by Dave Bennett
An examination of ISO 9001:2008 clauses 8.5.2 (corrective action) and 8.5.3 (preventive action) shows that their wording and structure are redundant. In fact, of the 78 words in the clause 8.5.3, 68 of them are identical to the words in clause 8.5.2. As a result of this unfortunate parallelism, many designers and implementers of quality management systems (QMS) write a single procedural approach to both requirements that captures the sense of the corrective action requirement but misses the mark regarding preventive action.
When I attended ISO 9001 lead auditor training, the instructor emphasized that clause 8.5.3 is different because the words “potential nonconformities” are used in the preventive action clause and the word “nonconformities” is used in the corrective action clause. He repeated this distinction several times to make sure that we heard it. Unfortunately, repeating a slight difference in phrasing—even in a loud voice—doesn’t stop a quality manager from succumbing to the overwhelming urge to follow the sentence and outline structure of the two clauses by implementing a single procedure, a single recordkeeping structure, and a single approach to compliance with both requirements.
If you successfully prevent a problem that hasn’t occurred, how do you know if you were successful? Here is a fundamental difference in thinking about preventing problems: Preventive action is successful when nothing happens, and the status quo is preserved. This creates difficulties in writing the required preventive action procedure.
As an auditor, you should expect to see an approach that plausibly identifies problems (or “nonconformities” in the language of ISO 9001 clause 8.5.3) that haven’t happened and leaves behind evidence (records) that the approach is implemented. The nature of the evidence should be clear from the preventive action procedure. When the corrective and preventive action procedures are identical, it’s difficult to disentangle the effectiveness of responses to existing problems from the effectiveness of preventing problems that haven’t occurred yet.
Preventive action procedures
The following procedure fragment is closely based on an actual QMS corrective and preventive action procedure. It illustrates the pitfalls of this redundancy of creating a dual compliance approach to clauses 8.5.2 and 8.5.3.
Preventive actions are identified through many, but not solely, of the following methods: management reviews, quality audit results, repair or service reports, scrap and rework analysis, and failure rate analysis.
Preventive actions are managed and implemented with the same system as corrective actions. This means that all preventive actions are verified as implemented properly and verified as effective before closure. The results of implemented preventive actions are reported on a regular basis to upper management through the management review process.
Note that:
- The same system is used to manage both corrective action and preventive action. A weakness of this is that the immediacy of current problems could overshadow the thinking about problems that the organization doesn’t yet face.
- It may not be apparent whether the procedure is effective. With the focus on recording transactions in a list, the tendency of organizations is to focus on whether a certain number of preventions are simply identified and recorded instead of on more powerful outcomes, such as how many potential problems are addressed and avoided by the preventive action system and what effect they would have if they occurred.
- Responsibility is diffused for taking action to identify potential problems. As a result, many people are responsible for identifying and analyzing past problems but no one is accountable to identify and document problems that aren’t yet occurring.
- The procedure emphasizes past events instead of potential problems. By managing the records using the same “corrective” wording, participants can overlook the likelihood or effect of the anticipated problem. Future problems might better be described as risks or hazards, with offsetting activities described as mitigations or controls; these words often aren’t part of a system for correcting past issues.
Prevention in another context
In the United States, the Federal Aviation Administration (FAA) is charged with monitoring and promoting practices of safe commercial air travel. The National Transportation Safety Board (NTSB) analyzes air traffic events and makes technical and safety recommendations to the federal government. The approach of the NTSB most visible to the public is when the NTSB sends a team to the site of a plane crash to determine the most probable cause(s) of the accident. After a formal report—presented at hearings open to the public—the NTSB recommends corrective actions designed to address the probable cause(s) of the accident itself. The recommendations, reports, and analysis of the recommendations are all captured in official records. The NTSB follows up in subsequent investigations to confirm the effectiveness of the actions taken. If this sounds familiar, it should—it’s a near-textbook implementation of ISO 9001 clause 8.5.2, Corrective action. Because the FAA and NTSB have been so successful, there are now very few crashes of scheduled commercial flights in the United States that can serve as new inputs to their corrective action processes.
Consider the following: What would happen if the FAA and the NTSB took the same approach to preventing air safety problems that many ISO 9001-conforming organizations have taken? First, they would create a database of preventive actions (“preventions”) which would initially be empty. They would then ask everyone involved in commercial air travel to send in their ideas for preventions. Sending in an idea would require filling out a form that included the need to provide the cause of the prevention as a precondition for its acceptance. Once accepted, the preventions would then be assigned back to the initiator for implementation.
Does this sound like it would work? If you said no, then when you are auditing and see this common approach by the audited organization, push it to demonstrate that it is working as documented. If the approach isn’t working, then as an auditor you are in a good position to encourage a better prevention system.
Broadening the prevention process
One way to broaden the organization’s thinking about prevention is to formalize a risk management program. This is commonly done in industries in which personal and customer safety is a paramount requirement, such as the aerospace, medical, and chemical industries. In the medical device manufacturing arena, ISO 14971:2007 provides a framework for risk identification, hazard mitigation, and risk management throughout the product life cycle, thus anticipating and preventing nonconformities.
These guidelines start by requiring an organization to create a plan for risk management. This plan needs to include the defined responsibilities, activities, reports, and records that the organization intends to use. These would be independent of the break-fix corrective action loop. This plan can be audited. It should include an analysis of the potential problems or hazards, along with planning for and implementation of the mitigation strategies. There are a number of tools and techniques suitable to this analysis, including failure mode and effects analysis (FMEA), risk prioritization matrices (RPM), and fault tree analyses. The potential hazards are then aligned with their business, product, or organizational effect and their likelihood of occurrence. Thus, the importance of each risk can be quantified to senior management. The completeness and conformance of this analysis to procedural criteria can be audited.
The next part of the risk management plan is risk control. These are procedures for ensuring that the organization’s mitigation actions are effectively implemented. They should include monitoring of process or product characteristics that might indicate the status of the mitigation implementation. These controls can also be audited.
The final part of the plan is post-market evaluation. Product performance data gathered through field and customer feedback are formally monitored to ensure that the assumptions in the initial analysis remain accurate. Once a product goes into large-volume production, some customer applications sometimes aren’t exactly what their designers imagined. Related products and accessories can also change over time, potentially invalidating the assumptions underlying the initial hazard and risk analysis. Evidence that this analysis is performed can be examined during an audit.
Defined and scheduled analysis events
Another way to think about preventive action as an activity independent of the corrective action process is to identify specific analysis events that are defined, scheduled, staffed, and produce records. Each analysis event might be specific to one group and can often be managed by a small group of people. Some examples include:
- Engineering post-mortem analyses following the completion of each engineering project or engineering milestone
- Production process analyses following the completion of each production batch or significant production milestone
- Periodic review and analysis of documented procedures by the process owner and key stakeholders
- Scheduled quality control review of process artifacts and customer deliverables
- Quarterly brainstorming of quality threats by a cross-functional team
- Monthly team meeting of customer service agents to analyze perceived customer dissatisfaction
For these activities to conform to ISO 9001 clause 8.5.3, they need to be conducted in accordance with a defined procedure that stipulates the input to be examined, the general approach and goal for the analysis, records or reports that will be produced, specification of how mitigation or preventive activities are to be documented, and the method for reviewing the effectiveness of the actions undertaken.
Note that although the organization’s quality professional may be the team facilitator, the people who are closest to the actual work processes should be the primary players. The preventive action procedure cited earlier may appear to specify these types of analysis, but as written it fails to indicate what records (“analytics”) are generated by the reviews, who is responsible, or when these analysis events are scheduled to take place.
In my experience, one reason why careful planning is needed is that it’s a lot easier to come up with a list of preventive actions in a meeting room than it is to follow through with implementation. A structured method for follow through needs to be integrated into the organization’s operational processes so that eventually people will look forward to finding out whether they have improved things or not.
Defined and scheduled analysis events can be audited through comparison of procedural requirements with the activities, interviews with participants, examination of records, and comparison of problems identified with other sources of input to the management system.
A handy checklist
The following checklist can be used to auditors to help identify when a preventive action approach might need to be broadened:
- Is the documented procedure for preventive action the same as the corrective action procedure?
- Are few specific responsibilities assigned and no specific resources allocated to perform defined actions for prevention distinct from corrective action?
- If the preventive actions are kept in a database or a list, is the list empty or nearly so?
- Are the people contributing to preventive activities all members of the quality management system coordinating team? (This is especially relevant for larger organizations.)
- Is it difficult to determine when documented preventive activities are not taking place?
- Are there no documented approaches or criteria for evaluating the effect on the organization of the problems being prevented?
Conclusion
As an auditor, you have an obligation to identify practices in the audited organization that could be more effective than they are and to work with the auditee organizations so that, over time, their quality systems become more effective and efficient. Because clause 8.5.3 is poorly written, you could discover during an audit that the organization’s quality personnel are waiting for everyone and no one to suggest preventions. When this occurs, help them to be more effective by broadening the documented procedure for preventive action. The result will be a higher return to the organization for its investment in the quality system.
About the author
Dave Bennett is an independent IRCA-certified third-party quality management systems auditor. He has credentials in auditing ISO 9001, ISO 14001, ISO 18001, and ISO 13485 quality system standards and is an FDA third-party medical device inspector under the U.S. FDA’s QSR accredited persons program. He was formally an engineering manager with AT&T, Lucent Technologies, and Avaya Inc., and had a variety of roles involving product design and product and process quality improvement, including quality systems implementation.
Tags: corrective action, preventive action, ISO 9001:2008, ISO 14971:2007.