QA. Finally, QA reviews trends over time to identify recurring issues and support continuous improvement.

Nonconformance management is guided by recognized quality standards and regulatory requirements. ISO 9001 requires organizations to manage nonconformities and take corrective action. Many industries also follow sector-specific regulations. For example, aerospace uses AS9100, automotive follows IATF 16949, and food producers comply with HACCP and FDA food safety rules. In healthcare and medical devices, frameworks such as ISO 13485 and ICH Q10, and regional regulations like FDA 21 CFR Part 820, EU MDR, and EU GMP set specific requirements for nonconformance management.

Quality Management System (QMS) software plays a critical role in nonconformance management by standardizing workflows, automating routing and approval, ensuring version control, and maintaining full traceability of records.

SimplerQMS is an eQMS platform purpose-built for life science companies. SimplerQMS offers pre-configured workflows for nonconformance handling, linked with document control, training, supplier qualification, and corrective and preventive action (CAPA) management, and other QMS processes.

What Is a Nonconformance Report (NCR)?

An NCR stands for nonconformance report, a formal quality document used to record deviations from defined requirements. The definition of nonconformance and the terminology used can vary depending on the organization’s QMS, documented procedures, and industry-specific guidelines.

The different terms used by organizations to refer to an NCR are listed below.

  • Non-Conformance Report (NCR)
  • Nonconformity Report
  • Deviation Report (commonly used in pharmaceutical and biotech industries)
  • Quality Event Report
  • Out-of-Specification (OOS) Record (typically used in QC labs)

Regardless of terminology, an NCR is used to document a deviation from approved standards, procedures, drawings, acceptance criteria, or work instructions.

The purpose of an NCR is to formally identify and document quality issues, prevent unintended release of nonconforming product, and initiate necessary actions such as segregation, rework, or escalation to CAPA. NCRs also serve as critical inputs for quality audits, regulatory inspections, management reviews, and continuous improvement programs.

NCRs are widely used across regulated and high-risk industries, including medical device manufacturing, pharmaceuticals, biotechnology, healthcare, and laboratory environments. NCRs are also used in food and beverage production, automotive and aerospace sectors, general manufacturing, engineering, and large-scale construction or infrastructure projects.

A nonconformance report should be issued when a product, process, or system output fails to meet defined acceptance criteria or specified requirements.

Nonconformances are typically classified based on their severity and potential impact. Commonly used categories are listed below.

  • Critical: Critical nonconformances pose safety risk, regulatory impact, or product recall potential.
  • Major: Major nonconformances significantly impact quality or compliance, but are not immediately hazardous.
  • Minor: Minor nonconformances are isolated or low-risk issues that do not directly affect product quality or safety (e.g., procedural or documentation issues).

The NCR handling process, including reporting, evaluation, investigation, and closure, is typically defined in the organization’s QMS procedures. This ensures that all nonconformances are processed consistently and traceably.

Responsibility for initiating and managing NCRs falls to Quality Assurance (QA), Quality Control (QC), production operators, inspectors, or Regulatory Affairs (RA) personnel, depending on the detection point and regulatory impact. QA typically ensures robust impact assessment and containment actions, coordinates investigations, and determines if escalation to CAPA is required. Final review and approval of the NCR are performed by QA management to verify compliance with QMS procedures.

Why Are Nonconformance Reports Important?

Nonconformance reports are important because they establish a controlled, auditable process for documenting and resolving deviations from specifications, procedures, or regulatory requirements. NCRs ensure nonconformances are promptly recorded, risk-assessed, and dispositioned with appropriate containment and corrective measures. Each report also shows who is responsible, the identified root cause, and the corrective action taken.

NCRs support compliance with industry standards and regulations such as ISO 9001 for general industries, AS9100 for aerospace, IATF 16949 for automotive, HACCP for food safety, and ISO 13485, FDA 21 CFR Part 820, EU GMP for pharmaceuticals, and EU MDR/IVDR for medical devices. Certification bodies and regulators require documented evidence that quality issues are captured, investigated, and resolved in line with defined procedures.

NCR trending and data analysis further strengthen quality assurance. By classifying and evaluating NCR data across products, suppliers, and processes, organizations can identify recurring failure modes, supplier performance issues, and process capability gaps. Tools such as Pareto analysis, statistical process control (SPC), and risk priority scoring (e.g., FMEA) are commonly applied. These outputs guide supplier requalification, process revalidation, and improvements to risk controls, reducing the chance of recurrence.

What Is a Nonconformance Report Example?

An example of a blank nonconformance report is shown in the image below.

Non-Conformance report template

The image above shows an example of a blank NCR. Specific sections and content of a nonconformance report may vary based on organizational procedures and regulatory requirements.

What Is a Nonconformance Report Template?

A nonconformance report template is a controlled document format used to record deviations from approved specifications, defined processes, regulatory requirements, or documented procedures. A nonconformance template defines the mandatory fields needed to capture the deviation. A nonconformance report should include a clear description of the incident, a reference to the applicable requirement, and an impact assessment to evaluate potentially impacted items. The report should also classify the nonconformance by risk severity (e.g. minor, major, critical), document the disposition decision, outline any immediate segregation or containment actions, and detail corrections required to address impacted items, Additionally, the NCR must assign an investigation owner (if applicable), provide a link to any required CAPAs, and include formal authorization for closure by appropriate approvers.

The NCR template is configured to reflect the organization’s QMS requirements, risk management procedures, and any industry-specific requirements.

Digital NCR templates can be used in Microsoft Word, PDF, and Microsoft Excel formats. You can download our free nonconformance report template sample in Microsoft Word format.

NCRs are also integrated into electronic QMS (eQMS) platforms. This integration into the eQMS provides workflow routing, version control, and secure time-stamped audit trails to ensure data integrity.

What Are the Components of a Nonconformance Report?

The components of a nonconformance report are the standard fields included in an NCR. Each field captures specific data required to document, assess, and resolve a nonconformance. These components provide a structured, traceable record that supports containment, investigation, and CAPA.

The core components of an NCR are listed below.

  • NCR Number/ID: A unique, system-generated identifier that enables traceability in QMS records and during audits.
  • Date of Issue: The date the nonconformance was formally documented, used for tracking closure timelines.
  • Description of Nonconformance: A factual summary including product identifier, lot/batch number, process step, and test results. Specify the type of nonconformance (e.g., material, process, supplier) and the impact level (e.g., minor, major, critical).
  • Reference Standard or Requirement: The specification, SOP, work instruction, or regulatory clause (e.g., ISO 9001 or industry-specific standard) that was not met.
  • Responsible Party/Department: The assigned process owner or function accountable for investigating and resolving the nonconformance.
  • Containment: The immediate action taken to segregate, isolate, or control the nonconforming product or process output pending resolution.
  • Bracketing Assessment: Evaluation of potentially affected adjacent lots, batches, or process units to determine the nonconformance scope.
  • Disposition: The documented decision for handling nonconforming product (e.g., rework, regrade, use-as-is, with justification, or reject/scrap).
  • Root Cause Analysis: A documented investigation (e.g., 5 Whys, Fishbone Diagram) identifying the underlying root cause(s) of the nonconformance.
  • Corrective Action: Actions implemented to address the identified cause(s) and restore compliance.
  • Preventive Action: Measures taken to eliminate the potential for the occurrence of similar nonconformances in other areas.
  • Verification of Effectiveness: A documented assessment confirming that corrective actions and, where applicable, any preventive actions, were implemented and achieved the intended outcome.
  • Approval/Sign-off: Authorized review from designated quality or compliance personnel and documented closure, ensuring the NCR meets procedural and regulatory requirements.

While the format of an NCR may vary depending on the industry, regulatory jurisdiction, or company-specific SOPs, the core components remain consistent across most NCR processes.

How to Write a Nonconformance Report?

To write an NCR in compliance with QMS requirements and applicable regulations, follow a structured process that ensures traceability, completeness, and audit readiness.

The steps to consider when writing a nonconformance report are listed below.

  1. Describe the Nonconformance: Clearly and factually document the issue. Include what was observed, where in the process it occurred, the affected product or lot number, and any supporting data (e.g., test results, photos). Indicate the date of detection, the reporting department, and the individual or function responsible for initiating the NCR. Identify the type of nonconformance (e.g., supplier, process deviation) and note the potential severity or risk level (e.g., minor, major, critical).
  2. Assign an NCR Number: Generate a unique identifier using your QMS or eQMS system. This enables traceability and supports document control during audits and investigations.
  3. Reference the Applicable Standard or Requirement: Cite the SOP, specification, or regulatory clause that was not met. This ensures traceability between the nonconformance and the specific documented expectation or requirement. (e.g., specific clauses from ISO 9001 or industry-specific standards).
  4. Initiate Containment Actions: Implement immediate measures to isolate or control nonconforming material or output. Segregate affected items physically or electronically (e.g., hold in system). Record all containment steps taken to control the identified nonconformance.
  5. Conduct a Bracketing (Impact) Assessment: Evaluate the potential scope of the nonconformance by assessing other areas (e.g., related lots, equipment runs, or timeframes). Identify other areas that may have been affected using traceability data, and ensure appropriate containment extends to these areas.
  6. Determine Product Disposition: Determine how to handle the affected product and, where applicable, the associated process (e.g., rework, regrade, use-as-is with justification, scrap, or temporary process hold). Ensure all disposition decisions follow procedures, applicable requirements, and are reviewed and approved by authorized personnel (e.g., Quality Manager).
  7. Conduct Root Cause Analysis: Apply a validated methodology such as 5 Whys, Ishikawa Diagram, or Failure Mode and Effects Analysis (FMEA) to determine the underlying cause(s).
  8. Define Corrective Actions: Define corrective actions to address the root cause of the nonconformance, to restore compliance, and control the affected product or processes.
  9. Define Preventive Actions: Include preventive actions, when applicable, for example, if the RCA or corrective actions reveal a potential risk to other processes, products, or departments that have not yet experienced the issue.
  10. Submit for Review and Approval: Route the NCR for review, ensuring all required fields are completed, objective evidence is attached, and applicable requirements are met before approval.
  11. Follow Up and Close: Verify the effectiveness of corrective and preventive actions, where applicable. Document closure and archive the record in accordance with retention requirements.

What Is the Nonconformance Report Process Workflow?

The nonconformance report process workflow is a defined sequence of steps used to control the detection, investigation, and resolution of nonconformances. The NCR workflow must comply with the organization’s QMS and applicable regulatory requirements.

The steps in the nonconformance reporting process are listed below.

  1. Detection and Reporting: Identify the nonconformance during inspection, testing, audits, or routine operations, and initiate an NCR with objective evidence such as measurement data or photographs.
  2. Evaluation and Classification: The issue is reviewed to determine its scope, impact, and risk level (e.g., minor, major, or critical). This ensures the right level of response and helps prioritize resources.
  3. Root Cause Analysis (RCA): An investigation is carried out to determine why the nonconformance occurred. Tools such as 5 Whys or other appropriate methodologies may be applied, depending on the complexity of the issue.
  4. Corrective and Preventive Actions:. Implement corrective actions to eliminate the root cause and restore compliance within the affected process or product. Where appropriate, identify and apply preventive actions to other areas or processes that have not yet been affected but are at risk of similar issues.
  5. Verification and Closure: Actions are reviewed to confirm they resolved the issue. Documentation is checked for completeness, and the NCR is formally approved and closed.
  6. Follow-Up and Monitoring: NCR data is tracked over time to detect trends, recurring patterns, or systemic issues. Insights are shared during quality reviews to support continuous improvement.

1. Detection and Reporting

The first step in the nonconformance report process is detection and reporting. In this step, a deviation from an approved specification, procedure, regulation, or defined process is detected and documented.

The objective of the detection and reporting step is to ensure all nonconformances, regardless of severity, are promptly recognized and documented. Containment and segregation measures can then be initiated without delay. Detection of nonconformances may occur during incoming inspection, in-process checks, final product testing, scheduled maintenance, calibration, or internal audits. Objective evidence, such as photographs, measurement data, or inspection logs, is gathered to substantiate the finding.

Initial NCR entries are completed with details including detection date, location, affected product or lot number, a concise description of the issue, and a reference to the applicable specification, procedure, or requirement that was not met. A nonconformance type or code may also be selected to facilitate standardized classification and trending of NCRs by type (e.g., across product lines, processes, or suppliers).

Responsibility for this stage typically lies with QC inspectors, production operators, service technicians, auditors, or compliance personnel, depending on where the issue is detected.

Standardized NCR forms, either paper-based or managed within an electronic QMS (eQMS), are used to initiate the record, which is then routed for evaluation in the next phase.

2. Evaluation and Classification

Once an NCR has been initiated, evaluation and classification are conducted to determine the scope, risk level, and regulatory significance of the documented nonconformance. The evaluation and classification phase ensures that each issue is prioritized appropriately based on its potential impact on product or service quality, patient or user safety, and compliance with applicable regulatory requirements. This classification drives escalation and approval requirements, as well as the urgency of containment, investigation, and corrective actions.

QA reviewers assess the NCR details, including objective evidence, supporting documentation, and related batch or product information. NCR details are evaluated to determine severity, commonly categorized as minor, major, or critical according to predefined QMS criteria. Based on this assessment, an initial disposition decision is made for the nonconforming material or process output, in accordance with internal procedures or applicable requirements.

As part of this evaluation, a bracketing assessment should also be performed. A bracketing assessment determines whether other lots, batches, equipment runs, among others, may also be impacted. This helps ensure that the full scope of the nonconformance is identified and supports appropriate classification, containment, and escalation.

After QA has completed a detailed assessment of the NCR, a decision is made on whether an escalation to formal investigation/CAPA is required or, in the case of supplier-related issues, whether a supplier corrective action request (SCAR) should be initiated. This step is usually led by QA management in coordination with QC, production, engineering, and regulatory affairs.

Evaluation outcomes, recorded in the NCR form or eQMS, guide the depth and scope of the subsequent root cause analysis.

3. Root Cause Analysis (RCA)

Root cause analysis (RCA) is the structured investigation phase used to determine the underlying cause, or combination of causes, that led to the nonconformance. The objective of the RCA step is to ensure that corrective actions address the root cause of the problem to prevent recurrence. RCA may also identify additional preventive actions for other similar processes or areas to prevent their occurrence.

RCA is initiated after the nonconformance has been evaluated and classified. The investigation may involve cross-functional input from QA, engineering, production, maintenance, supply chain, and regulatory affairs. RCA Investigations are performed using validated methodologies such as the 5 Whys technique, Ishikawa (fishbone) diagram, fault tree analysis (FTA), or failure mode and effects analysis (FMEA), with all findings documented as part of the NCR record.

Objective evidence, including inspection data, process records, calibration histories, and training logs, is reviewed to establish factual links between process gaps and the observed nonconformance.

4. Implementation of Corrective Actions

The implementation of corrective actions is the phase where defined measures are carried out to address the root cause(s) identified during the investigation. The primary objective of this implementation step is to restore full compliance with specifications, procedures, or regulatory requirements.

Implementation of corrective actions ensures that the nonconformance cannot recur under the same conditions. Actions may include process modifications, equipment adjustments or repairs, retraining of personnel, supplier remediation, or updates to controlled documentation such as SOPs and work instructions.

All corrective measures must be implemented in accordance with approved CAPA action plans, with completion dates, responsible owners, and objective evidence recorded in the NCR. Where applicable, preventive actions should also be implemented to mitigate the risk of similar issues occurring in other processes, products, or systems.

CAPA workflows in the eQMS route tasks for execution, provide deadline alerts, and maintain auditable records for regulatory inspections.

5. Verification and Closure

Verification and Closure is the stage of the NCR process where the organization confirms that corrective and preventive actions have been completed and that they effectively resolved the nonconformance. The purpose of this step is to ensure the issue will not recur and to provide full traceability before the record is formally closed. Activities often include reviewing inspection or re-test results, checking process or service performance, and confirming that any required documentation or training updates are complete.

This stage is handled by quality reviewers, department managers, or compliance officers with the authority to sign off on closure. QMS software, verification forms, or audit checklists may be used to document effectiveness and finalize the record. Once closure is confirmed, the results feed into follow-up and monitoring activities, where data from closed NCRs is trended over time to support long-term improvement.

6. Follow-Up and Monitoring

Follow-up and monitoring are ongoing phases where closed NCRs are periodically reviewed to confirm the sustained effectiveness of corrective and preventive actions. This step also ensures that the issue does not recur and that process controls remain capable of meeting specifications and applicable requirements under normal operating conditions. Activities may include trending nonconformance data, monitoring process performance and product quality metrics, or re-evaluating supplier performance metrics.

Quality or compliance teams often maintain a nonconformance trend report within the QMS. Quality teams also analyze patterns by product line, process, or failure mode to detect systemic issues. These insights support data-driven decisions on resource allocation, process improvement, and risk mitigation.

How to Respond to a Nonconformance Report (NCR)?

To respond to a nonconformance report, organizations must follow a structured, documented process aligned with the QMS procedures and applicable regulatory requirements. (e.g., ISO 9001, IATF 16949, HACCP, or sector-specific regulations).

This section outlines the required steps for recipients of an NCR to properly investigate, document, and respond to the issue in a manner that supports traceability, risk mitigation, and regulatory compliance.

Steps to be considered when responding to an NCR are listed below.

  1. Review the NCR Thoroughly: Examine the documented nonconformance, including the description, affected product or process, and the cited regulatory or QMS requirements that were not met.
  2. Acknowledge the Report: Formally confirm receipt of the NCR to the issuer and initiate containment actions where applicable (e.g., product quarantine, segregating material, process hold, or supplier notification).
  3. Conduct an Internal Review: Gather all relevant process data, relevant operational or production records, inspection logs, and interview applicable personnel. Assess the scope and impact of the nonconformance using objective data.
  4. Submit Root Cause Analysis: Perform a structured investigation using methods such as the Ishikawa Diagram or FMEA. Confirm whether the root cause affects existing risk assessments and update the risk management files. For example, for medical devices, risk management files are updated as per ISO 14971.
  5. Propose Corrective and Preventive Actions (CAPA): Define specific corrective actions to eliminate the root cause and prevent recurrence within the affected product or process.Preventive actions may be proposed if the issue poses a risk to other areas, products, or processes not yet impacted.
  6. Assign Responsible Individuals: Identify and document the responsible owner(s) for each action item, ensuring alignment with role-based responsibilities in the QMS. Ownership should be allocated to qualified individuals or designated approvers with authority to implement actions.
  7. Provide a Timeline: Establish target dates for action completion and NCR closure, based on the risk classification and applicable regulatory requirements (e.g., for Grade 4 or 5 nonconformities, manufacturers must provide evidence of implemented remediation actions to the Auditing Organization within 30 days of the audit’s conclusion). Document any delays with justification, and escalate if timely closure is at risk.
  8. Document and Communicate the Response: Capture the full investigation, risk impact assessment, CAPA plan, and approval in the controlled NCR form. Distribute NC reports and associated records to relevant stakeholders (e.g., QA, RA, supplier, customer) for review and approval, as defined in internal procedures or contractual requirements.
  9. Ensure Follow-Up: Verify the effectiveness of implemented corrective actions through process audits, post-implementation monitoring, or data trending. Retain closure evidence in accordance with QMS document control and retention policy.

The nature, scope, and depth of the NCR response should be proportionate to the severity classification of the nonconformance (e.g., critical, major, or minor), its origin (internal vs. external), and the applicable regulatory or customer requirements.

How to Close a Nonconformance Report (NCR)?

To close an NCR, confirm all defined actions are fully implemented, documented, and verified for effectiveness. These actions include immediate corrections and containment to formal CAPAs where applicable. This step ensures that the nonconformance is resolved, associated risks have been re-evaluated, and the process meets applicable industry or regulatory requirements. Final sign-off of the NCR is performed by the quality reviewers, compliance officers, or other designated approvers with authority to close records.

Steps for closing an NCR are listed below.

  1. Verify Completion of CAPA Actions: Confirm that corrective actions (e.g., retraining, SOP updates, etc.) and preventive actions, where applicable, have been executed. Evidence may include controlled documents, production or service records, training logs, or other relevant documentation.
  2. Assess Effectiveness of Actions: Evaluate whether the issue has been eliminated and recurrence prevented. Supporting records may include defect trend charts, supplier re-audit results, or updated trending data.
  3. Review Documentation for Completeness: Ensure the NCR form is completed and linked to relevant documentation and records. Documents and records may include root cause analysis reports, CAPA documentation, change control approvals, revised risk files (e.g., FMEA updates), and closure of related deviations.
  4. Final Review and Sign-Off: A quality reviewer, compliance officer, or designated approver checks the closure package, including CAPA records, training documentation, or evidence of effectiveness. Approval is documented to confirm compliance with QMS procedures and applicable requirements.
  5. Update QMS Record Status: Mark the NCR as closed in the NCR log. Cross-reference it with related CAPA records, deviations, and risk assessments to maintain traceability.
  6. Retain and Archive Records: Archive all NCR documentation, including investigation reports, CAPA forms, sign-off records, and supporting quality data in compliance with applicable requirements. Retention periods vary significantly by industry and product type. Per ISO 13485, QMS records, which would include NCRs, should be retained for at least the lifetime of the medical device, but not less than 2 years. According to EU GMP, Chapter 4, records supporting batch release must be kept for one year after expiry of the batch or at least 5 years after QP batch certification, whichever is longer. Organizations should define retention durations in their QMS procedures to ensure compliance with applicable regulatory, contractual, or customer-specific requirements.

Which Regulations and Standards Outline Nonconformance Reporting Requirements?

Nonconformance reporting requirements are defined in international standards and regulations. Meeting these requirements ensures organizations consistently identify, document, and resolve any deviations. These requirements also state how NCs must be recorded, investigated, and closed to maintain compliance and product safety.

The regulations and standards that outline nonconformance requirements are listed below.

  • ISO 13485:2016 (Medical Device QMS): ISO 13485 is the international quality management standard for medical devices. Clause 8.3 of ISO 13485 specifically requires organizations to identify, document, segregate, evaluate, and control nonconforming products. It mandates documented procedures for dealing with nonconforming product, including actions such as correction, rework, disposal, or use as is (with appropriate justification). Clause 8.5 of ISO 13485 requires organizations to identify root causes of nonconformities, implement timely actions, and verify effectiveness to prevent recurrence. NCRs help meet these requirements and demonstrate control during audits and inspections.
  • ISO 9001:2015 (Quality Management Systems General): ISO 9001 is the global QMS standard applicable to all industries. Clause 8.7 requires organizations to identify and control nonconforming outputs by ensuring appropriate actions (e.g., correction, segregation, or approved concessions) are documented and authorized. Clause 10.2 of ISO 9001 requires organizations to react to nonconformities, control and correct them, and implement corrective actions to eliminate their causes. NCRs are used across industries, for example, manufacturing, automotive, and aerospace, to comply with this clause and to maintain evidence of effective nonconformance management.
  • FDA 21 CFR Part 820 (Quality System Regulation, U.S.): FDA 21 CFR Part 820 Quality System Regulation (QSR) specifies requirements for the quality management systems for medical device manufacturers. Under Section 820.90 (Nonconforming product) of FDA 21 CFR Part 820, manufacturers must establish and maintain procedures to control products that do not meet specified requirements. This includes documented evaluations and justification for any disposition decisions. NCRs provide the documentation trail required for FDA inspections and link directly to the CAPA process under FDA 21 CFR Part 820.100, when systemic issues are identified.
  • EU MDR 2017/745 and EU IVDR 2017/746 (European Union): The EU MDR and EU IVDR are European regulations that establish requirements for the safety and performance of medical devices and in vitro diagnostics. These regulations require manufacturers to establish and maintain a quality management system (QMS) that includes processes for CAPA, complaint handling, and post-market surveillance. These activities depend on the effective identification and control of nonconforming products and processes. NCRs provide formal records of such controls by documenting nonconformities and the implementation of corrective actions. Additionally, EU MDR and IVDR assign specific responsibilities to notified bodies to verify that manufacturers resolve nonconformities identified during conformity assessments and surveillance. Importers and distributors are also required to maintain records of nonconforming devices, recalls, and withdrawals.
  • ICH Q10 (Pharmaceutical Quality System): ICH Q10 provides a harmonized framework for pharmaceutical manufacturers. ICH Q10 references deviations and nonconformances in the context of CAPA, product and process monitoring, and management review systems.. NCRs or deviation reports are used to document and investigate cases where a product or process does not meet approved specifications or procedures. Documenting these issues supports a structured root cause analysis and the implementation of corrective actions. Assessment of nonconformance and deviation trends could also be used as input into product or process monitoring and management review.
  • AS9100 (Aerospace): AS9100 is the international Quality Management System standard for the Aviation, Space, and Defense (AS&D) industry. AS9100 specifies requirements for controlling nonconforming product. These requirements are also aligned with ISO 9001. The standard requires identification, documentation, evaluation, and disposition of nonconforming product, especially in safety-critical components. NCRs provide structured documentation to support airworthiness requirements and supplier quality assurance.
  • HACCP (Food Safety): Hazard Analysis and Critical Control Points (HACCP) is a globally recognized system for food producers. HACCP requires that nonconformances in food safety controls be documented and resolved. NCRs or deviation records are often used to track corrective measures and prevent recurrence.

How Does QMS Software Help Manage Nonconformance Reporting?

Quality Management System (QMS) software is an electronic platform designed to digitize, automate, and standardize quality processes. Within nonconformance management, an eQMS helps ensure that nonconformances are consistently captured, investigated, and linked to CAPA where applicable. QMS software also helps organizations comply with ISO 9001, ISO 13485 or FDA 21 CFR Part 820, IATF 16949, AS9100, HACCP, and sector-specific regulations.

Key functionalities of QMS software for nonconformance management are listed below.

  • Centralized Reporting and Tracking: Enables designated users to collect NCRs in a controlled system, assigning unique identifiers and maintaining end-to-end traceability for inspection readiness.
  • Automated Notifications and Workflows: Sends task assignments and escalations to responsible owners, ensuring compliance with closure timeframes.
  • Root Cause Analysis Tools: Supports structured investigation frameworks and links outcomes directly to risk files.
  • Corrective and Preventive Action Management (CAPA): Integrates NCRs with CAPA records, enabling documentation of corrective actions, verification of effectiveness, and prevention of recurrence.
  • Document Control and Versioning: Ensures all related SOPs, forms, and records are version-controlled, archived, and compliant with documentation requirements.
  • Analytics and Reporting Dashboards: Provides trending on NCs per category and severity, closure times, recurrence rates, and CAPA linkage data.
  • Audit Trail and Compliance Support: Maintains secure, time-stamped records and user accountability in line with applicable electronic recordkeeping requirements across industries such as FDA 21 CFR Part 11 for FDA-regulated products and EU Annex 11 requirements for medicinal products.

SimplerQMS is a validated QMS solution purpose-built for life science companies. SimplerQMS supports broad QMS processes, including nonconformance management, CAPA, supplier controls, and training and other processes through integrated modules. The platform supports compliance with ISO 13485:2016, FDA 21 CFR Part 820, EU MDR/IVDR, EU GMP, and other relevant requirements by streamlining workflows, maintaining secure audit trails, and providing visibility into quality system performance.

SimplerQMS

Cookie Policy

Privacy Policy

Copyright © 2025 SimplerQMS. All rights reserved.

Modules

Document Control

Training Management

Change Control

Nonconformance Management

CAPA Management

Complaints Management

Audit Management

Risk Management

Equipment Management

Supplier Management

Electronic Batch Records

Product Management

View all modules

Product

Overview (QMS Software)

Implementation

Compliance

Technology

Pricing

Solutions

Medical Device

Pharma & Biotech

Laboratories

CRO & CMO

Company

About Us

Contact Us

Contact Support

Contact Sales

Experience

Careers

Our Customers

Resources

Blog Articles

Quality Digest Newsletter

View all resources