Whilst auditing in a very hot and very dusty gas field many years ago, I was interested in the business’s corrective action process and how effective it was. Going through their corrective action register, I picked out an entry about a mobile compressor that had leaked some fuel onto the ground. When asked what happened, they explained the compressor was a relatively new one they’d bought from overseas and the fuel tank had split causing the leak. They cleaned up the spill, the leak was repaired, and the corrective action report closed. I checked the corrective action report and sure enough, that was what was recorded.
I then asked if they had any more of these compressors and they explained that they had bought a second at the same time. When I enquired as to what they had done about the other one, they stated “…nothing because it doesn’t leak.”
I spent the next half hour trying explain corrective action, the need to prevent recurrence, and that they should check the other one because there was a good chance that it would leak too since it was the same model… and that’s the bit that they didn’t get. It wasn’t leaking so why did they need to check it?
I gave up.
Next day, whilst being driven around the site, the two-way crackled into life and loud and clear came the words, “you know that other #*?$#% compressor, that’s #$?*#% leaking now too!”
…loud and clear came the words “you know that other #*?$#% compressor, that’s #$?*#% leaking now!”
So, what is corrective action?
Let’s look at what ISO says, and to help us understand this better we’re going to have a look at what ISO 9001 said in the 2008 version and what it says now in the 2015 version.
Firstly, in ISO 9001:2008 section 8.5.2
The organization shall take action to eliminate the causes of nonconformities in order to prevent recurrence. Corrective actions shall be appropriate to the effects of the nonconformities encountered.
A documented procedure shall be established to define requirements for
a) Reviewing nonconformities (including customer complaints),
b) Determining the cause of nonconformities,
c) Evaluating the need for action to ensure that nonconformities do not recur,
d) Determining and implementing action needed,
e) Records of the results of action taken (see 4.2.4), and
f) Reviewing the effectiveness of the corrective action taken.
The key words being “to prevent recurrence”, which essentially means to stop it happening again.
However, in the recently released ISO 9001:2015 section 10.2 the need for effective corrective has been strengthened and it now states,
Nonconformity and corrective action
10.2.1 When a nonconformity occurs, including any arising from complaints, the organization shall:
a) React to nonconformity and, as applicable:
1) Take action to control and correct it;
2) Deal with consequences;
b) Evaluate the need for action to eliminate the cause(s) of nonconformity, in order that it does not recur or occur elsewhere, be:
1) Reviewing and analysing the nonconformity;
2) Determining the causes of the nonconformity;
3) Determining if similar nonconformities exist, or could potentially occur;
c) Implement any action needed;
d) Review the effectiveness of any corrective action taken;
e) Update risks and opportunities determined during planning, if necessary;
f) Make changes to the quality management system, if necessary;
Corrective actions shall be appropriate to the effects of the nonconformities encountered.
10.2.2 The organization shall retain documented information as evidence of:
- The nature of the nonconformities and any subsequent actions taken;
- The results of any corrective action.
The key-words now being “in order that it does not recur or occur elsewhere”.
So, what should they have done?
They should have simply reviewed the other compressor to see if that was likely to leak too, and if so, repaired it before it started to leak, therefore preventing recurrence of the nonconformity elsewhere.
This is very often missed in corrective action, particularly under ISO 9001:2008, as it often only drives the correction of the one instance of the nonconformance. Prevention of its occurrence again was often erroneously thought of as covered under 8.5.3 Preventive action.
However, ISO 9001:2015 is much clearer in its intent to control the occurrence of the nonconformance elsewhere under 10.2.1 – Evaluate the need for action to eliminate the causes of the nonconformity, in order that it does not recur or occur elsewhere.
The moral of the story is, if you uncover one nonconformance and can see that you’ve likely got another teetering on the cliff edge, make sure you stop it before it falls!