Now here is where I let you into a little industry secret…Quality Managers, Auditors and Consultants in fact pretty much everyone has an opinion about what preventive action really is but in truth, many people (including Certification Body Auditors) often get it wrong.
Even the Audit Practice Group goes as far as saying that auditors should not lose their way when auditing Section 8.5.3 of ISO 9001 by having a philosophical discussion. But in truth this often happens.
So what is Preventive Action…
The problem is preventive actions isn’t a separate process or procedure unless you have a defined ‘Risk Management’ process such as Failure Mode Effect Analysis or as in the Medical Device Standard ISO 14971.
The key question to ask yourself here are…
- What do we do to prevent poor product/service affecting my customer?
- What do we do to prevent poor product/service affecting my business?
- How do we learn from things that have gone wrong and stop things from going wrong in the future?
These are not easy questions, but if you can answer the three questions above and define how you handle each situation, then you will have a good understanding of preventive action.
Preventive Action Procedure…
So your Preventive Action Procedure as required by ISO 9001 Section 8.5.3, may infact be included in several procedures rather than the traditional approach to please auditors by having just one documented procedure.
Infact because the ‘procedure for preventive action’ does run across many business processes probably the best place for this documented procedure, is to use your Quality Manual to ‘point’ to other procesess that support preventive action.