Corrective Action: The Practical Guide for Manufacturing and Quality Teams

What is Corrective Action

Corrective action is the structured response a quality system takes after a problem has been confirmed. It is not the same as a quick fix on the line, and it is not the same as a root cause analysis. It is the full loop: contain the issue so it stops shipping, investigate why it happened, eliminate the cause, verify the fix was implemented, and prove after a defined period that the problem did not return.

Every major quality standard requires it. ISO 9001:2015 clause 10.2, IATF 16949, AS9100, ISO 13485, and FDA 21 CFR 820.100 all describe the same essential loop with slightly different terminology. Customers in automotive, aerospace, and medical devices treat corrective action as the primary evidence that a supplier's quality system actually works. A weak corrective action response is one of the fastest ways to lose a customer or fail a surveillance audit.

The corrective action process is triggered by a confirmed nonconformance. That can come from many sources: an internal scrap event, a line stop, an internal audit finding, a customer complaint, a field return, a supplier rejection, or a regulatory observation. Whatever the trigger, the deliverable is the same — a documented record showing that the cause has been removed and the system is stronger than it was before.

Corrective Action vs Root Cause Analysis

These two terms get used interchangeably, and that is a problem. They describe different things, and treating them as the same is the most common reason corrective actions fail to stop recurrence.

Root cause analysis is the investigative step. It is the technique — 5 Whys, Fishbone, 8D, Fault Tree Analysis — used to identify why a problem occurred. RCA produces a finding: a specific, verifiable statement of cause. It does not, by itself, fix anything.

Corrective action is the broader process that surrounds the RCA. It includes the containment that happens before the RCA, the action plan that comes out of the RCA, the implementation, the verification that the implementation happened, and the effectiveness check after the fact. The RCA is one section inside the corrective action record.

In practice, a strong corrective action contains a strong root cause analysis. A weak corrective action usually contains a root cause that is really just a restated symptom — "operator did not follow the procedure" instead of "the work instruction did not show the torque sequence and the training matrix was not updated after the line layout changed." More on root cause analysis methods.

Corrective Action vs Preventive Action

Corrective action eliminates the cause of a problem that has already happened. Preventive action eliminates the cause of a problem that could happen but has not yet. The distinction is about timing relative to the failure, not the strength of the fix.

ISO 9001:2015 removed the standalone "preventive action" clause and folded it into risk-based thinking. That confused a lot of teams, but the underlying activity is still required: identify risks, treat them before they become nonconformances. Most quality systems still maintain a combined CAPA (Corrective and Preventive Action) log, which is the structure required by FDA 21 CFR 820.100 and remains the convention in automotive and aerospace.

A useful test: if you can point to the specific defect, customer complaint, or audit finding that triggered the action, it is corrective. If you are acting on a trend, a near-miss, a risk assessment, a FMEA output, or a lesson learned from a sister plant, it is preventive. More on CAPA.

The Corrective Action Process

Every standard describes the process in a slightly different sequence, but the steps are functionally identical. The version below is the one used by most automotive and aerospace quality systems.

1. Trigger and intake

A nonconformance is confirmed and logged. Source can be an internal NCR, a customer complaint, a field return, a supplier reject, an audit finding, or a process monitoring alert. The intake captures what, where, when, how many, and the immediate severity. If the issue affects a customer, the clock on notification (often 24 hours for automotive) starts here.

2. Containment

Stop the problem from reaching the next operation, the warehouse, or the customer. Typical containments: 100% inspection of suspect lots, quarantine of finished goods, sort at the customer site, added inspection at the next operation, and a stop-ship on any open shipments. Containment is dumb on purpose — it is not the fix, it is the dam while you investigate.

3. Root cause analysis

Identify both the occurrence cause (why it happened) and the detection cause (why the existing controls did not catch it). Treating only the occurrence cause is the most common reason defects recur — the process change works but the inspection or poka-yoke is still blind, so the next variation slips through.

4. Corrective action plan

For each root cause, document a specific action, an owner, a due date, and the evidence that will prove completion. Actions should change the process, the equipment, the documentation, or the controls — not just retrain the operator. "Retrain" alone is almost never a corrective action; if training was the gap, the training system itself needs to change.

5. Implementation

Execute the plan. Update work instructions, control plans, PFMEAs, inspection plans, and operator training records. If the change affects a customer-approved process (PPAP, FAI, design history file), run the change through the formal change control process before implementing.

6. Verification of implementation

Confirm the actions were actually done. Read the updated work instruction. Watch the operator perform the new step. Pull the new inspection record. This is a separate step from effectiveness — it answers "did we do what we said we would do."

7. Effectiveness check

After a defined interval — typically 30, 60, or 90 days, or a defined number of production runs — verify the problem has not recurred. The acceptance criteria should be defined when the plan is written, not invented at the check itself. Common criteria: zero recurrence in N units, no related complaints in N days, capability index above a threshold.

8. Closure and read-across

Close the record with the effectiveness evidence attached. Then ask the read-across question: does this cause exist on similar parts, similar processes, sister lines, or other plants? Read-across is what turns a single corrective action into systemic improvement and is one of the most heavily audited items in IATF 16949 and AS9100.

Common Corrective Action Examples

Generic CAPA descriptions are nearly useless. Here are concrete examples from the kinds of issues that actually generate corrective actions on the floor.

Example 1: Wrong torque on a structural fastener (automotive Tier 1)

Nonconformance: Customer reported three returned assemblies in one week with loose bracket bolts. Containment: 100% retorque of finished inventory at the OEM and in the warehouse, sort of work-in-process. Occurrence root cause: The DC tool program had two active rundown strategies and the operator had selected the wrong one after a line changeover; there was no interlock between the tool program and the part barcode. Detection root cause:The end-of-line torque audit was sampling-based and missed the lot. Corrective action:Hard interlock between part scan and tool program, plus the audit moved to 100% torque verification via the DC tool data. Effectiveness: Zero recurrence in 90 days and zero failed audits in the same period.

Example 2: Burr on a machined seal surface (precision machining)

Nonconformance: Leak test failures on a hydraulic housing, 12% reject rate over a shift. Containment: 100% visual and leak check of the affected day's production.Root cause: Tool wear acceleration after the coolant concentration dropped below the spec window; the coolant check was a manual once-per-shift refractometer reading that had been signed off without measurement. Corrective action: Inline coolant concentration sensor with an automatic top-up and alarm; tool life reduced by 15% to add margin. Effectiveness:Reject rate dropped to 0.3% and held for 60 days.

Example 3: Wrong label on shipped product (medical device contract manufacturer)

Nonconformance: Customer received cartons labeled with the previous revision UDI.Containment: Recall of the shipped lot, full inventory audit, hold on all open shipments to the customer. Root cause: Label master in the ERP was updated but the print server cached the previous version; no verification step between print and apply.Corrective action: Print server cache invalidation tied to label master change control, plus a barcode verification scan added at the labeler before the cartons are sealed.Effectiveness: 100% scan match for 90 days.

Example 4: Recurring supplier rejection (electronics assembly)

Nonconformance: Three consecutive lots of a connector rejected for bent pins on incoming inspection. Containment: Quarantine of the rejected lots, escalation to the supplier via a Supplier Corrective Action Request.Root cause: Supplier's tray was changed to a thinner gauge that flexed in transit; the change had not been communicated through the PPAP change notification process.Corrective action: Supplier reverted to the original tray, plus the supplier added a change notification gate to their PPAP system. The customer added the tray as a controlled characteristic in the supplier quality agreement.

Corrective Action Plan Template Structure

A good corrective action plan template enforces every step of the process by structure alone. The operator should not have to remember what to put where — the template should ask. The minimum sections for an ISO 9001, IATF 16949, or AS9100 aligned plan are below. The full template is available as a free download at the end of this page.

• Header: CAR number, date opened, source (NCR, complaint, audit, supplier), part number, process, owner, due date.
• Problem statement: What is wrong, where, when, how many, and how it was detected. Written so someone outside the line can understand it.
• Containment: Specific actions, scope (lots, locations), responsible owner, completion date, and evidence reference.
• Root cause analysis: Method used (5 Whys, Fishbone, 8D), the analysis itself, and both the occurrence and detection root causes stated separately.
• Corrective action plan: One row per action, each linked to a root cause, with owner, due date, and evidence required for closure.
• Implementation evidence: Reference to updated documents — work instructions, control plan, PFMEA, training records.
• Verification of implementation: Who confirmed each action was done, when, and how.
• Effectiveness check: Acceptance criteria defined up front, the date the check is due, the data collected, and the disposition.
• Read-across: Other parts, processes, or plants reviewed for the same cause, and any additional actions opened.
• Closure: Approval signatures, date closed, and a link to the source NCR or complaint record.

Common Mistakes

These are the patterns auditors and customers reject most often. Most of them come from skipping a step or treating the corrective action record as paperwork rather than a closed-loop process.

Root cause is just a restated symptom

"Operator made a mistake" or "the dimension was out of spec" is not a root cause. It is the problem statement. Keep asking why until you reach something you can change in the process, the equipment, the controls, or the documentation.

Only the occurrence cause is treated

The process change works but the detection system that missed the original defect is unchanged. The next variation in the process — and there will be one — slips through the same hole.

Corrective action is "retrain the operator"

Training is almost never a corrective action by itself. If training was the gap, the training matrix, the work instruction, or the qualification process is what needs to change. A retrain with no system change is a near guarantee the issue will return when the next operator rotates onto the job.

No effectiveness check, or the check is the verification

Verification of implementation and effectiveness check are different steps. Verification confirms the action was done. Effectiveness confirms it worked. If the only evidence of effectiveness is a signature on the same day the action was implemented, it is not an effectiveness check.

Closure with no read-across

The same cause almost always exists on a sister part, a parallel line, or another plant. Skipping read-across is the single biggest source of repeat findings across multi-site quality systems.

The plan and the NCR live in different systems with no link

An auditor pulling the corrective action record should be able to trace back to the original nonconformance in one click. If the NCR is in one system and the CAR is in a spreadsheet, the audit trail is broken. See the nonconformance report template for the upstream link.

FAQ

What is corrective action in manufacturing?

Corrective action is the structured response to a confirmed nonconformance. It contains the immediate issue, identifies the root cause, implements a permanent fix, verifies the fix worked, and confirms the problem does not return.

What is the difference between corrective and preventive action?

Corrective action eliminates the cause of a problem that has already occurred. Preventive action eliminates the cause of a potential problem before it occurs. ISO 9001:2015 folded most preventive action into risk-based thinking, but the distinction still matters in CAPA systems and is required under FDA 21 CFR 820.100.

How long should a corrective action take to close?

Containment should be in place within 24 to 48 hours. Root cause and the corrective action plan are typically due within 15 to 30 days. Effectiveness verification usually runs 60 to 90 days after implementation, depending on production volume.

What is the difference between corrective action and root cause analysis?

Root cause analysis is the investigation step that identifies why a problem occurred. Corrective action is the broader process that uses the RCA output to implement, verify, and confirm the effectiveness of the fix.

What standards require corrective action?

ISO 9001 (clause 10.2), IATF 16949, AS9100, ISO 13485, and FDA 21 CFR 820.100 all require a documented corrective action process with evidence of root cause analysis, action implementation, and effectiveness verification.

What is a Corrective Action Request (CAR)?

A Corrective Action Request is the formal document that initiates the process. It records the nonconformance, assigns an owner, and sets the due dates for containment, root cause, and the effectiveness check. See the corrective action report guide for the request and response format used by most automotive and aerospace customers.

Do I need a separate corrective action for each defect?

Not necessarily. Multiple defects with the same root cause can share a corrective action. Multiple defects with different root causes should be tracked separately, even if they are reported on the same complaint.