Non-conformances raised, root-caused, corrected, and verified closed. The way auditors actually look for them.
An NCR system built around the closure cycle ISO clauses 10.2 (and equivalents) describe. Every non-conformance is raised, root-caused, corrective action assigned, evidence captured, and independently verified closed.
Average open NCRs at first review: 47. Average days to closure pre-Vissibl: 184. Average days to closure with Vissibl: 22.
An incident captured is not a non-conformance closed.
ISO auditors do not look for incidents. They look for non-conformances raised, root-caused, corrected with documented action, verified closed by someone other than the originator, and trended to prevent recurrence. That is what 10.2 actually says.
Most operational businesses capture incidents in one system, raise NCRs in a spreadsheet, manage corrective actions in another tool, and then try to assemble the closure evidence the week before the audit. The artefact the auditor wants does not exist anywhere as a single object.
Non-Conformance is built around that artefact. Every NCR is a single record from raise to closure, with the evidence trail the standard requires.
What it does, end to end.
Raise NCRs from incidents, internal audits, surveillance findings, customer complaints, or supplier issues. All routed into the same closure workflow.
5 Whys, fishbone, and fault tree templates built in. The selected analysis is preserved with the NCR for audit.
Each corrective action has an owner, a due date, and an evidence requirement. Overdue actions surface on the readiness dashboard.
Closure requires sign-off by a verifier other than the originator and the action owner, as the standard requires. The platform enforces it.
NCRs are categorised and trended. Recurring root causes are flagged automatically. Management review draws from this.
Every NCR is linked to the clause and control it relates to. The relationship feeds the Vissi Audit gap analysis and the readiness score.
From first run to ongoing operation.
Raise
An NCR is raised from any source — incident, internal audit, supplier issue, customer complaint, surveillance finding. One workflow.
Root cause and action
Root cause analysis is documented in-platform. Corrective and preventive actions are assigned with owners, due dates, and evidence requirements.
Verify and close
Evidence is captured, an independent verifier signs off, the NCR is closed. The full record is preserved for surveillance audit.
Our last audit closed with zero major and one minor non-conformance. The auditor commented that the NCR closure evidence was the cleanest he had seen this year.
Where this module is used.
Questions buyers and practitioners ask.
Can we use it for both audit findings and operational incidents?
Yes. The same closure workflow handles findings from surveillance audits, internal audits, supplier issues, customer complaints, and operational incidents. Source is captured per NCR.
Does it integrate with our existing incident reporting tool?
Yes. Common connectors include SafetyCulture, HammerTech, INX, and Donesafe. An incident in the source system can raise an NCR in Vissibl automatically.
How does the independent verification rule work?
Closure requires sign-off by someone who is neither the originator nor the action owner. The platform enforces this by hiding the close button from those parties. The constraint is configurable per NCR category.
Does it cover preventive actions, not just corrective?
Yes. Both corrective (post-event) and preventive (pre-event, often from trend analysis or risk review) actions are first-class objects with the same evidence and verification requirements.