10.0 Improvement

ISO Navigator Pro

ISO Navigator Pro™ is a free tool that provides practical, expert guidance for businesses wishing to interpret the fundamentals of ISO 9000:2015 to help understand, and better implement the requirements of ISO 9001:2015, ISO 14001:2015 and OHSAS 18001:2007. The ISO Navigator Pro™ database divides the requirements into four sequential stages; Plan, Do, Check and Act.

If you're looking for integrated ISO 9001:2015 and ISO 14001:2015 EQMS documentation, please click here.

10.2 Non-Conformity and Corrective Action

The requirements of Clause 10.2.1 are comparable to ISO 9001:2008 Clause 8.3 - Control of Non-Conforming Product and Clause 8.5.2 - Corrective Action. There is an additional requirement for your organization to determine whether other similar non-conformities exist or have the potential to exist that may affect product, process or management system conformity. There is also a new requirement for your organization to determine whether changes to the management system are required to prevent a reoccurrence. Your organization is now required to:

  1. Take whatever action is necessary to control and correct the nonconformity, and to deal with any resultant environmental impact;
  2. Determine what caused the non-conformity and then to consider whether the potential for a similar problem remains;
  3. Consider whether any further action is required to prevent a similar nonconformity recurring at the same place or occurring somewhere else, at some point in the future;
  4. Determine if similar non-conformity has occurred elsewhere and consequently whether it needs to take similar corrective action.

There may be instances where it is impossible to completely eliminate the cause of non-conformity, so in instances, the best organizations can do is to reduce the likelihood or the consequences of a similar occurrence happening again in order to reduce the risk to an acceptable level.

A corrective action should be considered as a reactive response to a problem since it is taken when a non-conformance is detected or upon receipt of a customer complaint. Your organization should first contain the problem and then determine its root cause in order to take appropriate corrective action to prevent the problem’s recurrence.

  1. Recording corrective actions using the forms provided;
  2. Performing an initial review;
  3. Determining causes and the need to take action;
  4. Implementing action where required;
  5. Preventing recurrence;
  6. Evaluating effectiveness;
  7. Recording the results using the forms provided;
  8. Examine the effectiveness of corrective actions.

In response to a symptom, evaluate the need for initiating the problem-solving process. If necessary, provide an emergency response action to protect the customer and initiate the process. Application criteria:

  1. The symptom(s) has been defined and quantified;
  2. The customer(s) who experienced the problem(s)/symptom(s) are identified;
  3. Measurements taken to quantify the problem(s)/symptom(s);
  4. Look for a performance gap;
  5. The cause is unknown;
  6. Symptom complexity exceeds the ability of one person to resolve.

Establish an investigation team with:

  1. Process and/or product knowledge;
  2. Allocated time;
  3. Authority to solve the problem and implement corrective actions;
  4. Skill in the required technical disciplines;
  5. A designated Team Leader.

Describe the internal/external customer problem by identifying what is wrong and detail the problem in quantifiable terms Define, verify and implement the interim containment action to isolate the effects of the problem from any internal/external customer until permanent corrective actions (PCA) are implemented. Validate the effectiveness of the containment actions.

An interim containment action is kept in place until a verified permanent corrective action can be implemented. In some cases, the interim containment action may be the same as or similar to the emergency response action. However, an emergency response action is implemented with minimal supporting data. An interim containment action provides more opportunity for investigation.

Any interim containment action you implement must protect the customer from the problem without the introduction any new problems. Also, a single interim containment action may not be enough. You may need to implement more than one interim containment action to fully protect the customer. An interim containment action can be any action that protects the customer from the problem. However, before you implement an interim containment action, you need to verify that the interim containment action will work.

Isolate and verify the root-cause by testing each possible cause against the problem description and test data. Also isolate and verify the place in the process where the effect of the root-cause should have been detected and contained (escape point). Once you have determined the most likely cause(s), verify that it actually causes the problem. Verification is the proof you need to confirm that you have identified the root-cause. Verification is done passively and actively. Passive verification is done by observation:

  1. Look for the presence of the root-cause without changing anything;
  2. If you cannot prove root-cause, then the identified cause is not the root-cause.

Active verification is done by manipulating the root-cause variable:

  1. Implement and remove the root-cause variable to make the problem ‘come and go’;
  2. Both ‘coming’ and ‘going’ are essential tests to confirm the root-cause;
  3. There can be more than one verified root-cause.

Modify the necessary systems, policies, practices and procedures to prevent recurrence of this problem and similar ones. Make recommendations for systemic improvements as necessary:

  1. Review the history of the problem;
  2. Analyze how the problem occurred and escaped;
  3. Identify affected parties;
  4. Identify opportunities for similar problems to occur and escape;
  5. Identify practices and procedures that allowed the problem to occur;
  6. Identify practices/procedures that allowed the problem to escape to the customer;
  7. Analyze how similar problems could be addressed;
  8. Identify and choose appropriate preventive actions;
  9. Verify preventive action and its effectiveness;
  10. Develop action plan;
  11. Implement preventive actions;
  12. Present systemic preventive recommendations to the process owner.

Serious consequences may occur when the underlying symptoms are not addressed, when the quick fix is accepted as a final, permanent solution. Excessive reliance on containment or emergency response action will create a repeating cycle. Problem containment is an addiction that will only get worse until root-causes are found and addressed.

Free internal audit checklists

Check out our free internal audit checklists. The audit checklist is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the necessary requirements.

Client list

Over 8,000 companies and globally recognized brands have relied on our templates to provide a path to improve, collaborate, and to enhance their operations to achieve certification, please see our client list for more information.