nonconformance report (NCR)

A nonconformance report (NCR) is a formal record used to document and control any product, process, or system condition that does not meet specified requirements. In industrial and regulated manufacturing environments, NCRs are a core part of the quality management system and support traceability, risk control, and regulatory or customer reporting.

What an NCR typically includes

While formats vary by organization and industry, a nonconformance report commonly captures:

• Identification details, such as part numbers, batch/lot, equipment, work order, and date
• A clear description of the nonconformance against requirements, specifications, drawings, or procedures
• Detection information, including where and how the issue was found (inspection, in-process check, test, audit, customer complaint, supplier receipt)
• Containment actions, such as segregation, hold, rework, or scrap of affected items
• Impact assessment, including potential safety, regulatory, or customer impact and risk classification
• Disposition decisions (e.g., use-as-is with justification, rework, repair, scrap, return to supplier)
• Approvals and signoffs from authorized functions (quality, engineering, operations, supplier quality, or customer when required)

Role in operations and quality systems

Operationally, an NCR is the mechanism that:

• Stops or controls the flow of nonconforming product or data until a decision is made
• Provides structured evidence for audits, regulatory reviews, and customer reporting
• Feeds information to related processes such as CAPA, supplier management, and continuous improvement
• Supports traceability by linking nonconformances to work orders, serial numbers, lots, and inspection or test records

NCRs may be created and managed in electronic quality management systems (eQMS), MES, ERP, or specialized nonconformance modules, often with workflow for routing, review, and closure. Time-to-close targets, escalation thresholds, and approval rules are normally defined in the organization’s quality management system.

Relationship to other quality processes

An NCR by itself documents and controls a specific nonconformance. It may trigger other processes when the risk or recurrence justifies it, for example:

• CAPA (Corrective and Preventive Action): Initiated when an NCR indicates systemic issues, repeated defects, or significant risk that requires root cause analysis and long-term corrective or preventive measures.
• Supplier corrective action: Initiated when a supplier-caused nonconformance is documented on an NCR and requires formal response from the supplier.
• Change control or engineering change: Used when resolving the nonconformance requires changing design, specifications, or controlled procedures.

Scope and boundaries

In regulated or standards-driven environments, NCRs commonly apply to:

• Physical product nonconformances (dimensions, material, performance, labeling)
• Process nonconformances (operations performed out of sequence, missing signoffs, deviation from validated parameters)
• Documentation and data issues that affect product conformity or traceability (incorrect revision used, incomplete record, missing inspection)

NCRs are distinct from informal defect logs or shop-floor notes because they require documented evaluation, disposition, and closure within a defined system.

Common confusion

• NCR vs CAPA: An NCR documents a specific nonconformance and its immediate disposition. A CAPA addresses underlying causes to prevent recurrence or occurrence across the system. One NCR may lead to a CAPA, but not all NCRs require CAPA.
• NCR vs deviation / concession: A deviation or concession is prior authorization to depart from a requirement. An NCR is raised after a nonconformance exists, to document and decide what to do with it.
• NCR vs audit finding: An audit finding may be documented separately, but when it involves nonconforming product or processes, it is often also recorded as an NCR within the quality system.

Aerospace and other highly regulated contexts

In aerospace, medical device, and similar regulated industries, NCRs are tightly controlled. Organizations typically define:

• Risk-based classification for nonconformances
• Specific roles authorized to review and approve dispositions
• Time limits and escalation criteria for open NCRs
• Requirements for involving customers or regulatory bodies when product conformity or airworthiness/patient safety could be affected

These controls are usually documented in the quality management system and may be aligned with applicable standards and customer requirements.