Back to Articles

How to Write a Corrective Action Plan That Actually Fixes the Problem

ISO 9001

By Trenton Steadman

11 min read|
How to Write a Corrective Action Plan That Actually Fixes the Problem

Most companies solve problems informally but skip the documentation that makes the fix permanent. Here is how to write a Corrective Action Plan that satisfies ISO 9001 and actually prevents recurrence.

Here's something I see in almost every Gap Analysis: the company has a Corrective Action process. It's written. It's filed. And nobody uses it - at least not consistently.

The Quality Manager handles issues informally. Something goes wrong on the shop floor, someone walks over, figures out what happened, fixes it, and moves on. The problem actually gets solved. But there's no record of what went wrong, no documented root cause, and no way to prove it won't happen again. When the same issue pops up six months later - or the auditor asks to see evidence of corrective action - there's nothing to point to.

The irony is that most small and mid-size companies are doing the hard part right. They're solving problems. What they're skipping is the documentation that turns a one-time fix into a permanent one. That's what a Corrective Action Plan is really for - not paperwork, not audit compliance, but making sure the fix actually sticks.

What ISO 9001 Actually Requires

Clause 10.2 of ISO 9001 lays out the Corrective Action requirement, and it's more straightforward than most people think. When a nonconformity occurs - including customer complaints - you need to:

  1. React to it (contain the immediate problem - this is where Clause 8.7 kicks in)
  2. Evaluate whether action is needed to eliminate the Root Cause
  3. Implement the action
  4. Review whether the action was effective
  5. Update risks and opportunities if needed
  6. Make changes to the management system if needed

That's the whole requirement. Notice what's not in there: a specific form, a complicated flowchart, a 12-step process, or a particular Root Cause Analysis tool. The standard tells you what to accomplish, not how to do it. That flexibility is intentional - a 15-person machine shop and a 500-person manufacturer with multiple facilities are going to handle this differently, and they should.

Two Clauses, One Process

Before getting into the mechanics, it helps to understand how ISO 9001 structures this. There are actually two clauses working together:

Clause 8.7 - Control of Nonconforming Outputs covers the immediate response. When you identify a nonconforming product or service, you need to prevent it from being delivered or used unintentionally. That means identifying it, segregating it, and making a disposition decision: rework, accept with concession, scrap, or return to the supplier. This is the "stop the bleeding" clause.

Clause 10.2 - Nonconformity and Corrective Action covers what happens next. Once you've dealt with the immediate problem, you evaluate the Root Cause and take action to prevent it from happening again. This is the "make sure it doesn't come back" clause.

In practice, these two clauses flow together as a single process. You catch the problem (8.7), deal with it immediately (8.7), then figure out why it happened and fix the system (10.2). Most companies handle both in the same Corrective Action Plan or Continual Improvement Log - and that's exactly how it should work.

The Simplest Corrective Action Plan That Works

A Corrective Action Plan doesn't need to be complicated. For most small and mid-size manufacturers, it needs to capture five things:

What happened. Describe the nonconformity clearly enough that someone who wasn't there can understand it. "Bad part" doesn't cut it. "Customer returned 12 units from PO #4471 due to diameter measuring 0.502" instead of 0.500" +/- 0.001" tolerance" gives you something to work with.

What you did immediately. This is your containment and disposition per Clause 8.7. You identified the affected product, sorted the remaining inventory, segregated nonconforming units, notified the customer, and issued replacements. You decided what to do with the bad parts - scrap, rework, or return. The immediate response stops the bleeding. It doesn't fix the underlying problem - that comes next.

Why it happened. This is the Root Cause, and it's where most Corrective Action Plans fall apart. More on this in a moment.

What you're going to do about it. The Corrective Action itself - the change you're making to prevent recurrence. This should be a specific action with an owner and a deadline, not a vague commitment to "be more careful."

Did it work. After you've implemented the Corrective Action, did the problem actually stop? This is the Effectiveness Review, and it's the step most companies skip entirely.

You can capture all five of these in a spreadsheet, a log, or a simple form. The format matters far less than actually doing it.

The Continual Improvement Log Approach

One approach I recommend to most clients is building a single Continual Improvement Log that serves as your centralized tracker for nonconformities, corrective actions, and improvement initiatives. Instead of separate forms and processes for each, you have one place where everything lives.

I was setting this up with a small manufacturer - one-man operation, doing precision CNC machining. When I showed him the Continual Improvement Log template, his reaction was immediate: "Yes, I like that." The idea of having one centralized place for nonconformities, corrective actions, and continual improvement made sense to him because it matched how he actually thinks about problems - not as separate categories, but as things that need tracking and follow-up.

The log typically includes columns for:

  • Date and description of the issue
  • Source (Internal Audit, customer complaint, supplier issue, process observation)
  • Immediate containment action taken
  • Root Cause determination
  • Corrective Action with responsible person and target date
  • Status (open, in progress, closed)
  • Effectiveness verification and date

This approach satisfies multiple ISO 9001 requirements in one tool. Clause 10.2 (Corrective Action), Clause 10.3 (Continual Improvement), and it feeds directly into your Management Review (Clause 9.3) since you can pull trends and status updates from a single source.

Root Cause: Where Most Plans Fall Apart

Ask someone why a nonconformity happened and you'll usually get an answer that sounds like a Root Cause but isn't. "The operator made an error." "We didn't catch it in inspection." "The supplier sent bad material." These are descriptions of what happened, not why it happened.

Root Cause Analysis doesn't need to be a formal Six Sigma exercise. For most issues in a small manufacturing environment, asking "why" a few times gets you where you need to go:

A customer return showed parts out of tolerance. Why?

The caliper used for Final Inspection was reading inaccurately. Why?

It was four months overdue for calibration. Why wasn't it calibrated on schedule?

There was no formal Calibration Schedule - the previous Quality Manager tracked it in his head. Why?

He left six months ago and nobody picked it up.

Now you have a Root Cause you can act on. The Corrective Action isn't "remind the inspector to check calibration stickers" - it's "implement a documented Calibration Schedule with automated reminders and assign ownership to a specific role." That's a systemic fix rather than relying on someone remembering to do something differently.

The classic methods work fine for this:

  • 5 Whys - keep asking why until you hit something you can change at a system level. Most issues resolve in three to five iterations.
  • Fishbone Diagram - useful when the Root Cause isn't obvious and you need to consider multiple categories (materials, methods, machines, people, measurement, environment).
  • Is/Is Not Analysis - helpful when you're trying to understand why the problem occurred in one situation but not another.

Pick whatever works for the situation. The standard doesn't require a specific tool - it requires that you actually identify the Root Cause and address it.

Common Sources of Corrective Actions

Not every corrective action starts with something going wrong. ISO 9001 recognizes several inputs that might trigger the process:

Customer complaints. The most obvious trigger. A customer returns product, reports a defect, or raises a concern. The key here is treating every complaint as a potential Corrective Action, not just the ones that cost you money. A pattern of minor complaints about packaging, for instance, might indicate a process gap worth addressing.

Internal Audit findings. Your Internal Audit should be surfacing opportunities for Corrective Action. If every Internal Audit comes back clean with zero findings, either your system is perfect or your auditing isn't rigorous enough. The latter is far more common.

Supplier issues. When incoming material doesn't meet specs or a supplier repeatedly misses delivery commitments, that's a Corrective Action trigger. I worked with one manufacturer whose material supplier kept wrapping bar stock in adhesive tape that left residue requiring extensive cleaning before the material could run through the guide bushing. On a lot of 500 rods, that's significant wasted labor. He worked it out with the supplier - they switched to zip ties - but without documentation, that resolution disappears when the next person starts placing orders.

Process observations. Sometimes you spot something during a routine walkthrough that isn't a nonconformity yet but will be if you don't address it. This is where a Continual Improvement Log earns its keep - it captures proactive observations alongside reactive corrective actions.

Monitoring and measurement data. Trends in your quality metrics can indicate emerging problems before they produce nonconformities. If your first-pass yield starts declining or your on-time delivery rate is trending down, that's worth investigating before it becomes a customer complaint.

Writing the Corrective Action

The corrective action itself should pass a simple test: if you came back in three months and the original person was on vacation, would the fix still be in place?

If your Corrective Action is "trained the inspector on calibration importance" - that fails the test. People forget training. New employees get hired. The knowledge walks out when the person leaves. That's exactly how the calibration lapse happened in the first place.

If your Corrective Action is "implemented a documented Calibration Schedule in a shared spreadsheet with automated due-date reminders, assigned the Quality Technician as owner, and added calibration status to the monthly Management Review checklist" - that passes. It's built into the system. Anyone stepping into that role follows the same process.

Good Corrective Actions change one of three things:

  • The process itself - updating a procedure, adding a verification step, changing a sequence of operations
  • The tools or resources - adding a fixture, implementing a go/no-go gauge, upgrading equipment
  • The system controls - adjusting inspection criteria, changing sampling plans, adding a checkpoint in the workflow

Weak Corrective Actions rely on human memory:

  • "Remind operators to check dimensions more frequently"
  • "Supervisor will monitor the process more closely"
  • "Added to the agenda for the next team meeting"

These aren't fixes. They're intentions. An auditor will see right through them, and more importantly, the problem will come back.

The Effectiveness Review

This is the step that separates a real Corrective Action process from a paperwork exercise. After you've implemented the Corrective Action, you need to verify it actually worked.

The Effectiveness Review doesn't need to be complicated. It can be:

  • Checking that the specific nonconformity hasn't recurred within a defined period (30 days, 60 days, next production run)
  • Reviewing the next Internal Audit results in the affected area
  • Monitoring the relevant metric to confirm improvement
  • Verifying during the next Management Review that the trend has reversed

The important thing is that someone is assigned to check, there's a defined timeframe, and the result gets documented. If the Corrective Action wasn't effective, you go back to Root Cause Analysis - you probably didn't dig deep enough the first time.

Getting Started

If you don't have a Corrective Action process yet, here's a practical starting point:

Set up a Continual Improvement Log. One spreadsheet with the columns described above. Don't overcomplicate the format - you can always refine it later.

Start logging what you're already fixing. You're probably already addressing nonconformities informally. Start capturing them. The next time something goes wrong and you fix it, write it down.

Pick one recent issue and walk through the full cycle. Describe it, identify the Root Cause (not just the symptom), implement a Corrective Action that changes the process, and schedule an Effectiveness Review. Do one complete cycle to build the muscle memory.

Connect it to Management Review. Once you have a few entries in your log, review them with leadership. What trends do you see? Are Corrective Actions being completed on time? Are they working? This is exactly the kind of data Management Review is supposed to evaluate.

Don't wait for perfection. A simple log that people actually use beats a sophisticated system that sits empty. You can always add complexity later - most companies find they don't need to.

The goal isn't to create more paperwork. It's to take the problem-solving you're already doing and make it visible, trackable, and permanent. Most of the work is already happening in your head and on the shop floor. You just need to get it on paper.

If you're building out your Corrective Action process or working through ISO 9001 implementation, we offer a free initial consultation to help you figure out where you stand.

Share this article:

LinkedInX-AppFacebook

Related Articles

iso-img
Turtle Diagrams Explained: A Practical Guide for ISO Process Mapping

Turtle diagrams are one of the most practical tools for ISO process mapping. Here is how they actually work, when to use them, and when they are overkill - from a consultant who builds them with manufacturing teams....

iso-img
Your Approved Supplier List Is Probably Missing the Point

Most small manufacturers evaluate their suppliers informally but have nothing documented. Here is how to build a practical Approved Supplier List that satisfies ISO 9001 Clause 8.4....

iso-img
Material Traceability: Beyond the Certification Shuffle

Most small manufacturers have material certifications on file but no formal link to finished parts. Here is how to build a practical traceability chain for ISO 9001 without an ERP system....

Contact

Free initial consultation.

Phone

+1 833 I-GET-ISO+1 833 443 8476

Business Hours

Monday - Friday: 9:00 AM - 6:00 PM
Saturday: 10:00 AM - 2:00 PM
Sunday: Closed
(Central Time, UTC-6)