Maps to
QMSR / ISO 13485: §820.90
ISO 13485: §8.3
Requirement text
Nonconforming product shall be identified and controlled to prevent unintended use or delivery.
What changed
Part 820.90 established requirements for nonconforming product control focused on identification, documentation, evaluation, segregation, and disposition. ISO 13485 clause 8.3 covers similar ground but adds several explicit requirements that Part 820 left implicit or addressed elsewhere.
ISO 13485 adds explicit requirements for concessions: when nonconforming product is accepted under concession, the identity of the person authorizing the concession must be recorded, the justification must be documented, and the organization must ensure that regulatory requirements are still met. Part 820.90 addressed disposition but did not formalize the concession process with the same specificity around authorization records and regulatory compliance verification.
ISO 13485 also introduces an explicit requirement for advisory notices. Section 8.3.3 requires organizations to have documented procedures for issuing advisory notices in accordance with applicable regulatory requirements, and these procedures must be capable of being put into effect at any stage. Under the QMSR, advisory notices must also be handled per 21 CFR Part 806. This creates a direct linkage between nonconforming product disposition and field action procedures that Part 820 addressed in separate regulatory sections.
The process approach of ISO 13485 also requires that nonconforming product control be integrated with CAPA (8.5.2/8.5.3), complaint handling (8.2.2), and risk management. Each nonconformance must be evaluated for its impact on product safety and performance, and the disposition decision must consider whether the nonconformity could affect previously delivered product. This systemic view was present in FDA inspection practice but was not as explicitly codified in Part 820.90.
Atomic constraints
- •Nonconforming product must be identified and segregated
- •Disposition decisions must be documented
- •Rework must follow documented procedures
- •Concessions must be justified and approved
Common gaps
No Assessment of Impact on Delivered Product
majorISO 13485 requires that when nonconforming product is detected after delivery, the organization must take action appropriate to the effects of the nonconformity. Many NCR procedures focus only on in-process or in-stock product without systematic evaluation of whether the nonconformity could affect product already in the field.
Weak 'Use-as-Is' justifications
majorProduct is conceded (used-as-is) without a documented technical rationale explaining why the non-conformance doesn't affect safety or performance. ISO 13485 §8.3.2 requires this rationale.
No Formal Concession Procedure
moderateISO 13485 requires documented procedures for accepting nonconforming product under concession, including recording the identity of the authorizing person and verifying that regulatory requirements are still met. Many Part 820-era NCR systems allow disposition as "use as is" without a formal concession process, authorization records, or regulatory compliance check.
Missing Advisory Notice Procedures
moderateISO 13485 clause 8.3.3 requires documented procedures for issuing advisory notices that can be activated at any stage. Many organizations lack a standalone advisory notice procedure or have field action procedures that are not linked to the nonconforming product control process.
Weak NCR-to-CAPA Escalation Criteria
moderateISO 13485 requires integration between nonconforming product control and CAPA. Many organizations lack defined criteria for when an NCR should trigger a CAPA, leading to either over-escalation or under-escalation of quality issues.
Evidence signals
- •
FILE_EXISTS
(NCR|Nonconform|Non.conform|Disposition|Rework|NCMR)
- •
CONTENT_MATCH
Does this document describe procedures for identifying, segregating, or dispositioning nonconforming product?
Audit defense
Nonconforming product control for [your product] is managed through [your document ID]. All nonconforming product is identified, segregated, and dispositioned through our formal NCR process. Rework follows documented procedures with re-inspection before release per QMSR 820.90.