We took an integrated course at our site last year with the BRC. I have completed a recent internal audit at one of our sites, and have a question I hope you can help me with.
I have a finding that there was no documented procedure for Preventative Action. They have countered that this requirement is covered with the following statement from their Quality Manual:
4.9 Operational Controls
Based on the risks that have been assessed, necessary operational controls shall be determined and implemented.
Does this simple statement cover the needs of ISO 9001:2008 (8.5.3 Preventive Action)?
Greetings! The simple answer is NO … .it does not cover the requirement of 8.5.3 Preventive action in ISO 9001:2008 or the requirement for 4.5.3 – Nonconformity, corrective and preventive action in ISO 14001. (I know the specific question was about Quality – but there was also an Environmental reference.)
While in both standards there are requirements for procedures – to the specific requirement for 8.5.3 in ISO 9001:2008 – there is a specific requirement for a DOCUMENTED procedure for ISO 9001:2008. This means that while the actual preventive actions may be addressed in a variety of places, there is a specific requirement for a procedure that points to these places.
In 8.5.3 a) through e) there are specific sub-sections that must be responded to. These provide the detail for preventive action activities – REQUIREMENTS (EXPECTATIONS) – that must be covered. Based on the information provided, this information is not available.
A simple example – you are a doctor and you ask me to provide you information on my diet. I say that for my age I consider the risk and eat a lot of ice cream for dessert. While I have given you a component of my diet (which is true) I have not given the detail of what the diet actually is – which is what is necessary for decision making. Hope this helps. As always, I am prepared to further clarify if you have additional specifics.
– Michael Haycock, Sr. BRC Quality Consultant