In the ISO context, a distinction is made between correction and corrective action. A correction addresses the immediate nonconformity — it removes the symptom. A corrective action goes deeper and eliminates the root cause so the nonconformity does not recur.
ISO 27001 Clause 10.2 (Corrective Actions) requires that the root cause of nonconformities is identified and addressed. Example: if a server is compromised due to a missing patch, the correction is applying the patch. The corrective action would be establishing an automated patch management process. Auditors specifically check whether organizations understand this distinction and track corrective actions. Document both — the immediate correction and the long-term corrective action.