WIXLIB

White paperCorrective action:The closed-loop system

ContentsSummary3How corrective action works4The stepsStep 1 - Identify non-conformities5Step 2 - Opening a corrective action6Step 3 - Responding to a corrective action7Step 4 - Defining the root cause8Step 5 - Implementing the solution10Unleashing the power of corrective action with a closed-loop system11Conclusion12

The closed-loop systemSummaryThe corrective action process is a fundamental process that affects all of the controlpoints in a company’s management system. Auditors tend to look deeply into companies’corrective action processes during investigations. Key questions typically asked include: Are corrective actions followed-up in a timely fashion? Do records prove that all actions have been completedsuccessfully? Are all recommended changes completed and verified? Was the actual root cause identified? How was it validated? Was action taken to correct or prevent the problem and ensureit will not happen again? Has it been demonstrated that actions taken have no adverse effects on products orservices? Was training performed and communications issued to ensure that all relevant partiesunderstand the situation that occurred and the changes that have been made?Monitor, measure, correctAchieve successTo better manage the issues that launch thecorrective action process, companies needto optimize their practices by implementingefficient, closed-loop corrective actionprocesses. Every good corrective actionprocess should have a built-in audit processto verify and validate that the correctiveaction system is at optimal performance.With nearly every ISO standard,e.g. ISO 9001, ISO 13485, ISO 14001,ISO/IEC 27001, or OHSAS 18001,organizations must determine the actionsthey can take to eliminate the causes ofpotential non-conformities. A company’sability to rapidly correct existing problemsand implement controls to prevent potentialproblems is essential to ensure customersatisfaction and achieve operational success.Data and evidence tracking is a criticalcomponent of action management as well,so the organization can ensure that all nonconformity information can be confirmed,monitored, measured, and, if necessary,corrected.BSI Corrective action: the closed-loop systemWhile a corrective action process mustmeet the necessary industry compliancerequirements, it must also be effective.Otherwise, managers will find themselvesin a constant state of response and thecorrective action process becomesa bottleneck.3

How corrective action worksIt’s all about improvementA preventive action is created to offset a potential problem. While the preventive action process cancontribute to the overall continual improvement effort, its main objective is to eliminate potentialproblems before they occur. Corrective actions, on the other hand, provide managers with not onlythe data they need to construct an effective and efficient corrective action process, but can be usedas input into preventive actions.Using both types of actions enables acompany to transform itself from anoperation that is continually reacting tofailures, to one with the processes inplace to prevent problems in the firstplace. Ultimately, the company saves timeand money and, most importantly, retainscustomers.Continual improvementCorrective actions are processes that maybe used to achieve continual improvement.Continual improvement reflects an ongoingeffort to improve products, services,or processes.It can be incremental improvement overtime or breakthrough improvement all atonce. For instance, an organization’sdelivery processes are constantlymonitored and evaluated in light of thefact that they are already considered tobe effective; improvement may come inthe form of making the processes moreefficient. Improved efficiency could lead toa decrease in administrative and operationscosts, thereby lowering the costs of goodsand services and providing an opportunityto lower prices to be more competitiveand win more business.Consequently, the closed-loop processreduces the number and severity of issuesthat occur. Over time, organizations buildan intelligent knowledge base and canimplement additional preventive actions,thereby being more proactive, furtherimproving processes and operationsthroughout their facilities. As a result,customer satisfaction improves and thebottom line moves in the right direction.Companies that implement a closed-loopcorrective action process can expect toexperience satisfying and cost-effective results.In addition to these advantages, a closed-loopcorrective action process ensures thatbest practices are consistently applied tothe processes that support compliancerequirements. Properly documented actionsprovide managers with important historicaldata, which may be used to implementcontinual improvement plans; a wellthought-out, integrated process can help inthe capture and dissemination of operationalintelligence related to these actions.See Figure 1 for an illustration of a closedloop corrective action process and how itties in to the Plan, Do, Check, Act (PDCA)process. Through continuous monitoring,issues are highlighted, thereby allowingthem to be addressed in real-time.Interested partiesInterested partiesEstablish systemLearnINPUTSRequirements andexpectationsLearnOUTPUTSPLANManaged systemMaintain andimprove the systemRESPONDRECOVERACTDOImplement andoperate the systemPREVENTCHECKLearnMonitor andrevise the systemDETECTLearnFigure 1. Closed-loop processBSI Corrective action: the closed-loop system4

Step 1:Step1Identify non-conformitiesStep2Step3StepWhen implementing a corrective action process, it is important to define all of thenon-conformities that could impact a company’s operations. Having a good grasp ofthe non-conformities helps managers write procedures and design actions that willbe taken when a corrective action plan is launched.4Step5But what is a non-conformity?A non-conformity is defined as a deviationfrom a specific procedure, standard, statedprocess, or system requirement. Whendefining non-conformities, it is importantto identify the potential severity of theimpact they could have on a managementsystem. For example, a major nonconformity could be an actual orpotential deficiency that will seriouslyaffect the management system. A minorone would be a less serious more isolatedincident, such as a documentation/workinstruction error or inaccuracy.Some of the many issues related to thecorrective action process are:As illustrated in Figure 2, BSI ISO 9001field audit results over a twelve monthperiod reveal that the majority ofnon-conformities are raised in the areasof document and record control closelyfollowed by monitoring & measuring, andimprovement. All three are closely linked,as a good corrective action system requiresgood documentation and continuousmonitoring in order to deliver continualimprovement. Poor documentation of requirements Failure to document and communicateupdates or process improvementsfollowing a corrective action Inability to trace training documents Corrective actions that are outdated orclosed without validation Missing or misplaced data Failure to monitor critical controlsA closed-loop corrective action processenables companies to avoid or minimizethe occurrence of issues, as managers arebetter able to characterize problems andassemble the best possible cross-functionalteam of people to successfully tackle them.4.2Documentationrequirements8.2Monitoring 55.1 5.2 5.3 5.4 5.5 5.666.1 6.2 6.3 6.477.17.27.37.47.57.688.1 8.2 8.3 8.4 8.5NotdefinedFigure 2. Non-conformities by clause for ISO 9001:2008BSI Corrective action: the closed-loop system5

Step 2:StepOpening a corrective action1Step2Step3Some organizations open a corrective action for every event, regardless of its severityor potential impact. However, this creates bottlenecks because employees becomeso focused on their corrective actions that they find it difficult to focus on their otherday-to-day responsibilities. It also creates a feeling of chaos and concern that “the sky isfalling”; continuous improvement suffers by trying to keep up with corrective actions.ISO 9001:2008 simply states that whenplanned results are not achieved,appropriate corrective action shall betaken. It goes on to say that whenmanagers are determining suitableactions, they would be wise to considerthe type and extent of monitoring ormeasurement they plan to undertake.This is similar for many other ISO standards.Any actions taken should be appropriateto each process related to the problemand should be considered in relation totheir impact on conformity to productrequirements and the effectiveness ofthe management system.If the system is monitoring wrong orcontaminated data, companies basingactions and assigning resources toimplement those actions could findthemselves wasting resources and money.Identifying riskRisk assessment is a good way to avoidthis effect. Risk matrices* help managersand teams to clearly define risk, severity,and potential impact. They also helpdetermine which procedures, designs, andcontrols best define expected performance.The higher the risk, the more likely it willbe necessary to launch a corrective orpreventive action. An example of highrisk situations are those associated withmedical device non-conformities.Step4Step5In addition to predicting problematicevents, risk assessment may suggestmonitoring a particular aspect of aprocess or product. The results of themonitoring may yield measurements andanalysis that help managers’ spot trendsthat in turn will justify the opening of acorrective action. In many companies, thecompilation of results is aided by softwaretools that provide a framework for theanalysis that is critical to an effectivecorrective action process.*Risk Matrices - are mainly used to determinethe size of a risk and whether or not the risk issufficiently controlled. It looks at how severe andlikely an unwanted event is.SeverityExtensiveMajorMediumMinorCategoriesNot acceptableAs Low As Reasonably Practicable (ALARP)No ossibleLikelyVerylikelyFigure 3. Example risk matrixBSI Corrective action: the closed-loop system6