I am revising QMS documentation for a Class II medical device company subject to ISO 13485, 21 CFR 820, and Canadian Medical Device Regulations (CMDR) part 1.
I am thinking about promoting Preventive Action from the neglected orphan of QMS's everywhere that it often is, to be a sort of King of Processes. It goes like this: all instances of "bad news" originating anywhere, and all results of "Analysis of Data" activities are inputs to Preventive Action. Data is aggressively and proactively mined for the earliest possible detection of problems.
The PA process then selects and uses a structured Risk Assessment tool/method and decides weather or not there is actionable information. If so, then Structured Problem Definition and Cause Analysis tools, already in place for Corrective Action, are used to develop an action plan. If not, then the data is retained for further developments/monitoring. ALL activities for which Risk-Based decision making is suggested or required (FDA - Supplier selection and management, Inspection planning, Complaints, MDR, etc) go thru Preventive Action.
Furthermore, the vast majority of Corrective Actions are expected to also produce Preventive Actions. If a CA is a systemic issue, then it can be fixed (i.e. common cause), but the systemic issue will usually have the potential to cause non-conformances in more than the specific instance that triggered the CA - so a PA is also needed. Conversely, if it is a non-systemic issue (i.e. special cause) then effort should be made to poke-yoke the system -- a preventive action.
The Objectives for these processes then should be nothing less than Zero Corrective Actions, and 100% Preventive Actions which are 100% effective. Everything about the QMS Strategy is "Risk-Based and Data-Driven".
What do you think?
I am thinking about promoting Preventive Action from the neglected orphan of QMS's everywhere that it often is, to be a sort of King of Processes. It goes like this: all instances of "bad news" originating anywhere, and all results of "Analysis of Data" activities are inputs to Preventive Action. Data is aggressively and proactively mined for the earliest possible detection of problems.
The PA process then selects and uses a structured Risk Assessment tool/method and decides weather or not there is actionable information. If so, then Structured Problem Definition and Cause Analysis tools, already in place for Corrective Action, are used to develop an action plan. If not, then the data is retained for further developments/monitoring. ALL activities for which Risk-Based decision making is suggested or required (FDA - Supplier selection and management, Inspection planning, Complaints, MDR, etc) go thru Preventive Action.
Furthermore, the vast majority of Corrective Actions are expected to also produce Preventive Actions. If a CA is a systemic issue, then it can be fixed (i.e. common cause), but the systemic issue will usually have the potential to cause non-conformances in more than the specific instance that triggered the CA - so a PA is also needed. Conversely, if it is a non-systemic issue (i.e. special cause) then effort should be made to poke-yoke the system -- a preventive action.
The Objectives for these processes then should be nothing less than Zero Corrective Actions, and 100% Preventive Actions which are 100% effective. Everything about the QMS Strategy is "Risk-Based and Data-Driven".
What do you think?