Featured Product
This Week in Quality Digest Live

More Videos

Standards Features
Stay In Your Lane: How to Compete In a Saturated Market
Megan Wallin-Kerth
MasterControl’s Matt Lowe talks competition, data, and what quality does for a company
The Circular Economy: Building Trust Through Conformity Assessment
ISO
Using the CASCO Toolbox to repair and restore
Document Management: Risks, Controls, and a Sample SOP Template
Todd Hawkins
Good documentation is worth the effort you put into it
The Need for Data Governance
Rupa Mahanti
With data as the fuel of the digital economy, data governance is the much needed brake
Ten Ways to Improve Safety at Your Facility
Bryan Christiansen
Workplace policies that reduce accidents and enhance safety

More Features

Standards News
ArisGlobal Signs Agreement to Acquire Amplexor Life Sciences
Creates one of the most comprehensive regulatory SaaS platforms for the industry
Webinar: ‘IATF 16949 Update–ASPICE, Functional Safety’
Omnex webinar on March 30, 2023
3D Guide Removes Frustration From Product Assembly
Yotrio and SunVilla to provide interactive, 3D-enabled assembly via BILT app
Kennametal Introduces Turning Insert Grade With Advanced Coating Technology
KCP25C grade with KENGold coating sets new standard for wear and productivity in steel turning
EU Officially Extends Medical Device Certification Deadline
Takes action to mitigate risk of medical devices shortage
Cruising Toward Self-Driving Cars
Standards, testing help autonomous vehicles drive safely
Wellington Foods Protects Product Safety With X37 X-Ray Inspection System
Offering production versatility and throughput with increased detection sensitivity and low energy consumption
Nikon Launches Three New X-ray Software Solutions
New lines improve software capability and analysis
Upcoming Omnex Webinars for February 2023
Automotive cybersecurity on Feb. 9, and AS9145 on Feb. 28

More News

Denise Robitaille

Standards

Preventive Action Is About Risk

It’s not a sequel to corrective action

Published: Monday, December 19, 2011 - 16:22

The ISO 9001 requirements pertaining to preventive action would get a lot more attention if people grasped the very simple fact that this is all about managing risk—which is really about managing the consequences of change. Whenever we change something, even for the better, there are consequences—ripples across the waters through which we navigate our quality management systems. Failure to anticipate the consequences of those changes is how we end up with bad things happening. Like the hapless rafter who is surprised by the rapids, our craft is buffeted and tossed. We get banged against partially hidden rocks, we lose our bearings, our provisions get lost in the swirl, and sometimes our vessel capsizes and we’re left adrift, at peril of going under.

Let’s briefly go back to ISO 9001, the standard for quality management system requirements from the International Organization for Standardization (ISO) and investigate the misconceptions surrounding this process. This ISO standard, along with regulatory requirements like the Food and Drug Administration’s (FDA) 21 CFR Part 820, has perpetuated the notion that preventive action follows corrective action. They’ve done this (perhaps unwittingly) by locating the two requirements adjacent to one another in their respective documents. In fact, in both documents, cited preventive action is situated after corrective action in the text, further compounding the misconception. In actuality, these two processes are only related to the extent that each utilizes some of the same investigative and project management tools for implementation. Any other similarity is not only wrong, it is also counterproductive. It diminishes the effectiveness of both processes by confusing the users.

Preventive action is about risk. It is not a sequel to corrective action. It comes first. The better job organizations do when conducting preventive actions, the fewer corrective actions they will have to deal with. We manage the consequences of change in order to mitigate risk.

ISO 9001 talks about addressing potential problems and their causes. It has language about determining potential problems and their probable causes, evaluating the need for action, implementing the action and reviewing actions taken to assess effectiveness. This is all swell, except it still leaves a lot of folks confused about where the potential problems and their causes are coming from.

Where are the data that feed this beast? Do we just meander willy-nilly through our processes looking for problems? It begins to border on paranoia.

How then can we bring sanity to this requirement? And, bear in mind, this is a requirement; it is not optional.

One of the first places to look for help is in ISO 9004—“Managing for the sustained success of an organization—A quality management approach.” Its subclause 9.3.5—“Planning innovation and managing risk,” states: “The organization should assess the risks related to planned innovation activities, including giving consideration to the potential impact on the organization of changes, and prepare preventive actions to mitigate those risks, including contingency plans, where necessary.” It clearly makes the links between change, risk, and preventive action. Other references to preventive actions are scattered throughout the document. But there is one other section that does an even better job of providing helpful guidance, even though it doesn’t specifically mention preventive action.

ISO 9004 subclause 4.4—“Interested parties,” discusses meeting the needs and expectations of interested parties. The text illuminates the value of monitoring interested parties due to the impact they can have on the organization. Interested parties include: customers, owners/shareholders, people in the organization, suppliers and partners, and society.

ISO 9004 notes the fact that different interested parties may have concerns and expectations that conflict. For example, the modern consumer may pine for the days of large-finned, gas-guzzling automotive behemoths. But the environment will no longer tolerate millions of carbon monoxide-belching vehicles. Balancing the needs and expectations of both parties means assessing the risks inherent in whatever action is taken and proceeding accordingly. The organization must then assess the situation and determine how best to address the needs and expectations in a balanced manner. Failure to adequately address the needs and expectation will inevitably result in some unpleasant consequence: loss of market share or government penalty.

The other thing to consider is that the needs and expectations may change over time. Risk is inherent whenever change is not managed. This results in an inability to mitigate problems that may ensue due to lack of vigilance—or simple wishful thinking.

ISO 9004 provides still more guidance that can be used to anticipate risk. In ISO 9004 section 6—“Resource management,” there is discussion of managing a variety of different resources such as suppliers, infrastructure, money, raw materials, and people. Risk accompanies any change to the quantity, quality, availability or cost of resources. Therefore, monitoring your resources is another opportunity to mitigate risk.

The language in ISO 9004 provides a significantly more concrete and useful guidance when it comes to initiating preventive action. It repeatedly talks about change and its consequences. So, if an organization wishes to implement effective and valuable preventive actions within its ISO 9001 quality management system, it should consider the wisdom found in ISO 9004.

Discuss

About The Author

Denise Robitaille’s picture

Denise Robitaille

Denise Robitaille is the author of thirteen books, including: ISO 9001:2015 Handbook for Small and Medium-Sized Businesses.

She is chair of PC302, the project committee responsible for the revision to ISO 19011, an active member of USTAG to ISO/TC 176 and technical expert on the working group that developed the current version of ISO 9004:2018. She has participated internationally in standards development for over 15 years. She is a globally recognized speaker and trainer. Denise is a Fellow of the American Society for Quality and an Exemplar Global certified lead assessor and an ASQ certified quality auditor.

As principal of Robitaille Associates, she has helped many companies achieve ISO 9001 registration and to improve their quality management systems. She has conducted training courses for thousands of individuals on such topics as auditing, corrective action, document control, root cause analysis, and implementing ISO 9001. Among Denise’s books are: 9 Keys to Successful Audits, The (Almost) Painless ISO 9001:2015 Transition and The Corrective Action Handbook. She is a frequent contributor to several quality periodicals.