The Act Phase of PDCA
The Plan-Do-Check-Act cycle is the fundamental structure of ISO 9001. Clause 10 is the Act phase — the actions taken based on the Check phase results from Clause 9. Without genuine improvement activities driven by Clause 10, the QMS becomes static and eventually irrelevant. The organization runs the same processes year after year, discovers the same nonconformities, implements the same corrective actions, and learns nothing. Clause 10 is the mechanism that transforms a QMS from a compliance system into a continuous improvement engine.
Clause 10.1: General Improvement
Clause 10.1 requires the organization to continually improve the suitability, adequacy, and effectiveness of its QMS. This improvement must address multiple dimensions: improving products and services to better meet customer needs, improving processes to be more efficient or reliable, improving the QMS itself to be more effective, and responding to management review outputs and audit findings.
The sources of improvement opportunities are: results from monitoring, measurement, analysis and evaluation (Clause 9.1), audit findings and conclusions (Clause 9.2), management review outputs (Clause 9.3), feedback from interested parties (customers, employees, suppliers), and analysis of nonconformities (Clause 10.2). Organizations typically maintain an improvement register or action register that captures all identified opportunities and tracks improvement actions to completion.
Clause 10.2: Nonconformity and Corrective Action
Clause 10.2 is the most operationally significant improvement clause. When nonconformity is identified (either a defective product, a service failure, a procedure not being followed, or a QMS requirement not being met), the organization must first react to contain or correct the immediate problem. Then the organization must determine and address the root cause of the nonconformity to prevent recurrence. Finally, the organization must evaluate whether the corrective action was effective.
The required steps for Clause 10.2 are: (1) React to nonconformity — determine immediate actions needed to contain or correct the specific instance; (2) Evaluate nonconformity — assess whether similar nonconformities might exist elsewhere; (3) Determine root cause — analyze why the nonconformity occurred; (4) Implement corrective action — take actions that address the root cause and prevent recurrence; (5) Evaluate effectiveness — verify that the corrective action actually prevented recurrence; and (6) Update risks, opportunities, and QMS if needed — consider whether risks need to be re-assessed, opportunities identified, or QMS processes need to be updated.
| Nonconformity Source | Examples | Typical Root Cause Categories | Corrective Action Scope |
|---|---|---|---|
| Customer complaint | Delivery delay, product defect, service failure | Process gap, communication breakdown, competence issue, supplier failure | Process control update, retraining, supplier corrective action, procedure revision |
| Internal audit finding | Procedure not followed, required record not maintained | Awareness gap, procedure not practical, no monitoring, training not completed | Procedure revision, awareness communication, monitoring addition, retraining |
| Management review finding | Quality objective not met, unfavorable trend | Process underperforming, resource inadequate, external factor | Process improvement, resource allocation, supplier action, market response |
| Nonconforming product/service | Defective product, rejected service | Process variation, incoming material issue, operator error, equipment failure | Process control tightening, supplier action, retraining, equipment maintenance |
| Supplier failure | Late delivery, non-conforming goods, poor communication | Supplier capability gap, communication breakdown, resource constraint at supplier | Supplier development, supplier replacement, process change to reduce dependency |
| Regulatory non-compliance | Documentation non-compliance, missing records | Awareness gap, process misunderstanding, resource gap, training inadequate | Process redesign, awareness, training, monitoring, documentation review |
Root Cause Analysis: The Core Discipline
The most common weakness in corrective action is that actions address symptoms rather than root causes. For example, a defective product is identified, it is reworked, and the case is closed. But the process that allowed the defect to occur was never changed, so the same defect happens again three months later. This is not a corrective action — it is just correcting the specific instance.
Root cause analysis is the discipline of asking why the problem occurred, not just what the problem is. Simple root cause methods include the "5 Whys" (ask why the nonconformity occurred, then ask why that cause occurred, repeating until the fundamental cause is identified), the Fishbone or Ishikawa diagram (systematically examining process, people, materials, methods, environment factors), and the 8D method (systematic problem-solving approach used for significant customer-facing nonconformities).
The corrective action must address the root cause identified in the analysis. If the root cause analysis concludes that training was insufficient, the corrective action must be retraining, not just a reminder to read the procedure. If root cause analysis concludes the procedure itself is flawed, the procedure must be revised, not just re-communicated.
Effectiveness Verification: The Omitted Step
Clause 10.2 requires that the organization reviews the effectiveness of corrective actions taken. This is the most commonly omitted step in corrective action processes. An organization implements a corrective action, closes the nonconformity report, and moves on — without checking whether the root cause has actually been addressed and the nonconformity has ceased to recur.
Effectiveness verification means checking whether the corrective action actually prevented recurrence. If the nonconformity is a training gap and the corrective action is retraining, then effectiveness verification means checking that trained individuals now perform the process correctly and that no similar defects recur over a reasonable monitoring period (e.g., the next 500 units of production or 30 days of operation, depending on product volume).
Auditors will select historical corrective actions and ask for evidence that effectiveness was verified. Without this evidence, the corrective action process generates a finding. The effectiveness verification record does not need to be complex — a simple note documenting the verification method and results is sufficient.
Clause 10.3: Continual Improvement
While Clause 10.2 addresses reactive improvement (responding to nonconformities), Clause 10.3 addresses proactive improvement. The organization must continually improve QMS suitability, adequacy, and effectiveness through systematic analysis of performance data, management review outputs, and internal audit findings.
Continual improvement goes beyond corrective action — it is about using data, trends, and opportunities to drive the QMS forward. For example, if customer satisfaction survey results show declining satisfaction with delivery responsiveness, that is an improvement opportunity. If process capability analysis shows a process is trending toward out-of-control, that is an improvement opportunity. If competitor benchmarking shows your delivery time is significantly slower than market standards, that is an improvement opportunity.
The improvement register documents identified opportunities, the actions planned, responsibility, target completion dates, and status. The register is reviewed at management review and provides a mechanism for tracking improvement initiatives.
Building a Genuine Improvement Culture
Organizations that build a genuine quality improvement culture have fundamentally different QMS characteristics from those that treat quality as a compliance burden. A genuine improvement culture has psychological safety around nonconformity reporting — staff feel safe reporting quality issues, including their own errors, because they know the focus is on finding and fixing root causes, not on blame. Root cause analysis is rigorous and data-driven, not superficial. Corrective actions actually address root causes and are verified to be effective. Improvement opportunities are systematically identified and implemented.
| Cultural Characteristic | QMS That Improves | QMS That Stagnates |
|---|---|---|
| Nonconformity reporting | Staff report NCs freely including own errors; reporting increases when culture improves | Staff fear blame; NCs under-reported; same issues recur as "one-time" incidents |
| Root cause analysis | Genuine analysis with investigation; systemic causes identified and addressed | Symptoms treated; "solution" is reminder to read procedure; same issues recur |
| Management review | Reviews drive resource and process decisions; improvements are funded and implemented | Reviews generate no actions; findings and opportunities documented but never acted upon |
| Audit findings | Treated as improvement opportunities; auditor partnership valued; findings addressed thoroughly | Treated as threats; disputed with auditors; corrective actions minimal; no systemic change |
| Improvement register | Active and regularly reviewed; improvements completed on schedule; lessons captured | Created for certification, never updated; improvement aspirations without implementation |
| Supplier relationships | Suppliers developed and improved; performance feedback given and acted upon | Suppliers replaced rather than improved; communication limited to orders and complaints |
| Process improvement | Processes continuously analyzed and improved; Kaizen culture; small improvements compound | Processes run unchanged year after year; improvement seen as burden, not benefit |
Nonconformity vs. Corrective Action vs. Correction
Three related terms are important in Clause 10: a nonconformity is a failure to meet a requirement; a correction is an action to fix the specific nonconforming instance (rework the defect, redo the incorrect procedure); and a corrective action is an action to address the root cause and prevent recurrence. Clause 10.2 requires both correction (fix the specific problem) and corrective action (prevent recurrence). If a product is defective, the product must be reworked (correction). But if the process that created the defect is never changed, the same defect will recur — that is why corrective action is needed.
| KEY IDEA | The difference between a corrective action and a correction is fundamental to understanding ISO 9001. A correction fixes the specific nonconformity (rework the defective product, redo the incorrect process). A corrective action prevents recurrence by addressing the root cause (fix the process that allowed the defect to occur). ISO 9001 requires both. Organizations that do corrections but not corrective actions will continuously solve the same problems. |
| IMPORTANT | Effectiveness verification is the most commonly missing step in corrective action processes. Organizations implement a corrective action, close the nonconformity report, and move on without checking whether the root cause was actually addressed and recurrence has stopped. Auditors will select historical corrective actions and ask for evidence of effectiveness verification. Without this evidence, you will receive a finding. Build effectiveness verification into every nonconformity process. |
| BITLION INSIGHT | Organizations that build a genuine nonconformity reporting culture — where staff feel safe reporting quality issues including their own errors — get more value from their QMS than organizations that only capture nonconformities found by customers or auditors. The best quality intelligence comes from inside the production and service delivery process. Building psychological safety around quality reporting is as important as the nonconformity process itself. When a staff member reports their own error and that error is addressed with curiosity rather than blame, that person becomes an ambassador for continuous improvement. |