Action to eliminate the cause of a nonconformity and to prevent recurrence.
Source: ISO/IEC 27000:2014, Information technology — Security techniques — Information security management systems — Overview and vocabulary, Third Edition, January 2014. Global Standards
A corrective action is defined as an action taken to eliminate or mitigate the cause of a system deficiency, hazard or risk (e.g. will fix an existing event) or it is an action (commonly referred to as a preventive action) taken to reduce the likelihood that an underlying system deficiency or hazard will cause a similar event (e.g. will fix a potential event). Note: Adopted from definition of corrective and preventive actions under ISO 9001:2000, CSA Z1000-06 and ISO 14001:2004.
Incident Reporting and Investigation Guidelines, The Canada-Nova Scotia Offshore Petroleum Board and Canada-Newfoundland and Labrador Offshore Petroleum Board, Canada, November 30, 2012. Regulatory Guidance