CAPA
Also known as: Corrective and Preventive Action
Corrective and Preventive Action is the structured response to a non-conformity or incident: investigate root cause, define corrective action (fix this) and preventive action (stop it recurring elsewhere), assign accountable owners and due dates, and verify the action was effective. ISO 45001 Cl 10.2 governs the workflow.
Legal context
CAPA is the engine of continual improvement under ISO 45001. Cl 10.2 requires the organisation to react to non-conformities and incidents, evaluate the need for action to eliminate root causes, implement the action, review effectiveness, and update the WHSMS as needed. A mature CAPA workflow distinguishes corrective action (treat the specific issue) from preventive action (prevent recurrence in similar situations), uses root-cause analysis (5 Whys, fishbone, ICAM) to find systemic causes, applies hierarchy-of-control reasoning to the action, and explicitly verifies effectiveness — close-out is not "we did the thing", it is "the action prevented recurrence over the verification window".
Where this shows up in RAE IQ
Related terms
NCR
A Non-Conformity Report records a failure to meet a defined requirement — a WHS rule, an ISO 45001 clause, an internal procedure, a regulator condition. NCRs feed the CAPA register and are the primary lag indicator of system performance.
Incident investigation
Incident investigation is the structured analysis of how and why an incident occurred — including root cause(s), contributing factors and systemic gaps — so that corrective action can prevent recurrence. ICAM (Incident Cause Analysis Method) is the dominant model in Australian heavy industry.
Audit programme
An audit programme is the planned schedule of internal audits across a WHSMS for a defined cycle (typically annual). ISO 45001 Clause 9.2 requires the audit programme to plan, establish, implement and maintain an audit programme — coverage of every clause across the cycle, by competent auditors, with findings driving CAPA.
Management review
A management review is the formal periodic (typically annual) review by top management of the WHSMS to ensure its continuing suitability, adequacy and effectiveness. ISO 45001 Cl 9.3 specifies 10 mandatory inputs and 5 mandatory outputs.
Hierarchy of control
The hierarchy of control is the rank-ordered preference for risk treatment: eliminate the hazard, then substitute, then isolate, then engineer, then administer, then PPE as a last resort. Higher controls reduce risk more reliably than lower controls because they do not depend on people behaving correctly under stress.
Platform pillars
Browse the full glossary.
47 WHS and HSWA terms with legal context, FAQs and regulator references.