NC & CAPA in calibration: turning problems into proof

Things go wrong in every lab — an instrument is found out of tolerance, a reference standard slips past its due date, the air-con fails overnight. What separates a credible laboratory from a fragile one isn’t the absence of problems; it’s a disciplined way of catching them, containing the damage and stopping them coming back. That discipline has a name: nonconformance (NC) and corrective and preventive action (CAPA).

What counts as a nonconformance?

A nonconformance is any time work, or a result, fails to meet a requirement — your own procedure, the customer’s specification, or the accreditation standard. In a calibration lab the everyday examples are familiar: an as-found reading outside tolerance, a calibration performed against a standard that had expired, ambient conditions drifting outside the stated limits during a measurement, a Gage R&R study showing the measurement system can’t be trusted, an unsatisfactory proficiency-test result, or a customer complaint about a certificate. None of these are disasters on their own. Hiding them is.

Step one: detect and record

The loop only works if issues are actually captured. A good system makes raising an NC quick and routine — a unique reference, the date, who found it, what requirement was missed and the evidence. Crucially, many NCs should raise themselves: when an entered result falls outside tolerance, when a standard’s due date has passed, or when an environmental reading breaches its limit, the software should flag it automatically rather than relying on someone to remember.

Step two: contain it — the impact assessment

Before fixing the cause, you have to limit the harm. The key question in calibration is: what else is affected? If a reference standard was found out of tolerance, every calibration it backed since its last good check is now in doubt. That triggers an impact assessment and, where needed, notification and recall of affected certificates — telling customers their instrument may need re-checking. It is uncomfortable, but doing it is exactly what proves the system is trustworthy. This is also why traceability records matter: you can only recall what you can trace.

Step three: correction vs corrective action

These two are often confused, and the difference is the whole point of CAPA.

A correction fixes the immediate problem. A corrective action fixes the cause so it can’t recur.

Re-calibrating the affected gauge is a correction. Working out why the standard was used past its due date — and changing the scheduling so it can never happen again — is corrective action. Stop at correction and you’ll be writing the same NC next quarter.

Step four: find the real root cause

Effective corrective action depends on honest root-cause analysis, not on blaming the nearest technician. Simple tools work well: the 5 Whys (keep asking why until you reach a system cause, not a person), and the fishbone / Ishikawa diagram, which sorts possible causes into people, method, equipment, materials, environment and measurement. The test of a good root cause is that the fix lands on a process, not on “be more careful next time.”

Step five: act, then prove it worked

CAPA isn’t finished when the action is taken — it’s finished when you’ve verified the action was effective. Did the new scheduling actually prevent expired-standard use over the following months? An NC closed without an effectiveness check is a guess. Recording the planned action, the owner, the due date and the verification turns the loop into evidence.

How it maps to ISO/IEC 17025

The standard makes this explicit. Clause 7.10 (nonconforming work) requires you to act when work doesn’t meet requirements — assign responsibility, evaluate significance including the impact on previous results, decide on acceptability, and recall where necessary. Clause 8.7 (corrective action) requires you to react to the nonconformity, control and correct it, then determine and eliminate the cause so it doesn’t recur, and review effectiveness. Together they are the NC/CAPA loop, and assessors expect to see it running — with a documented trail. For the wider picture of what records that involves, see what ISO/IEC 17025 expects of your records.

Why the audit trail matters

An NC/CAPA record is only as good as its integrity. Entries should be legible, retrievable, and protected so that an issue can’t quietly disappear — with a tamper-evident audit trail of who raised it, who actioned it and when it closed. A clean history of problems found and fixed is not a weakness on display; to an assessor it’s the strongest evidence that your quality system actually works.

How Cali handles NC & CAPA

Cali treats nonconformance as a by-product of normal work rather than extra paperwork. Out-of-tolerance results, expired-standard use, unsatisfactory proficiency tests and out-of-limit environmental readings can raise an NC automatically. Each NC carries root-cause notes, a correction and corrective-action plan with an owner and due date, an effectiveness check, and a full audit trail — linked back to the affected asset, certificate and standard so impact and recall are obvious. The result: when an assessor asks “show me how you handle problems,” the answer is a few clicks, not a scramble. (General guidance, not a substitute for the standard itself or your accreditation body’s requirements.)

More from the Cali blog: browse all calibration & metrology guides →