The key to understanding the spirit of Corrective and Preventive Action probably revolves as much around applying the terms in accordance with the ISO 9000 definition than anything else

Corrective Action:
Action to eliminate the cause of a detected nonconformity or other undesirable situation

Preventive Action:
Action to eliminate the cause of a potential nonconformity or other undesirable potential situation

ISO 9000 does not embolden the key terms as I have done, but frankly those little words are at the crux of the matter

There is so much continuing confusion about the whole “CAPA” subject, I’ve tried to summarise some key points in a few common “TRUE OR FALSE” scenarios. These questions really strike at the heart of the majority of the inappropriate and clumsy procedures and controls I see. Check out the table below and let me know if anything here strikes a cord with you

Corrective Action is action to correct a problem, whilst Preventive Action is taking additional measures to prevent it happening again

FALSE

This is a very common misconception. Whilst part of the corrective action process will involve an aspect of putting things right, the ISO 9001 requirement for corrective action requires an additional assessment or investigation of feasible action to prevent recurrence – therefore there are generally two parts to the corrective action process, that is, immediate actions and longer term actions

Preventive Action is the implementation of proactive controls to stop something EVER happening (refer to the ISO 9000 definitions above for clarification)

Every Corrective Action must address the root cause of the problem (i.e. a change to the system to stop the problem happening again)

FALSE

Clause 8.5.2 c only requires that organisations evaluate “the need for action to ensure nonconformities do not recur”. That means that root cause action should be considered, but that it may actually be appropriate for some short-term or trivial problems to take action that purely mitigates the effects of the problem. System changes to prevent recurrence should be implemented therefore on an “as needed” basis. In other words where a cost/benefit assessment suggests it would be worthwhile

Both Corrective Action and Preventive Action are mandatory procedures for ISO 9001 registered organisations

TRUE

All organisations irrespective of size, scope of operations etc must document a corrective action procedure and a preventive action procedure of sorts

The procedures must be clearly entitled “Corrective Action” and “Preventive Action” in order to make things clear to the auditor

FALSE

The procedures are there primarily as an aid to the workers not for the convenience of the auditor. Indeed an organisation should think very seriously about using user-friendly (rather than ISO) terms in its documentation. If the auditor has to ask for an explanation, that’s tough. It’s part of his job

Two separate procedures are not required and it is perfectly acceptable to role Corrective and Preventive Actions together in one “CAPA” procedure

TRUE… BUT…

It is true that any procedures within the management system can be combined. ISO 9001 does not require distinct or separate procedures. HOWEVER, the organisation may reflect on whether it is wise to combine Corrective and Preventive Action procedures as they cover completely different disciplines and processes. Rolling the two together may simply perpetuate the continuing false belief that has been outlined in the very first statement in this table

Most companies don’t really understand the true concept of Preventive Action

(Probably) TRUE

Take a look at a few “Preventive Action” procedures if you doubt this. You will often find them stuffed full of the most interminable drivel. That is not to say that the organisation might not apply any Preventive Actions, just that they often do not realise the range of preventive actions they have, so they are often omitted from the procedure

I.T systems for example are often chock-full of preventive actions (backups, anti-virus, firewalls, access controls) but these seldom make their way into the PA procedure

This statemement is not generally true of OHS systems, however. Most OHS system managers (through disciplines instilled by the risk assessment process) understand the concept of preventive action just fine. QMS managers on the other hand …

An organisation may actually have several Corrective Action procedures, not just one

TRUE

Corrective Actions are generally appropriate in instances of a complaint, an audit non-conformity, or in the case of an internally generated defect report. Therefore a company may have separate procedures for “Complaints”, “Audits” and “Defects”, and these combined may cover off the range of Corrective Action routes quite well

Management Review can be considered a form of Preventive Action

TRUE

It depends on how you conduct your MR, obviously, but if it is used (as it should be) as a forum for sharing ideas and best practices across departments and sites, and for considering suggestions for improvement (from both customers and staff) then the MR process will have an in-built preventive aspect to it

• Tags: CAPA, Clause 8.5.2, Clause 8.5.3, corrective action, ISO 9001, preventive action
• This entry was posted on Saturday, November 8th, 2008 at 8:46 am and is filed under Auditing, Certification schemes, ISO 9000, Quality Improvement
• Print This Post
• Return to top

Subscribe to Capable People

With your preferred program using our  RSS feed, or subscribe with your Email address below and never miss a post!