In this article we will review the additional requirements for corrective actions (chapter 8.5.2 - corrective action) as specified by the ISO 13485 Standard with reference to the ISO 9001 Standard. The corrective action requirements within the ISO 13485 Standard are not so complex. The main differences regard the documentation requirements.

The organization must take actions to eliminate any cause for nonconformities in order to prevent them from happening again. The corrective actions would be appropriate to the nonconformity. Here are the specifications of the requirements:

The requirement for corrective action (the CA - CORRECTIVE ACTION from the CAPA) is included within chapter 8.5 – Improvement. Within the most basic requirement, the purpose of the corrective action is to:

• Eliminate problems/Nonconformities
• Achieve improvement within processes

The organization is required to take actions to eliminate Nonconformities that had occurred - this is improvement. How to achieve? With CA (form the CAPA). The ISO 13485 Standard requires documentation of Nonconformities, the following treatment and the results. The purpose is to prevent it from happening again. You must not document any small fault that happened - in this case you would turn into "ISO secretaries" - but the major ones that affect the medical device (or the service) and its quality. You must document Nonconformities in order for them to be introduced it into a process that his objective at the end is to eliminate the Nonconformity forever!! And yes, you are required to maintain a procedure describing the process of eliminating the Nonconformities and to document the process itself. It is not a recommendation but a requirement.

Non conformity documentation

As soon as Nonconformity is detected within the organization, it must be recorded. It must be written somewhere. The purpose is for a later investigation about the cause of the Nonconformity and to verify elimination. This is one of the ISO 13485 Standard required quality records. The record can appear in any form: form, software, e-mail, whatever appropriate for your organization. But bear in mind that this documentation is the first step of the corrective action process. Thus, it is recommended to document it where you would be able to trace and document the next steps. The first documentation is also the primary information gathering about the Nonconformity. By the way, customer's complaints are considered as Nonconformities.

We recommend you to document any characteristic of the product (or the service) where you detected the Nonconformity. Why? Because when you can examine all the characteristic of the products you would be able to understand the Nonconformity better, you would be able to understand the cause and far more important, to may come up with an efficient corrective action.

The Nonconformity record – what details to document:

• The Nonconformity details – you are required to document any identifying details regarding the Nonconformity: customer's name, product's name catalogue number, name of the employee that detected the Nonconformity – any information that would help you to investigate the Nonconformity latter on.
• Description of the Nonconformity – you can put here a literal description or even attach another document. Whatever suits your organization. 
• Categorization of the Nonconformity – it is not required by the ISO 13485 Standard but it is highly recommended. The categorization would assist you later with a statistical analysis. 
• Investigation Details – any Nonconformity must be followed with an investigation. The purpose of the investigation is to identify the cause for the Nonconformity. This is the essence of the corrective action.

The corrective action documentation

• Corrective action description – after you identified the cause for the Nonconformity, you are required to initiate an action to eliminate it: The corrective action. Why must you document it? For supervision. After a defined period of time (defined within a procedure) you must examine whether the corrective action was sufficient, effective and the Nonconformity did not occurred again. This review must be documented.
• Corrective action objectives – you must define what is required by the corrective action taken. The objective could be a numerical, quantitative or a quality requirement – whatever is appropriate for your organization. It is not a recommendation but an ISO 13485 Standard requirement.
• Closing date for the corrective action – All corrective actions should be limited within a time frame to measure its effectiveness. You performed a corrective action. That is good but not enough. According to the ISO 13485 requirements, you must define time frames (according to your needs) to examine its effectiveness. The date indicates when the corrective action would be examined. 
• The corrective action results – the ISO 13485 Standard requires you to observe the corrective action taken and to verify its objectives. You must indicate (and document) the status of the corrective action. You must document what are its results: success, failure or perhaps more time is required to examine its effectiveness - that is also possible. Then and only then, you may close the corrective action. When a corrective action was found as not successful it is recommended to open a new one. It is not required by the ISO 9001 Standard but an unsuccessful corrective action indicates an open Nonconformity –and that is forbidden by the ISO 13485 Standard.

Let me remind you again; you must maintain a documented procedure defining the process of corrective action:

• Locating the Nonconformity
• Where and how to document it
• The investigation
• The action taken and
• Reviewing the results and effectiveness
• The closing of the corrective action

This procedure shall act as one of your Quality procedures required to be maintained by the ISO 13485 Standard. You must also maintain documentation of the process itself:

• The nonconformity detected
• The cause
• The corrective action taken
• Its objectives (including time frames)
• The review
• The results

So far the 9001 required the same. Let me review the additional requirements of the 13485.

The 13485 requires us (within paragraph d) to ensure that any corrective action taken would not only be implemented and documented, but also any documentation that is related to the nonconformity is update as well. The changes depended where the corrective action influenced: changes occurred within the quality policy – update should be made within the quality manual, changes occurred within process documentation – update should be made within working procedures and where appropriate the records and documents control process etc.  

The ISO 9001 Standard requires documenting the corrective action itself but not the investigation. The ISO 13485 Standard (within paragraph e) requires the organization to document the investigation as well. I think that it is not that horrible and I shall also explain. In any case you conduct the investigation. Otherwise you won't find out what is the cause for the nonconformity. So, document it as well. Don't forget to update the Corrective action procedure about documenting the investigation.

Within the last additional requirement (paragraph f) indicates that it's not enough to document the corrective action as a successful one - you must prove its effectiveness. Effectiveness?  The extent to which planned activities are realized and planned results achieved. How? By presenting the data prior to the corrective action and the data after the corrective action.