5 Steps to a Robust Corrective Action Process

corrective actionIt’s the job of your corrective action process to identify and eliminate the systemic issues that will prevent the same defects coming back to haunt you over and over again. What tools and techniques will help you create a robust, effective and repeatable corrective action process as part of your Quality Management System?

What is a corrective action?

A corrective action is a process implemented by companies to identify, rectify, and eliminate the causes of detected non-conformities and deviations in products or process.

What is an example of a corrective action? 

A correction is putting out a fire. A corrective action is finding out why the fire started in the first place while making changes to ensure it can’t happen again.

Download your CAPA report template here

Corrective action uncovers and prevents systemic quality issues

From time to time, every business experiences defects (AKA non-conformances) in their end product or procedures. Some are major, such as a product failing a safety check when it rolls off the production line. Others are minor, such as cosmetic flaws in the finish of a single product in a batch, or the omission of some detail of paperwork. They all have one thing in common though, they represent deviations from required and specified standards.

So, how do you work out if a detected issue is ‘systemic’?

You can act to trash a product with a specific defect to prevent it from getting in the hands of your customer. You can retrain the staff member who omitted to sign a particular form. But that won’t tell you if the issue is a ‘one-off’ event, or the fault of a failure in the process which will cause the defect to reappear and get worse over time.

For that, you need a corrective action process, which should be one part of your Corrective and Preventive Action process (CAPA).

Corrective Action vs Preventive Action

Corrective action looks to fix problems that have already happened, while preventive action looks to proactively prevent defects from happening in the future.

For now, though, we’ll concentrate on corrective actions.

Who needs a corrective action process?

A formal corrective action process (CAPA) is required by the medical device quality standard ISO 13485, and is also specified in FDA 21 CFR Part 820.

These ISO regulations and standards specify that you should have a documented procedure as part of your QMS to:  

  • Identify non-conformances that require corrective actions.
  • Analyse their root causes.
  • Implement a corrective action plan.
  • Review changes (through a verification or validation process) to ensure they have solved the problem and have not introduced new problems.
  • Report on resulting quality problems and actions to third parties (where appropriate).

Although ISO 9001 does not have a formal requirement for a CAPA system, the standard does specify an organisation should have a way to respond to non-conformities and take action to control, correct them and eliminate their causes. As a result, most businesses looking to gain ISO 9001 would look to put in place a documented CAPA process.

How are defects identified through your product cycle?

Throughout your quality system, you should have many ways in which defects in end products and problems with your process are identified and flagged for attention. These might include:

  • Customer complaints/feedback procedures.
  • Non-conformance reports (NCRs).
  • Required actions from internal and external audits. 

Depending on whether they are major problems, recurring issues and other risk factors, these identified non-conformances can then be escalated to become the subject of corrective actions.

Why corrective action processes fail

CAPA is being overused or underused

 If every non-conformance is turning into a CAPA investigation, this could mean you have a serious problem on your hands!  Otherwise, it could be an indicator that your filters are not working and the bar for launching corrective actions is set too low. Too much unnecessary investigation can be a case of ‘over-processing’ leading to wasted time and resources. On the other hand, if you are seeing too few CAPA requests, then it could be the bar is set too high and systemic problems are going unchecked.

Your corrective process takes too long

The process of investigation and correction takes too long. Some CAPA management systems are overly bureaucratic, they can require endless form-filling and fail to define who owns an investigation. This can mean corrective action is stalled, not dealt with in a required time scale, or lost in the system altogether. The result can be regulatory fines/sanctions and in the worst case, a spiralling problem that causes actual injury to your end users.

Your process doesn’t properly address the root causes of an issue

So, you’ve taken corrective action, but it hasn’t worked? If your fix hasn’t eliminated the recurrence of an issue, then you may have addressed A problem, but not necessarily THE problem. Was your root cause analysis thorough enough? Did your team have all the data available to understand where the issues derived from? Did the person who investigated the issue work with the right people to formulate the right corrective action?

Download our easy to use non-conformance report template (in Word Format)

5 ways to build an effective and repeatable corrective action process

1. Define, document and automate your Corrective Action process

Have a clearly defined and documented procedure that is easy for everyone to follow. A graphical eQMS can demonstrate to your people how the need for corrective action should be identified, how it should be triggered, root causes investigated, solutions implemented, and results reviewed. It can help your team visualise the exact requirements and critical decision points in a corrective action process so that it becomes simply ‘the way you do things’. The right QMS tools will also help you automate the process so that steps are taken in sequence, key stakeholders notified to take action when required, and reviews automatically triggered at critical stages.

2. Ensure it’s easy to record your Corrective Action request

Your CAPA form should be easy to understand, not overly long, and help your team consistently describe the nature of each individual issue. The form should describe the ‘symptoms’ of the problem clearly, stating exactly what’s going wrong. It should be supported with photos, videos and other documentation. You may include CAPA requests within another form or process such as your NCR, to ensure that it isn’t overlooked.

3. Make your Corrective Action Process a team effort

Relying on one person or a single department to assess corrective action requests can result in your business ignoring or misunderstanding reasons for failure. We would argue each corrective action request needs to be first assessed by a cross-functional team (let’s call them the Quality Management Group) to determine whether it needs to be investigated further. In our experience, companies that successfully deal with corrective actions have a team of senior managers drawn from different departments who meet regularly to look at all requests for CAPA and determine if: 

  • It’s likely to be a systemic issue and if a full-scale CAPA investigation is justified.
  • What immediate action needs to be taken to ‘contain’ the problem.

4. Undertake root cause analysis and take action

Get your root cause analysis right. Make sure to identify the REAL root cause/s of the problem, not just its symptoms. Appoint the right person with the right experience from senior management to lead the investigation and have ownership of the issue. They will need support and information from other people involved in the process to determine the true source of an issue and work out what needs to be done to correct it. The analysis of the problem should be driven by data and accurately documented. From this work, a plan for corrective action is formulated, validated and implemented.

5. Make sure the team follows up

Make sure the Quality Management Group responsible for assessing the corrective action request meet regularly to review the corrective actions undertaken and the evidence for their effectiveness in addressing the Root Causes of the problem. If they’re satisfied, they can agree to close the corrective actions. If not, they should keep them open and ask for further work to be done.

What are the FDA's requirements for CAPA? Here's what you need to know.

But don't forget preventive actions!

The CAPA process as a whole is not just about corrective actions, identifying defects, and stopping them from recurring. It should also be focused on preventive action, that is preventing the occurrence of new defects in the future.

A preventive action process proactively identifies where issues could arise, analyses their potential impact on end users, and takes appropriate actions to deal with them before they become a problem.

Creating a preventive action process should be part of your risk management planning and might entail regular internal process audits and reviews of customer feedback.

When and how Corrective Action and Preventive Action should be triggered


  Corrective Action Preventive Action
When is it triggered? After a defect has been identified When a risk of defect occurring is identified
Role in ISO 9001 Includes assessment of root cause and a plan to stop recurrence No formal requirement, but replaced by "risk-based thinking"
Role in ISO 13485 Includes assessment of root cause and a plan to stop recurrence Includes assessment of root cause and a plan to prevent occurrence
Reactive or proactive? Reactive - happens after the fact Proactive - takes action when a risk is identified

How to drive continuous improvement through your Quality Management System

For those wanting to gain ISO 13485, having a documented CAPA process in place, powered by the right document controls is an absolute necessity. Every business can improve quality by creating a repeatable process to identify, investigate and correct the systemic issues that lead to defects.

But many developers struggle with creating a CAPA process that is rightsized to their needs. They might be using a paper-based or DIY digital system that they can’t automate and which just keeps breaking their process.

On the other hand, they may be using an eQMS that is highly proscriptive in the way it deals with NCRs and CAPA investigations. If an SME ends up buying a quality system that is intended for a large, multinational corporation, it may be too complicated and bureaucratic for their smaller, more agile team to bear.

On the other hand, they may be using an eQMS that is highly proscriptive in the way it deals with NCRs and CAPA investigations. If an SME ends up buying a quality system that is intended for a large, multinational corporation, it may be too complicated and bureaucratic for their smaller, more agile team to bear. 

See our CAPA solution in action

Right size your eQMS to your needs

Scaling companies need nonconformity reports, CAPA forms and workflows they can easily edit and streamline to reflect the unique way they work. They don’t want to have to change their whole process just to fit in with the demands of an inflexible eQMS. A digital quality system that is too rigid and inflexible can end up just not being used by a team of developers eager to get on with their work.

Choosing the right digital tools to automate the process will help you prompt, notify and remind the right people at the right time to act. They will ensure that nothing is omitted from your process and that actions are appropriately documented for future auditing. But it won’t slow you down.

The right digital QMS will help you drive continuous improvement through a robust CAPA process that can be tailored to your needs.

Cognidox CAPA report template

Blog post updated on 13/05/2023

Tags: Compliance

Joe Byrne

Written by Joe Byrne

Joe Byrne is the CEO of Cognidox. With a career spanning medical device start-ups and fortune 500 companies, Joe has over 25 years of experience in the medical device and high-tech product development industries. With extensive experience in scaling businesses, process improvement, quality, medical devices and product development, Joe is a regular contributor to the Cognidox DMS Insights blog where he shares expertise on scaling and streamlining the entire product development cycle, empowering enterprises to achieve governance, compliance, and rigour.

Related Posts

5 Challenges in Building a Pharmacovigilance System Master File

Managing the integrity and accessibility of a PSMF (Pharmacovigilance System Master File) is a key ...

Mastering Non-Conformance Reports: A Guide for Quality Management

How do you log and deal with non-conformities so that faulty products don't end up in the hands of ...