You need to determine opportunities for improvement, these could be improvements to products, processes, mistake proofing, evolution of the QMS/ISMS. Once you have a system, this should be the most critical area of your system and where you should reap the most benefits. There are a raft of improvement techniques you can employ – Lean, Six Sigma, 5 whys, 5S, Kaizen, Kanban and many many more.
Nonconformity and corrective action
Where nonconformities (problems, complaints, risks, security incidents, outages, product failures, requirement failures) occur you need to control and correct it and then subsequently evaluate why it happened, decide of further action (where appropriate) to eliminate recurrence and review for effectiveness. You might need to update your risks and opportunities as part of your planning process. You need to keep records of these activities. It is now a requirement that you identify those involved and will serve you well that specific tasks to resolve the issues are assigned to specific individuals with agreed implementation dates. Once agreed it is at least the role of the manager to ensure those task are not only completed, be are **effective**. Better still the manager should help the individual conduct the analysis and implement the corrective actions to achieve continual improvement.
The standard is very vague about this section – just to say you need to assess and continually improve the suitability of thew QMS as part of the management review process as risks and opportunities. Why this whole section 10 is not all considered as part of the management review process and control of nonconformities is beyond me but there you go! We will have a lot more to add to this section about continual improvement as it is a huge area to embrace. Improvement may well need its own category rather than a sub heading on this site.