Preventive Action Is Dead – Long Live Risk-Based Thinking

The latest revision of ISO 9001 has done away with the preventive action clause[1], which reads as follows:

“The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be appropriate to the effects of the potential problems.

“A documented procedure shall be established to define requirements for (a) determining potential nonconformities and their causes, (b) evaluating the need for action to prevent occurrence of nonconformities, (c) determining and implementing action needed, (d) records of results of action taken (see 4.2.4), and (e) reviewing the effectiveness of the preventive action taken.”

Taking its place in ISO 9001 is the concept of risk-based thinking, which goes like this:

“Risk-based thinking enables an organization to determine the factors that could cause its processes and its quality management system[2] to deviate from the planned results, to put in place preventive controls to minimize negative effects, and to make maximum use of opportunities as they arise (see Clause A.4[3])…

“…Risk-based thinking (see Clause A.4) is essential for achieving an effective quality management system. The concept of risk-based thinking has been implicit in previous editions (of ISO 9001)…[4]

“…One of the key purposes of a quality management system is to act as a preventive tool. Consequently, this International Standard does not have a separate clause or subclause on preventive action. The concept of preventive action is expressed through the use of risk-based thinking in formulating quality management systems requirements.”[5]

woodworking tools

Tools of the Trade (Library of Congress)

So, you see? Preventive action has not gone away from ISO 9001. It has been reframed, defined a bit differently. Eliminating whatever might be the cause of a nonconformity, like eliminating the root cause of the needle in the haystack, is possible but is it worth the effort? Diverting resources to that task causes other tasks to be put on hold.

And, because the 2008 version of the standard buried preventive action deep in the standard and made preventive action a required procedure, the standard itself led to misunderstanding and disuse of preventive actions.

Preventive action is no longer buried in the text of ISO 9001 – it is embedded throughout the latest revision. It can no longer be misinterpreted as a standalone activity.

One more thing – preventive action is not framed in absolute terms. Note how ISO 9001 used to say[6] “prevent occurrence of nonconformities” and how this compares with “minimize negative effects” and “make…use of opportunities”, as well as how ISO 9001 dispenses with a preventive action procedure and instead refers to the QMS in its entirety as a “preventive tool”. By going from a single procedure to the entire QMS, ISO is trying to make organizations like yours and mine see preventive action as a proactive – not a reactive – behavior.

Sometimes, change is a beautiful thing.


[1] Clause 8.5.3 of ISO 9001:2008, “Preventive Action”

[2] Often referred to as the “QMS”

[3] Clause 0.1, ISO 9001:2015

[4] Clause 0.3.3, ISO 9001:2015

[5] See Annex A, clause A.4, ISO 9001:2015

[6] For those of us who haven’t made the switch from ISO 9001:2008 to ISO 9001:2015, it still does, obviously.


We help small businesses improve their efficiency and effectiveness. Whether you're selling a product or a service, we'll show you how you can improve product and service quality, effectively and affordably. If you need quality, environmental, or health & safety management but can't afford a full-time manager or staff, call on Q9C and we'll pick up the slack. For information or a quote, call or write. Subscribe to the Q9C blog while you're at it.

Tagged with: , , , , ,
Posted in ISO 9001:2015, Preventive action, Risk-based thinking, Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: