Providing support for ISO management and product certification systems in Queensland, and throughout Australia.

ISO 9001 Basics - Corrective Action

As mentioned in my first blog post, ISO 9001 can be a great tool for businesses in many ways. One of the aspects of ISO 9001 that I see making a positive difference if used correctly, is the corrective action process.

As with internal audits, businesses often don’t get this process right. This may cause problems in third party certification audits but also if not set up right can be a pain in the neck to maintain.

Auditors, consultants and long serving quality managers in the business will tell you their thoughts on what a corrective action system should look like but what does the standard actually state?

To start with if we look at ISO 9000 definitions, a corrective action is to be taken to eliminate the cause of a nonconformity and to prevent recurrence. A nonconformity is non-fulfilment of a need or expectation that is stated, generally implied or obligatory.

In plain English, if something doesn’t go as planned it is probably a nonconformity,

and should be addressed using a corrective action process. The photo to the right

is quite obvious there is something wrong but smaller items may be less clear if 

a corrective action process should be followed.  The sorts of entries I would expect

to see in a corrective action system are as follows:

  • Customer complaints

  • Internal audit identified problems

  • Nonconforming output incidents – end product and / or during service
    provision to end customer

  • Internal work in progress significant failures – not normal reviews and tweaks
    to operational control but where a process has fallen down resulting in the
    ​need to apply actions to both resolve and prevent it happening again

This is not an exhaustive list but gives you some ideas. I would not necessarily

expect to see actions in the system that are very simple quick fixes that will never

recur once addressed. For example if a sign off section is missed off one form out

of many just introduced, and it is then added to the form. I would not necessarily

expect to see the full process being followed.

Now we have an idea on what should go into a corrective action process, what should the process look like? Below are the steps that need to be covered, followed by some ideas on how you might set this process up in your organisation.

1. React to the issue – take immediate action to sort it out such as:

  • replace customer’s faulty stock with new stock

  • prevent release of report until errors are fixed or

  • work with customers to sort out consequences of product not meeting specifications

2. Investigate if further action is required to address an underlying root cause and also if the issue could occur elsewhere within your business, e.g.

  • Insufficient training for new staff may mean lack of knowledge causes details to be missed, hence a more robust training process is required

  • Several departments may be using common suppliers or raw materials and may not pick up faults identified in one department only

Note that sometimes the root cause may not be clear initially. For example, I once picked up during an audit that a design business failed to keep up to date with product specific standards. Their "corrective action" was to go out and buy the new standards. The cause of the issue was that there was not a check on standards' currency prior to use and the result was that the issue actually recurred when I checked at the next audit.

3. The standard then says that you need to put any actions in place. Who would have known?...

4. Review the results / effectiveness of the action. This is a very important step which is common to miss. You may have conducted a formal investigation and root cause analysis but may have missed something, then 6 months later the same issue arises. A review of some sort, an internal audit may be appropriate, helps to check that the actions have been successful.

A word of warning– don’t be in a hurry to review the effectiveness. A review in a month after taking appropriate actions may not be enough. It may take 6 months or even a year, make it relevant to the issue and actions.

5. Ensure that you update the risks and opportunities information you are keeping track of. The fact that there is a corrective action might mean that the risk has not been identified or that the risk control measures are not sufficient. It’s all about continuous improvement.

6. Update the quality management system. This is specifically stated in the standard but I would expect this to be covered in your corrective actions already completed. I guess it is here as a reminder.

A final note in this section of the standard states corrective actions shall be appropriate to the effects of the nonconformities encountered. While this might sound obvious, a few of my clients have asked me how far they need to go in addressing issues. For example, if you have the choice to spend a million dollars to install a new system to permanently fix a problem or run training for staff to use the current system correctly, the training option is probably the more cost effective method. This is subject to the review of effectiveness, of course.

The photo shown earlier in this article, shows some customer satisfaction issues (loss of product, infrastructure and possibly lives is likely to upset your customer a little), so sometimes large amounts of money need to be spent on investigating and addressing an issue well…

As mentioned already, this is a major part of continuous improvement as required by the standard and makes a lot of sense if you want your business performance to improve. It should even increase cost effectiveness of your business in the long run.

If you have any comments or questions on this blog, please don't hesitate to send an email via the contact us page here.