Nonconformity and Corrective Action
When a nonconformity occurs, you must react to it by either controlling and correcting it or dealing with the consequences. Then you must determine the root cause(s), evaluate the need to eliminate the cause(s) so the nonconformity does not reoccur and implement any corrective action needed.
The requirements around nonconformities and corrective actions has not changed much between the 2008 and 2015 standards with two exceptions, 10.2.1 d and 10.2.1 e. You are now required to review the effectiveness of any corrective actions taken and if necessary, update risks and opportunities determined during planning. Reviewing the effectiveness of corrective actions has taken the shape in many organizations as an added field to their existing corrective action report. The review can be in the form of a meeting, observation, or follow-up with relevant parties. Updating risks and opportunities is often done using a risk management system, though a formal system is not a requirement.
One of the more significant changes between the 2008 and 2015 standard is the replacement of the term “preventative action” with “risks and opportunities”. The motivation behind this change is to make the 9001 standard consistent with other ISO standards. The basic concept between preventative action and risk management is the same, assess the risk and mitigate it based on severity, but the terminology has changed. Click here for more information regarding risk.