Hello All,
I have just completed an internal audit where I was shown an incident report which documents details around a broken SLA. Included in this was description of incident, root cause, impact to client and what future prevention measures have since been implemented.
My question is this, is it correct to note in my report that clause 10.3 Continual Improvement has been met due to the prevention action implemented? Is there a more suitable clause I should use instead?
Thanks
Jared
I think you have your terms mixed up. Preventive action is no longer a term used in the 2015 version of the standard. What you do to prevent something from happening again is part of the corrective action as noted by Sidney.
At most it could be used as evidence as an example of 10.2 Corrective Action is doing well.
Preventive Action was a term used in past versions of the standard. For the 2015 version it was replaced with risk. The need for the change is that preventive action did not live up to its mission as it was misunderstood, and the writers of the standard took responsibility for it. Since corrective action and preventive action were together at the back of the standard and written in nearly parallel language it was easy to tangle them. To resolve it, preventive action was given a new name (risk and opportunity) and move closer to the front of the standard.
It may help to think of corrective action as incident control. That is what you do after something happens to control and contain it. Preventive action was intended to handle what you do to keep a potential problem from happening, which, pure and simple, is risk.
How to attain continual improvement is actually contained in the standard. It is the results of analysis and evaluation and the outputs from management review.
It sounds like you may be using an element based checklist for your internal audit. Although it is not prohibited, it is discouraged with the preference of auditing using the process approach. That is determining how the company is structured and then auditing the elements of the structure instead of the elements of the standard. Perhaps you are doing a process based audit and referring the the elements that apply to it, which is fine.