Corrective Action and Preventive Action – What’s the Difference?
Although corrective action and preventive action are two important quality system elements, people often get confused about which type should be used when. Both of these elements also form part of the non conformance process and are contained in our non-conformance software. Let’s look at corrective action vs preventative action in some detail and try to give you some clarity.
What is Corrective Action?
The corrective action process (CA) in Quality Management Systems is the steps taken to remove the cause of nonconformity in a process.
To take corrective action means you must react to a problem in the process and take actions to control it. You then plan and implement the action(s) required to prevent it from occurring again.
Prior ISO 9001 versions described the difference between corrective and preventative action as corrective action preventing recurrence of an issue. On the other hand, preventative action (PA) prevents the occurrence of the issue.
What is Preventative Action?
Preventative action in a QMS is the steps you take to rectify the cause of a problem before it happens. You therefore eliminate the cause of a potential nonconformity in a process.
You take preventative action if you:
- Identify a potential problem that may happen.
- Evaluate what might cause the problem.
- Take action to prevent the problem from occurring before it does.
Examples of Preventive and Corrective Action
In summary:
Corrective action is the steps you take to fix the cause of an issue after it happened. With preventative action you notice the problem before it happens and take steps to fix the cause of the problem.
Here is a simple example of corrective and preventative actions (CAPA):
- Corrective action – I get an electrical shock when using an electric drill, find that the cause is that the drill’s cord was frayed, and take action to replace the cord so that no one else gets shocked. This includes the procedure to inspect the drill’s cord before using it and replace it when it gets worn. I also train staff to use this procedure so nobody gets shocked when using a drill.
- Preventative action – I realize a frayed cord on any power tool could shock someone (although nobody has been shocked), then determine that the cause is the frayed cord, and take action to prevent others from using power tools with frayed cords.
This example uses a problem with product usage, whereas CAPA in a QMS most often deals with process problems. The example however makes it easy to understand the difference between corrective actions and preventative actions. The process is however equally effective in identifying and solving product and quality problems.
In short:
CAs are reactive to an actual problem after it has happened. PAs are proactive to a potential problem before it has happened. Corrective action systems typically contain fields for both types of action.
Why Recent ISO Quality Management System Standards Include Corrective Action but Not Preventative Action
Older versions of among others ISO 14001, ISO 9001, ISO 27001, included requirements for processes for corrective and preventive action. These two processes were part of the non conformance reporting in the quality management system.
Although the steps you need to take for both were basically the same, the action that would trigger a process was different. When you react to a problem that has happened, you trigger corrective action. You trigger the preventive action process when you identify a potential problem.
This often confused people as they did not know when to use corrective or preventive actions. They rarely used the preventive action process due to it being a complex process that takes time that they would rather use to react through corrective actions. Others interpreted all actions taken to prevent a recurrence during the corrective action process as being preventive action.
What Do the Most Recent ISO Releases Say Regarding Preventive Action?
The most recent release of some of the quality management system standards therefore no longer requires preventive action. Although this has eliminated the confusion mentioned above, ISO now indicates that the complex process previously required in PA is not needed.
When used correctly, there are other parts of the standard that are effective in providing good preventive actions.
Other sections in the standard have therefore replaced preventive action, including:
Continual Improvement
Any activities that you take to improve your quality management system’s processes are preventive actions. The focus of the new standards’ requirements is on each company finding ways that work for them to improve processes continually, rather than using the complex preventive action system required by the standards’ previous versions. Having something as simple as a suggestion system in place will help you to identify how you can improve processes. If you then implement those suggestions, the actions can prevent problems.
Risk-based thinking
This requirement in the new versions of the standard specifies that you should identify areas where you are not certain of the outcome and it may affect the quality management system. Risk-based thinking and risk analysis means yo should identify any uncertainties, or risks, and then determine if you should take action to capitalize on positive outcomes or to prevent bad outcomes. Companies often include this when doing management reviews.
Corrective Action And Preventive Action (CAPA) – How to Do Them
The newer ISO quality management system standards have not really changed the systematic process used for CAPA corrective and preventive action. Corrective actions are meant to improve the performance of the process or individual’s behaviors via the nonconformity reporting process. You can easily document the steps you take by using corrective action tracking software.
You generally need to:
1 Identify the problem
Define the actual problem. You first need to make sure the problem is not a perceived problem but an actual problem. A good way to test this is to write the problem together with a requirement to compare it. This is often referred to as a “Should Be” and “Is” statement. An example is that components should be manufactured from metal, but the components that were received are plastic. If you are not able to specify what the outcome should be, you may not have identified an actual problem.
2 Identify the size of the problem
You need to understand how big the problem is. Is it only the product that was delivered today, or were previous deliveries affected as well? Is it a single product, or multiple products? Make sure you know exactly what the scope of the problem is, and equally important, what it’s not. It may for example be important to know that the problem only occurs on Fridays.
3 Take action to eliminate the problem
How can you stop the problem from happening again while you’re looking for the root cause? Apply a correction that will stop the problem immediately while looking for the ultimate cause and resolving that. You basically need to identify the immediate stop-gap measures you have to put in place to ensure that you’ll catch the problem if it recurs while you’re fixing the cause.
4 Identify the problem’s root cause
Don’t only look at the surface manifestation of the problem but find out what is at its base. This part can be very tricky. How do you know that you have in fact found the underlying cause? There are many ways you can tackle this, from more difficult methods like the classic Fishbone Diagrams to the ‘5 whys root cause analysis’ where you ask “Why” 5 times until you identify the root cause. After completing this step, it’s always a good idea to ensure that the scope hasn’t changed and became bigger, requiring further containment steps.
5 Devise a plan to address the root cause
What do you have to do to eliminate the root cause that has been identified? Decide on the steps that are required to eliminate the problem’s root cause. You may need to first identify the return on investment and the cost of the fix, depending on the problem. If the fix is expensive and complicated, how will it be funded and who has to approve the funds?
6 Put the plan in place
Implementing corrective actions that you have planned simply means following your plan and making it happen. This could be as simple as changing an existing or implementing a new procedure or process, or buying new equipment as the existing one can no longer deliver as per your requirements.
7 Check that the plan is effective
You need to make sure the plan you implemented was effective. After implementation, simply wait an appropriate amount of time and then check that the problem hasn’t recurred. If it does, the first thing to check is if you’ve identified the actual root cause. Although this step is the most important one, most companies have trouble with it. People tend to close out the paperwork as soon as possible or believe the quality management systems registrar needs early closure to show timeliness. Proper follow-up is however essential and this may be combined with internal audits or a management review.
Final Words
Most organizations will have implemented a form for corrective actions as part of their quality records that include these steps, or a modified version thereof, to keep track of the information and make sure no steps are forgotten. This is often done as part of their NCR process and they use corrective and preventive action software to make to process easier. This is also referred to as a CAPA system. It is important to have a good systematic process that will help you detect recurring quality problems, and then find and fix the root of the problem for any systemic issues within your company.
If you only address the symptoms, you can be sure the problem will return and this will be undesirable as it will adversely affect your quality system. The aim of corrective actions is to identify and address the root cause of the problem to prevent recurrence. If you achieve that, you’ve improved your process and your preventive and corrective action process is effective.