Corrective and Preventive Action are key elements to a Quality Management System (QMS) that is focused on Continual Improvement and Customer Satisfaction. Indeed, any ISO 9001 QMS should have this type of focus, unfortunately many do not. What’s the difference between corrective action and preventive action?
What is Corrective Action vs Preventive Action?
There are two types of actions in an ISO 9001 Quality Management System: Corrective action and preventive action. Many people struggle with just what preventive actions look like and how they differs from a corrective action.
What’s funny about this discussion is how everyone tries to explain the difference as merely an interpretation of the words “detected” and “potential”. But does this really clear it up for anyone?
The ISO 9000 Definition
These definitions are based on the ISO 9000:2015 publication “Quality management systems — Fundamentals and vocabulary”.
Definition of Corrective Action
Action to eliminate the cause of a nonconformity and to prevent recurrence.
Definition of Preventive Action
Action to eliminate the cause of a potential nonconformity or other potential undesirable situation.
It is important to properly use these two sub-systems for corrective and preventive action when building a new QMS based on any quality standard, or revising an existing QMS. In order to do this, one must understand the difference between Corrective and Preventive Actions.
Corrective Action vs Preventive Action
Corrective action is performed on detected nonconformities. In other words, there are real nonconformances that exist right now and action — corrective action — must be taken to stop them from ever happening again in the future.
Most people get this and seem to understand the concept of correcting nonconformances (defects) — permanently, so they do not cause further aggravation. But what about preventive actions and how is it different?
People seem to get hung up on what a potential nonconformity is and how it is prevented from ever occurring in the first place? Potential defects are defects that could happen. I think a better description would be to call these risks as the latest ISO 9001:2015 now calls them.
Risks of Nonconformity
Everyone understands the concept of risk at some level. If we keep using a dull blade on a saw, then we are taking a risk because at some point that blade is going to break.
Using a dull blade is a bad business practice, right? So what other bad business practices are you using in your business that you should fix to prevent a bad outcome (nonconformity) from occurring?
Potential nonconformities are all around us in every business. The question is, how do you find potential nonconformities? The best way to find them is to look for them using common quality tools.
Corrective and Preventive Actions: Past vs. Future
Simply put, Corrective Action is based on a nonconformance event that has happened in the past. Preventive Action is based on preventing a nonconformance event in the future.
CAPA Continuous Improvement
Both are similar procedurally, but with the focus as described. Together, Corrective and Preventive Actions — typically referred to as CAPA (pronounced cap-uh) are integral parts of a continuous improvement program.
Both corrective and preventive actions should use some type of a log to record each event; a Corrective Action Log and a Preventive Action Log. These logs are useful for performing trend analysis and to determine if your actions are having the desired response.
Corrective and Preventive Actions will typically have a form that is used to record the details of the activity performed to satisfy the event; A Corrective Action Request (CAR, pronounced car, as in an automobile) and a Preventive Action Request (PAR, pronounced like the golf term, par).
Too often a company will fix a problem in their business process, say a customer complaint or product return, after the problem has occurred. This is typically product or event focused.
Then the company will look at what they’ve done and say, “Well if we revise our shop router or procedure, this will not happen again.” They will label this second phase as Preventive Action.
While it is a future thinking type of activity, it is still Corrective Action because it is based on solving a problem that has already happened. A Corrective Action needs to focus on the Quality System, so in this example the systemic action taken is the revision of the shop router or procedure. This is Corrective Action.
On an annual basis, a company may record only a few Preventive Action activities, while in the Corrective Action log many dozens of events are listed. Later as the quality system matures, you should see more preventive actions than corrective actions.
Preventive Action activities should stand alone and not focus on past events. Let’s look at a few examples.
Preventive Maintenance Program
For example: Company XYZ has a Preventive Maintenance management program that requires manual data entry. It is working fine and there have not been any problems. However, it takes a lot of time to manage and does have a high potential for error or lost records.
Company XYZ decides to purchase Preventive Maintenance software to manage this activity. Since the purchase is not based on problems that have happened and is focused on process control or making an improvement to the QMS, it is a Preventive Action.
Preventive Action Events
A young functional Quality Management System should record and complete many more CARs than PARs. For audit purposes, a handful of Preventive Action events will demonstrate that this important part of the QMS is functional.
A primary source of Preventive Action activities is the Management Review process where discussions about quality strategy, quality resource requests, and part quality. The Manager responsible for corrective and preventive actions can also initiate and record Preventive Action activities.
Listed below are a few examples of preventive action that can be taken:
- Analyze process or product characteristics for negative trends that, if left alone, could drift into a nonconformity. Such analysis can be documented into a control plan.
- Install alarms to warn you when your process is drifting into a nonconformity. Statistical process control charts provide excellent detection alarms.
- Review nonconformances found in similar processes, products, or companies for ideas that could be applied to your business. Benchmarking similar companies is great for brainstorming preventive actions.
- Perform risk analysis to uncover latent hazards. Failure Mode Effects Analysis (FMEA) is a great methods for determining risks.
- Implement lean thinking to eliminate wastes, which are obvious signals of latent causes of future defects.
- Establish more rigorous training programs to continuously improve your employee’s skills. Regular training introduces new ideas into your organization that can be sources of innovation that prevent nonconformities.
- Introduce disaster recovery, security, and contingency plans for unpredictable (risk) situations, hazards, or safety conditions.
- Set up preventive maintenance & calibration control programs to ensure your equipment is always safe, available, and performing optimally.
- Perform supplier surveillance (second party) audits to assist your supply chain in delivering quality product to you consistently.
- Analyze your process capabilities to create a foundation for improvement. Use Capability Maturity Model (CMM) or Capability Maturity Model Integration (CMMI) for inspiration.
- Implement or improve your Employee Health and Safety (EHS) program to protect your employees and company from safety related risks.
- Determine strategic risks using SWOT (Strengths, Weaknesses, Opportunities, Threats) analysis and take action on to reduce risks.
What preventive actions do you take in your business to eliminate defects BEFORE they occur?
Difference Between Corrective Action and Preventive Action
As one of the key elements to a QMS that will lead to improved processes, with a focus on continual improvements, it is important to use corrective and preventive actions. After all, is the goal to have a ISO plaque in the lobby, or to have a viable business focused on continuously improving?