Submit a non-conformance (NCR)
A Non-Conformance Report (NCR) captures something that didn't meet a specified requirement — a product defect, a procedure not followed, a missed audit checkpoint, a customer complaint. ENSURE drives every NCR through containment, investigation, correction and closure.
The 30-second version
- Open NCR in the sidebar → click + New NCR
- Category, severity, description, assignee
- Click Create — you'll get an
NCR-###reference - Assignee is notified; NCR moves through containment → risk assessment → investigation → correction → closed
Step-by-step
Open the NCR module
Click NCR in the left sidebar. The list shows every open non-conformance with its lifecycle step, category, severity and the responsible person.
Click "+ New NCR"
Top-right of the page. The form opens with your name as the raiser and today's date pre-filled.
Pick the right category
Category drives where the NCR shows up in dashboards and which approval chain applies:
- Quality — product/service didn't meet spec
- Process — a procedure wasn't followed
- Compliance — regulatory or standards (ISO 9001/14001/45001, customer-specific)
- Safety — a safety control failed without an incident occurring
- Environmental — a release, exceedance or near-release
Pick the closest one — Quality leads can recategorise during investigation.
Set severity
Severity reflects the impact, not just the symptom:
- Critical — product is unsafe / unsalable, customer impact, regulator notification
- Major — significant rework, customer complaint risk, repeat finding
- Minor — within-tolerance deviation, isolated occurrence
Write a factual description
State the requirement, then state how reality differed. This is the auditable record — be specific:
- ✅ "SOP-OP-014 §3.2 requires bracket weld inspection on every unit; lot 2026-W22 batch 14 (50 units) was released without inspection."
- ❌ "Inspections missed."
Don't speculate about root cause yet — that's the investigation step.
Assign it
Pick the person who owns the response. Usually the line manager of the area where the NCR was found, or the Quality lead for that product line.
If the NCR is customer-facing or regulator-relevant, also add a watcher — the watcher gets notifications but isn't expected to action.
Click "Create"
The NCR is saved, assigned NCR-###, and the assignee is notified immediately (in-app + email). The lifecycle is now at Raised; the assignee's first job is containment.
What happens next
Every NCR moves through six lifecycle steps:
Containment — stop the bleeding (segregate stock, halt shipment, isolate process). Fastest step; should happen in hours, not days. Risk assessment — what's the exposure? Could this have shipped to customers? Investigation — root cause analysis (5-Whys or fishbone built in). Correction — what was changed, with evidence. Closed — sign-off by the configured approver. Repeat NCRs are flagged automatically with a link to the prior closure.
Common questions
No. NCRs handle containment + correction. A CAPA is the right tool when you need to change something systemically to prevent the same NCR happening again. From the NCR detail panel, click Promote → CAPA when that's needed — the new CAPA stays linked.
By default the configured approver pool — Quality lead, Admin, HSE Manager. The assignee cannot close their own NCR; that separation enforces independent verification.
Approvers can void an NCR from the detail panel. The record stays in the audit log with a void reason — never deleted, just struck through and excluded from KPIs.
When you create an NCR with wording similar to a closed one, ENSURE shows a possible repeat banner pointing at the prior NCR. If you confirm it's a repeat, KPIs treat it as such — repeats are a primary input to your management review.