Repeat nonconformances from a supplier usually mean that basic containment is not enough and that the supplier’s underlying systems or controls are unreliable for your level of risk. In regulated environments, you need a structured, documented, and proportionate response that aligns with your quality system, contracts, and regulatory expectations.
1. Define what “repeat” means and set escalation triggers
Before reacting case by case, establish objective criteria in your supplier quality procedures. Examples:
- X nonconformances of the same type or mechanism within Y months.
- Any recurrence after a previous CAPA was closed as effective.
- Single high-severity nonconformance that exposes systemic control gaps (e.g., counterfeit risk, mix-up of serialized parts, or specification changes without notification).
These thresholds should be risk-based and may differ by part family, process, regulator, or program criticality.
2. Classify and quantify the risk
Treat repeat nonconformances as a signal, not just a count:
- Assess severity and detectability: Could this impact safety, compliance, or key functional characteristics?
- Check escape history: Did any nonconforming product pass incoming inspection and reach production, customers, or the field?
- Evaluate system impact: Does the pattern suggest problems in the supplier’s calibration, training, change control, or document management?
Document this assessment in your nonconformance and CAPA records so you can justify escalation decisions during audits.
3. Move from incident-level fixes to supplier-level CAPA
If the same supplier or the same failure mode recurs, shift focus from lot-level disposition to supplier-level corrective and preventive action:
- Open a formal supplier CAPA (aligned with your QMS) referencing linked nonconformance records.
- Require a structured root cause analysis (e.g., 5-Whys, fishbone) addressing:
- Technical root cause (what physically failed).
- Systemic root cause (why their system allowed it).
- Escape root cause (why your incoming or in-process controls did not detect it earlier).
- Agree on specific, verifiable actions, owners, and due dates on the supplier side and your side.
A CAPA that only changes inspection on the current job, without addressing underlying systems, almost always leads to more repeats.
4. Tighten incoming controls based on risk
While supplier CAPA is in progress, you may need to adjust your own controls:
- Increase incoming inspection frequency or sample size for affected part numbers or families.
- Apply focused inspections for the known failure mode (e.g., additional dimensional checks, special functional tests).
- Segregate inventory and require specific release criteria (e.g., QA release only, dual signoff).
- Temporarily block automatic receipts into production until inspection is complete.
These steps add cost and lead time, so treat them as temporary risk controls with clear exit criteria linked to demonstrated supplier improvement.
5. Verify supplier root cause and effectiveness
In regulated environments, you cannot simply accept a supplier’s 8D or 5-Why on paper. You need some level of verification proportional to risk:
- Review evidence: updated work instructions, training records, process FMEAs, control plans, and change control records.
- Request data: capability studies, first article reports, or short-term control charts showing the failure mode is controlled.
- Perform on-site audits or focused process reviews when the risk justifies the cost and disruption.
- Define objective effectiveness criteria: e.g., “no repeats of the same NC type for Z lots or W months under normal inspection levels.”
Document how you determined the CAPA to be effective. Auditors consistently look for this traceability.
6. Align with contracts, regulatory, and program requirements
Your response options are constrained by:
- Contractual terms: quality clauses, right-to-audit, required notification periods, allocation or sole-source obligations.
- Regulatory context: requirements for approved supplier lists, critical suppliers, and documentation of supplier performance.
- Customer requirements: mandated use of specific suppliers, customer notification thresholds, or required approval for supplier changes.
Do not commit to actions (e.g., sudden disqualification) that conflict with these constraints without involving legal, procurement, and, if necessary, customer representatives.
7. Escalate governance when performance does not improve
If repeat nonconformances continue despite CAPA:
- Escalate within your own organization: involve senior quality, operations, supply chain, and program leadership.
- Escalate at the supplier: require management-level reviews, quality business reviews, or executive-to-executive discussions.
- Revise supplier rating: adjust their scorecard, supplier risk rating, and approved scope accordingly.
- Limit or redirect work: restrict them to lower-risk parts, reduce volume, or stop new business pending improvement.
These decisions should be evidence-based and traceable to the nonconformance and CAPA history.
8. Decide when to resource or disqualify a supplier
In long-lifecycle, highly regulated programs, replacing a supplier is slow and expensive, but sometimes necessary. Factors to consider:
- Technical criticality of the parts or processes they provide.
- History of systemic or integrity-related issues (e.g., falsified data, unauthorized substitutions).
- Availability and qualification timeline of alternate sources, including revalidation, qualification testing, and regulatory filings.
- Impact on your own production throughput, field reliability, and compliance risk if you continue.
Where resourcing is chosen, expect a staged coexistence period: dual-sourcing, additional incoming controls, and careful change control to manage PPAP, FAI, or equivalent qualification and documentation updates.
9. Integrate supplier nonconformances into your overall quality system
Handling repeat supplier nonconformances effectively usually requires visibility and integration across systems:
- Link nonconformances, CAPAs, and supplier records in your QMS or equivalent system.
- Ensure ERP/MES/PLM data supports traceability of affected lots, serials, and assemblies back to supplier and purchase order.
- Use supplier performance metrics and trend analysis to identify emerging patterns before they become critical.
- In brownfield environments, expect that manual data reconciliation (e.g., spreadsheets) may be needed where systems do not integrate well; recognize the added error and workload risk.
Full replacement of existing QMS, ERP, or supplier portals purely to manage one problematic supplier is rarely justified in aerospace- or medical-grade contexts because of validation cost, qualification burden, and downtime risk. Most organizations instead harden procedures and interfaces around current tools.
10. Document everything for traceability and audits
Regardless of the actions you choose, ensure:
- Each nonconformance is fully documented, with supplier identified and part/lot/serial traceability.
- Links exist between repeat events, associated CAPAs, and risk assessments.
- Decisions (e.g., to continue use with extra inspection, to escalate, or to disqualify) are documented with rationale.
- Communication with the supplier, customers, and regulators (where applicable) is archived and retrievable.
This documentation is often more important to regulators and customers than the specific path you chose, provided the path is risk-based and consistently applied.
Summary
Handling repeat nonconformances from the same supplier is not just about tighter inspection on the next lot. It requires a risk-based combination of supplier CAPA, temporary containment, governance escalation, and, if necessary, resourcing decisions. The specifics will depend on your contracts, regulatory context, system capabilities, and appetite for operational risk, but the common thread is disciplined traceability and evidence-based decisions.
