Chapter 4: What Clause 10.2 Actually Requires (Plain-Language Breakdown)

Clause 10.2 contains two critical subsections: 10.2.1 (General Requirements) and 10.2.2 (Documentation and Information).

10.2.1 lays out six mandatory actions in plain terms. When you identify a nonconformance, your quality management system must:

1. React to the nonconformance — This means immediate action: stop the process, quarantine affected product, alert relevant departments, and prevent further distribution if external nonconformance is suspected.
2. Evaluate the need to take action to eliminate the consequences — Determine the full scope of impact. If 300 parts ran before detection, how many are at customer sites? Which customers? What's the risk to their operations or end-users?
3. Determine the causes of the nonconformance — This is root cause analysis, not guessing. You're looking for the systemic reason, not just the immediate trigger.
4. Implement action to eliminate the causes — Once you know why it happened, you fix the underlying problem. This is the corrective action itself, and it must address root cause, not symptoms.
5. Review the effectiveness of the corrective action — After implementation, you verify the fix actually worked. Did scrap rates drop? Did the drift reoccur? Did audit cycle counts confirm the process behaves differently?
6. Update the management of change and risk assessment related to the nonconformance — Risk-based thinking isn't an afterthought. You must return to your risk register (covered in Clause 6.1) and document how this nonconformance changes your view of that process, product, or supplier.

10.2.2 demands documented evidence of all six actions. Your records must show:

• The description of the nonconformance (what was wrong, where it was found, when, by whom).
• The evaluation of consequences (how many units, which customers, what's the impact).
• The root cause statement (the actual cause, not a workaround description).
• The corrective action(s) taken and their completion date(s).
• The method and result of effectiveness review (how you verified the fix worked).
• Any changes made to the quality management system as a result.

An auditor will pull your CAR file and cross-reference it against shop floor data, customer records, and process documentation. If your root cause statement says "operator error" without explaining *why* the operator made that error, you'll receive a finding. If your effectiveness review is dated three weeks after corrective action implementation when the process cycle time is six weeks, you'll receive a finding.

Important: If you made no documented change to your quality management system despite a significant nonconformance, you'll receive a finding. This is not bureaucracy for its own sake. The intent is to prevent the same problem from recurring, which directly protects your customers and your reputation.