Indeed, just about the whole standard requires preventive action from the management system including such activities/processes as:
Assessing risk
Design
Planning
Selecting suppliers
Process control
Analyzing data
Etc..
Having to rely upon a separate PAR form may suggest a system weakness or nonconformity in need of corrective action.
Hardly. All of these can be dealt with as risk and risk mitigation. Risk mitigation might be considered as the new term for preventive action. Most important is that the term preventive action is no longer in the standard.
The writers of the standard went to great lengths to end the comingling of corrective action and preventive action. They openly stated that preventive action did not live up to its mission and that risk was the new or replacement term. They not only renamed it, they gave it its own place in the standard, section 6, way away from corrective action.
One of the biggest reason for the failure of the mission is that corrective action and preventive action were written too much alike and were right next to each other. Somehow it became a common thing to believe that preventive action was what was done to prevent a nonconformance from happening again. It is not. What is done to keep a nonconformance from happening again is part of the corrective action.
Once this comingling happened in an organization and became part of their culture it was impossible to separate it, thus the need to go to great lengths to separate them.