For management system owners, ISO clause 10 "Improvement" is the core of value creation – this is where reactive deviation management becomes proactive improvement. This guide shows you how to implement ISO 10 corrective actions according to ISO 9001:2015 clause 10.2 and drive continual improvement according to clause 10.3. However, this is applicable to all ISO management system standards that include clause 10, such as ISO 14001 (environmental), ISO 45001 (occupational health and safety), and ISO 27001 (information security).
Many organizations document deviations but lack a systematic approach to corrective actions. You write down the problem, address the symptom, and move on – until the same deviation appears again. ISO clause 10 requires you to dig deeper: find the root cause, address it permanently, and prevent recurrence. Structured deviation management creates value by transforming problems into improvement opportunities.
ISO 9001:2015 structures improvement work into two parts:
This article provides you with concrete tools for both areas.
Before you start: understand the difference between the concepts.
Deviation = When something doesn't go according to plan. Example: a delivery arrives two days late.
Nonconformity (non-fulfillment of a requirement) = When you don't meet a requirement (from customer, standard, or law). Example: the product lacks CE marking required by law.
Improvement opportunity = You meet the requirements but see how you can do better. Example: customer satisfaction is 4/5, you want to reach 4.5/5.
ISO clause 10.2 focuses on deviations and nonconformities (Swedish companies commonly group both under the term "deviation") – when requirements are not met or something goes wrong. Clause 10.3 focuses on improvement opportunities – raising the bar even when everything works. AmpliFlow supports deviation management in your processes through structured documentation and follow-up.
When you find a deviation, you must do three things according to ISO 10.2 to implement ISO 10 corrective actions:
When the nonconformity is discovered, act immediately to limit the damage.
Containment actions = Immediate actions to stop the problem from spreading.
Examples:
Document what you did and when. This is not root cause analysis – this is first aid.
Now the systematic work begins. You must answer: Why did this happen?
ISO requires you to evaluate the need for corrective action by determining the causes of the nonconformity. There are several methods for root cause analysis – the most common are 5 Whys, Fishbone diagram, and 8D methodology.
Ask "why" five times to get from symptom to root cause.
Example from Toyota (Taiichi Ohno):
Problem: The machine stopped.
Root cause: No strainer installed → Corrective action: Install strainer on all lubrication pumps.
Without 5 Whys, you would have replaced the fuse and called it solved. The problem would have recurred.
When you use 5 Whys:
When the problem is complex and may have multiple causes, use a Fishbone diagram. The method was created by Kaoru Ishikawa in the 1960s and is one of the seven basic tools of quality control.
Structure:
The 5 Ms (most common in manufacturing):
Example: Delayed Deliveries
Man: New staff lack trainingMachine: Inventory system slow, old serversMaterial: Suppliers deliver lateMethod: No prioritization of urgent ordersMeasurement: No real-time monitoring of inventory levels
How to use Fishbone:
8D (Eight Disciplines) is a comprehensive method developed by Ford Motor Company in 1987. It combines root cause analysis with teamwork and preventive actions.
The eight disciplines:
D0: Preparation and Emergency Response ActionsPlan the problem-solving. Document symptoms and emergency response actions.
D1: Use a TeamAssemble a team with product and process knowledge. Different perspectives give better solutions.
D2: Describe the ProblemSpecify the problem in measurable terms: who, what, where, when, why, how, how many (5W2H).
D3: Develop Interim Containment PlanStop the problem from reaching the customer. Quarantine products, inform affected parties.
D4: Determine and Verify Root CausesIdentify all possible causes. Use 5 Whys or Fishbone diagram. Verify causes with data.
D5: Verify Permanent CorrectionsConfirm that the chosen action actually solves the problem. Test before full implementation.
D6: Implement Corrective ActionsImplement the permanent action. Validate with empirical evidence of improvement.
D7: Prevent RecurrenceUpdate management systems, processes, and procedures to prevent the same problem from occurring again.
D8: Congratulate the TeamFormally recognize the team's contribution.
When to use 8D:
8D gives you documentation that meets ISO 10.2 requirements: you show that you reacted (D0-D3), analyzed the root cause (D4), implemented corrective action (D5-D6), and prevented recurrence (D7).
Once the root cause is established, remove it permanently. This is the core of ISO 10 corrective actions.
Corrective action = Action that eliminates the cause of a detected nonconformity or other undesirable situation.
Important: Corrective action should be proportional to the effects of the nonconformity. A minor problem doesn't require as extensive analysis as a critical customer problem.
Verification: Check that the action works. Collect data over time to confirm that the nonconformity doesn't recur.
Documentation: ISO requires you to retain documented information about:
The 8D methodology introduces an important concept: escape point.
Escape point = The earliest control point in the process that should have detected the problem but failed.
Example: A product with incorrect dimensions reaches the customer.
You must address BOTH the root cause (calibrate the machine) AND the escape point (improve final inspection so the error is detected next time).
This prevents similar problems from slipping through in the future.
Clause 10.3 takes you beyond reactive problem-solving. Even when no nonconformities exist, you should continuously improve the management system's suitability, adequacy, and effectiveness. ISO certification is the foundation for continual improvement that creates long-term value.
Continual improvement = Recurring activity to increase the ability to fulfill requirements.
ISO 10.3 requires you to identify and select improvement opportunities that support customer requirements and improve customer satisfaction.
Plan-Do-Check-Act (PDCA) is the foundation of ISO's process approach. The method was developed by Walter Shewhart and further developed by W. Edwards Deming.
Identify problem or improvement opportunity. Set goals and develop hypothesis or strategy.
Concrete:
Example: Customer satisfaction is 4.0/5, the goal is 4.5/5 within six months. Analysis shows that customer support response time is too long.
Implement the plan on a small scale to minimize risk.
Concrete:
Example: Test new support procedure with one support team for four weeks. Measure response time daily.
Analyze results and evaluate what worked or didn't.
Concrete:
Example: Response time decreased from 4 hours to 2 hours. Customer satisfaction increased to 4.3/5. The team reports that the new procedure is manageable.
Standardize successful changes or revise the plan and test again.
Concrete:
Example: Roll out the new support procedure to all support teams. Update work instructions. Continue measuring customer satisfaction to ensure sustainability.
PDCA is extremely flexible and supports ISO 10 corrective actions across all industries:
Manufacturing: Reduce waste, streamline production lines, improve quality controls
A manufacturing company discovers that 3% of products have paint defects. Plan: Analyze root cause with Fishbone diagram – finds that spray booth temperature varies. Do: Test new temperature control in one spray booth for two weeks. Check: Paint defects decrease to 0.5% in test booth. Act: Install temperature control in all spray booths, update maintenance procedures.
Service: Improve response times, customer experience, delivery quality
A consulting firm receives complaints about late project deliveries. Plan: Identify root cause – project managers lack resource planning tools. Do: Test project management tool with two project managers for three months. Check: Both projects delivered on time, project managers report better overview. Act: Roll out the tool to all project managers, train in resource planning.
Healthcare: Improve patient flows, reduce errors, increase patient safety
A health center has long waiting times. Plan: Map patient flow, find bottleneck at registration. Do: Test digital check-in for walk-in patients for one month. Check: Waiting time decreases from 45 to 25 minutes, patient satisfaction increases. Act: Implement digital check-in permanently, update patient information.
Software Development: Iterate features, improve deployment, reduce bugs
A development team has many bugs in production. Plan: Analyze root cause – insufficient testing before release. Do: Test automated tests for critical functions during two sprints. Check: Bugs in production decrease by 60%, team identifies errors earlier. Act: Expand automated tests to all functions, integrate into CI/CD pipeline.
If you launch a new process or refine an existing one, PDCA gives you data-driven decision support.
Skipping the Check phase: You implement unproven changes across the entire organization. Result: wasted resources when the change doesn't work.
Over-planning: You get stuck in the analysis phase. Planning takes months, nothing happens.
Lack of ownership: Without team engagement, improvement work dies out.
No follow-up: Improvement stops if Act doesn't lead to standardization.
Solution: Treat PDCA as a continuous loop, not a one-time project.
For best results: combine the tools.
For nonconformity (ISO 10.2):
For improvement opportunity (ISO 10.3):
Here's how to make ISO clause 10 a natural part of daily work. A structured management system supports systematic improvement work.
Document how deviations and improvement opportunities are handled:
Simple problems: 5 Whys is often sufficient. Fast, requires no statistical analysis.
Complex problems: Fishbone diagram provides overview when many factors are involved.
Recurring problems or customer requirements: 8D gives you complete documentation and systematics.
Improvement work: PDCA for all types of improvements, large and small.
Root cause analysis works best as teamwork. Different perspectives reveal causes that one person misses.
Tips:
Collect data to verify improvements:
When a corrective action or improvement works: update your procedures, work instructions, and training materials. Otherwise, you risk old habits returning.
ISO 9001 clause 9.3 requires management to regularly review the management system. Use data from clause 10:
This shows auditors that your management system actually drives improvement.
ISO 10.2 requires you to retain documented information about:
Practical:
Document management ensures you meet ISO 10.2 documentation requirements and can track improvements over time.
Mistake 1: Treating symptoms instead of root cause analysis
You address the consequence, not the cause. The problem recurs.
Solution: Always use at least 5 Whys. Ask "why" until you reach the root cause.
Mistake 2: Disproportionate actions
You do extensive 8D analysis for every minor deviation. Waste of resources.
Solution: Adapt method to problem severity. Simple problems: 5 Whys. Complex/recurring: Fishbone or 8D.
Mistake 3: Forgetting the escape point
You fix the root cause but not why the problem wasn't detected earlier.
Solution: Always ask "why wasn't this detected earlier?" and improve your controls.
Mistake 4: No follow-up
You implement the action and move on. No one verifies it works long-term.
Solution: Set follow-up dates in the calendar. Check that the problem doesn't recur after 1, 3, 6 months.
Mistake 5: PDCA becomes a one-time project
You run one PDCA cycle, then stop.
Solution: PDCA is a loop. When you reach Act, start the next Plan phase with new goals.
ISO clause 10 is your roadmap from firefighting to systematic improvement. ISO 10 corrective actions transform problems into improvement opportunities.
Clause 10.2 (Corrective actions):
Clause 10.3 (Continual improvement):
Choose the right tool:
When you build these methods into your procedures, improvement work becomes a natural part of daily work – not an extra project on the side. That's when ISO certification delivers real value: you improve your ability to deliver to customers, reduce waste, and build a culture where problems are seen as opportunities.
Start small: choose a recurring deviation, run a 5 Whys analysis, implement the action, and follow up. When the method sticks, take the next step with Fishbone or PDCA. Over time, systematic improvement becomes your competitive advantage.
