Preventive action vs. corrective action

[tschones]

In an ISO 9000:2000 preassessment audit, our external auditor hit us hard for not having what he thought were enough records showing we do preventive action. So we are trying to determine what should constitute our preventive action records, but before we can do that, we have to sort out what really constitues a preventive action and when something is a corrective action. Here's how ISO defines the two:

Corrective Action: The action to eliminate the cause of a detected nonconformity or other undesirable situation.

Preventive Action: The action to eliminate the cause of a potential nonconformity or other undesirable potential situation. Preventive actions shall be specified or implicit in the appropriate development, planning, release, and process development procedures.

IMO, corrective and preventive actions are on the opposite ends of a continuum. Obviously true preventive action occurs in the product development phase when tools such as FMEA and fault tree analysis identify potential problems that haven't even surfaced. Moving away from that point of true preventive action, you can have situations where nonconformities have been observed on existing products, and then design the sources of those nonconformities out on a new product and consider it preventive action.

But from there it seems like things get gray quickly. Some of the questions I have are:
* when/where does a potential nonconformity become a detected nonconformity? Is it when it reaches a customer or is it when you first identify it internally? Could you identify a nonconformity internally, capture it, prevent from reaching a customer, put a permanent fix in place, and call that fix a preventive action?
* could the implementation of SPC be considered a preventive action?

I am curious to hear how other organizations address this issue and make this differentiation. What are some examples of preventive actions that your organization has done that aren't in the category I have called "true P.A."?

Our preventive action procedure is really just a list of responsibilities for engineers and others. There is no " process flow" to it, like we have for our corrective action prcedure. What does your preventive action procedure look like?

Tom

 

[CarolX]

Welcome to the Cove

Hi Tom,

Welcome to the Cove!

I suggest you take a look through the "Nonconformance and Corrective Action" and the "Preventative Action and Continous Improvement" threads. You will most certainly find a previous discussion about you situation.

Regards,
CarolX

 

[Bob_M]

Re: Welcome to the Cove

CarolX said:
I suggest you take a look through the "Nonconformance and Corrective Action" and the "Preventative Action and Continous Improvement" threads. You will most certainly find a previous discussion about you situation.

Definately a Great place to start.

Our External auditor recently explained his thoughts on Corrective/Preventive actions. Granted they don't EXACTLY follow ISO but they do make sense.

Corrective Action: What you do or did to CORRECT a nonconformance. Simple Action. Find an NC and FIX it.

Preventive Action: What did you or will you do to prevent that problem from re-occurring. As well as preventing potential problems you notice within you system before a NC occurs.

I have not 100% bought into the simplistic version of the Corrective Action, but since our procedure and form merges both actions, I can really go either way when something goes wrong or when we think something might.

Basically, the auditor was telling me that "sometimes" Corrective action is just, the action to correct something. Not EVERY NC requires a full blown 8D style review. This part we have taken to heart. Not every problem found will necessarily require a "FORMAL" corrective/preventive action, but we will fix the problem ASAP and document it when we can.

Recent Real Example Audit Liked:
Customer complaint about paperwork error.

Corrective Action: Fix error and forward to customer. Note correction made on complaint form. File complaints.

Preventive Action (which I mistakenly marked as corrective) Quality Department (me) noticed 4 recent complaints for the same customer for the same general issue. I generated an OFFICIAL CPAR to IDENTIFY the problem, take immediate CORRECTIVE actions, investigate the CAUSES, make and document PERMANENT changes, VERIFY actions taken and their results, do a SYSTEMIC REVIEW to see if we need to change any procedures, processes, or other items to PREVENT similar problems, and final review that might require customer input.

That is our BASIC 8D style Corrective Preventive Action Procedure/Form.

Hope this helps and doesn't confuse you more.

Bob_M

 

[NYHawkeye - 2005]

tschones said:

* when/where does a potential nonconformity become a detected nonconformity? Is it when it reaches a customer or is it when you first identify it internally? Could you identify a nonconformity internally, capture it, prevent from reaching a customer, put a permanent fix in place, and call that fix a preventive action?

Tom -

I think the answer to your question depends on how your process is defined.

We manufacture fairly complicated products that require many levels of test and inspection to ensure the reliability required by our customers. As we find and correct defects they are viewed as potential nonconformances because our process is uncovering them before they impact the customer. If a defect makes it through to our customer it is treated as an actual nonconformance.

If our customer experiences the defect then we perform a corrective action. If we see a trend of defects that we want to correct even though they would be caught before reaching the customer we perform a preventive action.

Our internal process audits are done pretty much the same way. If we see that the process is not operating as intended we do a corrective action. If we make an observation on how to improve the process we do a preventive action.

In general, for both products and processes we keep preventive action closely linked to continual improvement activities.