|
In this article we will review the additional requirements for preventive actions (chapter 8.5.3 - preventive action) as specified by the ISO 13485 Standard with reference to the ISO 9001 Standard.
The preventive action requirements within the ISO 13485 Standard are not so complex. The main differences are within the documentation requirements.
The requirement for preventive action (the PA - PREVENTIVE ACTION from the CAPA) is included within chapter 8.5 – Improvement. Within the most basic requirement, the purpose of the preventive action is to: - Eliminate problems/Nonconformities
- Achieve improvement within processes
The organization is required to take actions to eliminate potential Nonconformities - this is improvement. How to achieve? With the PA (from the CAPA). The ISO 13485 Standard requires you to locate the potential Nonconformities and to eliminate the cause. The purpose is to prevent them from happening before they occurred. And yes, you are required to maintain a procedure describing the process of preventing the Nonconformities and to document the process itself. It is not a recommendation but a requirement.
The organization must take actions to eliminate any cause for potential nonconformities in order to prevent them from happening in the first place. The preventive actions would be appropriate to the nonconformity. Here are the specifications of the requirements:
ISO 9001
| ISO 13485
| The organization must determine a method to eliminate the nonconformities - including customer's complaints. The organization must maintain a documented procedure describing the process of detecting and treing the preventive action.
| The organization must determine a method to eliminate the nonconformities - including customer's complaints. The organization must maintain a documented procedure describing the process of detecting and treating the preventive action.
| The documented procedure must refer to the next issues:
| The documented procedure must refer to the next issues:
| The organization should determine what the potential cause for the nonconformity is.
| The organization should determine what the potential cause for the nonconformity is.
| For any cause that was detected the organization must evaluate if a preventive action is required. The evaluation is required to ensure that the nonconformity would not occur again.
| For any cause that was detected the organization must evaluate if a preventive action is required. The evaluation is required to ensure that the nonconformity would not occur again.
| After determining that a preventive action is needed, you must determine what would be the preventive action and to implement it
| After determining that a preventive action is needed, you must determine what would be the preventive action and to implement it | The preventive action must be documented and the records should be covered by the records control procedure.
| The investigation prior to the preventive action and the preventive action itself must be documented and their records should be covered by the records control procedure.
| The preventive action must be reviewed periodically.
| The preventive action and its effectiveness must be reviewed periodically.
|
Description for Preventive action – an action taken to eliminate a potential event that might cause Nonconformity. In this case the Nonconformity has not occurred yet. After you identified the cause that would generate Nonconformity, you are required to initiate an action to eliminate it: The Preventive action. You must also document it. Why must you document it? For supervision. After a defined period of time (documented within a procedure) you must examine whether the Preventive action was sufficient, effective and the Nonconformity had not occurred like expected. - Preventive action objectives – you must define what is required by the preventive action taken. The objective could be a numerical, quantitative or a quality requirement – whatever is appropriate for your organization. It is not a recommendation but an ISO 13485 Standard requirement.
Before executing the preventive action, it is required to consider cost effective of the preventive action. Some action may cost a lot. You must examine whether it is cost effective to execute the action. Sometimes it would not be worth taking an action. It would be too expensive. The organization would rather live with the nonconformity – as long as the customer's requirements and regulatory are maintained!! But, you must document the fact that you initiated a preventive action, examined it and decided to withdraw. Again, documentation here is required by the ISO 13485 Standard.
- Closing date for the preventive action – All preventive actions should be limited within time frame to measure its effectiveness. You performed a preventive action. That is good but not enough. According to the ISO 13485 requirements, you must define time frames (according to your needs) to examine its effectiveness. The date indicates when the preventive action would be examined.
- The preventive action results – the ISO 13485 Standard requires you to observe the preventive action taken and to verify its objectives. You must indicate (and document) the status of the preventive action. You must document what are its results: success, failure or perhaps more time is required to examine its effectiveness - it is also possible. Bottom line, you must examine (and document) that the nonconformity that was predicted, indeed was prevented. Then and only then, you may close the preventive action. When a preventive action was found as not successful it is recommended to open a new one. It is not required by the ISO 13485 Standard but an unsuccessful preventive action indicates the potential Nonconformity is still hanging over your heads – and that is forbidden by the ISO 13485 Standard (unless you defined it otherwise – that you considered and reached a decision – the cost effective topic).
Allow me to remind you again; you must maintain a documented procedure defining the process of preventive action: - Recognizing a potential Nonconformity
- Where and how to document it
- The investigation what is the cause
- The action taken
- The closing
This procedure shall act as one of your Quality procedures required to maintained by the ISO 13485 Standard.
You must also maintain documentation of the process itself: - The nonconformity detected
- The cause
- The preventive action taken
- Its objectives (including time frames)
- The results
So far the 9001 requires the same. Let me review the additional requirements of the 13485. The 13485 requires us is to ensure that the preventive action taken would not only be implemented and documented, but also any documentation that is related to the nonconformity is update as well. The changes depended where the preventive action influenced: changes occurred within the quality policy – update should be made within the quality manual, changes occurred within process documentation – update should be made within working procedures and where appropriate the records and documents control process etc. The ISO 9001 Standard requires documenting the preventive action itself but not the investigation. The ISO 13485 Standard (within paragraph d) requires the organization to document the investigation as well. We think that it is not that horrible and we shall also explain. Any way you conduct the investigation. Otherwise you won't find out what is the cause for the nonconformity. So, document it as well. Don't forget to update the Preventive action procedure about documenting the investigation. Within the last additional requirement (paragraph e) indicates that it's not enough to document the preventive action as a successful one - you must prove it. How? By presenting the data prior to the preventive action and the data after the preventive action In this case you would have to present a static picture where a potential nonconformity was prevented the day was saved and life goes on as usual. |
