ISO 13485 Standard - 8.5.2 Corrective Action E-mail

Corrective action is one of the foundation elements of quality management, and is essential for sustaining improvement of the quality management system. The main concept of corrective action promotes a systematic analysis of quality problems that have already occurred, and the elimination of any root causes of nonconformities through the implementation of controlled measures.
The main principle of corrective action is to eliminate any cause of nonconformity in order to prevent such from occurring again. The initiation of a corrective action in an organization is not to be submitted or assigned to one person, role, function, or department, but it is an issue that relates, covers, and involves all levels of the organization—management, design and development, purchase, production, assembly, quality, service, and logistics.


A Documented Procedure


The process of evaluating and investigating nonconformity and applying a corrective action will be implemented in the organization in a methodical way through a documented procedure. The objectives of the procedure are:

  • Identification of nonconformities
  • Determination of responsibilities and authorities
  • Definition of a method for the analysis of root causes
  • Promoting a systematic evaluation of root causes and identification of appropriate solutions
  • Evaluation and review of risks—and the consequences of actions—that may affect the realization processes or the medical device
  • Planning of the necessary actions
  • Implementation of the actions
  • Review of the effectiveness
  • Definition of the expected records

The procedure shall include all of the stages and activities mentioned in this chapter (when applicable). The procedure shall be submitted to the process of documents control as required in subclause 4.2.3.

Inputs for the Process

The identification of a quality problem is the starting point of the corrective action process.
However, as with any other quality process designed according to the ISO 13485 standard requirements, the matter is expected to be structured and defined; and the inputs that will drive the organization to initiate a corrective action are to be identified. Here are some examples of quality activities that may produce inputs for a corrective action:

  • Monitoring and measuring of product or processes—results of validation studies, quality tests, and so on
  • Feedback activities—customer survey, research and clinical evaluations, and recalls
  • Need for revalidation
  • Data analysis
  • Nonconformities and faults
  • Customer complaints
  • Purchase problems
  • Results of management review
  • The lack of achievement of organizational goals and objectives
  • Results and findings of audits (internal and external)
  • Service feedback

The need for revalidation may indicate, in certain situations, where process parameters have not met their requirements and a corrective action is therefore required. The matter is discussed in details in subclause 7.5.2 (Validation of Processes for Production and Service Provision).
All of the above are topics and issues that are already planned. What they have in common is this: they are structurally controlled, evaluated, and they provide an output. In some cases this output might be the input for the corrective action. In practice the documented procedure will define what the inputs of the process are, and will define the interface between the processes and activities and the submission to a corrective action. This is where the responsibility to the corrective action comes in.

Evaluation of the Root Cause
The source of the nonconformity may occur in various elements throughout the quality management system—product, process, machine, worker, supplier, or service. The objective is to identify all the elements in the realization process that have deviated from their requirements and might have caused the nonconformity, or might have affected the quality of a process or product. Here is where the traceability comes to assist. The next step is to evaluate their influence and relation to the nonconformity. The goal is to find something wrong and correct with the objective of eliminating it forever. The investigation is based on few basic principles:

  • All the required data and information regarding the nonconformity is available, reliable, and, where necessary, verified
  • The methods for analyzing the data are defined
  • The decision is finalized using these two elements: the adequate data and the use of analysis tools

You may implement and use different methods for identifying the root cause: histograms, fishbone diagrams, statistical analysis, correlation diagrams and so on. The analysis of the root cause shall be accompanied with different documents, such as:

  • Description of the investigation, including activities, tools, equipment, and participants
  • Statistical analyses results
  • Data and information from process observations or product tests

These are all to be documented and controlled in order to be able to trace and join all the relevant evidence in one dossier. For example, if you performed a statistical analysis of a process as part of the investigation, the ISO standard expects to see a report including all the details mentioned above, with a reference to the relevant nonconformity.
Once the cause for the nonconformity is identified, you are required to plan a solution with the objective of eliminating the root cause permanently. The solution will relate to all product or process elements that may have been affected. Let us assume, for example, that nonconformity was reported, and the investigation determined that the package is the root cause. A conclusion of the investigation claims that a new package is to be implemented. Before submitting the solution for planning and implementation, it is necessary to evaluate the feasibility of the solution:

  • Influence of the solution on packaging processes
  • Influence of the solution on other realization processes, such as transportation and delivery
  • Influence of the solution on the product requirements; that is, the functionality, intended use, performance, and safety
  • Compatibility with local or international regulations regarding packages
  • Compatibility with risk management requirements
  • Cost benefit analysis, in order to justify the investment of resources

One last thing before we move on to the next issue: there is room for experience and intuition when making a decision regarding the need for a corrective action. A situation may arise that, on paper—and according to the data analysis—requires corrective action; but an experienced or intuitive review may report that such action is unnecessary. When the decision is based on these, try to justify it with records of previous similar cases.

Planning and Implementing Corrective Action

For each element that is to be corrected the organization is required to determine a plan according to the following questions:

  • Which corrective actions or activities are to be taken?
  • Who is responsible for the execution and implementation?
  • What are the necessary tools and equipment?
  • What are the training needs?
  • What are the timeframes?
  • What are the operative objectives and actions to be implemented, tested, and approved?
  • Which controls need to be implemented in order to test the effectiveness of the corrective action?
  • What are the required results that will prove that the corrective action is effective and the root cause is eliminated?
  • Which documents must be updated?

Reaction time may be a factor for consideration. It may be necessary to implement an action or a short-term correction immediately.
In practice, the planning of the corrective action is to be documented, and will serve as a quality record. Although the standard does not specify what the exact details to be documented are, here are some of the necessary details:

  • Statement of the starting date
  • The team that participates and is responsible for the planning and implementation of the corrective action
  • Description of the of the relevant nonconformity or reference to documentation and evidence of the relevant nonconformity (you may include internal classification for future statistics)—customer complaints, quality tests, audit findings
  • The nonconformity details: customer’s name, affected product, catalogue number, name of the employee that detected the nonconformity (any information that would help you to identify and review the corrective action later on)
  • Description of immediate or short-term corrective action (if undertaken), its results, and reference to the relevant records
  • Identification of all relevant organizational documentation
  • Reference to the results of the root cause analysis investigation and the conclusions
  • Description of the solution and corrective action to be taken with reference to the relevant factors; for example, departments, products, processes, packages, tools and equipment, monitoring and measuring devices, and controls. In general each defined action is to be approved before release or implementation.
  • Reference to human resources
  • The objectives of the actions taken, including timeframes

The record may appear as a work plan, a project plan, or refer to such dossiers. However, the principle demands a specification of activities or milestones assigned to responsibilities and framed with objectives of time and results. Useful documentation of the plan will also include the results of the implementation.

Updating the Relevant Documentation

In case the corrective action taken has triggered any changes or updates to any of your quality management documents, these documents must be updated. The objective here is to verify that changes initiated by, or resulting from, the corrective action in quality elements (such as quality policy, objectives, or documentation) are controlled and implemented. The standard refers us to clause 4.2 in order to specify where changes may occur: quality policy, quality objectives, quality manual, quality procedures, work procedures, work instructions, specifications, and documented requirements. The standard demands that these documents also be evaluated, since these have a part in the realization processes. The changes will be initiated and controlled according to the control of documents requirements. Changes and updates may be expressed in various aspects of the document:

  • The information and content on the document
  • The structure of the document
  • The coverage of all the medical device requirements (customer, regulatory, safety, etc.)
  • The distribution of the document
  • The media of the document
  • The approval of the document

Advise: In order to maintain this requirement, I would suggest including on the corrective action plan the review of the relevant documentation, and to determine whether a change has been made as part of the implementation. This would ensure the required control.

This webpage contains only a fragment of the chapter 8 Measurement, Analysis, and Improvement from the book: ISO 13485: A Complete Guide to Quality Management in the Medical Device Industry published by:

CRC Press

 You may purchase the book through:



Complete Guide to Quality Management in the Medical Device Industry


Feel free to submit any question regarding the standard or its requirements through the Contact Us Page.

Copyright © 2018 13485quality. All Rights Reserved.
Joomla! is Free Software released under the GNU/GPL License.