Mannix - it was Baldrick,
Cunning Planner
Location: Newport, South Wales, UK

RC Bettye and I Thanked him for sharing this simple and to the point approach - go to page 21 for original post :agree1:

Mannix - it was Baldrick,
Cunning Planner
Location: Newport, South Wales, UK

RC Bettye and I Thanked him for sharing this simple and to the point approach - go to page 21 for original post :agree1:

MMmm Thanks, but I don't think I want to visit this thread ever again, especially page 21!!!!!! So many conflicting arguments and interpretations of the written standards!

These standards were supposed to make things better weren't they? Recently this PA and CA debate + one about "The Process Approach" and the misinterpretations in that, are really making understanding and interpreting these things very difficult. Especially for someone who has a stinking cold and lacks the required 7-8 hours sleep like I do!

I think I will take my well earned holiday and try and come back fighting fit to tackle this crazy world of standardisation when I return!

can be one & at the same time can be two separate procedures.
Std does not ask for separate procedures? Correct me if i'm wrong.

...Std does not ask for separate procedures? Correct me if i'm wrong.


The standard only says you must have procedures for these activities/processes. It does not specify - what form or style, or whether they can be combined, is left to you to decide.

:thanx: You're on the money - see attachments BVQi Interpretations, and XLP quiz.

missing attachments

Hello,

2 points:

1. I really understad Manix by writing he will never visit the thread again, it is growing and growing without come to an conclusion, because there is none given by the standard.

2. I like the interpretation from BVQI thanks winchm, the BVQI lists what the Auditor will ask for and the lists for preventive and corrective action are quite different, what shows the difference between the topics.

I still prefere process flows, here I start from the top process Improvement (TS Chapter 8.5) and than go to the three sub proceses, CI, PA and CA (8.5.1, 8.5.3, 8.5.2)

Greetings from Germany

Tamara

I currently have two:


One within Corrective Action for Prevention of future problems (re-active)
One for Preventive review at contract review (pro-active)

My system has one procedure called "Corrective & Preventive Action and Continual Improvement"...these represent the 3 tools available to management to react to process performance metrics, or to nonconformances, so it makes sense to have them all in one procedure.

Let's say you start with a "Corrective" Action...when you flow it out, one of the final steps should be to ask yourself if the corrective action could be implemented somewhere as a "Preventive Action"...so the next page of the flow chart should take you to "Preventive Action" process.

To make sure that this happens, I created a Metrics DASHBOARD database to help keep Sr. Management focused and disciplined (and because I hate seeing them squirm and sweat during a surveillance audit).

In preparation for Management Review, they record the "Performance Status" of each metric (for which they are champion).

Based on that status, they answer the question, "Is Corrective Action necessary?"...if the answer is "YES", they hyperlink to the solution, and then, also answer the question, "Can this action be implemented elsewhere as a preventive measure?"....If the answer is yes...they link to the Preventive Action. (If the answer is "No", that's the end of the sequence).

If the answer to "Is corrective action necessary?" is NO, (which means their metric is on plan and/or meeting its stated objective), then they have to answer the question, "Is there an opportunity for continual improvement?" (you can't initiate a Continual Improvement unless your metric is meeting objective, and no actions are necessary - any action taken before you're meeting your objective is, by definition, "corrective", and not an improvement). If the answer is "YES", you hyperlink to the Continual Improvement. If the answer is "No", you answer the question "Why not?" (possible answers: "no resources currently available, no improvements identified, timing constraints, etc.), and that's the end of the sequence.

However, this demostrates to the auditors that Sr. Management is always assessing the opportunity for continual improvements, and reviewing if they are feasible, cost-efficient, and timely. It further hyperlinks them to all the Continual Improvement Actions that have been initiated...neat, tidy, readily accessible....Sr. Management knows right where to go to answer the auditor's question..."What Continual Improvement projects have you undertaken since the last audit?" and "Can you show me some of them?"

It's almost idiot-proof!

Patricia,

This sounds like an excellent system - intelligent and practical, well done!

With your ref. to hyperlinks, it sounds like you have it operating in some kind of online system? Or perhaps that's just the process document.


To make sure that this happens, I created a Metrics DASHBOARD database to help keep Sr. Management focused and disciplined (and because I hate seeing them squirm and sweat during a surveillance audit).

Yup, I hate seeing them squirm too (except occasionally if they richly deserve to do so). :D

The questions you've set out are the sort of thing that any good manager/s would be doing of course, but not necessarily in a structured fashion, nor necessarily keeping records. Whereas setting it out like this achieves the requirements & gives the kind of structure that makes it dead easy for them to follow the 'path of righteousness' that you want 'em to walk down :-) plus it ties up the records so they're available and clear.

Really good stuff! :applause:

Patricia,

This sounds like an excellent system - intelligent and practical, well done!

:

:) Thanks Jane:,
Yes, the Metrics DASHBOARD is an online system (but it is also documented and linked in applicable key processes, namely "SOP-0003 Business Plannning & Management Review", "SOP-0004 - Monitoring, Measurement and Analysis" and SOP-0005 Corrective & Preventive Action & Continual Improvement").
Some companies have it on a common server, and some companies use it in an "Intranet" environment.

Either way, it's readily accessible, simple, yet comprehensive, effective and efficient....No more rummaging through binders and files at audit time...or more importantly, at regular Management Review.

Actually, the scope of the "DASHBOARD" is much broader than just managing Corr/Prev/Cont'l Improvment Actions. It begins with the Policy Statement, linking it to the Business Plan objectives ("deployment of the Policy Statement), associating objectives with key processes (helping to answer audit questions such as "How do you ensure that this aspect of the Policy Statement is deployed?", and "How do you know that this process is effective and efficient?", or "Where have your objectives been defined?"...more squirm generators), and then linking objectives to the metrics which support the Business Plan. The Corr/Prev/C.I. actions (which is where this discussion started), are the last "phase" of the database and help to manage the results of Management's review of the process performance. (:confused: Does this help??...its hard to describe a database in a paragraph).

Thanks again, Jane :thanx:
Patricia

That does indeed sound like an excellent system, especially eliminating the need for binders full of paperwork.

I am interested in how it was developed. Did you buy it off the shelf or was it developed in house. I ask because I am looking into moving a lot of our QMS over to electronic methods of reporting and data storage. Currently we work from paper almost exclusively on nearly all of our KPi recording and reporting.

It sounds like heaven compared to what I currently work with!

I am interested in how it was developed. Did you buy it off the shelf or was it developed in house. I ask because I am looking into moving a lot of our QMS over to electronic methods of reporting and data storage. Currently we work from paper almost exclusively on nearly all of our KPi recording and reporting.

Hi Manix :D,
Thanks for your comments...actually, I developed it myself, using Microsoft Access, so most companies don't have to buy any additional software to run it. Since I'm not a computer/programmer, and some companies wanted to use it in an Intranet environment, I've allowed them (since it's copyrighted) to recreate the program in SQL , using Crystal Report for the Reporting side of it. I designed and created a basic data collection form and designed all the reports (about 20 different reports). I've attached some of the reports herewith to give you an idea of what the reports look like. Managers just have to update 4 or 5 fields every month, and voila!

Each Report has an explanation in "red" text at the beginning, describing the purpose of the Report.

:thanx: Thanks again for your comments,
Patricia

Hi Manix :D,
Thanks for your comments...actually, I developed it myself, using Microsoft Access, so most companies don't have to buy any additional software to run it. Since I'm not a computer/programmer, and some companies wanted to use it in an Intranet environment, I've allowed them (since it's copyrighted) to recreate the program in SQL , using Crystal Report for the Reporting side of it. I designed and created a basic data collection form and designed all the reports (about 20 different reports). I've attached some of the reports herewith to give you an idea of what the reports look like. Managers just have to update 4 or 5 fields every month, and voila!

Each Report has an explanation in "red" text at the beginning, describing the purpose of the Report.

:thanx: Thanks again for your comments,
Patricia

Pretty good, I like it. I am looking at taking over the forms and procedures we use and want to to a database, but it sooooo time consuming, I was thinking of going for some kind of off the shelf template and adapting it.....but that's a whole new thread! Thanks Patricia.

I've attached some of the reports herewith to give you an idea of what the reports look like. Managers just have to update 4 or 5 fields every month, and voila!


Thanks for posting sample reports layouts, Patricia - this really is an excellent thing you've created. :agree1:

I'm very impressed by the thinking and planning behind it. You've achieved the result of making something relatively complex look deceptively simple - not always easy to do! And I liked the guidance information you've provided, to make it relatively easy for managers to fill it in well & consistently. And making it in this kind of format (ie, hyperlinks etc) presumably means that each manager can access / update their own stuff easily, as well as viewing others if & when they want to.

Looking at Bullet Point Summary, I'm assuming that if, say, the trend is 'Unfavorable' or 'Needs Improving', that the final column wouldn't read Yes (still suitable/& effective) & that there would be notes in the Summary column that would summarise what the plan was to improve? And does the colour key summary chart at the head of the report 'automagically' populate & update for each selected metric? (I'm just trying visualise how it all works - and yes, I realise it's hard to explain in words what takes seconds to demonstrate online! :)

Am I right in assuming that this is for a medium-large organisation rather than a small one?

Hi Manix :D,
Thanks for your comments...actually, I developed it myself, using Microsoft Access, so most companies don't have to buy any additional software to run it. Since I'm not a computer/programmer, and some companies wanted to use it in an Intranet environment, I've allowed them (since it's copyrighted) to recreate the program in SQL , using Crystal Report for the Reporting side of it. I designed and created a basic data collection form and designed all the reports (about 20 different reports). I've attached some of the reports herewith to give you an idea of what the reports look like. Managers just have to update 4 or 5 fields every month, and voila!

Each Report has an explanation in "red" text at the beginning, describing the purpose of the Report.

:thanx: Thanks again for your comments,
Patricia


This looks pretty useful, once you get used to working it. I would be more comfortable if it lined up more with your QMS processes, not just departments.

:thanx:Thanks Jane

Looking at Bullet Point Summary, I'm assuming that if, say, the trend is 'Unfavorable' or 'Needs Improving', that the final column wouldn't read Yes (still suitable/& effective) & that there would be notes in the Summary column that would summarise what the plan was to improve? And does the colour key summary chart at the head of the report 'automagically' populate & update for each selected metric? (I'm just trying visualise how it all works - and yes, I realise it's hard to explain in words what takes seconds to demonstrate online! :)

Am I right in assuming that this is for a medium-large organisation rather than a small one?

To answer your questions:

1) Yes, the Bullet Point Summary would include a comment, or possibly a hyperlink to the Corrective Action Database. This particular report is intended as an input to Management Review, to help Sr. Mgmt focus on
"marginal- or under-performing" metrics. It has a huge impact on meeting "time/duration", since the Report is printed before the meeting, and rather than a free-for-all dealing with "hot issues", the Metric Champions have to come to the meeting prepared, and with Corrective Actions already identified (so many meetings I've witnessed are more like "brainstorming for solutions", or fire-fighting exercises...which I think, is quite a testosterone rush for those who are accustomed to that Management style.)

2) Yes, the colorkey is "automagically:magic:" set, based on data input by the metric champion. As mentioned earlier, the champion only has to update a few fields every month, and of course, the Reports are self-populating from the data entered.

3) This tool has been utilized in companies ranging from 35 to 900 employees (with varying degrees of success...It's most impactful and effective when Sr. Management assumes ownership for it, and uses it as a company-wide discipline/methodology. Those that use it, love it!).
Thanks again,
Patricia

This looks pretty useful, once you get used to working it. I would be more comfortable if it lined up more with your QMS processes, not just departments.

I couldn't agree more. That's why I designed several Reports...The Bullet Point Summary is just one of about 20 Reports that are spontaneously generated by the "Metrics DASHBOARD" (typically used by Sr. Mgmt when they want to meet with a Dept Mgr. and focus on his/her department's performance).
The Metrics can be sorted, or filtered any way you want...so there is a Report sorting by "Metrics Hierarchy" (corporate, divisional, departmental, etc.), by Metrics Champion, by Key Process (called Key Process Performance Report), by Policy Statement element, by Performance (Favorable vs Unfavorable), etc.

Additionally, it generates Reports called:
-Metrics Glossary (Metric definitions and formulae)
-Monthly Operations Reports (filters "Key Metrics" as requested by corporate - typically financial metrics)
-Cost of Non-Conformance Report
-Non-conformance Frequency and Distribution Report
-Problem and Solution Report (posted for Employee information)
-Action Items - sorted by Problem Classification

I even created one called "How Many Metrics do we have?"...Not that it's important, but it was a question that came up at an audit, so I created a Report that just lists all the Metrics, and assigns a number. The Report Header includes the following preface:
"Are we monitoring too many processes? There is no correct number of processes to be monitoring, however, once a process becomes capable and stable, it may not be necessary to continue the monitoring process. Additionally, new metrics may be necessary if performance parameters become unfavorable, or customer satisfaction is less than optimal..

Databases are wonderful - there are so many ways to filter and sort the data to address the needs of varying organizational levels, teams, individuals, etc. This one also helps Management and employees to understand how the "System" works.

Patricia

How wonderfully simple. Just a / between the CA & PA. I have had trouble getting preventive action documented unless a corrective action occurred. I have been trying to improve my form and this is a good answer.

Thank you.

Hi Manix :D,
Thanks for your comments...actually, I developed it myself, using Microsoft Access, so most companies don't have to buy any additional software to run it. Since I'm not a computer/programmer, and some companies wanted to use it in an Intranet environment, I've allowed them (since it's copyrighted) to recreate the program in SQL , using Crystal Report for the Reporting side of it. I designed and created a basic data collection form and designed all the reports (about 20 different reports). I've attached some of the reports herewith to give you an idea of what the reports look like. Managers just have to update 4 or 5 fields every month, and voila!

Each Report has an explanation in "red" text at the beginning, describing the purpose of the Report.

:thanx: Thanks again for your comments,
Patricia

Great Job Patricia!!Simply remarkable!!It needs full clarity and painstaking effort to pack this all in small capsules.Very useful templates for one and all.

:thanx: :applause:

Nice job Patricia.:applause:

the system I use is almost similar, though the continuous improvement aspect is missing from it. I am definitely planning to add that. And mine is a plain excel sheet - definitely not as colorful!

One additional aspect I include though, is whether any change in documentation is required? If the answer is positive, the CA / PA does not close till the document has been officially revised and the revision is put on record.

Hi Potdar,

Thanks for your feedback.

Documentation changes precipitated by Corrective Actions are captured in a linked database called the "Action Item Database", which, as you stated, requires that the necessary document revisions be made before the Corrective Action can be closed out. It is part of the verification and validation steps in the Corrective Action.

Sounds like you have an excellent methodology which is very pro-active, precluding the possibility of errors or omissions. We all have so much to learn from each other!

Thanks again,
Patricia

How wonderfully simple. Just a / between the CA & PA. I have had trouble getting preventive action documented unless a corrective action occurred. I have been trying to improve my form and this is a good answer.

Thank you.


If a corrective action happened, it does not lead to a preventive action. The ISO standard clearly defines a preventive action as a potential failure.

Don't want to hijack this thread, we have beaten this on many other threads already. If you don't agree, there are several other threads if you do a search.

If a corrective action happened, it does not lead to a preventive action. The ISO standard clearly defines a preventive action as a potential failure.

Sorry, I'm too tired to look up the other threads...thought I'd reply here.

You're right...when a corrective action happens, it does not always lead to a preventive action per say, however, potential failures may be identified through a broad range of activities, including a previously validated corrective action.

This is how a C/A might generate an opportunity for a P/A:
Once a Corrective Action is implemented and validated, Management should ask themselves if an opportunity for a Prev. Action exists through the application of the corrective action to a similar process or scenario, thereby preventing a failure mode that could precipitate a failure like the one that led to the original corrective action.

Corrective actions are not always the catalyst for a Preventive Action (see attachment), but they can be.

Patricia Ravanello

P.S. Please note, the attachment is only 1 page of a 3 page document.
Following the validation of a Corrective Action (page 1 of SOP-0005) is a "Decision Diamond": "Could the application of this corrective action to other processes eliminate potential nonconformities?" If the answer is "yes", you link to Page 2, the Preventive Action Flow Chart.

If a corrective action happened, it does not lead to a preventive action. The ISO standard clearly defines a preventive action as a potential failure.

Don't want to hijack this thread, we have beaten this on many other threads already. If you don't agree, there are several other threads if you do a search.

Sorry, Helmut, but you made the statement here, and it would make no sense to answer it elsewhere. The fact is that corrective action can result in PA that satisfies the (nonsensical) ISO definitions. If we do CA in the process where the NC occurred, subsequent actions in that process should not be considered "preventive" in the ISO sense. But, if we take the opportunity to extend the actions to other processes where the same NC (or one that's substantially similar) has the potential to occur but hasn't, then ISO preventive action has been done.

Sorry, Helmut, but you made the statement here, and it would make no sense to answer it elsewhere. The fact is that corrective action can result in PA that satisfies the (nonsensical) ISO definitions. If we do CA in the process where the NC occurred, subsequent actions in that process should not be considered "preventive" in the ISO sense. But, if we take the opportunity to extend the actions to other processes where the same NC (or one that's substantially similar) has the potential to occur but hasn't, then ISO preventive action has been done.


I know, this has gone round and round in other threads. In TS, your approach would not be appropriate, because that step is addressed in TS cl 8.5.2.3 "Corrective Action Impact."

In ISO, there is nothing that says we can't, but why open 2 different forms for the same event. Not efficient. On the 8D form that many people use, the intent of step 7 was to apply this to other processes. In a 5 step type of CAR form, I would do the immediate and extended corrective action in the action section. I wouldn't open a separate form all over again.

But, as we have agreed in the past, whatever gets users to the best final answer is the important part. The semantics are not all that important.

But, as we have agreed in the past, whatever gets users to the best final answer is the important part. The semantics are not all that important.

Helmut,

Hallelujah! :applause:

Stijloor.

Hello,

when I read this discussion I got a question:

We have very similar products, when I make a corrective action on one part X and use this for the other parts Y and Z as well, for the parts Y and Z this is not preventive??
We use part family FMEA a corrective action can goes in there and is used for all further developments is this preventive or lesson learned.
So after all this very long theard I didn't find the answer.

Regards,

Tamara

If the answer to "Is corrective action necessary?" is NO, (which means their metric is on plan and/or meeting its stated objective), then they have to answer the question, "Is there an opportunity for continual improvement?" (you can't initiate a Continual Improvement unless your metric is meeting objective, and no actions are necessary - any action taken before you're meeting your objective is, by definition, "corrective", and not an improvement). If the answer is "YES", you hyperlink to the Continual Improvement. If the answer is "No", you answer the question "Why not?" (possible answers: "no resources currently available, no improvements identified, timing constraints, etc.), and that's the end of the sequence.

However, this demostrates to the auditors that Sr. Management is always assessing the opportunity for continual improvements, and reviewing if they are feasible, cost-efficient, and timely. It further hyperlinks them to all the Continual Improvement Actions that have been initiated...neat, tidy, readily accessible....Sr. Management knows right where to go to answer the auditor's question..."What Continual Improvement projects have you undertaken since the last audit?" and "Can you show me some of them?"

It's almost idiot-proof!


It is an interesting observation that the continuous improvement can't be initiated unless the metric has met its objective.

In my experience, often times the departments have the processes in place but no specific metrics and their targets or objectives, except that the output must satisfy the customer's need. The measurable processes are considered 'very complex'.

The process owners (a.k.a. department managers) when confronted with the deficiencies in the process or the failures (found during verifications by the quality dept.) would often cite the prevailing continuous improvement (CI) culture (in the organization) to circumvent the need to take immediate preventive actions to fix the process. The need to prove the effectiveness of the 'as is' process and take credit for operating it successfully is predominant.

Sadly enough, the much needed kick (for making change) has to come from outside (the external customers) which, of course, is part of the continuous improvement culture.

Hello,

when I read this discussion I got a question:

We have very similar products, when I make a corrective action on one part X and use this for the other parts Y and Z as well, for the parts Y and Z this is not preventive??
We use part family FMEA a corrective action can goes in there and is used for all further developments is this preventive or lesson learned.
So after all this very long theard I didn't find the answer.

Regards,

Tamara

Sorry, Helmut, but you made the statement here, and it would make no sense to answer it elsewhere. The fact is that corrective action can result in PA that satisfies the (nonsensical) ISO definitions. If we do CA in the process where the NC occurred, subsequent actions in that process should not be considered "preventive" in the ISO sense. But, if we take the opportunity to extend the actions to other processes where the same NC (or one that's substantially similar) has the potential to occur but hasn't, then to ISO, preventive action has been done.

Hi Tamara,

I am sorry that you felt confused but I think Jim had given a good answer to your query.

Technically we have two procedure, and CA and PA are inherent in a few other procedures, but the procedures are two sides of the same coin. PA is part of CA and its own entity, depending on which aspect of PA you're looking at. I think we could easily combine our procedures, but we've kept them separate because of AS9100. Since we keep everything electronically, it's no burden to maintain separate procedures.

IOn the 8D form that many people use, the intent of step 7 was to apply this to other processes. In a 5 step type of CAR form.....

Er, what's an '8D' form or a '5-step CAR form' look like?

Er, what's an '8D' form or a '5-step CAR form' look like?

Hi Jane,
If you look under the Attachments Link on the Cove, you'll find all kinds of examples of 8Ds and 5-step CARs.

Basically they are two of many different methodologies recommended or sometimes mandated by customers to be utilized in the resolution of problems and non-conformances or process failures.

I've attached some samples for your reference.
Patricia

Er, what's an '8D' form or a '5-step CAR form' look like?

An 8D was adopted by Ford and includes the steps:

1. Form a Team
2. Identify the Problem
3. Containment
4. Root Cause
5. Corrective Action
6. Verification
7. Permanent Systemic or "Preventive" Action
8. Congratulate the Team

The 5-step was adopted by GM and includes some of the same as above except:
1. Identify the Problem
2. Containment
3. Root Cause
4. Corrective Action
5. Verification

I think the 5-step is a more accurate approrpiate tool, but the 8D is the more common format.

There are various samples available here on the Cove.

Have one to address both.

Have one,and we call it CA/PA,pronounced 'KAPA'.

Qualitytoughnut :cool:

Hello,friends,

in my opinion, it's two procedure.
CA is an activity to correct nonconformance, and PA is an activity to prevent the same or likely nonconformance happening again.
but a form can cover the two procedures.

Hello,friends,

in my opinion, it's two procedure.
CA is an activity to correct nonconformance, and PA is an activity to prevent the same or likely nonconformance happening again.
but a form can cover the two procedures.

Hello gttang, and welcome to Elsmar. I wouls recommend that you should look up the official ISO definitions of corrective and preventive in the ISO 9000 book. The way you phrased your answer does not match the official definitions very well.

Thank you.

Hello gttang, and welcome to Elsmar. I wouls recommend that you should look up the official ISO definitions of corrective and preventive in the ISO 9000 book. The way you phrased your answer does not match the official definitions very well.

Thank you.

Sorry, there were some mistakes. i implement TS/16949, not ISO9000. So, i know a little definitions of CA & PA in ISO9000.

best regard!

Same here Richard,

One procedure here as well.

/Claes

Same with us. One procedure covers all.

Sorry, there were some mistakes. i implement TS/16949, not ISO9000. So, i know a little definitions of CA & PA in ISO9000.

best regard!


That's OK. The ISO definitions apply the same to TS-16949. They are the same definitions. It might be useful to review them.

Helmut is right.

Corrective action is action taken to eliminate the cause of a DETECTED nonconformity to prevent RECURRENCE, whereas preventive action is action taken to eliminate the cause of a POTENTIAL nonconformity or other undesirable situation, to prevent OCCURENCE.

Identify DETECTED nonconformities that relate to your - products; QMS processes; resources; suppliers and outsourced work; product shipped to customers; customer complaints; and exception or TGR (things gone wrong) reports.

Sources of information for finding POTENTIAL QMS nonconformities include – analyses of data (see clause 8.4); audit results; cost of quality reports; quality records; service reports; supplier performance; customer satisfaction feedback; management review records; lessons learned from past experience; SPC charts and analyses.

Your procedure(s) must document your controls relating to identification and evaluation of root cause, actions taken and follow up relating to:

1) Actual (detected) nonconformities to prevent re-currence.
2) Potential conformities to prevent occurence.

The decision to have one or two procedures is irrelevant as long as you address these two fundamental control requirements.

You'll notice the source of information for each is differwnt even though the methodology for addressing them may sometimes be the same.
Other factors that may impact your decision to have one versus two procedures may be the size and complexity of your company; variety of methods used; how decentralized and flexible the c/a or p/a process is, etc.

My experience both as an Certification Body Auditor and as a Consultant is that:
1. Most companies don't understand the difference between c/a and p/a.
2. Those that have both c/a and p/a in one procedure don't do much p/a. Rather they view taking action to prevent re-occurence as p/a.

For those interested, there are ISO interpretation publications on this topic. Just browse their website.

Simple button click in our database between CA and PA. Easy list/query to show an auditor that we're not just reacting, but trying to be proactive.

In my post yesterday there is a typo which I have corrected below:

Your procedure(s) must document your controls relating to identification and evaluation of root cause, actions taken and follow up relating to:

1) Actual (detected) nonconformities to prevent re-currence.
2) Potential nonconformities to prevent occurence.

The typo was in point 2 above. The original post said "conformities" instead of "nonconformities".

A nonconformity in my post, literally. LOL

Regards,
Art

Why all this discussion about 1 or 2 procedures the standard does NOT require 1 or 2 only that they are documented.

This could be in a variety of places: e.g. product fialure, project pre-planning, annual goal setting, anywhere where we think about what could go wrong - and put in place a preventative action to prevent it, or anywhere where some thing has already gone wrong, (overbudget, late, too many returns, staff leaving etc) and the corrective actions to get it back on track/tareget/spec.

Do not limit you thinking to widgets and whether they are correct or not.

Just to introduce some new thought, there is no need to limit our thinking to one or two procedures. The standard does not stop anyone from writing more than two procedures if one feels like it.

:mg:more is not better - once a procedure is released it has to be maintained and that's not a easy task if re-organization is the norm. I'm attaching an ISO training piece I use in preparing groups for audits. :thanx:

Why all this discussion about 1 or 2 procedures the standard does NOT require 1 or 2 only that they are documented.

This could be in a variety of places: e.g. product fialure, project pre-planning, annual goal setting, anywhere where we think about what could go wrong - and put in place a preventative action to prevent it, or anywhere where some thing has already gone wrong, (overbudget, late, too many returns, staff leaving etc) and the corrective actions to get it back on track/tareget/spec.

Do not limit you thinking to widgets and whether they are correct or not.

Yes, exactly so. Well said.

This argument about 1 or 2 (or 6 whatever number of mandatory procedures are required) keeps rearing its head over and over.

Hopefully this will die out. The revision to the forthcoming 2008 version of ISO 9001 has added the following clarifying note (Note added under 4.2.1, Documentation Requirements, General') bolding mine:

NOTE 1 Where the term “documented procedure“ appears within this International Standard, this means that the procedure is established, documented, implemented and maintained. A single document may include the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.

It should help keep the focus on outcomes where it belongs - what do you do to identify failures & prevent them? - rather than how many procedures one has. Documentation always, always, always depends (or should!) upon the size of the organisation, its activities, its processes, & the competence of personnel.

Oh yes, and there's a second Note added in (same place) to that effect, as well. Information to that effect is in 0.1 (Introduction) currently, but seemed to have been often overlooked.

Yes, exactly so. Well said.

This argument about 1 or 2 (or 6 whatever number of mandatory procedures are required) keeps rearing its head over and over.

Hopefully this will die out. The revision to the forthcoming 2008 version of ISO 9001 has added the following clarifying note (Note added under 4.2.1, Documentation Requirements, General') bolding mine:

It should help keep the focus on outcomes where it belongs - what do you do to identify failures & prevent them? - rather than how many procedures one has. Documentation always, always, always depends (or should!) upon the size of the organisation, its activities, its processes, & the competence of personnel.

Oh yes, and there's a second Note added in (same place) to that effect, as well. Information to that effect is in 0.1 (Introduction) currently, but seemed to have been often overlooked.
Jane

Thank goodness the message may be getting through at last! I would hope that most managers try to:
i) avoid problems / things going wrong
ii) help others in the company to do the same
iii) ensure operating consistency
iv) describe how things should be done so that i) - iii) can be achieved.

If they do that before they look at ISO9K, they shouldn't need to "make up" documents - the chances are that the way they recruit staff, take on new work, select suppliers etc already recognises potential problems and reduces the risk of something going wrong. You don't "do" preventive action every Friday afternoon, then get on with running the business the rest of the week. It should be built in to every day operations.

:D hi
this depends upon the requirement of your industry, if your present system is functioning well then y u r considering for 2nd .
Hello Friends,

Just curious as to what the rest of you are doing.

I currently have one procedure for both, and I am considering making two seperate procedures.

What are you doing?:bigwave:

Thanks,
CarolX

In fact, there should be 2 distinct procedures. given they are different in treatment. Corrective action procedure should provide a framework to prevent a non conformity or a complaint from recurring whilst a preventive action prevents an action from occuring.

Good practice, there should be 2 procedures

Dharmanand

I'm finally getting some time to trawl through the old stuff. Forgive me if this has been stated before but I'm responding as I go!

ISO 9001:2000 places CA under Improvement which is not strictly correct. Both Deming and Juran would argue that CA is not improvement because what it does is bring the process back to where it should have been in the first place. CA would therefore appear to serve process control rather than inprovement.

If a process brings forth nonconformity then the process needs corrective action. This corrective action 'shall take action to eliminate the cause of the nonconformity in order to prevent recurrence'. The process must have had faults to allow the nonconformity to happen - insufficient checks, lack of golden sample, improper training, etc. With this in mind the process should and will be improved upon if you have managed to get to the root cause. Otherwise you are just fire fighting. Corrective action should always be improvement!

Sorry, I know these are old but...


Preventive action: what you do to pinpoint problems *before* they start...the key here is that preventive actions are not triggered by a non-conformance.

But, then, is that 100% true??? (Specifically, that NCs can't generate PAs?)

So if I'm running a control chart at my machine and I have noted that the last several measurements are moving towards the upper control limit, according to your position noted above any adjustment is a "corrective action" and not "preventive" even though no nonconformity has occurred and in-fact my actions have "prevented" one from occurring. Or did I misunderstand?
:confused:

Preventive action is what you do to stop a nonconformity from happening. In general this would take place in audits, process reviews - like your control chart - and at any other time. We have a staff suggestion book so that anyone can submit improvements in practice, etc. Preventive action procedures may raise nonconformity. If something is within control parameters then it is not a nonconformity. Taking action to improve its standing within those control limits - to make a better product - is preventive action. Only if the measurements had passed outside those control limits would it have been a nonconformity. Preventive action picks up the things that could become a nonconformity. What you do to correct the issue is then a corrective action.

Corrective Action - something has gone wrong. Get to the root of the problem, sort it out, improve the controls in place so that it doesn't happen again.
Preventive Action - nothing has gone wrong yet but were gonna look anyway and make it better! While we're there we'll fix the things that might be about to break.

:)

For me they are one and the same. It is just the trigger point that is different.

Yes we are alo having one procedure for corrective and preventive actions in our organization.....

:agree::agree::applause::applause::agree::agree:

:bonk::bonk:

:agree::agree::applause::applause::agree::agree:

:agree::agree::applause::applause::agree::agree:

:bonk::bonk:

:agree::agree::applause::applause::agree::agree:

Dear subscriber,
Please indicate why you are so satisfied. I am convinced it is worthwhile to know this. Otherwise this answer does not contribute to making improvements of system performance.

I don't think it matters how you describe what you do. The common problem I see as an auditor is lack of a clear initiation for preventive actions. We seem to be stuck in the 80's with prevention as an afterthought to corrective actions.

Most organizations seem to have a reactive approach to prevention and limit its application to a complaint or quality spill, if they remember to do it. I often see a CAR/PAR log with 50 CAR's and no PAR's.

I don't think it matters how you describe what you do. The common problem I see as an auditor is lack of a clear initiation for preventive actions. We seem to be stuck in the 80's with prevention as an afterthought to corrective actions.

Most organizations seem to have a reactive approach to prevention and limit its application to a complaint or quality spill, if they remember to do it. I often see a CAR/PAR log with 50 CAR's and no PAR's.

Well said.

I'm late also, EC newbie. Peter has made some salient points. Is it productive to have others in the organization trying to determine whether an action is Corrective or Preventive? In the past I have used a single Action Form with a box "for Quality Dept. use only" to identify the nature of the action, C or P.

I agree with Peter that PAs are an effective risk management tool. Initially I found myself focusing on manufacturing processes but as my employers and clients needs changed I found myself addressing more and more business processes in order to support operational goals.

As a result of my experiences I have come to believe that:

Operational definitions are critical to ensure that we are all on the same page.

Whenever a business process crosses functional lines that crossing yields opportunities for improvement actions.

Internal process inputs and outputs MUST support operational goals.

Gotta run, so I'm cutting this short.

__________________
Regards,

Dan
__________________
A decision without action is a wish.

Wasn't it Deming who said that Preventive Actions " imply anticipatory counteraction"?

Hi Kim,

We have one procedure also for CA/PA..as long as it conforms with the clause for TS.

I have implemented bringing PA sheets into our weekly Management meetings so that the regular PA that come up can be documented. It has been very effective and helped the rest of management understand how PA and CA fit together.

I have to admit - I struggle with PA all the time. I finally ended up keeping a log - anytime we implement a new training program - It is a preventive action - any time our 3rd party auditor issues an OFI - I turn it into a preventive action - I don't think it is very effective - but it's all I can come up with.:confused:

I have to admit - I struggle with PA all the time. I finally ended up keeping a log - anytime we implement a new training program - It is a preventive action - any time our 3rd party auditor issues an OFI - I turn it into a preventive action - I don't think it is very effective - but it's all I can come up with.:confused:

Hello C Emmons,

Look at this post + attachment: "Preventive Action Matrix (http://elsmar.com/Forums/showpost.php?p=208418&postcount=39)", that may help you.

Stijloor.

Thank you so much - I am going to put a matrix like this together for my own organization! This makes much more sense to me - ever have any problems presenting this for a 3rd party audit?

Thank you so much - I am going to put a matrix like this together for my own organization! This makes much more sense to me - ever have any problems presenting this for a 3rd party audit?

No, the auditors realy liked this because it makes the PA process a lot more transparent. So many organizations do not give themselves credit for the good PA activities they have in place.

Make the PA Matrix part of your PA procedure, or maintain it as a record.
Whatever works best.

Stijloor.

Every time you have designed a new process, or amended an existing one*, you probably put one or more inspection/check steps into that process.

Why did you bother to do that? Surely you designed your process to be perfect each and every time? :mg:


Or maybe, just maybe, you systematically built preventive actions into your process...:D :cool:



*i.e. not as the direct result of a non-compliance being detected.

Wasn't it Deming who said that Preventive Actions " imply anticipatory counteraction"?

...ummm, wouldn't that be a good thing?

I don't think it matters how you describe what you do. The common problem I see as an auditor is lack of a clear initiation for preventive actions. We seem to be stuck in the 80's with prevention as an afterthought to corrective actions.

Most organizations seem to have a reactive approach to prevention and limit its application to a complaint or quality spill, if they remember to do it. I often see a CAR/PAR log with 50 CAR's and no PAR's.

Good points.

If you proactively initiate action to prevent a potential problem, call it a Preventive Action.

If you reactively initiate action to address (prevent) the reoccurrence of an existing problem, call it a Corrective Action.

Then move on. I think we are WAY overthinking this!

Good to hear from you again, Chuck!

So many organizations do not give themselves credit for the good PA activities they have in place.

Stijloor.

You're right.

I just saw an organisation doing this brilliantly. They had a very sound risk asessment process in place. It's based around the risk management model in the Standard (4360 I think), with their risk assessment revisited and updated at defined internvals, & at least annually.

For each risk assessed at a certain level, they determine what mitigation or management strategies are needed (ie, preventive), and ensure they implement those, and/or revisit/revise as needed. Some of the measures they've put in place are similar to some of those on the PA Matrix you posted - eg, procedure XYZ, audit checks of ABC, etc. Best I've seen. And report all this through to the Board regularly, of course.

Good points.

If you proactively initiate action to prevent a potential problem, call it a Preventive Action.

If you reactively initiate action to address (prevent) the reoccurrence of an existing problem, call it a Corrective Action.
Then move on. I think we are WAY overthinking this!

Good to hear from you again, Chuck!

Good point Jilling,and I too subscribe to same.ISO also says-To prevent occurance is PA.Yet quality personnels are using CAPA in one format!?Problem has 'occured',and half the form is dedicated to RCA,1/4th to CA;and then there is 1/4th for PA!!!While PA,by the defination,is inapplicable here.This is the anomaly I am talking about.Could you please shed light on this? :notme:

whats the fun of making 2 - procedures when a single is capable of handing both. beleive me i have worked with both old & new systems & the latter is much effective to control than the former one.u can use the diff. forms that too based on the process criticality like risk mgmt etc. but single procedure is great

Good point Jilling,and I too subscribe to same.ISO also says-To prevent occurance is PA.Yet quality personnels are using CAPA in one format!?Problem has 'occured',and half the form is dedicated to RCA,1/4th to CA;and then there is 1/4th for PA!!!While PA,by the defination,is inapplicable here.This is the anomaly I am talking about.Could you please shed light on this? :notme:

Oh Boy...there are probably a thousand posts here on Elsmar about this topic. I recommend you search for Preventive Action and you will find much to read. If you are interested, you should search those.

A simple answer to your question, there are a few things that cause confusion.

Originally in ISO 901, CA and PA was one section. The 1984 version separated them, and we have been arguing ever since.
The Global 8D form has a step #7 which is titled "Preventive Action" from many years ago. That was actually intended as a "permanent action to the system level (documents, ctl plans, etc.). Should be renamed in my view.
Since the steps are the same, only the stating point is different, they can be completed on the same form, and one procedure can do the job, but the procedure should be very clear these are similar but different actions. And the common form should have a check box to mark whether it is a CA or PA.
Once the action is underway, it is no longer important whether it is CA or PA, the steps will be the same. It is the initial driver (proactive or reactive) that makes the difference.Now, I will suggest, let's not start a new series of posts on this topic. Please read the many things already written, and then we can discuss if needed. There is much good discussion already on Elsmar.

Hello! to everybody
In my company we are separating these two activities
this is to make it easy for the user and to properly distinct
the differences of the requirements of this standard.
Note:
In the old version of the standard we combined it into one

Thanks....More Power

Dear All,

Note: I'm coming into this thread late and I have not read all postings. Forgive me if I've repeated previous discussion points.

I have the following inputs:

1. The CAPA process is a hub, therefore, there may be feeder processes that have satellite CA of their own;
2. Typically, companies have an issue of how to perform root cause or assignable cause investigation;
3. Also, companies have issues with the definition and scope of effectiveness checks; how they connect to audit management; how they trigger CAPA closure; etc.

Given the Items 1,2,3, the question of whether you have one or two or more CAPA procedures is too ambiguous. The answer may depend upon the size of your organization; the abilities of your ME/QE/R&DE population to perform investigations; and how tightly coupled your QSM processes are in practical terms.

If you are in an electronic CAPA system, it is easier to have one form. Prepopulated Drop down selectables can harmonize the process so that whether it is CA or PA, selection of drop down items to the electronic form directs the real issue to be more of what are your defect categories; your action types; your root cause codes; and closure task management criteria.

Best regards

To some extent I disagree with Helmut in citing the two systems as fundamentally the same. Prevention has a different and independent initiation. The intent is "avoid the first occurance". Correction is "to avoid the second occurance". The challenge in prevention is determining what is to be avoided. Unlike "corrective actions" which respond to physical stimulus (irate customer, inspection fall out, scrapped parts, etc), "preventive actions" need to be initiated cerebrally. By that I mean personnel charged with prevention must know when to do it. Most businesses have separate "preventive" programs that initiate some type of risk analysis and establish mitigation to reduce risk. Such programs as Safety or ISO 14000 have a requirement to assess risk and set controls in place. Prevention within the QMS should follow this pattern and some forum needs to be established that systematically assesses risk to processes, products or the entire business before the demons appear.

I advise my clients to establish a pattern within each planning meeting to define what is at risk in the execution and determine if the risk warrants some control/mitigation. Once stated as a risk, the execution of the plan can be monitored.

To some extent I disagree with Helmut in citing the two systems as fundamentally the same. Prevention has a different and independent initiation. The intent is "avoid the first occurance". Correction is "to avoid the second occurance". The challenge in prevention is determining what is to be avoided. Unlike "corrective actions" which respond to physical stimulus (irate customer, inspection fall out, scrapped parts, etc), "preventive actions" need to be initiated cerebrally. By that I mean personnel charged with prevention must know when to do it. Most businesses have separate "preventive" programs that initiate some type of risk analysis and establish mitigation to reduce risk. Such programs as Safety or ISO 14000 have a requirement to assess risk and set controls in place. Prevention within the QMS should follow this pattern and some forum needs to be established that systematically assesses risk to processes, products or the entire business before the demons appear.

I advise my clients to establish a pattern within each planning meeting to define what is at risk in the execution and determine if the risk warrants some control/mitigation. Once stated as a risk, the execution of the plan can be monitored.

Hi Chuck, good to hear from you again. Hope you are well!

No disagreement at all, I think. I agree with all points you made, and strongly make the same case.

I meant the format - root cause, actions, verifications - between CA and PA are essentially the same. The trigger - proactive vs reactive - is definitely different.

Keep in touch.

Thanks Helmut

I get a little passionate about this one. :mad: There is little in the way of prevention and a lot of money spent on corrections. :bonk::frust:

These icons are neat.

Happy Easter and I will talk to you soon.

Chuck

:agree: Hi to all, I am new to the forum, but I could not help myself get caught in the CA/PA debate since started in 2003 to current, there are many good suggestions, ideas and so forth.

I do have one thing to add, all process and documentation you create and implement, just remember to keep it simple (KISS Principle), the more documentation you create the harder is to maintain, implement and follow.

I vote for one CA/PA Procedure and one Form. :agree1:

ps: Also the new ISO 9001:2008 Draft version does not specify CA/PA on how many procedures you need, its entirely up to your organisation needs.

Hi to All,
I'm preparing a CAPA Turtle diagram, I would like to compare with the ones that you have created. I have been searching here at the Cove, but I didn't find anything. Would you like to share yours?

Thank you very much.
AC:o

…combining them or not, will be your organization decision… and no auditor can force you to do what you don't want as long as you satisfy the requirements of clauses 8.5.2 & 8.5.3…

…to share more, I have seen more than 2 companies include their “Corrective Action” procedure into their “Control of Nonconforming Product” procedure… their point is, they’ll only have corrective action when there is nonconformance… so, it is a complete process to combine them… and it’s quite effective as they claim..

I am of the "two procedure" school for a couple of reasons:

Correction and Prevention have different points of initiation, that is to say different motivations start the action. Complaints and failures happen and correction should follow. Prevention starts with a realization that some risk is present. Safety programs, Preventive maintenance programs, EMS, all start with a risk assessment and actions follow. In fact these programs I include in my preventive action "system".

Correction and prevention involve different groups in the organization. Correction focuses on the product and processes that make it. QA, Engineering and Operations lead the corrective charge.

Prevention follows the changes being comtemplated for the business. Top Management should be leading the preventive charge. Planning should be the primary source for preventive action targets. "Install this new machine but prevent the interruption of current production". :argue:
"Maintain the project within budget". :whip:
"Production scheduling prevents additional set ups and cleaning".:agree1:

Sounds like the 3 ONs to me - ON time, On Spec, On Budget - If it's not you need to put a CA in place. If you included the Risk Assessments in your PLM and included in Management Review you could use this as evidence of PA (as suggested by Jane). I don't think it makes a difference if it's one or two procedures. My company formerly had two and now we have one for both CA and PA, as well as Document Control and Records Control. I'm just catching up as I've been on the road for the past 3 months. :thanx:

Hi all...I'm new here. I just got audited for our 1st Continuous Assessment for ISO 9001 and the only issue the auditor found was an OFI for our corrective and preventive actions being together in one procedure. I disagree with the idea of needing two separate procedures, but unfortunately my top management would like this implemented.:mad: I guess I'll just write the same basic procedure for both!

Also, does anyone ever get that ping pong sense when dealing with auditors? Our first Registration auditor had us add the fact that we don't outsource to our quality manual, and this auditor wants us to remove that! Arrrghh!

Thanks!
Susan

Hi Susan

I think I would hold off writing the same procedure twice. I have the dissenting opinions on "one versus two". I adhere to the notion that Prevention has a different start point from Correction. We all know when it is time to do Correction. Something broke and all the signals, including customers, are pointing to it. Prevention is not self starting, you have to remember to do it.

Some thoughts/Strategies:

1. A preventive action "system" can consist of:
a. The Safety Program (prevent injuries)
b. The maintenance program (prevent some types of failures)
c. The EMS program (prevents contamination to soil, air and water)
d. The production scheduling system (prevents late delivery and excess costs)
e. The training program (prevents inefficient operations and defects)

2. Elevate prevention to the top managers as part of their planning activities. They manage resources so things get done within budget and with minimal interference with product manufacture. Have them begin to establish a "I don't want that[fill in the blank] to happen when we make this change" list. In the US Army I assigned "assumption control" officers on my staff to manage what planning assumptions we made and to keep track of things we didn't want to happen.

Note the differences in focus with these ideas. The five items above all have some type of risk assessment to failure that is key to good prevention.

One or Two? Your call. I think you have all of these pieces already working in the company. You can repackage it and monitor for effectiveness.

Hi Susan

I think I would hold off writing the same procedure twice. I have the dissenting opinions on "one versus two". I adhere to the notion that Prevention has a different start point from Correction. We all know when it is time to do Correction. Something broke and all the signals, including customers, are pointing to it. Prevention is not self starting, you have to remember to do it.

Some thoughts/Strategies:

1. A preventive action "system" can consist of:
a. The Safety Program (prevent injuries)
b. The maintenance program (prevent some types of failures)
c. The EMS program (prevents contamination to soil, air and water)
d. The production scheduling system (prevents late delivery and excess costs)
e. The training program (prevents inefficient operations and defects)

2. Elevate prevention to the top managers as part of their planning activities. They manage resources so things get done within budget and with minimal interference with product manufacture. Have them begin to establish a "I don't want that[fill in the blank] to happen when we make this change" list. In the US Army I assigned "assumption control" officers on my staff to manage what planning assumptions we made and to keep track of things we didn't want to happen.

Note the differences in focus with these ideas. The five items above all have some type of risk assessment to failure that is key to good prevention.

One or Two? Your call. I think you have all of these pieces already working in the company. You can repackage it and monitor for effectiveness.

Chuck, whether one or two procedures, I would like to see the Preventiove discussion mentioning the structural format that CA follows. That often gets lost when the preventive action process becomes too holisitic.

Hi all...I'm new here. I just got audited for our 1st Continuous Assessment for ISO 9001 and the only issue the auditor found was an OFI for our corrective and preventive actions being together in one procedure. I disagree with the idea of needing two separate procedures, but unfortunately my top management would like this implemented.:mad: I guess I'll just write the same basic procedure for both!

Also, does anyone ever get that ping pong sense when dealing with auditors? Our first Registration auditor had us add the fact that we don't outsource to our quality manual, and this auditor wants us to remove that! Arrrghh!

Thanks!
Susan

I understand your confusion and frustration. Speaking as an auditor, I offer many improvement possibilities to my clients. Some are verbal observations that pop up during the interviews, more significant ones are actually documented in the report.

However, as an auditor, I don't want my clients to implement every suggestion and observation I make. Soem are intended to make them think about certain problems from another angle, but only they can decide what is appropriate for their systems and needs.

Please consider the usefulness of your auditor's suggestions, but don't just blindly flip-flop, either.

Thank you both for your valuable advice! :thanx:

I decided to bring the topic up with the entire Management Team during our next meeting. It's only one supervisor who asked me to go ahead and make the 2 actions separate procedures.

Since the company I work for is very small (about 20 employees) and do not have any Environment or Safety issues to date, our preventive action requests are on a much lesser scale. This is why we combined them into one procedure.

Once again, thank you so much!
Susan

CarolX,
As a committee of one, I recommend one procedure in almost every case. The more procedures, the more cross referencing required, the less likely they will be read, understood and most important, followed. Keep them simple, complete and include flowcharts in all of them. Do the Flowchart first and eliminate the waste in the procedure/process.
Norm

I also prefer two procedures. I also prefer two forms. All too often I find companies that have so bady tangled the two that preventive actions are completely misunderstood.

One company I call on has the two combined and they call it "Corrective and Preventive Action". Their understanding is that the preventive part is what you do to a corrective action to prevent it from happening again. They have no other concept about preventive actions.

It should be remembered that corrective actions are to eliminate the cause of nonconformities in order to prevent recurrance. Preventive actions are to eliminate the causes of potential nonconformities in order to prevent their occurance.

I also prefer two procedures. I also prefer two forms. All too often I find companies that have so bady tangled the two that preventive actions are completely misunderstood.
I think having two documents is a good thing if it helps people to understand that there must be preventive action exclusive of the CA system.

It should be remembered that corrective actions are to eliminate the cause of nonconformities in order to prevent recurrance. Preventive actions are to eliminate the causes of potential nonconformities in order to prevent their occurance.
Recurrence is occurrence.

Susan, welcome to the Elsmar Cove.

As i mentioned previously ISO 9001:2000 or ISO9001:2008 Draft, it does not specify CA/PA how many procedures you need, its entirely up to your organisation needs, and yes there will always be an argumentive/opinion for one or two procedures and that is good because its someone opinion.

I am a QMS/OHS consultant in Australia and I have developed several QMS for various organisations. One company specifically I have developed Control of Nonconforming product/Corrective action in one procedure and for this company it suits their needs.

However as for the auditor, he gave you an OFI for one procedure? In my opinion the auditor is being subjective, and not auditing the fact against the standard. I would ask the auditor to show you, where in the Standard it specifies how many procedures you need. Also as a lead auditor myself, Auditors opinions sometime are very good as Helmut mentioned it makes you look at a problems from another angle.

Just for the purpose of an exersice, why not use the 5 Why's Quality Tool to detemine how many procedures you need for CA/PA and see what answer your organisation comes up with?

ps: Well done with your accreditation.

Robert :agree1: :applause:



-----------------------------------------------------------------------

"In my opinion the auditor is beign subjective, and not auditing the fact. I would ask the auditor to show you, where in the Standard specifies how many procedures you need. The Auditor needs to stick to the facts."

His claim was that the standard explains CA/PA separately. Also, that both 8.5.2 and 8.5.3 calls for a documented procedure. I was quite surprised by this. I almost felt like if he didn't find something he wasn't doing his job. However, it seems that there are strong opinions for both sides. I feel that the way we have our procedure set up works well for us. We're a very small company (20 employees) so there aren't tons of CARs and PARs pouring into my office on a daily basis. I just want to do what's right by the standard.

Thank you all for the kind words! :thanx:

His claim was that the standard explains CA/PA separately. Also, that both 8.5.2 and 8.5.3 calls for a documented procedure. I was quite surprised by this. I almost felt like if he didn't find something he wasn't doing his job. However, it seems that there are strong opinions for both sides. I feel that the way we have our procedure set up works well for us. We're a very small company (20 employees) so there aren't tons of CARs and PARs pouring into my office on a daily basis. I just want to do what's right by the standard.


Perhaps you could remind him that a "procedure" is just "a specified way to carry out an activity" - so that you can (if you can justify it in relation to your own business) specify your "method" in only one place and refer to it more than once, or (as is the case with PA) you can define it as a step in every process where it takes place (such as processing a sales enquiry, purchasing or sub-contracting, recruiting a new member of staff, designing a new product, management review, internal audit).

PA does not need to be described in a single "document" or even in part of one document. If you are managing your processes well, you are taking PA every time you spot the potential for something to go wrong, and take action to avoid it) in any of the processes. Tell him to forget the standard for 5 minutes and look at how you run the business!

Folks,
Note that the wording in the DIS ISO 2001:2008 allows flexibility in combining documented procedures. Please visit http://www.squidoo.com/iso90012008changes to get more details of what changes to expect.

Regardless of whether you use one procedure or two, one must understand the definition and intent of "corrective action" and "preventive action" to implement it correctly. There are clear ISO interpretation and guidance documents on this.

Many company QA Managers and Registrar auditors just don't get it.

Regards,
Art

Susan

You are right in saying, if an Auditor cannot find any Action Request (Non-conformances), they will raise one or two just to justify their actions and this sounds like one.

If this is the case, tackle the issue like I always done over the years, work with the auditor and get him to look at areas/department where you know there are issues that you cannot fix.

It does not matter how many times you try, in every organisation there is always someone or a department that argues the point against the QMS and never comes to the party, by working with the auditor he or she will appreciate the suggestion and this way you will fix your issues/area of concern.

ps: By receiving 5 or 6 justifiable Action Requests will continually Improve your QMS.

Robert

His claim was that the standard explains CA/PA separately. Also, that both 8.5.2 and 8.5.3 calls for a documented procedure.
Your auditor IS auditing based on his opinion, and not on facts. He has some things right: yes, they are two separate types of action & yes they are itemised in 2 separate clauses and yes, both clauses call for a documented procedure. But his conclusion is erroneous.


He is definitely not right that this must mean 2 separate procedures and
He is either unaware of or not keeping up with the changes in the new version of ISO 9001 due out on time later this year (October).

See this Note (italics mine):
NOTE 1 Where the term “documented procedure“ appears within this International Standard, this means that the procedure is established, documented, implemented and maintained. A single document may include the requirements for one or more procedures. A requirement for a documented procedure may be covered by more than one document.
Note added to Clause 4.2.1 Documentation Requirements, General, Quoted from ISO 9001 Draft International Standard (Revision of third edition 9001:2000)

You'll see that this Draft (not yet released) version has specifically included that Note, presumably to make it clear to obstinate people (including auditors) who think this 'must' mean 2 separate procedures! No, it does not.

And you're right that some people in the Cove have quite strongly held opinions about whether CA and PA should/should not be 2 separate procedures.

I'm with you: if the way we have our procedure set up works well for you, and you can demonstrate this, and show that yes, you're aware of the difference and that it's being done, then you keep doing it your way! It often makes little sense in a small organisation to have two. But key point = it's your system, not your auditors.

The Standard is about good practice, not rigid rule.

I think having two documents is a good thing if it helps people to understand that there must be preventive action exclusive of the CA system.


Recurrence is occurrence.

The two terms, recurrence and occurrence, are not fully mutually inclusive. The fact that both are needed is clearly called out in the standard.

...I'm with you: if the way we have our procedure set up works well for you, and you can demonstrate this, and show that yes, you're aware of the difference and that it's being done, then you keep doing it your way! It often makes little sense in a small organisation to have two. But key point = it's your system, not your auditors.

The Standard is about good practice, not rigid rule.
...I thirdly emotion…

I use two procedures. Why? Because corrective actions and preventive actions are two seperate things. Obviously, one is reactive and one is proactive.

Paul

:agree1: good for you!

But key point = it's your system, not your auditors.

The Standard is about good practice, not rigid rule.

Here, here!!!! Couldn't have said it better myself. Solid Advice :agree1:

This was all really great information. I am currently undergoing a registration audit. Our auditor has just cited me for not having the preventive and corrective action procedures seperate. I knew that I had read in the standard somewhere that procedures did not have to be seperate and someone in here helped me find the note. I thought I was out of my mind but I read and reread this standard so much that I couldnt remember where I had seen that. He also cited that we have our preventive actions detailed in our corrective actions. I do agree with him that we do not give ourselves enough credit for the preventive actions that are truly preventive and only give ourselves credit for those that result from correctieve actions but I dont think that I need a nonconformance for not having two procedures.

This was all really great information. I am currently undergoing a registration audit. Our auditor has just cited me for not having the preventive and corrective action procedures seperate. I knew that I had read in the standard somewhere that procedures did not have to be seperate and someone in here helped me find the note. I thought I was out of my mind but I read and reread this standard so much that I couldnt remember where I had seen that. He also cited that we have our preventive actions detailed in our corrective actions. I do agree with him that we do not give ourselves enough credit for the preventive actions that are truly preventive and only give ourselves credit for those that result from correctieve actions but I dont think that I need a nonconformance for not having two procedures.

I think you might have to separate two thoughts, Ms. Queen. One, the standard allows procedures to be combined, the auditor is incorrect. The current version of the standard does not specifically say it, but one of the changes in the upcoming 2008 version of ISO 9001 makes it more clear -Procedures can be combined.

The other point is cloudy, however. Preventive actyion is not intended to be step 7 of an 8D. Preventive action, according to the standard, looks just like a corrective action, but done ahead of time, proactively, before the failure manifests. (There will be some debate here, let's not hijack this thread). So, if your procedure makes this clear, one procedure can work. If, your procedure just talks about preventive actions coming from preventive actions, the auditor may have a point. They are two different kinds of actions, but can share one procedure. The procedure can explain the difference.

I agree with you.. they should be separate procedures. .

We only document preventive actions when they are part of a corrective actions. We have done several preventive actions that were true preventive however we did not document them on their own form. I dont disagree with him here...we do need to take credit for these good deeds and seperate the form. My procedure is written as "Corrective and Preventive Action". There is a clear seperation in the procedure and a clear definition of each. He has written this as a nonconformance

I've always felt the PCSAM [or modified PCCAM] method is better than PA/CA. The PCCAM method is - Problem [identified] Cause [root, determined] Countermeasure [short-term AND long term - as "solution" or "PA" often implies no further improvement is possible, which is against the Lean theory] Action [what needs to be done to correct] and Measure [verification of successful action].

I've worked with ISO, BABT, and Lean. BABT was by far the...largest paper trail...I've ever had to work within. I think they had stock in paper companies somewhere.

We only document preventive actions when they are part of a corrective actions.

Your statement goes against the ISO definitions of preventive action and corrective action. Not to beat a dead horse, but once a problem has occurred, you can't do a preventive action on it. The action you take to prevent it from happening is the corrective action.

Corrective action prevents recurrence
Preventive action prevents occurrence

This poll is over 5 years old (started in February 2003). Shall we close it or leave it open?

Poll results to 25June2008 attached.

the corrective action triggers preventive. for example we have a 1/4 tube that had a test plug still in it when it went to the customer. we corrected this issue and applied corrective actions to ensure opportunity for error does not exist. We also have 1/2" and 3/8 tube that is tested the same way. We have never received a defect for it so we evaluate the other sizes to determine if the defect could occur with them and if so then we create actions to prevent the defect from ever happening. This is what we would call a preventive action because we never got a defect for those sizes but we dont want to wait until we do before we take action. this is how we have been using the preventive action process. When we have been doing true preventive action, we didnt document it as such in a standard form. we have emails or meeting minutes that describe the action needed and how we arrived at the need but no specific form to log it into and then run reports from. this will be an easy fix. no biggee. Our audit is done and I only got 4 cat 2 nonconformances. they are really easy to fix. yeah!!

There is no ISO requirement that a company must have one procedure for Corrective Actions and a second one for Preventive Actions. As a former Notified Body Auditor I saw both approaches and as long as the company is following their own procedure the Notified Body auditor cannot site you. You absolutely need to challenge him/her to show you where that is stated. If you need to go to a higher authority in the ranks of the Notified Body auditor.

Gary Waikle

Hello!
This is my first Post on Cove and I want to thanks everybody for all the posts and usefull information that I found here.

In our company there is one procedure for both.
About this thema I found on ISO site some Guidance made by ISO 9001 Auditing Practice Group and forAuditing Preventive Action is written :
" 2) Auditing Guidance

2.1) ISO 9001:2000 requires the organization to have a documented procedure for preventive action.

Note: The combination of corrective action and preventive action documented procedures into a single QMS document is acceptable, but is not recommended. If these are combined, then it is important for the auditor to verify that the organization understands clearly the difference between the intent of corrective and preventive actions ".


Alin

This poll is over 5 years old (started in February 2003). Shall we close it or leave it open?



Because of the length of time it's been open, I'm in favour of closing it, If someone wants to start a new poll, I'm sure that will happen. But given that other people are still posting, I may be in the minority!

the corrective action triggers preventive. for example we have a 1/4 tube that had a test plug still in it when it went to the customer. we corrected this issue and applied corrective actions to ensure opportunity for error does not exist. We also have 1/2" and 3/8 tube that is tested the same way. We have never received a defect for it so we evaluate the other sizes to determine if the defect could occur with them and if so then we create actions to prevent the defect from ever happening. This is what we would call a preventive action because we never got a defect for those sizes but we dont want to wait until we do before we take action. this is how we have been using the preventive action process. When we have been doing true preventive action, we didnt document it as such in a standard form. we have emails or meeting minutes that describe the action needed and how we arrived at the need but no specific form to log it into and then run reports from. this will be an easy fix. no biggee. Our audit is done and I only got 4 cat 2 nonconformances. they are really easy to fix. yeah!!

Sorry for misinterpreting what you were saying. Many people would consider what you described (taking the same action on another process/product) as preventive action. In TS 16949, what you described is called "corrective action effectivity." I notice that you make a distinction between those actions and "true preventive action." I think this is really what is intended.

:thanx:I agree with Jane - a new thread can always be started :agree1:

Hello friends,:)
these are two seprate proceduers
corrective action is action taken to elimainte possible causes detected nonconfirmity.
preventive action is action taken to eliminate possible causes of potential nonconfirmity.

This poll is over 5 years old (started in February 2003). Shall we close it or leave it open?My vote is to leave it open so people keep posting their opinions and we are continually amused by the insanity promoted by the TC 176, when it comes to preventive action. Even though preventive action has a clear cut definition, it's application in the real world is most abstract. While the vast majority of effective quality management system requirements are preventive in nature, to this day, the TC 176 has not been able to CLEARLY explain what preventive action is, in addition to all the other preventive requirements contained in the ISO 9001 standard. They put out the Auditing Preventive Action (http://isotc.iso.org/livelink/livelink/3816351/APG-PreventiveAction.doc?func=doc.Fetch&nodeid=3816351) paper (mentioned by the poster below) which still does not provide a definitive answer. For the TC 176 to fail to realize that we do have a problem with the application of PA, is a disgrace. And how do I know they fail to realize that? Simple. The upcoming 4th Edition of ISO 9001 is meant to be an amendment which brings clarifications to ISO 9001. There is no clarification being proposed to PA. Shameful, in my opinion. They either can not solve the PA mess they created, so they pretend there is no need for clarification or, more concerning, they are very out of touch with the actual users of the standard. And that is why I created the Should the TC 176 Re-word the Requirements for Preventive Action? (http://elsmar.com/Forums/showthread.php?t=24395&highlight=preventive) poll.

About this thema I found on ISO site some Guidance made by ISO 9001 Auditing Practice Group and forAuditing Preventive Action is written :
" 2) Auditing Guidance

2.1) ISO 9001:2000 requires the organization to have a documented procedure for preventive action.

Note: The combination of corrective action and preventive action documented procedures into a single QMS document is acceptable, but is not recommended. If these are combined, then it is important for the auditor to verify that the organization understands clearly the difference between the intent of corrective and preventive actions ".Alin, welcome to The Cove. I posted (above) the link to the paper you mentioned. One thing you have to understand is that this advice The combination of corrective action and preventive action documented procedures into a single QMS document is acceptable, but is not recommended.comes from a "group" lead by a representative from a very large CB, which, at the outset of the ISO 9001:2000 release came out with a formal policy that organizations certified by them were mandated to have separate procedures for CA & PA. After a few months of backlash, they had to rescind that nonsensical policy.

these are two seprate proceduers
corrective action is action taken to elimainte possible causes detected nonconfirmity.
preventive action is action taken to eliminate possible causes of potential nonconfirmity.Sorry, but that is incorrect. These are two separate DEFINITIONS. Not necessarily two separate procedures.

This thread has given lot of views why the CA and PA could be either one / two procedures and now after 5 years, I do not think anything new is coming from this thread. Posters are justing adding on to the already expressed views.

I am in favour of closing this thread.

Sidney wrote:

"Sorry, but that is incorrect. These are two separate DEFINITIONS. Not necessarily two separate procedures."

I don't think it is very clear. Even if they are combined into one procedure, how they are applied must be understood and in practice not mixed together. As I mentioned on an earlier post, I have a client that has combined them improperly. They only do corrective actions. They label them as "Corrective and Preventive Actions". To them, the preventive part is what they do to keep it from happening again. They make no effort to find or record anything they do about potential nonconformities. This is very dangerous. They refuse to do anything different. Since I'm a consultant there, I cannot write a nonconformance, and their 3rd party auditor hasn't caught it yet.

Here is the elements involved.

4.2.1 "The quality management system documentation shall include . . . documented procedures required by this international standard . . . NOTE 1 Where the term 'documented procedure appears within this International Standard, this means that the procedure is established, documented, implemented and maintained."

This establishes that you need certain procedures. The required procedures are called out in the standard. Two of them are the ones this thread is about.

8.5.2 Corrective action . . . "A documented procedure shall be established to define requirments for . . ."

8.5.3 Preventive action . . . "A documented procedure shall be established to define requirments for . . ."

Combine the procedures if you wish, but do it properly and make sure you address both actions you perform to prevent recurrence and actions you perform to prevent occurance. I much prefer to not combine them and cut the potential for misapplication.

:agree:One of the best articles I read came from Larry Whittington's Newsletter on Auditing PA. Larry recommended Elsmar Cove to me for poll on most common findings.

but I think these are two differnt thinks & should have two differnt procedures

Poll closed - 1 July 2008

This thread has given lot of views why the CA and PA could be either one / two procedures and now after 5 years, I do not think anything new is coming from this thread. Posters are justing adding on to the already expressed views.

I am in favour of closing this thread.Thread closed - 080716

Also see: Are two separate procedures required for Corrective action and preventive action (http://elsmar.com/Forums/showthread.php?t=29123)