(ABMS = ISO 37001)
7.0 Continual Improvement
Nonconformity and corrective action
When a nonconformity (NC) occurs (usually issued via a Corrective Action Request (CAR), take quick action, control and correct.
Some NC can result in dire consequences such as OSH or Environmental issues that maybe fatal or cause damage to assets. Most safety issues are either related to ignorance or bribery. (Fatal dan Damage may be relevant to RISK MANAGEMENT, thus review the risk register to find out if the risk has been addressed and mitigated or the risk could be a new one)
(NC can sometimes repetitive in different places. It's advised that auditors should issue 1 CAR for same NC but state the occurrence at different locations)
Find out the root cause (s) of the NC. Root Cause is NOT a personal blaming platform. It should be more related to the process itself.
The idea of corrective action is not merely repairing the system or machine or devices, it is important to improve the process where similar NC may happen at other places as well. This is where preventive measures need to be taken which may include review of effectiveness and changes to the ABMS.
Corrective Action - shall be appropriate to the effects of non-conformities. Looking back at root cause and evidences may help in determining the right corrective action. It is imperative that auditors NOT to depend on pictorial evidence but to visit on a "before" and "after" the NC to verify the photos and action taken (including follow-up actions) accordingly by the auditee.
For auditors, the effectiveness of the corrective action can only be seen in the next audit. My advise that auditors should also look into the bribery risk register and relevant random inspection records where necessary. (in the next audit, the auditor should note the effectiveness of the last audited corrective action by looking into further evidence afterwards as well)
Continual improvement is to determine suitability, adequacy and effectiveness of the anti-bribery management system.
This improvement could be the follow up actions from :
a) Changes in statutory and legal requirements,
b) Results of the Management Review,
c) changes in the ABMS itself,
d) internally proposed
No comments:
Post a Comment