Get in Front of the Problem

Preventive action remains a poorly understood concept

by John E. "Jack" West

Considering the unfortunate fact that product recalls and their disastrous results seem relatively common, it’s curious why so many organizations resist formal efforts to address preventive action. It seems some organizations will even search their corrective actions to find a few issues to characterize as preventive just to satisfy auditors.

But preventive action isn’t working on problems that have already happened. Rather, it’s looking ahead to what could happen in the future. It’s a mindset in which the organization continually asks: What if?

It seems obvious an ounce of preventive action costs much less than a pound of corrective action. So why do organizations resist? Perhaps it’s the thought that, even under the best of circumstances, preventing every problem and nonconformity is exorbitantly expensive.

Organizations typically don’t apply preventive action at the optimal stage in the development of a quality management system (QMS). They don’t think about preventive action until long after it has ceased to be an effective alternative. Doesn’t it make sense, however, that a key purpose for implementing a QMS is to prevent the occurrence of problems?

It is astounding to me that ISO 9001:2008 does not make that objective crystal clear. The closest it comes is in clause 8.5.3, which states: "The organization shall determine action to eliminate the causes of potential nonconformities to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems."

On the other hand, the standard has several requirements related to planning:

  • Clause 5.4 requires you develop quality objectives and plan the quality system to meet those objectives and customer requirements.
  • Clause 7.1 requires you plan product realization and determine how you’ll ensure requirements for the product are met.
  • Clause 7.3.1 provides rules for planning design and development processes, which means considering the interrelationship of design review, verification and validation with the various phases of the design work.
  • Clause 7.5.1 requires you plan the production and service delivery processes so they’re conducted under controlled conditions.

The right moment

The message should be clear: Well-planned processes are the key to a successful QMS. That’s because the most appropriate time to consider preventive action is during planning. Organizations have three different ways in which they can develop preventive actions during the planning processes:

1. Reduce complexity and the number of process interactions. Every step, resource or control adds new interactions to a process and increases its complexity. Because each step has at least two interactions—and often many more—that have their own steps and processes, the number of interactions increases much faster than the number of steps.

Complexity also increases the opportunities for things to go wrong. In terms of preventing nonconformity or undesirable process performance, it’s worthwhile to consider simplifying processes. Process simplification is one of the most effective preventive action tools and is best addressed during process planning.

2. Manage risk of failure. Organizations can use techniques such as failure mode and effects analysis (FMEA) and process FMEA to assess the risk of future failures of new products and processes. With such tools, risk is prioritized to help assess which ones offer the most economical applications.

Risk-assessment tools are useful in evaluating and executing cost and performance trade-offs for products. They also can be used to mitigate risk associated with product performance—for example, warranty claims and loss of good will—and liability exposure, which by itself makes a compelling case for an aggressive preventive action process.

3. Anticipate and manage uncertainty. Uncertainty can be characterized as one of four types: process variation, foreseen uncertainty, unforeseen uncertainty and chaos uncertainty. In any organization, all of these forms of uncertainty exist to some degree, depending on the nature of the organization, its products, its culture and the markets it serves. Obviously, managing unforeseen uncertainty is difficult, but developing strategies for the other types is certainly a good use of planning time.

You can, for example, plan to use statistical process controls to control uncertainties due to variation. But if foreseen uncertainty is dominant—as it is, for example, for organizations requiring Food and Drug Administration approval of new drugs—then emphasizing contingency planning, training or decision-tree models might be more appropriate.

For organizations frequently facing unforeseen uncertainty—for example, an army conducting a military mission—conventional tools such as program evaluation and review technique charts are relatively useless. Using iterative external scans of the environment to uncover potential opportunities and threats would prove more effective. The information could be incorporated quickly into strategy and tactics.

Design and development

In addition to the planning requirements, several controls specified in ISO 9001:2008 should result in preventive actions.

Take, for example, the design and development requirements of clause 7.3. Design and development departments often think of themselves as special, and in a sense they are. After all, they hold the keys to an organization’s product innovations. If they are not innovative and clever in developing new designs customers need, the organization will fail.

People in such situations seem to naturally resist controls. Can you blame them? They are under tremendous pressure to innovate, yet they’re expected to follow a set of rules laid down in an international standard. From their point of view, such a demand may appear to be absurd.

Often, I have heard this sort of objection voiced at the very mention of ISO 9001 design controls. Sometimes, the reaction comes before the speaker even knows what controls are required, much less understands the pros and cons of implementing them. The perception is that placing controls on design and development will limit innovation and creativity, inject nonvalue-adding activities into the design and development process, or impose additional cost or time conditions.

It’s discouraging to hear these controls being rejected before they are understood. The controls are actually simple and, without delving too far into the details, can be summarized as follows:

  • Plan the design and development stages, as well as the design review, verification and validation activities.
  • Manage the design and development interfaces.
  • Control the determination of design and development inputs, and ensure outputs meet input requirements and are suitable for subsequent review, verification and validation activities.
  • Conduct the design and development review, and the verification and validation activities needed to ensure the product will meet the design inputs specified in the inputs and customer’s application needs.

These design and development controls are intended to ensure the design meets requirements. In other words, they prevent problems.

Procurement and outsourcing

The purchasing process requirements described in clause 7.4.1 of ISO 9001 permit the organization to decide the "type and extent of control" to be used for purchasing.

The organization’s selection of controls should be based on the effect of the purchased materials or services on the product realization processes and on the ultimate products delivered by the organization to its customers.

If purchased materials or services—for example, a threaded fastener that is used inside a noncritical subassembly—have little impact, minimal control is needed. Minimal control may be generally acceptable for commodity-type purchased material and for simple services.

If purchased materials or services have high potential impact on either the final product or the realization processes, more robust control is required. If, for example, the fastener is used to connect aircraft fuselage sections, the controls will be more extensive than if the bolt is used in a noncritical application.

It is the intent of ISO 9001 to require an organization to think about what makes sense from its customer’s perspective. The purpose of this work is to prevent problems with purchased items. Then there is the outsourcing of processes. In that case, the decision process to determine the controls needed is even more important, and the execution of these decisions can certainly be classified as preventive action.

Deadly chains of events

In cases of very serious failures, such as airplane crashes or oil-well blowouts, there often is no single root cause. Rather, there’s a chain of events that if broken at any point would not result in a disaster. Teaching employees to look for and eliminate potential links in a chain of events that could lead to catastrophe is another true preventive action.

These are just a few examples, but you should take away the idea that prevention is a way of thinking—a mindset. It’s a thinking process that can and should be taught and used in daily work. When that is the way you work, preventive action will become a key factor in the sustainable success of your organization.


  • International Organization for Standardization, ISO 9001:2008—Quality management systems—Requirements.

John E. "Jack" West is a member of Silver Fox Advisors in Houston. He is past chair of the U.S. Technical Advisory Group to the International Organization for Standardization Technical Committee 176 and lead delegate of the committee responsible for the ISO 9000 family of quality management standards. He is an ASQ fellow and has co-authored several ASQ Quality Press books.

Average Rating


Out of 0 Ratings
Rate this article

Add Comments

View comments
Comments FAQ

Featured advertisers