Preventive actions are pro-active – something could go wrong and these are actions taken to stop it from happening, or to stop it from becoming too severe.
ISO 9001:2015 has no clause referring to ‘preventive action’. Instead, the concept is embedded in ‘risk-based thinking’ that is part of your planning processes (clause 6.1).
In order to identify risks that need preventive action, adequate monitoring and controls must be in place in the quality system to assure that potential problems are identified and eliminated before they happen. If something in the quality system indicates that a possible problem may develop, some action must be taken to avert it and then eliminate the potential situation.
You can identify opportunities for preventive action (or risks and opportunities) in a number of ways:
Once you’ve identified a potential source of problems and the possible effects, you need to assess how likely it is to happen, and whether the costs associated with reducing the risk are worth it. This is effectively risk-management.
If you are documenting a Preventive Action or ‘Managing Risk’ procedure, you should include information on:
Although there’s no explicit requirement to keep records under ISO 9001:2016 clause 6.1, you might decide that you ought to based on clause “4.4 QMS and its processes”, which states that you should ‘retain documented information’ … ‘to the extent necessary’ ..to.. ‘have confidence that the processes are being carried out as planned’.
The records you keep on actions taken provide evidence that an effective quality system has been implemented and that it is able to anticipate, identify and eliminate potential problems.
If you decide to do nothing in response to an identified risk, be sure to document the reasons behind the decision.
You can document Risks and their controls in Toolbox under the ‘Risks’ module. You could also record them as an Issue in the ‘Issues’ module. Our user guide has more information on how QSToolbox helps you manage various kinds of issues, including preventive actions, and how to manage risk assessments