| There is often a discussion between the auditor and | | | | the same documented procedure. This is acceptable |
| the organization about where corrective action ends | | | | as long as the requirements in both clause 8.5.2 and |
| and where preventive action begins. For example, a | | | | 8.5.3 are addressed. |
| non-conformance is detected in process ‘A', are | | | | The auditor must look for evidence that the |
| the actions taken to avoid possible | | | | organization has analyzed the causes of potential |
| non-conformances in processes ‘B' and ‘C' | | | | non-conformances, that the required actions are |
| preventive actions, or simply within the scope of the | | | | deployed in all relevant parts of the organization and |
| corrective actions taken for process ‘A'? | | | | that there are clear definitions of the responsibilities |
| The auditor should avoid being side-tracked by such | | | | for the identification, evaluation, implementation and |
| discussions and concentrate on whether or not the | | | | review of preventive actions. |
| actions were effective. One of the difficulties in | | | | When a potential problem is identified, organizations |
| auditing a preventive action program is that some | | | | must determine the action needed to eliminate the |
| organizations don't understand the differences | | | | causes of the potential non-conformance and |
| between corrective actions and preventive actions. | | | | thereby prevent its occurrence. However, the action |
| | | | taken must be proportionate to the effects of the |
| What is Corrective Action? | | | | problem. |
| A corrective action should be considered as a | | | | In other words, it would be acceptable to not take a |
| reactive response since it is taken upon detection of | | | | preventive action if the anticipated problem is unlikely |
| a non-conformity. An organization will first correct or | | | | to happen, would have little impact, and would be |
| contain the problem and then determine its root | | | | easily detected. If a potential problem is low risk, the |
| cause so they can take corrective action to prevent | | | | business decision may be to not attempt to prevent |
| its recurrence. | | | | it. |
| | | | However, if there is a need, the organization must |
| What is Preventive Action? | | | | determine and implement the appropriate preventive |
| Preventive action should be considered as a proactive | | | | action. Records must be kept of the results. The |
| undertaking, e.g., when we anticipate a potential | | | | action taken must be reviewed to assess its |
| problem and take action to eliminate the possible | | | | effectiveness in preventing the potential problem. |
| causes and prevent the occurrence of the | | | | The focus should be on correcting and preventing |
| non-conformance. The best time to take preventive | | | | problems, preventing problems is generally cheaper |
| actions is early in the product cycle, e.g., performing | | | | than fixing them after they occur, start thinking |
| Failure Mode Effects Analysis and conducting Design | | | | about problems as opportunities to improve! |
| Reviews. | | | | When auditing any preventive action program, find |
| | | | out how potential non-conformities are identified. If |
| What is FMEA? | | | | they aren't analyzing trends and looking for warning |
| FMEA (Failure Mode and Effects Analysis) is a | | | | signs, they may be ignoring possible problems that |
| management activity intended to assess actual and | | | | could be avoided if only they were considered. |
| potential problems, assign a risk factor and decide a | | | | Examine the preventive action records to see if the |
| course of action. This method is used in many | | | | organization is following their procedure. Find out how |
| industries such as automotive, medical device | | | | they identify causes and determine the appropriate |
| manufacturing, aerospace, and chemical processing. | | | | actions. Review the results to see if their actions |
| FMEA is not a specific ISO 9001 requirement, | | | | were effective in preventing the problems. |
| however this approach satisfies ISO 9001 Para 8.5.3 | | | | |
| Preventive Action. | | | | Summary |
| | | | Problem correction and avoidance is relatively simple: |
| Auditing Preventive Action | | | | define the problem, identify the cause and take |
| Auditing any preventive action program begins with a | | | | action to remove it. Preventive action is specifically |
| review of the preventive action procedure required | | | | required by ISO 9001:2008 (Para. 8.5.3), and it |
| by standard. The organization may choose to have | | | | provides one of the most valuable links to continual |
| corrective actions and preventive actions covered in | | | | improvement. |