ISO 9001 Clause 10: Improvement

Understanding Clause 10: The Engine of Continual Improvement

Every quality management system exists to deliver consistent results and to get better over time. Clause 10 of ISO 9001:2015 provides the framework for making that ambition concrete. It is the final requirement clause in the standard, but it is far from an afterthought. Without effective improvement processes, the entire QMS becomes a static collection of documents rather than a living system that adapts and evolves.

Clause 10 addresses three interconnected themes: selecting the right opportunities for improvement, responding to things that go wrong through structured corrective action, and maintaining a broader culture of continual improvement that draws on data from across the organisation.

Clause 10.1: General Requirements for Improvement

The opening sub-clause sets the strategic context. Organisations must determine and select opportunities for improvement and implement the necessary actions to meet customer requirements and enhance customer satisfaction. This is a proactive requirement. It goes beyond simply fixing problems and asks you to actively seek out ways to do things better.

The standard identifies several categories of improvement that should be considered. These include improving products and services to better meet current and anticipated customer requirements, correcting, preventing or reducing undesired effects that have been identified through monitoring and evaluation, and improving the overall performance and effectiveness of the Quality Management System itself.

Importantly, improvement does not always mean radical change. Small, incremental adjustments to how a process is performed, how information is communicated, or how resources are allocated can deliver substantial cumulative benefits when applied consistently over time.

Clause 10.2: Nonconformity and Corrective Action

When a nonconformity occurs, including those arising from customer complaints, the organisation must follow a structured approach to deal with it. The standard lays out a clear sequence of actions that must be taken, and each step serves a distinct purpose in preventing recurrence.

First, you must react to the nonconformity by taking action to control and correct it and by dealing with its consequences. This is about containment and damage limitation, ensuring that the immediate impact on customers, products, or services is managed.

Second, you must evaluate the need for action to eliminate the root cause or causes of the nonconformity so that it does not recur or occur elsewhere in the organisation. This evaluation should include reviewing and analysing the nonconformity, determining what caused it, and checking whether similar nonconformities exist or could potentially occur in other processes.

Third, you must implement whatever action is needed based on that root cause analysis. Fourth, you must review the effectiveness of the corrective action taken to confirm that it actually resolved the issue. Fifth, you should update risks and opportunities determined during planning if the nonconformity reveals something that was not previously accounted for. Finally, you must make changes to the QMS if necessary to prevent recurrence at a systemic level.

A critical requirement is that corrective actions must be appropriate to the effects of the nonconformities encountered. A minor documentation gap does not warrant the same level of investigation as a product failure that affects customer safety. Proportionality is essential for keeping the corrective action process manageable and focused.

The organisation must retain documented information as evidence of the nature of the nonconformities and any subsequent actions taken, as well as the results of any corrective action.

Clause 10.3: Continual Improvement

Beyond reactive correction, organisations must continually improve the suitability, adequacy and effectiveness of the Quality Management System. This sub-clause connects directly to the outputs of Clause 9, requiring you to consider the results of analysis and evaluation activities and the outputs from management review when determining whether there are needs or opportunities that should be addressed as part of continual improvement.

Continual improvement is not a single project or initiative. It is an ongoing organisational discipline that should be visible in how objectives are set, how processes are reviewed, how audit findings are acted upon, and how management allocates attention and resources. The most effective organisations build improvement into their daily routines rather than treating it as a periodic exercise triggered only by audit cycles.

Common Nonconformity Types

Understanding the most frequently encountered nonconformity types can help organisations focus their prevention efforts and prepare more effectively for both internal and external audits. The following categories appear consistently across industries and organisation sizes:

• Documentation gaps— Missing or outdated procedures, work instructions that do not reflect current practice, or documented information that fails to meet the retention requirements of the standard. These gaps often emerge when processes change but the supporting documentation is not updated to match.
• Inadequate training records— Insufficient evidence that personnel performing work affecting product and service quality have the necessary competence. This includes missing training logs, absence of competence assessments, or training programmes that do not cover the skills actually required by the role.
• Failure to follow established procedures— Situations where documented procedures exist but are not consistently followed on the ground. This is often a sign that procedures were written without sufficient input from the people who carry out the work, or that the procedures have become impractical over time.
• Incomplete corrective actions— Corrective actions that address the symptom but not the root cause, actions that are raised but never closed out, or a lack of evidence that the effectiveness of corrective actions has been verified. This is one of the most common findings during certification audits.
• Insufficient management review— Management reviews that do not cover all the required inputs specified in Clause 9.3, reviews that produce vague outputs without clear decisions or assigned responsibilities, or reviews that are conducted so infrequently that they lose their relevance as a steering mechanism.

Requirements Summary

Audit Questions for Clause 10

1. How does the organisation identify and select opportunities for improvement, and can you provide examples of improvements implemented in the past twelve months?
2. When a nonconformity or customer complaint occurs, what process is followed to contain the issue, investigate root causes, and implement corrective action?
3. Can you demonstrate that corrective actions are proportionate to the significance of the nonconformity and that their effectiveness has been verified?
4. How does the organisation ensure that similar nonconformities are checked for across other processes or locations, not just the area where the issue was originally found?
5. Are risks and opportunities updated when corrective action reveals previously unidentified threats or weaknesses in the QMS?
6. What evidence is available to show that the organisation uses analysis results and management review outputs as inputs to its continual improvement activities?

Download our NCR form templates to manage nonconformities effectively throughout the corrective action process.