Nonconformance Management for Medical Devices: Complete Guide to NCR, Disposition, and Regulatory Compliance

What Is a Nonconformance

A nonconformance is a failure to meet a specified requirement. In the medical device industry, this means any situation where a product, component, material, process, or system does not conform to its established specification, standard, or requirement. The FDA defines a specification in 21 CFR 820.3 as "any requirement with which a product, process, service, or other activity must conform." ISO 13485:2016 defines a requirement as a "need or expectation that is stated, generally implied, or obligatory."

Nonconformances are not rare events. They occur in every medical device organization, regardless of maturity or quality system sophistication. What separates effective quality systems from ineffective ones is not whether nonconformances occur but how the organization identifies, evaluates, contains, investigates, and resolves them.

Nonconformance is not the same as a defect: A nonconformance is a broader concept. A defect is a nonconformance that affects the ability of a product to meet its intended use. All defects are nonconformances, but not all nonconformances are defects. A cosmetic blemish on a housing component may be a nonconformance without being a defect that affects patient safety.

Regulatory Basis for Nonconformance Management

FDA 21 CFR 820.90 (Legacy QSR) and the QMSR

Under the legacy Quality System Regulation, nonconformance requirements were codified in Subpart I (Nonconforming Product). The regulation required each manufacturer to establish and maintain procedures to control product that does not conform to specified requirements. The procedures had to address:

1. Identification: Identifying the nonconforming product
2. Documentation: Documenting the nonconformance, including the nature of the nonconformity
3. Evaluation: Evaluating the nonconformance to determine the need for investigation and corrective action
4. Segregation: Segregating the nonconforming product from conforming product until disposition
5. Disposition: Determining the appropriate disposition (rework, scrap, return to supplier, use as-is)

The regulation also specifically addressed rework:

"Each manufacturer shall establish and maintain procedures for rework, to include retesting and reevaluation of the nonconforming product after rework, to ensure that the product meets its current approved specifications." — 21 CFR 820.90(b)

Under the QMSR (effective February 2, 2026), which incorporates ISO 13485:2016 by reference, nonconformance management maps to ISO 13485 clause 8.3 (Control of nonconforming product). The FDA has determined that the requirements in ISO 13485 are, when taken in totality, substantially similar to the requirements of the QS regulation, providing a similar level of assurance in a firm's quality management system.

The QMSR retains certain FDA-specific requirements, including:

• Requirements for advisory notices (mapped from 820.90 to 21 CFR Part 806)
• Medical device reporting requirements (21 CFR Part 803)
• Corrections and removals requirements (21 CFR Part 806)

ISO 13485:2016 Clause 8.3

ISO 13485 clause 8.3 requires the organization to ensure that product which does not conform to product requirements is identified and controlled to prevent its unintended use or delivery. The standard specifies:

• Identification and control: Nonconforming product must be identified and controlled to prevent unintended use or delivery
• Disposition: The organization must deal with nonconforming product by one or more of the following: taking action to eliminate the detected nonconformity, authorizing its use, release, or acceptance under concession by a relevant authority, taking action to preclude its original intended use or application
• Concession: Acceptance by concession is only permitted if regulatory requirements are met and the justification is documented
• Rework: If rework is performed, it must be subject to the same authorization and approval as the original work. Reworked product must be verified to ensure it meets applicable acceptance criteria and regulatory requirements
• Customer notification: If nonconforming product is detected after delivery, the organization must take appropriate action, including notification of the customer and/or regulatory authority
• Advisory notices: Procedures must be established for issuing and implementing advisory notices as required by applicable regulatory requirements

EU MDR Nonconformance Requirements

Under the EU Medical Device Regulation (MDR 2017/745), manufacturers must have quality management systems that address nonconformities:

• Article 10(9): The quality management system must address corrective and preventive actions and monitoring of post-market obligations
• Article 10(13): For devices that are not in conformity with the requirements of the regulation, the manufacturer must take appropriate corrective action, including investigation of the nonconformity
• Article 87: Reporting requirements for serious incidents and field safety corrective actions

Types of Nonconformances

Product Nonconformances

These occur when a physical product — raw material, component, subassembly, or finished device — does not meet its specified requirements. Examples include:

• Incoming materials that fail inspection against the purchase specification
• In-process components that deviate from dimensional requirements
• Finished devices that fail functional testing
• Sterilization loads that do not meet sterility assurance level requirements
• Labeling errors (wrong labels, missing UDI, incorrect expiry date)
• Packaging failures (damaged sterile barrier, incorrect labeling on carton)

Product nonconformances affect specific units or batches and require immediate containment and disposition.

Process Nonconformances

These occur when a manufacturing or operational process deviates from its controlled procedure. Examples include:

• Manufacturing steps performed out of sequence
• Equipment operated outside validated parameters
• Environmental monitoring excursions in cleanrooms
• Calibration failures on critical measurement equipment
• Process parameters that exceed established alert or action limits

Process nonconformances may affect multiple batches or products and often require investigation into the root cause and assessment of impact on previously released product.

System Nonconformances

These are identified through internal audits, management reviews, and quality system evaluations. They represent gaps in the quality management system itself. Examples include:

• Procedures that do not comply with regulatory requirements
• Training gaps where personnel have not been trained on current procedures
• Inadequate risk assessments for device design or manufacturing processes
• Supplier qualification gaps for critical suppliers
• Management review inputs that are incomplete or missing

System nonconformances are often broader in scope and may require changes to multiple processes, procedures, or organizational practices.

Recommended Reading

Quality Investigation for Medical Devices: Complaint, NCR, and Audit Finding Investigation Complete Guide

Quality Systems CAPA2026-04-17 · 16 min read

The Nonconformance Process

Step 1: Identification

Nonconformances may be identified through multiple channels:

Source	Examples
Incoming inspection	Supplier materials failing to meet purchase specifications
In-process inspection	Components failing dimensional checks during manufacturing
Final inspection/testing	Finished devices failing functional or performance tests
Complaint handling	Customer reports of devices not performing as expected
Internal audits	QMS processes not following established procedures
External audits	Findings from notified body, FDA, or MDSAP audits
Management review	Quality data trends indicating systemic issues
Post-market surveillance	Field data indicating device performance issues
Supplier quality	Nonconforming material reports from suppliers
Design verification/validation	Test failures during design and development

Step 2: Documentation (NCR)

Every nonconformance must be documented in a Nonconformance Report (NCR). The NCR is the formal record of the nonconformance and must include:

• NCR number: A unique, sequential identifier
• Date identified: When the nonconformance was discovered
• Identified by: Who discovered the nonconformance
• Product/process affected: What product, component, or process is involved
• Quantity affected: How many units, batches, or instances
• Specification not met: The specific requirement that was not satisfied
• Description of nonconformity: A clear, objective description of the deviation
• Objective evidence: Inspection data, test results, photographs, or other supporting documentation
• Severity classification: The risk level or impact assessment of the nonconformance
• Immediate containment actions: What was done to prevent further distribution or use

Step 3: Evaluation

The nonconformance must be evaluated to determine:

• Impact assessment: What is the effect on product quality, patient safety, and regulatory compliance?
• Scope: How many units, batches, or products are affected? Could previously released product be affected?
• Investigation need: Does this nonconformance warrant a root cause investigation?
• Reporting requirements: Does this nonconformance trigger medical device reporting, vigilance reporting, or field safety corrective action requirements?
• CAPA escalation: Does this nonconformance meet the criteria for escalation to a CAPA?

Evaluation criteria that help determine the appropriate response:

• Is the existing system capable of detecting the nonconformance if it recurs?
• How likely is the nonconformance to recur?
• What is the potential impact on patient health and safety?
• Has this type of nonconformance occurred before?

Step 4: Segregation and Containment

Nonconforming product must be physically or electronically segregated from conforming product to prevent unintended use or distribution. Containment actions include:

• Physical segregation: Moving nonconforming units to a designated quarantine area
• Electronic flagging: In ERP or inventory systems, flagging affected lots as quarantined
• Distribution hold: Placing holds on any affected product that may already be in the distribution chain
• Field containment: For distributed product, initiating retrieval or notification actions as appropriate

Critical principle: Containment that actually contains. If your system cannot prevent movement or shipment of nonconforming product, your quarantine is a label, not a control. Physical segregation must be enforced by your inventory and distribution systems.

Step 5: Disposition

Each nonconformance must be dispositioned — a formal decision about what to do with the nonconforming product. Disposition options include:

Rework

Action taken on a nonconforming product so that it will fulfill the specified requirements before it is released for distribution. Rework requires:

• A documented rework procedure describing what will be done
• Retesting and reevaluation after rework to ensure the product meets current approved specifications
• Documentation of all rework activities in the device history record
• The same level of authorization and approval as the original manufacturing process

Rework is appropriate when the nonconformity can be corrected and the product can be brought back into conformance without affecting its safety or performance.

Use-As-Is (Concession)

Acceptance of nonconforming product under concession, allowing it to be used despite the nonconformity. This requires:

• Documented justification for why the nonconformity does not affect product safety or performance
• Authorization by a designated authority (typically the Material Review Board)
• Verification that regulatory requirements are met (some nonconformities cannot be accepted by concession)
• Documentation of the concession approval and justification in the quality records

Caution: Use-as-is is one of the most scrutinized dispositions during audits. An auditor who sees repeated use-as-is dispositions for the same type of nonconformance will question whether the organization is accepting problems rather than fixing them. Use-as-is should be the exception, not the routine.

Reject/Scrap

The nonconforming product is destroyed or rendered unusable. This is the most conservative disposition and is appropriate when:

• The nonconformity cannot be corrected by rework
• Rework would be more costly than scrapping the product
• The nonconformity represents a safety risk that cannot be adequately mitigated
• Regulatory requirements prohibit the release of the product with the identified nonconformity

Return to Supplier

Nonconforming incoming materials are returned to the supplier for replacement, rework, or credit. This requires:

• Documented supplier notification of the nonconformance
• Supplier corrective action request (SCAR) if the nonconformity is recurring or significant
• Evaluation of the replacement material against the same acceptance criteria
• Documentation of the return and receipt of replacement in receiving records

Step 6: Investigation

Not every nonconformance requires a formal investigation. Single occurrences of minor nonconformities with clear, straightforward causes may be dispositioned without extensive investigation. However, investigation is required when:

• The nonconformity is recurring (has happened before)
• The nonconformity affects patient safety
• The root cause is not immediately obvious
• The nonconformity has a significant impact on production or delivery
• Regulatory requirements mandate investigation

Investigation methods include:

Method	Best For	Complexity
5 Whys	Simple, single-cause nonconformities	Low
Fishbone (Ishikawa)	Multi-factor nonconformities with potential causes across categories	Medium
Fault Tree Analysis	Complex nonconformities with multiple contributing factors	High
8D Methodology	Customer-facing nonconformities requiring structured response	High
Statistical Analysis	Process nonconformities with data-driven root causes	Medium-High

Step 7: CAPA Escalation

A nonconformance that meets escalation criteria must be referred to the CAPA process. Escalation criteria typically include:

• Nonconformities that have or could have an impact on product safety or efficacy
• Nonconformities that are not easily corrected
• Recurring nonconformities (same root cause or failure mode)
• Nonconformities identified through multiple independent sources
• Nonconformities that indicate a systemic quality system failure

The relationship between nonconformance management and CAPA is critical:

A nonconformance record is a symptom record. CAPA is the systemic correction record. If you treat repeated nonconformances as isolated events, you are choosing recurrence.

Nonconformities that do not meet CAPA escalation criteria may be closed after:

• Documenting the corrective action taken (or justification for no action)
• Verifying that the immediate issue is resolved
• Confirming that no further action is warranted

The Material Review Board (MRB)

The Material Review Board is a cross-functional team with the authority to evaluate nonconforming product and determine its disposition. While not explicitly required by name in FDA regulations or ISO 13485, the concept of authorized disposition is embedded in the regulatory requirements.

MRB Composition

Role	Responsibility
Quality representative	Ensures disposition is consistent with quality requirements and regulatory obligations
Engineering representative	Evaluates technical feasibility of rework and impact on product performance
Manufacturing representative	Assesses production impact and provides process context
Regulatory affairs representative (when needed)	Evaluates reporting obligations and regulatory impact
Subject matter expert (when needed)	Provides specialized technical knowledge for complex evaluations

MRB Decision Framework

The MRB evaluates each nonconformance against:

• Technical criteria: Can the product be reworked to meet specifications? Will the nonconformity affect device performance?
• Safety criteria: Does the nonconformity create a risk to patient or user safety?
• Regulatory criteria: Are there regulatory barriers to the proposed disposition?
• Business criteria: What is the cost of rework vs. scrap vs. return? What is the impact on delivery commitments?

Disposition authority must be explicit: Who can approve rework? Who can approve use-as-is? Who must be involved when risk is high? If disposition authority is vague, you will have inconsistent decisions that cannot be defended during audits.

Root Cause Analysis for Nonconformances

When a nonconformance requires investigation, the goal is to identify the root cause — the fundamental reason the nonconformance occurred. Without identifying the root cause, any corrective action will address the symptom rather than the problem.

The 5 Whys Method

The simplest and most widely used root cause analysis technique. Ask "why" repeatedly until you reach the fundamental cause:

1. Why did the component fail inspection? — The dimensional measurement was out of specification.
2. Why was the measurement out of specification? — The molding machine temperature was too high.
3. Why was the temperature too high? — The temperature controller was set incorrectly.
4. Why was it set incorrectly? — The operator used the setting for a different product.
5. Why did the operator use the wrong setting? — The setup procedure did not include a verification step to confirm the correct temperature before starting production.

Root cause: The setup procedure lacks a verification step for critical process parameters.

Fishbone (Ishikawa) Diagram

A structured approach that categorizes potential causes into standard categories. For medical device manufacturing, typical categories include:

• Materials: Raw material variability, supplier quality issues, material contamination
• Methods: Process parameters out of range, missing or inadequate procedures, inadequate training
• Machines: Equipment malfunction, calibration drift, tooling wear
• Measurement: Inspection method inadequate, measurement error, wrong acceptance criteria
• Environment: Temperature, humidity, cleanliness, vibration
• People: Training gaps, fatigue, inadequate supervision, procedural violations

Fault Tree Analysis

A top-down, deductive approach that starts with the nonconformance as the top event and traces downward through all possible contributing causes using logical gates (AND, OR). This method is particularly useful for complex nonconformities with multiple potential causes.

8D Methodology

A structured problem-solving approach originally developed in the automotive industry, now widely used across regulated industries:

1. D1 — Form the team: Assemble a cross-functional team with appropriate expertise
2. D2 — Describe the problem: Define the nonconformance in specific, measurable terms
3. D3 — Implement interim containment: Prevent the problem from affecting more product
4. D4 — Identify root cause: Analyze data to determine the fundamental cause
5. D5 — Develop corrective action: Define the action that will eliminate the root cause
6. D6 — Implement corrective action: Execute the corrective action plan
7. D7 — Prevent recurrence: Implement systemic changes to prevent the problem from recurring
8. D8 — Recognize the team: Acknowledge the team's contribution to problem resolution

Recommended Reading

Switzerland Swissmedic Medical Device Registration Guide (2026)

Regulatory EU MDR / IVDR2026-04-18 · 13 min read

Nonconformance Data Analysis and Trending

Beyond individual nonconformance resolution, the quality system must analyze nonconformance data to identify trends and patterns. This analysis serves multiple purposes:

• CAPA trigger: Trends indicating recurring or systemic issues should trigger CAPA investigations
• Process improvement: Data may reveal opportunities for process optimization
• Supplier management: Trends in incoming material nonconformances inform supplier quality ratings
• Management review: Nonconformance data is a required input to management review
• Risk management: Nonconformance data feeds into the ongoing risk management process

Key Metrics for Nonconformance Management

Metric	Definition	Target Direction
Total NCRs	Number of nonconformance reports opened per period	Trending down
NCRs by type	Distribution across product, process, and system nonconformances	Stable or improving
NCRs by source	Distribution across incoming, in-process, final, complaints, audits	Reveals where detection is occurring
Rework rate	Percentage of product requiring rework	Trending down
Scrap rate	Percentage of product scrapped	Trending down
Use-as-is rate	Percentage of NCRs dispositioned as use-as-is	Low (ideally minimal)
Time to disposition	Average days from NCR opening to final disposition	Trending down
Recurrence rate	Percentage of NCRs that are recurrences of previous issues	Trending down
CAPA escalation rate	Percentage of NCRs escalated to CAPA	Appropriate to risk

Common Nonconformance Audit Findings

1. Failure to Identify and Segregate Nonconforming Product

The most fundamental requirement — if nonconforming product is not identified and segregated, it can be shipped to customers. Common failures include:

• Nonconforming product stored in areas accessible to production personnel without controls
• Inventory systems that do not prevent shipment of quarantined lots
• Lack of physical identification (labels, tags) on nonconforming product

2. Inadequate Investigation

Nonconformances investigated superficially without identifying the root cause:

• Root cause listed as "operator error" without investigating why the operator made the error
• Root cause listed as "unknown" repeatedly for the same failure mode
• No investigation at all for nonconformances that should have been escalated

3. CAPA Not Escalated When Warranted

Recurring nonconformances treated as isolated events without CAPA investigation:

• The same failure mode documented in multiple NCRs without triggering a CAPA
• Trend data showing increasing nonconformance rates without response
• Nonconformities with safety implications handled at the NCR level only

4. Inadequate Rework Verification

Rework performed without proper verification:

• Reworked product released without re-inspection against the original acceptance criteria
• Rework procedures not documented in the device history record
• Rework approval not at the same level of authorization as the original process

5. Insufficient Documentation

NCRs lacking essential information:

• No description of the nonconformity or the specification not met
• No documentation of the disposition decision and justification
• No evidence of containment actions taken
• Missing approvals or signatures
• NCRs closed without documenting the resolution

6. Untimely Resolution

Nonconformances left open for extended periods without documented justification:

• Investigations exceeding procedural timelines without extension requests
• Nonconforming product in quarantine for months without disposition
• CAPA actions not implemented within committed timeframes

NCR Template Structure

A well-designed nonconformance report template ensures that all required information is captured consistently. Here is a recommended structure:

Section 1: Identification

• NCR Number (auto-generated or sequential)
• Date Opened
• Opened By (name and department)
• Priority/Severity (critical, major, minor)

Section 2: Nonconformity Description

• Product/Process Affected (part number, lot number, batch)
• Quantity Affected
• Location Where Identified (incoming, in-process, final, field)
• Specification Not Met (reference specific requirement, paragraph, or drawing)
• Description of Nonconformity (factual, objective description of the deviation)
• Objective Evidence (inspection data, test results, photographs)

Section 3: Containment

• Immediate Containment Actions Taken
• Product Segregated (Y/N, location)
• Distributed Product Affected (Y/N, scope)
• Customer Notification Required (Y/N)

Section 4: Evaluation

• Risk Assessment (impact on safety, performance, compliance)
• Investigation Required (Y/N, justification)
• CAPA Escalation Required (Y/N, justification)
• Regulatory Reporting Required (Y/N, reference)

Section 5: Disposition

• Disposition Decision (rework, use-as-is, scrap, return to supplier)
• Disposition Justification
• Authorized By (name, title, date)
• MRB Members (if applicable)

Section 6: Investigation and Root Cause (if applicable)

• Investigation Method Used
• Root Cause Description
• Supporting Evidence

Section 7: Corrective Action (if applicable)

• Corrective Action Description
• Responsible Person
• Target Completion Date
• Actual Completion Date

Section 8: Effectiveness Verification (for CAPA-escalated NCRs)

• Effectiveness Check Description
• Results
• Verified By (name, date)

Section 9: Closure

• Resolution Summary
• Closed By (name, date)
• Quality Approval (name, date)

Recommended Reading

Quality KPIs and Metrics for Medical Devices: Complete Framework + ISO 13485 & QMSR 2026 Alignment

Quality Systems ISO 134852026-04-17 · 14 min read

Centralized Nonconformance Trending

Organizations that centralize their nonconformance reporting across all subsystems gain significant advantages over those that manage nonconformances in isolated silos:

• Cross-subsystem trend analysis: Nonconformances from incoming inspection, production, complaints, and audits can be analyzed together to identify systemic patterns
• CAPA triggering: Centralized data makes it easier to identify when the same root cause is producing nonconformances in different areas of the organization
• Management review reporting: Aggregated nonconformance data provides more meaningful inputs to management review
• Supplier performance monitoring: Centralized incoming and production nonconformances linked to specific suppliers enable more accurate supplier quality ratings
• Continuous improvement: Trending data identifies the most significant quality problems, allowing resources to be focused where they will have the greatest impact

Many organizations find that their eQMS provides the best platform for centralized nonconformance management, as it automatically links nonconformances to related quality events (complaints, CAPAs, audits, change controls) and provides built-in trending and reporting capabilities.

Nonconformance Management Best Practices

1. Write Clear, Specific NCRs

An NCR should describe the nonconformity so precisely that someone unfamiliar with the event can understand exactly what happened. Include:

• What was expected (the specification)
• What was actually found (the deviation)
• How much was affected (quantity, lot numbers, serial numbers)
• Where it was found (location, process step)
• Objective evidence (measurement data, photographs, test results)

2. Separate Containment from Correction

Contain the nonconformity immediately — prevent it from affecting more product. Then investigate and correct the root cause. These are two different activities with different timelines and objectives. Do not wait for the root cause investigation to be complete before containing the affected product.

3. Use Risk-Based Escalation Criteria

Define clear, objective criteria for when a nonconformance must be escalated to CAPA. Criteria should consider:

• Patient safety impact
• Recurrence history
• Production impact
• Regulatory reporting requirements
• Customer impact

4. Trend Your Nonconformance Data

Regularly analyze nonconformance data to identify patterns before they become systemic problems. Use Pareto analysis to focus on the most significant contributors. Track trends over time to measure the effectiveness of corrective actions.

5. Close the Loop

Every nonconformance should have a clear resolution. The record should demonstrate that:

• The nonconformity was identified and contained
• The root cause was investigated (when warranted)
• A disposition decision was made and authorized
• Corrective actions were implemented (when warranted)
• The effectiveness of those actions was verified (for escalated nonconformances)

The QMSR Impact on Nonconformance Management

The transition to the QMSR (effective February 2, 2026) changes several aspects of how nonconformance management is inspected and evaluated:

Aspect	Legacy QSR	QMSR
Inspection scope	Management reviews and quality audits exempt from FDA inspection	FDA can now inspect management review, quality audits, and supplier audits
Terminology	DMR, DHF, DHR defined in regulation	These terms no longer defined, but organizations may continue to use them
Risk-based approach	Prescriptive requirements	ISO 13485 allows risk-based implementation
Advisory notices	Addressed in 820.90	Mapped to 21 CFR Part 806
Inspection technique	QSIT (Quality System Inspection Technique)	New risk-based inspection process under CP 7382.850

The broader inspection scope under the QMSR means that nonconformance data and trends are more likely to be reviewed during FDA inspections, as they feed into management review and quality audit processes that are now inspectable.

Recommended Reading

Batch Records for Medical Devices: Complete Guide to BMR, EBR, and DHR — Paper vs Electronic, 21 CFR 210/211 Compliance, and FDA QMSR Requirements

Quality Systems Manufacturing2026-04-17 · 21 min read

Frequently Asked Questions

When does a nonconformance need to be reported to FDA?

A nonconformance must be reported to FDA when it meets the criteria for Medical Device Reporting (MDR) under 21 CFR Part 803. This includes events where a device may have caused or contributed to a death or serious injury, or where a malfunction of the device would be likely to cause or contribute to a death or serious injury if it were to recur. Not every nonconformance triggers MDR reporting — it depends on the specific circumstances and risk assessment.

How is a nonconformance different from a CAPA?

A nonconformance is the specific event — a product, process, or system failure to meet a requirement. CAPA (Corrective and Preventive Action) is the systemic response to eliminate the root cause of the nonconformance and prevent recurrence. Not every nonconformance requires a CAPA. Single, minor nonconformances with obvious causes may be resolved at the NCR level. Recurring, significant, or safety-related nonconformances should be escalated to CAPA.

What is a concession?

A concession is a documented decision to accept nonconforming product for use despite the nonconformity. Under ISO 13485, a concession requires documented justification and must meet regulatory requirements. The person authorizing the concession must be identified. Concessions are appropriate when the nonconformity does not affect the safety, performance, or efficacy of the device.

Should every nonconformance be investigated?

No. The depth of investigation should be proportional to the risk and complexity of the nonconformance. A single occurrence of a minor, well-understood nonconformance with a clear cause (e.g., a supplier shipped material with a wrong label that was caught at incoming inspection) may not require extensive investigation beyond documenting the event and returning the material. However, recurring nonconformances, safety-related nonconformances, and nonconformances with unclear causes always require investigation.

Who should approve nonconformance dispositions?

Disposition authority should be defined in the nonconformance management procedure. At minimum, a quality representative should approve all dispositions. For high-risk or complex dispositions (especially use-as-is), the Material Review Board — including quality, engineering, manufacturing, and potentially regulatory affairs — should be involved. The key principle is that disposition authority must be explicit and documented, with clear criteria for when different levels of authority are required.