Blog ISO Guide – Clause 10: Improvement

What’s Clause 10 About?

Clause 10 is the culmination of your efforts in managing an ISO-compliant system. It’s about constantly enhancing your processes and performance. Think of it as the engine that drives your continuous improvement journey. It encompasses everything from addressing nonconformities to seeking opportunities for growth.

The clause generally has three subclauses:

• 10.1 – General
• 10.2 – Nonconformity and corrective action
• 10.3 – Continual improvement

You will see as we go through them that these subclauses swap places, and in some standards they add a little something extra.

Let’s look at each of these subclauses in a little more detail.

Key Concepts

In fact, Clause 10 is one of the few clauses where the actual requirements are almost the same for all the standards written in the annex SL format. It provides guidance on how organizations should approach the identification of opportunities for improvement and the implementation of necessary changes.

There are a few key concepts that will help to put improvement in context:

1. Nonconformity and Corrective Action: This concept focuses on identifying instances where the organization’s processes, products, or services do not meet specified requirements. Corrective action involves taking steps to address and rectify these nonconformities.
2. Continual Improvement: Organizations are encouraged to continually seek opportunities to enhance their performance and effectiveness. This involves an ongoing commitment to making positive changes, rather than viewing improvement as a one-time effort.
3. Monitoring and Measurement of Processes: This involves establishing processes for monitoring and measuring performance. This helps in identifying areas where improvements can be made and provides data for making informed decisions.
4. Customer Feedback and Complaints: Actively seeking and analysing customer feedback and complaints can provide valuable insights into areas that may require improvement.
5. Management Review: This involves regular reviews by top management to assess the performance of the management system, identify opportunities for improvement, and make decisions regarding resource allocation.
6. Root Cause Analysis: When addressing nonconformities or areas for improvement, it’s important to go beyond surface-level issues and identify the underlying root causes.
7. Risk-Based Thinking: This involves considering potential risks and opportunities in all processes and decision-making. By identifying and addressing risks, organizations can prevent potential issues and seize opportunities for improvement.
8. Performance Indicators and Metrics: Establishing clear performance indicators and metrics helps in objectively measuring performance and progress towards improvement goals.
9. Documentation and Records: Proper documentation of improvement activities, including corrective actions taken and the results of continual improvement efforts, is essential for accountability and traceability.
10. Resource Allocation: Identifying and providing the necessary resources (including human, financial, and technological) to support improvement efforts.
11. Communication and Awareness: Ensuring that all relevant stakeholders are aware of improvement initiatives and their roles in achieving improvement goals.
12. Legal and Regulatory Requirements: Understanding and complying with applicable legal and regulatory requirements is crucial for ensuring that improvement efforts are aligned with legal obligations.

Clause 10.1 General

There are some variations of the content of sub-clause 10.1 across the standards.

Generally the wording is “The organization shall continually improve the suitability, adequacy and effectiveness of the management system.”

However, the ISO9001 standard states that “The organization shall determine and select opportunities for improvement and implement any necessary actions to meet customer requirements and enhance customer satisfaction.”

It is also worth noting that in ISO14001 it also refers directly back to sub-clauses 9.1, 9.2 and 9.3, and in ISO45001 it refers directly back to clause 9. It is also worth noting for those who are implementing ISO27001 or ISO22301 there is no ‘General’ sub-clause.

Clause 10.2 Nonconformity and corrective action

This subclause also varies slightly within each standard, but the generic requirements are to:

• React to the nonconformity and, as applicable
  • React to the nonconformity and correct it
  • Deal with the consequences
• Evaluate the need for action to eliminate the cause(s), to stop it recurring or occurring somewhere else
• Implement the action needed
• Assess the effectiveness of the corrective action
• If required update the risk and opportunities identified during the planning
• Make changes to the management system if required

It is important to retain documented information of evidence of the type of nonconformity and actions taken, and the result of any corrective actions.

There are two standards that have significant variations of this subclause.

In ISO22301 this subclause has been divided into 2 further subclauses:

• 10.1.1 States that the organization will determine opportunities for improvement and implement actions to achieved the intended outcomes of its BCMS.
• 10.1.2 This is the same as sub-clause 10.1 in the other standards.

In ISO45001 this subclause is entitled “Incident, nonconformity and corrective action.“ It also covers in its requirements the inclusion of workers and relevant interested parties in evaluating the need for corrective action to mitigate the root cause(s) of the incident or nonconformity. There are direct references to other clauses within the standard and these are:

• Clause 5.4 – consultation and participation of workers
• Clause 6.1 – Actions to address risks and opportunities
• Clause 8.1.2 – Eliminating hazards and reducing OH&S risks
• Clause 8.1.3 – Management of change

10.2 Continual improvement

Sub-Clause 10.3 Continual Improvement (in ISO27001 this is actually the first sub-clause in Clause 10 due to a recent change in the ISO High Level Structure) is the heart of Clause 10. It’s about proactively seeking opportunities for enhancement.

The general directive within this subclause is that the organization shall continually improve the suitability, adequacy and effectiveness of the management system.

ISO9001 and ISO22301 add that “the organization shall take into consideration the results of any analysis and evaluation, the outputs of the management review, to identify if there are any needs or opportunities that can be incorporated as part of continual improvement.”

ISO45001 breaks this subclause down even further by adding five ‘suggestions’:

• Enhancing the performance of the management system
• Promoting a culture that supports the management system
• Encouraging the participation of works to help implement actions for continual improvement
• Communicating the results of continual improvement
• Maintaining and keeping documented information as evidence of improvement

How to approach clause 10

So you can see that, although the messages are the same, the different standards organise the requirements in a variety of (sometimes confusing) ways. We will now look at how to approach clause 10 In the various standards, with some examples, remembering that each organization will approach continual improvement in their own way.

• ISO9001 Quality: Emphasis on Customer Satisfaction. In ISO9001, Clause 10 focuses on continually improving customer satisfaction by meeting customer requirements and expectations.
  • Example: An automobile manufacturer regularly conducts customer surveys and feedback sessions to identify areas for improvement. They use this information to refine their product designs, production processes, and customer service, ultimately enhancing customer satisfaction.
• ISO14001 Environmental: Environmental Performance Improvement. In ISO14001, Clause 10 centres around enhancing environmental performance, which includes aspects like pollution prevention and resource efficiency.
  • Example: A manufacturing facility implements a waste recycling program to reduce the amount of waste sent to landfills. Through continuous monitoring and improvement, they manage to significantly decrease their environmental impact and demonstrate a commitment to sustainable practices.
• ISO45001 Occupational Health & Safety: Ensuring Occupational Health and Safety. In ISO45001, Clause 10 focuses on improving occupational health and safety performance to prevent work-related injuries and illnesses.
  • Example: A construction company conducts regular safety audits and risk assessments on their construction sites. They use the findings to implement additional safety measures, provide training, and create a safer working environment, leading to a reduction in accidents and incidents.
• ISO27001 Information Security: Maintaining Information Security. In ISO 27001, Clause 10 is concerned with continually improving the effectiveness of information security measures to protect sensitive information.
  • Example: A financial institution regularly updates its security protocols and conducts penetration testing to identify vulnerabilities. By staying proactive, they ensure the confidentiality, integrity, and availability of sensitive financial data.
• ISO22301 Business Continuity: Ensuring Business Continuity. In ISO 22301, Clause 10 focuses on continually enhancing an organization’s ability to respond to and recover from disruptive incidents.
  • Example: A technology company regularly reviews and updates its business continuity plans. They conduct simulated exercises to test their response to various scenarios, ensuring that they can effectively continue operations in the event of a major disruption, such as a cyber-attack or natural disaster.

In summary

Clause 10 of the ISO standards emphasizes the perpetual pursuit of enhancement in organizational performance. It establishes the need for a structured approach to identifying opportunities for improvement and addressing nonconformities. It also requires the organization to demonstrate a commitment to continual improvement by setting objectives, initiating corrective actions, and fostering a culture of innovation and learning. Through Clause 10, organizations are encouraged to adapt to changing circumstances, align with strategic goals, and drive towards excellence in all aspects of their operations. This serves as a cornerstone for sustainable growth and competitiveness.

Clause 10 fundamentally underscores the concept of continuous improvement as a dynamic and integral part of an organization’s management system, driving it towards sustained success and adaptability in a rapidly evolving business environment.

Written by Ken Holmes and Ted Spiller. 

Ken is CertiKit’s Managing Director and Lead Toolkit Creator. Ken is a CISSP-qualified security and data protection specialist who also holds the internationally-recognised Certified Information Privacy Professional – Europe (CIPP/E).

Ted is CertiKit’s Compliance Consultant, and an expert in many ISO management systems; he is a Lead Auditor for ISO27001, ISO9001 and ISO14001 and Auditor for ISO45001 and ISO22301.

How can CertiKit help with your ISO Implementation?

CertiKit’s ISO Toolkits and ISO Services are available help you understand and implement your chosen ISO standard(s). The toolkits include easy to understand templates and guides, plus a perpetual licence with ongoing updates and support, so you’ve got help whenever you need it.