ISO 9001:2015 Preventive Action

Clause 8.5.3 of ISO 9001:2008 is titled “Preventive Action” and requires organizations to determine the action to eliminate the causes of potential nonconformities in order to prevent their occurrence. This requirement, along with the need for a documented preventive action procedure, is missing from the Committee Draft of ISO 9001:2015.

In ISO 9001:2015, clause 0.3.d, a significant change in the new standard is explained under Risk and Preventive Action. It notes that the Annex SL structure and text for all management system standards does not include a clause and specific requirements for “preventive action”. This is because one of the key purposes of a formal management system is to act as a preventive tool.

The section points out that in clause 4.1, an assessment is required of the organization’s external and internal issues relevant to its purpose and that affect its ability to achieve the intended outcome(s) of its quality management system.

In clause 6.1, the organization is required to determine the risks and opportunities that need to be addressed to assure the quality management system can achieve its intended outcome(s), as well as, prevent, or reduce, undesired effects, and achieve continual improvement.

These requirements in clauses 4.1 and 6.1 are considered to cover the concept of “preventive action‟, and also to take a wider view that looks at risks and opportunities. This has also facilitated some reduction in prescriptive requirements and their replacement by performance-based requirements. Although risks have to identified and acted upon, there is no requirement for formal risk management.

Note that “risk” is defined as the effect of uncertainty. An “effect” is a deviation from the expected, whether positive or negative. “Uncertainty” is the state, even partial, of efficiency of information related to, understanding or knowledge of, an event, its consequence, or likelihood. Risk is often characterized by reference to “potential” events and consequences.