| Both sides previous revisionPrevious revisionNext revision | Previous revision |
| articles:preventive_action_not_equal_to_risks_and_opportunities [2021/12/18 13:10] – [Preventive Action ≠ Risks and Opportunities?] rrandall | articles:preventive_action_not_equal_to_risks_and_opportunities [2021/12/19 19:19] (current) – [Conclusion] rrandall |
|---|
| While not mentioned in the original ISO 9001:1987, the term “preventive action” was introduced into ISO 9001:1994. Intended to be a simplistic, yet formalized proactive approach toward addressing “risks”, the new term created a great deal of confusion. This was primarily because the term wasn’t defined in the standard - and users rarely purchased ISO 8402:1994, “//Quality management and quality assurance–Vocabulary//”. | While not mentioned in the original ISO 9001:1987, the term “preventive action” was introduced into ISO 9001:1994. Intended to be a simplistic, yet formalized proactive approach toward addressing “risks”, the new term created a great deal of confusion. This was primarily because the term wasn’t defined in the standard - and users rarely purchased ISO 8402:1994, “//Quality management and quality assurance–Vocabulary//”. |
| |
| | **__The Definition__** \\ |
| With the release of ISO 9001:2000, ISO 8402 was renumbered and renamed to ISO 9000:2000, “//Quality management systems–Fundamentals and Vocabulary//”. The definition of “preventive action” is still present in ISO 9000:2015, and has remained unchanged since 1994 as: | With the release of ISO 9001:2000, ISO 8402 was renumbered and renamed to ISO 9000:2000, “//Quality management systems–Fundamentals and Vocabulary//”. The definition of “preventive action” is still present in ISO 9000:2015, and has remained unchanged since 1994 as: |
| |
| Situation or circumstance that has both a likelihood of occurring and a potentially negative consequence.</blockquote> | Situation or circumstance that has both a likelihood of occurring and a potentially negative consequence.</blockquote> |
| |
| ===== Is the use of "Preventive Action" still valid? ===== | **__Application of "Preventive Action"__** \\ |
| | The second issue with "preventive action" was its application. MANY users fail to understand that, just as “corrective actions” are only applicable to nonconformities that have resulted from “assignable (special) cause variations”, “preventive actions” are ONLY applicable to “assignable (special) cause variations” that have NOT yet occurred. For example, if a company utilizes Statistical Control Charts (SPC), and identifies an unstable process with a trend toward a nonconforming condition, the company may be able to identify the “assignable (special) cause" and implement a proper "preventive action". |
| |
| Technically, the answer is yes. However, most users fail to understand that, just as "corrective actions" are only applicable to nonconformities that have resulted from "//assignable (special) cause variations//", "//preventive actions//" are ONLY applicable to __theoretical__ "//assignable (special) cause variations//" that have NOT occurred. Consequently, "//preventive actions//" continue to be misused. | Alternatively, if a risk is identified along with a known (perhaps obvious) “assignable (special) cause", then the action taken to ELIMINATE the cause would be a proper "preventive action" (i.e., through reducing either the likelihood/probability OR impact/consequences of the risk to zero). |
| |
| Partly because of this widespread misuse, many ISO 9001 and AS9100:2016 Certification Bodies (registrars) are //encouraging// their clients to eliminate use of the term “preventive action”. | While ISO JTCG (Joint Technical Coordination Group) N359, attempted to explain why the concept of “Preventive Action” was removed from ISO 9001 (in"JTCG Frequently Asked Questions in support of Annex SL" (dated 2013-12-03)), many users still found their explanation unclear. |
| | |
| Interestingly, while either ignoring their own definition of "//preventive action//" or ignoring the existence of "common cause variation" (typical of many followers of the "//Zero Defects//" concept), ISO JTCG N359, "JTCG Frequently Asked Questions in support of Annex SL" (dated 2013-12-03), explains why the concept of “Preventive Action” was removed from ISO 9001. | |
| |
| <blockquote>**"JTCG Frequently Asked Questions in support of Annex SL"** \\ | <blockquote>**"JTCG Frequently Asked Questions in support of Annex SL"** \\ |
| 10. Why does the common text not include a specific clause on “Preventive Action”? \\ | 10. Why does the common text not include a specific clause on “Preventive Action”? \\ |
| The high level structure and identical text does not include a clause giving specific requirements for “preventive action”. This is because one of the key purposes of a formal management system is to act as a preventive tool. Consequently, a MSS requires an assessment of the organization’s “external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s)” in clause 4.1, and to “determine the risks and opportunities that need to be addressed to: assure the XXX management system can achieve its intended outcome(s); prevent, or reduce, undesired effects; achieve continual improvement.” in clause 6.1. These two sets of requirements are considered to cover the concept of “preventive action”, and also to take a wider view that looks at risks and opportunities.</blockquote> | The high level structure and identical text does not include a clause giving specific requirements for “preventive action”. This is because one of the key purposes of a formal management system is to act as a preventive tool. Consequently, a MSS requires an assessment of the organization’s “external and internal issues that are relevant to its purpose and that affect its ability to achieve the intended outcome(s)” in clause 4.1, and to “determine the risks and opportunities that need to be addressed to: assure the XXX management system can achieve its intended outcome(s); __prevent__, or __reduce__, undesired effects; achieve continual improvement.” in clause 6.1. These two sets of requirements are considered to cover the concept of “preventive action”, and also to take a wider view that looks at risks and opportunities.</blockquote> |
| | |
| | When reading the above paragraph, be sure to recognize that when the word "//prevent//" appears, it is referring to "preventive action". And when the word "reduce" appears, it is referring to the application of "risk mitigation" controls. |
| | ===== Is the use of "Preventive Action" still valid? ===== |
| | |
| | Technically, the answer is yes. However, due to its widespread misuse, many ISO 9001 and AS9100:2016 Certification Bodies (registrars) are //encouraging// their clients to eliminate use of the term “preventive action”. |
| |
| However, this presents challenges because several other industry-specific standards specifically require “preventive action” to be included in the QMS. For example: | However, this presents challenges because several other industry-specific standards specifically require “preventive action” to be included in the QMS. For example: |
| * [[https://www.monogramwebstore.org/publications/item.cgi?7a832d46-1fb0-4650-a57e-963108b9f71d|API Spec Q1, "Specification for Quality Management System Requirements for Manufacturing Organizations for the Petroleum and Natural Gas Industry" (Ninth Edition, June 2013)]] | * [[https://www.monogramwebstore.org/publications/item.cgi?7a832d46-1fb0-4650-a57e-963108b9f71d|API Spec Q1, "Specification for Quality Management System Requirements for Manufacturing Organizations for the Petroleum and Natural Gas Industry" (Ninth Edition, June 2013)]] |
| ===== Conclusion ===== | ===== Conclusion ===== |
| An organization can certainly continue to use “preventive actions” as a methodology within its ISO 9001:2015 or AS9100:2016 QMS for addressing __theoretical__ "//assignable (special) cause variations//", it would be more logical to simply eliminate those "risks" (where possible). | An organization can certainly continue to use “preventive actions” as a methodology within its ISO 9001:2015 or AS9100:2016 QMS. |
| |
| Supporting this, there is nothing stated in either the "[[https://committee.iso.org/files/live/sites/tc176sc2/files/documents/Interpretations/ISO9001_2015_Approved_Interpretations.doc|ISO/TC 176/SC 2 Listing of Approved Interpretations against ISO 9001:2015]]" or "[[https://asq.org/quality-resources/iso-9001/us-tc176|US TC 176 - TG22 - Interpretations]]" forbidding or restricting use of the "preventive action" methodology. And ISO 9000:2015 continues to recognize "preventive action" as a legitimate methodology (Ref. ISO 9000:2015, sec. 3.12.1). | Supporting this, there is nothing stated in either the "[[https://committee.iso.org/files/live/sites/tc176sc2/files/documents/Interpretations/ISO9001_2015_Approved_Interpretations.doc|ISO/TC 176/SC 2 Listing of Approved Interpretations against ISO 9001:2015]]" or "[[https://asq.org/quality-resources/iso-9001/us-tc176|US TC 176 - TG22 - Interpretations]]" forbidding or restricting use of the "preventive action" methodology. And ISO 9000:2015 continues to recognize "preventive action" as a legitimate methodology (Ref. ISO 9000:2015, sec. 3.12.1). |
| |
| HOWEVER, I recommend eliminating the use of this confusing term because it is so widely misunderstood. A MUCH better way to approach this topic is through the implementation of actual //risk management tools// (which is what ISO 9001:1994 //should// have required) incorporating the use of [[https://asq.org/quality-resources/fmea|FMEAs (Failure Modes and Effects Analysis)]]. A FMEA should be completed for each process (aka **PFMEA** - "Process Failure Modes and Effects Analysis") and design (aka **DFMEA** - "Design Failure Modes and Effects Analysis"). | However, the most common practical application of “preventive actions” would be for addressing "//assignable (special) cause variations//" identified in Statistical Control Charts. |
