1.10 Corrective Actions – BCM Institute

1 PURPOSE

To maintain and improve the effectiveness and efficiency of BCM Institute’s Business Continuity Management System (BCMS) by taking Preventive and Corrective Action, as determined by the Management Review.

This procedure applies to the Management Review meeting conducted by the Executive Management.
The procedure shall cover BCM Institute’s product and services non-conformity and audit findings (internal and external).
This procedure explains how to perform the preventive and corrective action steps as follows:
- Reviewing non-conformities;
- Determining the causes of non-conformities;
- Evaluating the need for action;
- Determining and implementing action needed;
- Records of the results of action taken;
- Reviewing corrective action that was taken.

The Organization BCM Coordinator is responsible for initiating the meeting and ensuring that the necessary information is collected to allow the Executive Management to carry out the review effectively.
Business Unit BCM Coordinators and User
- Record the nonconforming product/services for the process owner to carry out preventive and corrective actions.
- Implement preventive and corrective actions.
Head of Business Units and Process Owner
- Review and analyse the cause of the nonconformity and propose/determine the action to be taken to prevent recurrence.
- Record the results of the preventive and corrective actions taken and evaluate the effectiveness of the corrective action.
The Organization BCM Coordinator has the overall responsibility and authority for the establishment, successful implementation and maintenance of this procedure.

The organisation shall improve the BCMS through the application of preventive and corrective actions. Any preventive or corrective action was taken shall be appropriate to the magnitude of the problems and commensurate with the business continuity policy and objectives.
Changes arising from preventive and corrective actions shall be reflected in the BCMS documentation.

Preventive action is usually determined during data analysis. Any preventive action to eliminate the causes of potential nonconformities shall be to a degree appropriate to the magnitude of potential problems and commensurate with the risks encountered.
The organisation shall take action to guard against potential non-conformities to prevent their occurrence. Preventive actions taken shall be appropriate to the impact of the potential problems.
The documented procedure for preventive action shall define requirements for:
- identifying potential nonconformities and their causes;
- determining and implementing preventive measures needed;
- recording results of action taken;d) reviewing preventive action taken;
- identifying changed risks and ensuring that attention is focused on significantly changed risks;
- ensuring that all those who need to know are informed of the nonconformity and preventive action put in place; and
- the priority of preventive actions based on the results of the risk assessment and the BIA.

Corrective action to eliminate the causes of nonconformities shall be to a degree appropriate to the magnitude of problems and commensurate with the risks encountered.
The organisation shall take action to eliminate the cause of nonconformities associated with the implementation and operation of the BCMS to prevent their recurrence. The documented procedures for corrective action shall define the requirements for:
- identifying any non-conformities;
- determining the causes of non-conformities;
- evaluating the need for actions to ensure that nonconformities do not recur;
- determining and implementing the corrective action needed;
- recording the results of action taken; and
- reviewing the corrective action taken.