The Elsmar Cove Business Standards Discussion Forums More Free Files Forum Discussion Thread Post Attachments Listing Elsmar Cove Discussion Forums Main Page



Slide 96 of 262


8.5.3 Preventive Action

The company shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems.

A documented procedure shall be established....

Just a quick comment. There is a thread in the Cove Forums on Preventive vs Corrective Action. The thread was Corrective Action vs. Preventive (Predictive) Action (CAPA) - A Definitive Discussion and it's a doozy.

I bring this up to ensure that the difference between preventive and corrective actions is often not just blurred but an opinion.

I tell clients to base their preventive action system on data analysis and to use the corrective action system to follow through on them.

Example: A call center. One measurable is all calls answered within 40 seconds. Report is given weekly (all calls are tracked for several features including time to answer). Normally call time to answer was under 40 seconds - usually 15 to 30. It was shown slipping to 35 and 40. A 'corrective action' was started as preventative (reaction to data trend). A nonconformance (>40sec) had not been reached, but potential existed. Root cause, by the way, was increased client load without increased staff. New staff was hired, trained and put 'online'. Time-to-answer returned to <30sec.

Preventive action is a hot discussion topic. A quick read through (linked to above as well) will give you an idea on how diverse opinion is. Another quick read is: which gives some examples.

Element 8.5.3 of the new standard states that your company must identify preventive action to eliminate the causes of potential nonconformities to prevent them from becoming real nonconformities. The preventive action taken must be appropriate to the impact of the potential problems.

The ‘old farts’ out there like me may have noticed an evolution of what a preventive action is. In days of old (well, the 1980’s) a preventive action was part of the result of a corrective action. It used to be what you did to ensure a problem which had already occurred would not again or would be caught through a Poke-Yoke or other mistake-proofing methodology.

Problem: Part not machined.
Reason: Tool broke
Root Cause: Feed Speed set too high – Operator error
Corrective Action: Revise tool change instruction, train operators.
Preventive Action: Sensor to check shaft OD post-operation to ensure cut was made. A failure will stop machine. Or, Install automatic speed control to eliminate operator input requirement.

Things have changed to predictive (potential). The standard requires a documented procedure for preventive action that defines the requirements for:
a) Identifying potential nonconformities and their causes;
b) Determining and ensuring the implementation of preventive action needed;
c) Recording results of action taken;
d) Reviewing of preventive action taken.

Note that clauses 8.5.2 Corrective Action and 8.5.3 Preventive Action are almost identical, hence the processes that are developed for them will be very similar. It is strongly recommended that your company use the processes developed for corrective actions to address preventive action to standardize the approach and make it easier to implement. The personnel with overall responsibility for preventive action are likely the same personnel with overall responsibility for corrective action.

Preventive action is action taken to eliminate the cause of a potential problem that has not occurred. Your company has to ensure that the action taken is appropriate to the potential problem. The personnel who ensure it is appropriate preventive action should be the same people that ensure appropriate corrective action.

Preventive action focuses on studying your system and looking for where a problem might occur. Think data analysis, including looking for trends. Management then takes actions to ensure that the problem doesn't occur. Section 8.4.3 - Improvement processes - states that continuous improvement will be part of your management system. In other words, you look for both potential problems and opportunities for improvement at the same time. Thus, Preventive action and Continuous improvement can be easily combined.

To satisfy the requirements for preventive action you must develop a process for identifying the potential nonconformances and their causes, for determining and ensuring the implementation of the preventive action needed, then recording the results of the action taken and finally reviewing the preventive action taken. See corrective actions (8.5.2) herein for more background on this process and element.

The major difference between corrective and preventive action is that the nonconformances don't find you, you find the [potential] nonconformances. Some companies find it quite a bit easier to be reactive and not proactive – so - preventive actions are not as common as corrective actions. The secret here is the ability to identify potential nonconformances and then correct them before they become actual nonconformances. This obviously is not easy, but invested interest in identifying nonconformances before they occur is well worth it - ask anyone who has had a product recall (I am sure we are all familiar with the recent news of product recalls).

Potential Audit Questions

1. How well integrated are your preventive action and continuous improvement actions?

2. Do you feel your company seeks preventive actions enough? How could you do more to satisfy this requirement? How could your company do more to excel at this requirement?

3. How does your company identify the need for preventive actions? Do all workers identify preventive actions, or do you have a team or someone responsible for identifying preventive actions?

4. How does your company assess whether or not the preventive action is appropriate? Do many preventive actions arise without ever being implemented? Why?
Some Thoughts:

> Date: Fri, 29 Sep 2000 15:02:36 -0500
> Subject: Re: Q: Preventive Action
> From: ea

--Patti inquired (in part);
--> We don't understand just how
--> far we need to go with preventive actions: do they need to be
--> documented & approved by someone, & then followed-up on
--> for effectiveness (similar to corrective actions)? Or is it
--> sufficient just to document what "preventive action" situations
--> have taken place & file them for later management review?"

> Patti,
> I have also encountered external auditors that come in looking for an entirely
> separate system for the handling of "preventive actions". What I have done to
> steer them in the right direction (toward proper interpretation of the
> 'intent' of the ISO 900X requirement) is to show the auditor where in our
> actions are incorporated. The topmost place in any QMS system
> to illustrate the presence of preventive actions is the existence of
> the system itself. The fact that you have a working QMS that requires
> management to periodically analyze the effectiveness of the system (internal
> audit results, customer complaints, internal nonconformities, etc.) with an
> eye toward undesirable trends is in and of itself a preventive measure
> (management is after all reviewing this information in order to improve the
> system where needed and thereby PREVENTING future problems). This is just one
> area of your existing system that you can use to demonstrate "preventative
> actions". I am sure that there are other areas within your existing system
> (supplier evaluations, training, etc.) that you can use as well.
> Hope this is helpful to get the 'ole gray matter' going.
> Ethan
From: Nancy
Date: Mon, 23 Jul 2001 22:59:17 -0500
Subject: Re: Elem 14 related to employee suggestions

From: "John "

Charley wrote:

> I had a registrar's auditor tell me that since the new standard requires
> procedures for CA and also PA, he expects to see 2 separate procedures. I
> have a high regard for this guy - he usually has his head screwed on
> straight - so I figure he must have been off his feed that day.
> Has anyone else gotten the same silly "advice"?

Two procedure...I can't imagine that being the issue with an auditor...but...if as an auditor I did not see a procedural differentiation between corrective and preventive action, I'd ask for the organization's understanding of the two concepts and follow the links or lack thereof to a process. The differences are subtle. 9000:2000 differentiates them by "prevent occurrence" (PA) and "prevent reoccurrence" (CA), but goes no further.. 9004:2000 implies that PA is data driven for potential events while CA is driven by root-cause of actual events. Hmmmm. Actually, 9001:2000 may give us the most information: from 8.5.2 "...take action to eliminate the cause of nonconformity"; From 8.5.3, "...determine action to eliminate the cause of potential nonconformity." Here's the tree-falling-in-the-woods conundrum as it relates to CA/PA: If in your corrective action you do what is necessary to assure that nonconformance will not happen again, is that a preventive measure or a corrective measure? According to what I've heard in 9001:2000 interpretation, that is CA, even though it "sounds an awful lot like" PA.

Sooo...IF that is CA, then what, pray tell, is PA? Although I fully endorse the data analysis interpretation of PA (for acting on trends before the trending actually leads to nonconformity), I go back to the concepts of mistake-proofing and FMEA at the design stage for clarification: if you design in the measures that eliminate the potential for nonconformity in the first place - and that is NOT easy to DO -- are you not practicing PA? To me, that's clear in theory and difficult-but-not-impossible in practice. My acid test is whether I can apply it to both a manufacturing and a non-manufacturing setting, and I can.

Back to wearing the auditor's hat, I'd allow some slack in interpretation, at least until there's a larger body of experience in interpreting 9000:2000. I'm known as being a "tough" auditor but also fair, and I see the value in differentiating the two processes in the manner stated above. I have also seen a lot of blank faces among my fellow quality professionals when I "talk like this," and so I'm using you all as guinea pigs in a way.

Have I added anything positive to the discussion of CA/PA or do you view this as further muddying of the already-silt-laden waters?

Cheers...and have a great day!

Reference Web Sites:


The Elsmar Cove Privacy Policy and Statement - May 2017