I would ask you to look in your copy ofISO 9001:2015, clause 10.2 and highlight or underline the word “close” as it relates to corrective actions. Before you look, it’s not there. It’s not there….not anywhere in ISO 9001. Well, if it is not there, where does it come from and why do we have to “close”corrective actions? Here’s where we need to talk about how Uncle Buck found us in the first place.
In the early days of ISO 9001…going back to 1987 when it was first issued, the “element” or requirement for corrective action did NOT state that corrective actions had to be closed. The word “close” have never appeared in ISO9001, since the original issue in 1987. This term appeared early in ISO 9001’s life, by ignorant or overzealous auditors and consultants. The requirements have always been to ensure that the corrective action was implemented and effective. That’s it. These early overzealous or under informed “experts” were looking for some sort of evidence that deemed the corrective action effective and that evidence became a statement on the report or on a corrective action log that the action was effective, therefore“closed”. So what’s the problem?
The word “timely” was used to describe how corrective actions should be managed (even though the standard used this word related to audit non-conformances) and therefore we users began assigning arbitrary times for corrective actions to be closed. The typical bad behavior used the stand ard thirty (30) days as a “timely” goal. So here the problem gets worse. We had to close corrective actions in 30 days, or we would get a nonconformance from out auditors, so we instituted more bad behavior to meet our arbitrary deadline.
The most common bad behavior was conducting a poor root cause analysis (RCA), which saved a lot of time in our30-day window. The mantra began that “we didn’t have time to do it right, but we had time to do it over”. This is unfortunate, but it was driven by an arbitrary deadline, mostly determined to appease an auditor. The unfortunate result is that these non-conformances recur and we have to address them again. The second most common non-conformance in a third-party audit is failure of the corrective action system to prevent the recurrence of non-conformances. In our healthcare world, we know this can have dire consequences, at worst, or just inefficient use of resources at least. Either way, it is associated with sunk costs.
So, how do we fix it? First let’s understand what the requirements actually state, paying close attention to the actual words that ISO uses in the text. Typically, I do not prefer to quote the specific requirement from the standard. In this case, however, I’ll make an exception so we can begin to move away from this behavior that prohibits us from reaching the intention of our DNV GL accreditation model. In short, we want Uncle Buck gone!
Remember that ISO 9001 is a management system. It has a lot of requirements designed to fit together to form a series of processes that interact at numerous levels and at various functions. Each system is implemented to meet the culture and structure of the organization. Corrective actions have specific requirements that “shall” be completed to ensure that non-conformances do not recur or occur elsewhere. How we do this should be specific for your organization. Here isa summary the specific requirements in question:
From clause 10.2.1- “When a nonconformity occurs,…the organization shall:
- React to the nonconformity…
- Evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere,…
- Implement any action needed
- REVIEW the effectiveness of any corrective action taken…
Corrective actions shall be appropriate to the effects of the nonconformities encountered”
Source: Extractions from ISO 9001:2015 Clause 10.2.1
The requirement explicitly states that we should review the effectiveness of the action taken. The intent here is that this review is not necessarily a one-time event. It can happen monthly, annually- whatever is necessary- to ensure effectiveness. The last line italicized above gives us direction on how and possibly how long this action should be reviewed…appropriate to the effects of the nonconformity. Prudence tells us that if the nonconformity is significant, the corrective action should contain an effectiveness review plan: how to review, who should review, where to review, duration of reviewing, etc. This type of review would better ensure the nonconformity does not recur or occur elsewhere.
We do have timely responses to DNV GL for our corrective action plans. These are very necessary and appropriate. We may have follow-up surveys based on the magnitude of the nonconformity. These are also very necessary and appropriate. We need to better understand and implement a disciplined sub-process in our corrective action process that will allow us to review the actions taken to ensure effectiveness. If we have assigned timelines in our policy for closing our corrective actions, we need to begin to change our way of thin king and likely discontinue this discipline. Reviewing effectiveness of actions taken may take years on some serious nonconformities. That is more than okay. It may be required based on the significance of the nonconformity. There are many ways to deploy these sub-processes. I’ll give more specifics about how to do this in my next article.
Arbitrary goals and deadlines often promote bad behaviors. I’ve seen this in corrective actions in too many organizations. Even scarier, I’ve seen arbitrary goals and deadlines in risk assessments, sometimes managing the outcome to below an arbitrary goal to avoid taking action to mitigate risk. To optimize our investment in our accreditation, we need to continue to move from a compliance perspective (check the box thinking) to a process based system thinking. Reaching for high-reliability can only be achieved when processes are in control and capable. Our patients and many other stakeholders (aka interested parties) are expecting us to do just that.
To paraphrase the late Irish author, George Bernard Shaw- “I’m sorry this article is so long, I didn’t have time to write a shorter one.” Look for Part 2 in our next newsletter on how to improve the mechanics of your corrective action processes, especially reviewing the effectiveness of the actions taken! It’s time for Uncle Buck to go!
PS-Full disclosure: Once upon a time, early in my career, I invited Uncle Buck to move in with many of my clients. I take full responsibility for not being properly educated and not challenging the norm. Initially, I was poorly mentored by a contemporary who was also poorly mentored. I broke this chain of bad behavior when ISO 9001:2000 was issued and I began to better understand the requirements and their intent in a process-based quality management system. I also found some world-class contemporaries to mentor me. These mentors helped solidify my new perspective. Fool you once, shame on your surveyor/advisor/consultant/trainer. Fool you twice, shame on you!
Bio: Ted Schmidt is a Pharmacist, a CertifiedEnterprise Risk Manager (CERM©), and a Senior Advisor with BlueSynergy Associates, LLC. BlueSynergy Associates maximize innovation, experience and customer perspective to reduce risk and make hospitals a safer environment. He currently advises and instructs hospitals in quality, risk, safety and environmental management systems. Ted led the largest ISO 9001 implementation in healthcare at theVeterans Administration. He is a SeniorMember of the American Society for Quality and a certified Lead Auditor in quality management systems by Exemplar Global. He can be reached by email at tschmidt@bluesynergyassociates.com. Follow BlueSynergy on LinkedInand Twitter
Ted Schmidt is a Pharmacist, a CertifiedEnterprise Risk Manager (CERM©), and a Senior Advisor with BlueSynergy Associates, LLC. BlueSynergy Associates maximize innovation, experience and customer perspective to reduce risk and make hospitals a safer environment. He currently advises and instructs hospitals in quality, risk, safety and environmental management systems. Ted led the largest ISO 9001 implementation in healthcare at theVeterans Administration. He is a SeniorMember of the American Society for Quality and a certified Lead Auditor in quality management systems by Exemplar Global. He can be reached by email at tschmidt@bluesynergyassociates.com. Follow BlueSynergy on LinkedInand Twitter