They Say They’re Experts—But Are They? Spotting Dumb ISO Consultants and Auditors in Disguise
There are five questions that instantly reveal whether your ISO consultant or auditor actually understands the standard—or just memorized the cover page. But today, I’ll share only one.
The Trap Question:
“Is correction and corrective action ALWAYS required for every nonconformity under ISO 9001?”
If they say “Yes,” they need a lesson in clause logic—give them a coloring book.
If they say “No,” but can't explain it, maybe let them borrow the crayons.
Why That Answer Is Dead Wrong
Let’s start with the definitions, straight from ISO 9000:2015:
| Term | Verbatim Definition |
|---|---|
| Correction | “Action to eliminate a detected nonconformity.” (Clause 3.12.1) |
| Corrective Action | “Action to eliminate the cause of a nonconformity and to prevent recurrence.” (Clause 3.12.2) |
These are foundational to understanding Clause 10.2.1 of ISO 9001:2015.
- Correction = fix what went wrong
- Corrective Action = make sure it doesn’t happen again
Is Correction Always Required?
Clause 10.2.1(a) says:
“React to the nonconformity, and as applicable:
- take action to control and correct it;
- deal with the consequences.”
The magic words? “as applicable.” Which means: Correction is not always required.
What’s ALWAYS Required?
REACTION. That’s the non-negotiable clause command. Whether you fix it, contain it, or just deal with the fallout—you must react.
But reaction is not always correction. That’s where “as applicable” kicks in:
- You might correct the issue
- You might mitigate the impact
- You might deal with the consequences (e.g. pay the fine, notify the client)
Example: Late Delivery - Customer then Complains
| Action | Explanation |
|---|---|
| Correction? (Action to eliminate the detected nonconformity) | You can’t “un-late” a delivery—it’s already done |
| Control / Mitigate | Prevent similar delays in future shipments (Not a correction since you cant correct a late delivery, it's already late) (not a corrective action unless the action eliminates the root cause) |
| Deal with Consequences | Apologise, offer discount, pay the fines, respond to client’s action request |
This satisfies the clause’s first command:
“React to the nonconformity, and as applicable… control and correct, or deal with the consequences.”
Now let's discuss Corrective Action.
Is Corrective Action Always Required?
Clause 10.2.1(b) says:
“Evaluate the need for action to eliminate the cause(s) of the nonconformity, in order that it does not recur or occur elsewhere, by:
- reviewing and analysing the nonconformity;
- determining the causes of the nonconformity;
- determining if similar nonconformities exist, or could potentially occur.”
Remember the definition of Corrective Action? "Action to eliminate the cause of a nonconformity and to prevent recurrence".
Also, the above clause 10.2.1b 1-3 means root cause analysis
So let's rephrase to simplify: "When a nonconformity occurs, including any arising from complaints, the organization shall: Evaluate the need for corrective action by performing root cause analysis."
But here’s the kicker: It doesn’t say “take corrective action.” It says “evaluate the need.”
The results of root cause analysis may reveal that the nonconformity raised is invalid, or that taking corrective action is not practical or justified.
Why Corrective Action Might Not Be Practical
Even if a root cause is identified, eliminating it may be:
- Too costly for a low-risk issue
- Operationally disruptive
- Outside your control
- Unnecessary if recurrence is unlikely
ISO 9001:2015 doesn’t demand heroic fixes—it demands smart ones.
The Old Mindset: ISO 9001:2008 (Old Version)
Clause 8.5.2 said:
“The organization shall take action to eliminate the cause of nonconformities in order to prevent recurrence.”
In the 2008 version (old Version) of the standard, corrective action was always required, "Shall take action...".
No “evaluate.” No “as applicable.” Just:
- Take action
- Eliminate the cause
- Prevent recurrence
The 2015 Upgrade: Think Before You Fix
Clause 10.2.1 introduced:
- Risk-based thinking
- Contextual decision-making
- And most importantly:
“Evaluate the need for action…”
That single phrase breaks the cycle of robotic auditing. It tells the organization:
- Think before you fix
- Correct only when applicable
- Take corrective action only if the cause is systemic and recurrence is a real risk
If the organization decides not to implement corrective action, it must justify the decision by presenting its evaluation which includes:
– reviewing and analyzing the nonconformity,
– determining its causes, and
– identifying whether similar nonconformities exist or could potentially occur.
Final Thought
If your consultant or auditor still insists:
“Every nonconformity must have correction and corrective action.”
Then they’re not applying ISO 9001:2015—they’re showcasing clause stupidity, not clause logic.
And if they say “No,” but go blank when you ask them to explain why? Let them borrow the crayons—they clearly missed the part where understanding begins.
Want to know the remaining four questions that instantly reveal dumb ISO consultant or auditor?
Schedule a free consultation now.
Zyrus A. Oyong, CEO
Zyrus Oyong is the founder and Chief Strategist of Bluestar Certification Management Inc., a catalyst for clause-driven reform in the ISO consultancy space. With over a decade of experience navigating ISO 9001, ISO 14001, ISO 45001, and ISO 21001 standards, he has earned a reputation for strategic clarity, fearless advocacy, and ethical disruption.
Zyrus is a vocal critic of shallow auditing practices and misinformation in the compliance industry, using satire, blog exposés, and trap visuals to expose contradictions and defend clause integrity. He is the creative force behind BluestarCMI’s most provocative thought pieces, including “They Say They’re Experts—But Are They?” and the viral Coloring Book Audits Trap Series.
He is currently transitioning BluestarCMI into Philippine Certification Management Inc., a national platform for transparent consultancy, ethical ISO education, and clause-logic empowerment. His work continues to shape public discourse, influence accreditation culture, and ignite critical thinking among certification seekers, consultants, and auditors alike.