Exciting news: British Assessment Bureau will rebrand as Amtivo in Autumn 2026! Find out more here >>

amtivo logo seasalt

Understanding Corrective and Preventive Action (CAPA)

Request a Quote

  • Accredited certifications
  • Helpful resources
  • No hidden fees
  • Trusted certification experts
Request a Quote

When it comes to managing quality, it’s essential to take steps to both correct mistakes and prevent future issues. These activities are often referred to as CAPA, which stands for Corrective and Preventive Action. They are key tools in identifying and addressing risks, refining processes, and driving continuous improvement.

Corrective and preventive action is most commonly associated with ISO 9001, however, it was removed from the standard and replaced with risk-based thinking (RBT) in the 2015 update.

This change matches a shift towards a risk-based approach across the entire set of ‘Annex SL’ standards. However, corrective and preventive action (CAPA) is still central to quality management and other management systems.

Read our guide to understanding what a quality management system is.

What Is Corrective Action?

Corrective action is a reactive process that starts when a problem, area of weakness or non-conformance in a management system is identified and fixed (non-conformance refers to instances where a product or process does not meet the specified requirements).

This involves a systematic approach to investigating the cause of the issue, taking the appropriate steps to fix the problem and preventing it from happening again.

Corrective actions are crucial for maintaining a management system’s integrity, as they address existing nonconformities and enhance the system’s reliability. This process fixes immediate issues and contributes to an organisation’s continuous improvement – a key principle of ISO management systems.

What Is Preventive Action?

Preventive action refers to a proactive process aimed at identifying potential problems or weaknesses that could lead to nonconformities in a management system.

It’s an ongoing activity, as you regularly monitor your management system and consider:

  • What processes or components might create nonconformities?
  • What’s the potential impact of these risks?
  • What can be done to stop this from happening?
  • What measures or processes are in place to monitor risk and potential failures

This process involves risk assessment, trend analysis and the implementation of measures to mitigate those risks. By spotting potential risks ahead of time, an organisation can avoid issues that could disrupt operations, affect output quality or compromise customer satisfaction.

What is Risk-Based Thinking?

Risk-based thinking (RBT) and preventive action are related concepts.

RBT involves the systematic identification, evaluation, and management of risks and opportunities throughout an organisation’s processes to ensure that objectives are achieved and to enhance the effectiveness of the management system.

It is proactive and continuous – an ongoing mindset and methodology integrated into all aspects of the management system – and includes both risks and opportunities.

By integrating RBT into all aspects of the QMS, organisations can be more responsive and strategic in preventing problems, instead of just tackling them when they appear.

The Importance of Corrective and Preventive Action

Corrective and preventive actions are vital in maintaining and improving your management systems.

In this corrective action example, a software company discovers a minor bug in one of its products that’s leading to customer complaints and knows that this problem will not go away until it’s fixed. A corrective action would be to alert their customers that they’re aware of the issue and are working on a fix while at the same time trying to work out why the glitch happened in the first place. They might initially respond to the problem by releasing a quick fix, known as a software patch.

Once the cause of the bug is determined, the software company can issue a permanent solution and make changes to its quality management system to prevent this from happening again – a preventative action.

These actions are crucial for the ongoing effectiveness of your management system and for maintaining ISO certification.

Continual monitoring and improvement practices ensure that your management system keeps up with your organisation’s evolving needs and any newly updated regulatory requirements.

If you’re considering ISO certification for the first time, download our ISO buyers guide.

Why Was Preventive Action Removed From ISO 9001:2015?

ISO 9001:2015, the latest version of the ISO 9001 standard, replaced the term preventive action with risk-based thinking (RBT).

The removal of this term aligns with Annex SL’s new, more risk-based approach, which is integrated throughout the entire standard. This approach aims to identify and address potential issues before they occur, thereby incorporating preventive action as a fundamental aspect of risk management.

The idea is that in a well-implemented QMS, there is no need for time-consuming preventive action but rather for more effective risk analysis and mitigation through RBT.

Download our free ISO 9001 Checklist.

Corrective Action in ISO 9001:2015

Corrective action is a systematic approach to addressing problems or non-conformances in your management system. It uses a six-step process to eliminate their causes and prevent them from reoccurring.

  1. Identify the problem – Identify and document nonconformities, which are instances where processes or outputs do not meet the required standards.
  2. Implement containment actions – Take immediate measures to limit the nonconformity’s impact and prevent it from causing further issues. This could include isolating affected products or services, informing relevant stakeholders or temporarily adjusting processes.
  3. Identify the root cause – Investigate the problem in depth to identify its underlying cause. This step is crucial to ensuring that the corrective action addresses the actual cause, not just the symptoms.
  4. Take corrective action – After identifying the root cause, appropriate actions must be taken to correct the problem and eliminate the cause to prevent recurrence. This is the core of what corrective action entails.
  5. Document actions – The actions taken must be documented, including the steps implemented to correct the issue and any changes made to processes to prevent it from happening again.
  6. Review – Regularly review the effectiveness of the corrective action. Assess whether it has successfully eliminated the problem and prevented recurrence. Make any necessary adjustments.

Corrective actions are part of the broader continuous improvement processes within an QMS, helping to enhance overall quality and performance.

Risk-Based Thinking in ISO 9001:2015

Taking a risk-based approach to ISO 9001:2015 involves a systematic process of identifying and managing potential issues:

  1. Determine the risks and opportunities – Start by identifying potential risks and opportunities that could impact your QMS. These could be business changes, market volatility, new technology, regulatory updates or operational changes.
  2. Develop plans to address risks and opportunities – Once you’ve identified the risks and opportunities, develop plans to address them, including who is responsible for which actions. These plans might involve mitigation strategies for risks or action plans to leverage certain opportunities.
  3. Implement the actions into QMS processes – Begin integrating these plans into your QMS. For example, you might revise your current procedures to mitigate a specific risk or adjust a process to capitalise on an opportunity you previously ignored.
  4. Evaluate the effectiveness of these actions – Once these plans have been implemented and actioned, regularly review and assess them to evaluate their effectiveness in managing identified risks and opportunities. You will need to make adjustments where necessary for improved effectiveness.

By following these steps to a risk-based approach, your organisation can ensure it is proactively managing risks and opportunities. This helps to ensure your QMS is as robust and resilient as possible.

How British Assessment Bureau Can Help

Understanding corrective action and risk-based thinking can help in successfully achieving ISO certification by making the best use of these processes in your organisation’s daily operations.

British Assessment Bureau is a trusted, UKAS-accredited certification body. We can help your organisation with every step of the ISO certification process.

Get started on your journey to certification – Get a quote today or contact our team to discuss your needs.

Get Started on Your Certification Journey Now

Your certification costs will depend on the size of your business, location, and the sector you’re in.

Get started on your certification journey