A Standard Guide to Preventive Action

Preventive Action guide

“If anything can go wrong, it will”.

Many of you may be familiar with this expression. Yes, you are right! It’s Murphy’s Law.

While many may take this expression pessimistically, we should focus on the positive side of this expression, for instance, to help us avoid potential problems, especially in our business processes and management systems.

International Organization for Standardization (ISO) encourages companies and organisations to put preventive action or control to eliminate potential issues in business processes and management systems.

Through this article, we will help you understand the definition of preventive action, the difference between corrective action vs preventive action, why it is essential and beneficial, examples of preventive action, and last but not least, how to write an effective preventive action plan.

What is Preventive Action?

Preventive action is a proactive measure to eliminate any factor causing our processes and quality management systems to deviate from requirements and to implement controls minimising risks of its occurrence and negative impact.

Preventive actions aim to correct a potential problem which may occur in the future if left uncontrolled. ISO promotes implementing preventive actions through risk-based thinking, incorporated in the Plan-Do-Check-Act (PDCA) cycle.

Plan-Do-Check-Act (PDCA) cycle

In a quality management system, preventive action is usually associated with corrective action, known as the corrective action and preventive action (CAPA) system.

In Good Manufacturing Practice (GMP), Hazard Analysis & Critical Control Points (HACCP), Hazard Analysis & Risk-based Preventive Controls (HARPC) and ISO standard, the CAPA system is used to identify the root cause of nonconformities, plan corrective action to prevent the recurrence of the nonconformities. It addresses similar potential nonconformities which require preventive action.

CAPA system

CAPA is usually issued to address nonconformities found during external and internal audits or issues that negatively impact quality.

Corrective Action vs Preventive Action

The difference between corrective and preventive actions lies in their purpose. Corrective action prevents recurrence by aiming to correct problems or nonconformities that may have occurred before. Therefore corrective actions focus on providing a solution or correction to a current issue and preventing the recurrence of that particular problem.

In contrast, preventive action prevents occurrence by aiming to avoid problems or nonconformities that may happen in the future and, thus, focusing on eliminating risks of the occurrence of the issues. In short, we could say that corrective action prevents the recurrence of nonconformities, while preventive action prevents the occurrence of nonconformities.

Although the purpose of corrective and preventive actions is different, both corrective and preventive actions require risk analysis to identify the causes of the nonconformities and determine the corrective and preventive actions needed.

root cause analysis

When nonconformities are identified, an immediate solution must be implemented. This action is known as a correction. To prevent the recurrence of nonconformities, corrective actions have to be planned and taken.

To determine the proper corrective actions, an investigation of the nonconformities causes needs to be initiated, and this process is called root cause analysis. Corrective actions should be proportionate to the root cause of the nonconformities.

Risk analysis is also performed to plan preventative actions in the form of risk assessment. Usually, process owners will do a risk assessment of their processes. A proactive and preventive action should be applied to the identified risk considered a recurrence issue.

Why is Preventive Action important?

Preventive action, as well as corrective action, is essential for our business processes and quality systems. Not only is it required by regulatory requirements, but also necessary to continue to meet customer satisfaction by correcting the existing problems and implementing controls to prevent potential problems.

What are the benefits of Preventive Action?

Implementing preventive actions is also beneficial business practice, as it helps companies and organisations to avoid quality problems, reduce product defects, and even avoid work incidents. Preventive action does not stop at putting control to eliminate potential nonconformities; it is also helpful for the continuous improvement of quality systems and processes.

What is an example of Preventive Action?

Preventive action could be implemented in the form of regular activities held by the management to maintain the effectiveness of business processes and management systems. For example, a company or organisation would create training programs for employees to ensure they can fulfil their responsibilities.

The training programs may include induction or refreshment training of standard operating procedures intended for employees to avoid deviation from procedures and create any future nonconformities. Another example is routine equipment maintenance on the shop floor to ensure the equipment is calibrated correctly and runs as intended.

It could also be in the form of a change implemented to a current process or system. A system or process change should address weaknesses and potential issues not covered by the current system or process. In addition, doing internal audits is also part of preventive actions.

How do you write a Preventive Action Plan?

Creating a preventive action plan starts with understanding your business process.

Once you know your process, it will be easier to identify any possible problems or nonconformities which may occur in the future and determine an action to eliminate their occurrence, as well as to identify any opportunity for improvement to your quality management system. Preventative action defined should be proportionate to the effect of the potential nonconformities.

preventive action plan process

Depending on your company and the standards implemented, a preventive action plan may be created as part of your corrective and preventive action plan or risk management process. The following examples are ways that your company may create a preventive action plan.

ISO 13485:2016 – Medical Devices Quality Management Systems — Requirements for regulatory purposes

ISO 13485 describes the steps to create a preventive action as follows:

  1. Determine any possibility of nonconformities and their causes
  2. Evaluate the appropriate actions to prevent the occurrence of the nonconformities
  3. Plan, document, and implement the proposed preventive actions    
  4. Verify that the effect of the proposed actions will not adversely affect the ability of a company or organisation to meet applicable regulatory and product/service requirements
  5. Review the result of the preventive actions applied

The preventive action plan is usually incorporated as part of the corrective and preventive action procedure.

ISO 9001:2015 – Quality Management Systems — Requirements

ISO 9001 does not specifically have a separate clause or sub-clause on preventive action like ISO 13485. This is because the concept of preventive action is expressed through risk-based thinking in formulating quality management system requirements.

risk assessment chart

This means that preventive action is determined during your organisation’s risk assessment process as part of the efforts to implement risk controls to mitigate risks identified from various sources, such as nonconformities that have occurred or possible hazards that are considered.

Finally, your company or organisation can create a procedure that documents the steps and record the result of implementing the preventive actions. The result of how effective the implemented action would be is one of the inputs of management review, which should be done at least once a year by the management.


To summarise, preventive action is a proactive plan to prevent the occurrence of nonconformities that have not happened, and some examples include process changes, training plans, internal audits, and maintenance activities.

What differentiates it from corrective action is that corrective action prevents the recurrence of nonconformities, whereas preventive action prevents the occurrence of nonconformities in the future.

A preventive action process is essential so a company or organisation can meet regulatory requirements and customer expectations. It is also beneficial for the continuous improvement of quality management systems.

A preventive action plan should include risk analysis and monitoring activity toward the proposed action and its result and should also be adequately documented. Management is responsible for reviewing the impact of the proposed action once it is applied during the management review.


1.  ISO 9001 : 2015 – Quality management systems — Requirements

2. ISO 13485 : 2016 – Medical devices Quality management systems — Requirements for regulatory purposes

Learn More

our Academy e-learning course:

Do you have any questions?

Drop us an inquiry now!