It should be detailed enough that a regulator, customer auditor, or internal reviewer can reliably reconstruct the event without relying on tribal knowledge. In practice, that means the record should clearly show what the non-conformance was, how it was detected, what material or product was affected, who reviewed it, what disposition was made, what evidence supported that decision, and what corrective action was required if applicable.
No, the right answer is not “document everything possible.” Excess detail that is inconsistent, duplicated across systems, or unsupported by evidence can create its own risk. Regulators usually care less about volume than about whether the record is accurate, contemporaneous, traceable, reviewable, and aligned to your approved procedures.
A clear description of the non-conformance, including the requirement or specification that was not met.
Identification of the affected item, lot, serial number, batch, work order, operation, supplier receipt, or equipment context as applicable.
When and where it was found, and by whom.
The immediate containment action, including segregation, hold status, or production impact.
The material review or disposition decision, with approval traceability.
Objective evidence supporting the decision, such as measurements, inspection results, photos, test records, or linked documents.
Any rework, repair, deviation, concession, or scrap action taken, including revision-controlled instructions where required.
Whether escalation to CAPA, supplier corrective action, or risk review was required.
Closure evidence showing the action was completed and the record was reviewed per procedure.
The level of detail should scale with risk and impact. A cosmetic issue on non-critical hardware does not normally require the same depth as a dimensional escape on a flight-critical feature, a sterility-related deviation, or a recurring supplier defect. Higher-risk events usually require stronger evidence, clearer decision rationale, broader impact assessment, and tighter review controls.
A useful test is this: if the original finder, supervisor, and engineer were unavailable two years from now, could another qualified reviewer understand exactly what happened and why the final decision was acceptable under your procedures? If not, the record is probably too thin.
Regulators and auditors generally look for consistency between the non-conformance record and the rest of the quality system. They may compare the NCR to inspection data, device history or manufacturing records, training records, calibration status, change history, and CAPA records. If the NCR says rework was performed, they will often expect to see the approved instruction, execution evidence, and final verification. If the NCR says use-as-is or deviation, they will expect the rationale and approvals to be traceable.
This is why short narrative summaries alone are usually not enough in regulated environments. The documentation must connect to the evidence trail.
Vague descriptions such as “out of spec” with no requirement reference.
Missing product scope, so affected units cannot be reliably identified.
Disposition recorded without objective evidence or required approvals.
Rework documented in one system but not reflected in the device history, traveler, or as-built record.
Root cause language added prematurely without investigation support.
Free-text narratives that differ across MES, QMS, ERP, and paper records.
Late data entry that weakens contemporaneous record credibility.
In many plants, non-conformance documentation is split across QMS, MES, ERP, email, shared drives, and paper attachments. That is common, but it increases retrieval risk and inconsistency risk. If your systems coexist, the practical goal is not necessarily a full platform replacement. It is to make sure the authoritative record, linked evidence, approval trail, and item traceability are unambiguous.
Full replacement strategies often fail in long-lifecycle regulated environments because of validation burden, downtime risk, integration complexity, qualification concerns, and the need to preserve traceability across legacy records. In many cases, improving linkage, data discipline, and review workflow across existing systems is more realistic than replacing everything at once.
Your documentation should be complete enough to support investigation, disposition, traceability, and later review under your own procedures and applicable regulatory expectations. If a record cannot withstand cross-checking against related quality and production records, it is not detailed enough. If it is so verbose that reviewers cannot identify the controlling facts, it is probably poorly structured rather than well documented.
The best target is controlled completeness: enough detail to prove what happened and why the decision was made, with evidence and approvals that are easy to retrieve and verify.
Whether you're managing 1 site or 100, C-981 adapts to your environment and scales with your needs—without the complexity of traditional systems.
