Corrective actions: why, when and how?

corrective actionIt’s the job of your corrective action process to identify and eliminate the systemic issues that will prevent the same defects coming back to haunt you over and over again. What tools and techniques will help you create a robust, effective and repeatable corrective action process?

What is a corrective action?

A correction is putting out a fire. A corrective action is finding out why the fire started in the first place, while making changes to ensure it can’t happen again.

How to build your med dev eQMS: Download our free eBook

Corrective action uncovers and prevents systemic quality issues 

From time to time, every business experiences defects (AKA non-conformances) in their end product or procedures. Some are major, such as a product failing a safety check when it rolls off the production line. Others are minor, such as cosmetic flaws in the finish of a single product in a batch, or the omission of some detail of paperwork. They all have one thing in common, though, they represent deviations from required and specified standards.

So, how do you work out if a detected issue is ‘systemic’?

You can act to trash a product with a specific defect to prevent it getting in the hands of your customer. You can retrain the staff member who omitted to sign a particular form. But that won’t tell you if the issue is a ‘one off’ event, or the fault of a failure in process which will cause the defect to reappear and get worse over time.

For that you need a corrective action process, which should be one part of your Corrective and Preventive Action process (CAPA) .

Corrective action looks to fix problems that have already happened, while preventive action looks to proactively prevent defects happening in the future.

 For now, though, we’ll concentrate on corrective actions.

Who needs a corrective action process

A formal corrective action process (CAPA) is required by the medical device quality standard ISO 13485, and is also specified in FDA 21 CFR Part 820.

These ISO regulations and standards specify that you should have a documented procedure as part of your QMS to:  

  • Identify non-conformances that require corrective actions,
  • Analyse their root causes
  • Plan and implement a solution
  • Review changes (through a verification or validation process) to ensure they have solved the problem and have not introduced new problems
  • Report on resulting quality problems and actions to third parties (where appropriate)

Although ISO 9001 does not have a formal requirement for CAPA, the standard does specify an organisation should have a way to respond to nonconformities and take action to control, correct them and eliminate their causes. As a result, most businesses looking to gain ISO 9001 would look to put in place a documented CAPA process.

What are the FDA's requirements for CAPA? Here is what you need to know

How are defects identified through your product cycle?

Throughout your quality system you should have many ways in which defects in end products and problems with your process are identified and flagged for attention. These might include:

  • Customer complaints/feedback procedures
  • Non-conformance reports (NCRs)
  • Required actions from internal and external audits 

Depending on whether they are major problems, recurring issues and other risk factors, these identified non-conformances can then be escalated to become the subject of corrective actions.

Why corrective action processes fail

CAPA is being overused or underused

 If every non-conformance is turning into a CAPA investigation, this could mean you have a serious problem on your hands!  Otherwise, it could be an indicator that your filters are not working and the bar for launching corrective actions is set too low. Too much unnecessary investigation can be a case of ‘over processing’ leading to wasted time and resource. On the other hand, if you are seeing too few CAPA requests, then it could be the bar is set too high and systemic problems are going unchecked.

Your corrective process takes too long

The process of investigation and correction takes too long. Some CAPA systems are overly bureaucratic, they can require endless form filling and fail to define who owns an investigation. This can mean corrective action is stalled, not dealt with in a required time-scale or lost in the system altogether. The result can be regulatory fines/sanctions, and in the worst case a spiralling problem that causes actual injury to your end users.

Your process doesn’t properly address the root-causes of an issue

So, you’ve taken correction action but it hasn’t worked? If your fix hasn’t eliminated the recurrence of an issue, then you may have addressed A problem, but not necessarily THE problem. Was your root cause analysis thorough enough? Did your team have all the data available to understand where the issues derived from? Did the person who investigated the issue work with the right people to formulate the right corrective action?

5 ways to build an effective and repeatable corrective action process

1. Define, document and automate your Corrective Action process

Have a clearly defined and documented procedure that is easy for everyone to follow. A graphical eQMS can demonstrate to your people how the need for corrective action should be identified, how it should be triggered, root causes investigated, solutions implemented and results reviewed. It can help your team visualise the exact requirements and critical decision points in a corrective action process so that it becomes simply ‘the way you do things’. The right QMS tools will also help you automate the process so that steps are taken in sequence, key stakeholders notified to take action when required, and reviews automatically triggered at critical stages.

2. Ensure it’s easy to record your CA request

Your CAPA form should be easy to understand, not overly long, and help your team consistently describe the nature of each individual issue. The form should describe the ‘symptoms’ of the problem clearly, stating exactly what’s going wrong. It should be supported with photos, videos and other documentation. You may include CAPA requests within another form or process such as your NCR, to ensure that it isn’t overlooked.

3. Make your CA Process a team effort

Relying on one person or a single department to assess corrective action requests can result in your business ignoring or misunderstanding reasons for failure. We would argue each corrective action request needs to be first assessed by a cross functional team (let’s call them the Quality Management Group) to determine whether it needs to be investigated further. In our experience companies that successfully deal with corrective actions have a team of senior managers drawn from different departments who meet regularly to look at all requests for CAPA and determine if: 

  • It’s likely to be a systemic issue and if a full scale CAPA investigation is justified
  • What immediate action needs to be taken to ‘contain’ the problem

4. Undertake root cause analysis and take action

Get your root cause analysis right. Make sure to identify the REAL root cause/s of the problem, not just its symptoms. Appoint the right person with the right experience from senior management to lead the investigation and have ownership of the issue. They will need support and information from other people involved in the process to determine the true source of an issue and work out what needs to be done to correct it. The analysis of the problem should be driven by data and accurately documented. From this work a plan for corrective action is formulated, validated and implemented.

5. Make sure the team follows up

Make sure the Quality Management Group responsible for assessing the corrective action request meet regularly to review the corrective actions undertaken, and the evidence for their effectiveness in addressing the Root Causes of the problem. If they’re satisfied, they can agree to close the corrective actions. If not, they should keep them open and ask for further work to be done.


For those wanting to gain ISO 13485, having a documented CAPA procedure in place, powered by the right document controls is an absolute necessity. But every business can improve quality by creating a repeatable process to identify, investigate and correct the systemic issues that lead to defects.

Choosing the right digital tools to automate the process will help you promp, notify and remind the right people at the right time to act. They will ensure that nothing is omitted from your process and that actions are appropriately documented for future auditing. Ultimately, it will help ensure that improvements are made and sustained across the business.


Want to be a successful Medical Device Developer

Tags: Compliance

Joe Byrne

Written by Joe Byrne

Joe Byrne is the CEO of Cognidox. With a career spanning medical device start-ups and fortune 500 companies, Joe has over 25 years of experience in the medical device and high-tech product development industries. With extensive experience in scaling businesses, process improvement, quality, medical devices and product development, Joe is a regular contributor to the Cognidox DMS Insights blog where he shares expertise on scaling and streamlining the entire product development cycle, empowering enterprises to achieve governance, compliance, and rigour.

Related Posts

ISO 9001 vs ISO 13485. What’s the difference?

ISO 9001 is the internationally recognised standard for quality management used in many sectors ...

Understanding the regulation: challenges for UK IVD device developers

IVD device regulation is about upping the bar—it’s about making products to a higher standard and ...