I recommend following preliminary steps before drafting a plan.
1- Collection of data on each defect/noncompliance comprising your overall CPMU and applying QC tools over it to analyze them better. Esp, pateto will help to prioritize your focus and extent of action. While applying pareto you may adopt any of the baselines depending upon risks involved- Frequency or severity. Unfortunately some times both baselines combines. The data will guide you where to go.
2- After data analysis, do hazard assessment (as we do based on CODEX principles) based on risk involved by adopting likelihood-severity matrix.
3- Identify control measures to address each hazard or combination thereof. Extent of control measure should based on level of risk.
4- Make a format addressing type of hazard, its level, control measure, frequency of monitoring/verification and responsibility of monitoring/verification. This plan must be signed by your food safety team leader.
5- Associated with this you must have a simple check sheet to record regular monitoring/verification against your plan.
IMO, copy of all above documents and records will satisfy your customer that you are on the way of taking its feedback seriously.
Hope for the best.
Muhammad Zeeshan Zaki.