Preventive action

Last updated

A preventive action is a change implemented to address a weakness in a management system that is not yet responsible for causing nonconforming product or service.

Contents

Candidates for preventive action generally result from suggestions from customers or participants in the process but preventive action is a proactive process to identify opportunities for improvement rather than a simple reaction to identified problems or complaints. Apart from the review of the operational procedures, the preventive action might involve analysis of data, including trend and risk analyses and proficiency-testing results.

The focus for preventive actions is to avoid creating nonconformances, but also commonly includes improvements in efficiency. [1] Preventive actions can address technical requirements related to the product or service supplied or to the internal management system.

Many organizations require that when opportunities to improve are identified or if preventive action is required, action plans are developed, implemented and monitored to reduce the likelihood of nonconformities and to take advantage of the opportunities for improvement. Additionally, a thorough preventive action process will include the application of controls to ensure that the preventive actions are effective.

In some settings, corrective action is used as an encompassing term that includes remedial actions, corrective actions and preventive actions.

Risk and decision making

Preventive actions rely upon on the consequences of change. Once changed, inevitably, risks should be taken into consideration. In this case preventive actions aim to minimize or, where possible, eliminate the risks.

Risks arise when little is known and understood about a particular situation. The chances of risk are minimized whilst one has better knowledge of the opportunities and consequences that could follow a situation. In order to reduce risk, a full analysis of potential best and worst results is required. Before taking into consideration any plan, people should be aware of the consequences of both success and failure. Not only the internal aspects - capability, expertise and willingness of staff- but also the external aspects of an organisation - stakeholders, customers, clients - should be assessed. [2]

Strategic risk management works with defining an organisation's approach to risk in terms of condition, attitudes and expertise. It identifies the possible areas of risk and assures that the proper approach is used. Then operational risk management will insure that steps for minimizing or eliminating the risk are followed. A strategic approach of the risk management includes studying the environment and being aware of the issues that must be considered in any situation. [2]

Risks can occur due to a range of unexpected possible and potential events outside of the organisation's control, such as: political instability, change in currency, changes of the weather which could lead to a change in customer behavior, etc. [2]

Therefore, in an organisation it is important to know and understand what events could take place, where and why. So, managers should prioritize some steps of preventive actions in order to anticipate these kind of issues, especially focusing more on:

"Patterns of behavior" relates to the morale and motivation of people. The effects of human behavior (such as victimization, bullying, harassment and discrimination) could affect confidence, weakening the relationships meant to lead to performance.

Accidents could happen anytime and anywhere. Thus, an organisation has to assure that the accidents are kept to a minimal level. In this situation preventive actions should focus more on the nature and quality of the working environment, safety aspects and technology.

Single events and errors are very hard to be managed and impossible to be eliminated. The risk should be kept at a minimum through supervision systems, regular inspections and procedures.

In order to perform a change, an organisation has to do a forecast, deeply understanding where that event could lead and its consequences. Thus, the risk of a particular event and its probability of occurring should be clear. Using this information, one can understand and better make future decisions, proposal and initiatives. [2]

Examples in management

Preventive actions differ from one organisation to another. [3] [4] Their number is vast, among them counting:

Technology safety and security

Nowadays, due to fast changes in engineering, there is a large emphasis in the enhancement of safety and security regarding technology. However, in order to avoid some issues, more powerful safety analysis techniques are constantly being developed. As safety and security issues can occur anytime, intentionally or not, more preventive strategies against loss or hacking are enhanced. These actions aim to focus on the possible causes of the problem, rather than solving an already critical situation. [5]

Computing

Computer security tries to defend computers by assuring that their networks are not accessed or disrupted. They approach different tactics in order to protect against attackers, creating barriers or lines of defense, through firewalls or encryption. However, losses result also from actions not executed properly (such as human errors) or from system errors among components.

Losses could be prevented through preventive strategies and tactics. Security analysts could find possible attackers, highlighting their reasons, potential and purpose. Owning proper knowledge, security experts could assess their own system and identify the most suitable defense strategy. Tracing is one of the methods used by people in order to find any issue or deficiency in their system.

Focusing first on strategy rather than tactics [6] can be achieved by adopting a new system-theoretic causality model recently developed to provide a more powerful approach to engineering for safety. [5] Causality models used in accidents are either traditional, caused by human errors, or more complex, caused by wrong interaction between components and systems errors.

STAMP (System-Theoretic Accident Model and Processes) is a model of accident causality used in investigating potential accidents that can occur. In this case, issues are seen as results of inadequate control of the safety components used. [7]

Nowadays more powerful systems that analyse safety have been created. STPA (System-Theoretic Process Analysis) uses such techniques, being based on the STAMP model of causality. [8] Once the cause is identified, STPA examines the system, creating a proper scenario that could solve the issue.

Information systems

Regarding technology, not only the safety and security of computers and isolated devices can be threatened, but also of entire complex information systems. As not all decisions made in an organisation are based on known rules, the analytical manager will examine in details the situation and anticipates potential issues that can occur. However. many decisions could have a great impact on some aspect of the organisation and cannot be easily reversed. [9]

Thus, modelling and simulating play the roles of preventive actions, being applied earlier for the design of the process, where real factual data is not available. It is an abstract representation, that includes all aspects of a process so its potential impact could be better analysed. Such a representation before implementing can be done through business process modeling (BPM).

On one hand, there are indeed the deterministic systems that rely on the input data and are capable of predicting accurate output. On the other hand, there is the probabilistic system [10] as well, which does not forecast with completely accuracy. However, both deterministic and probabilistic systems need some earlier actions that could prevent issues. [9]

Analysis and design count are among the most important activities done before starting-up a business. During analysing, one gets a better understanding over the potential of the business; a diagrammatic model ensuring the agreement between IT professionals and system users. System design aims to design the way in which the system will work, this being eventually followed by system building. [9]

In society

Preventive healthcare

Preventive healthcare or preventive medicine refers to the measures taken in order to prevent and treat diseases. As there is a wide range of diseases in the world, there is also a wide variety of factors that influence those health disorders, such as environment, genetic and lifestyle. Preventive healthcare relies on the anticipation of the diseases, before they take occur. Among these preventing methods, [11] there are:

However, these traditional healthcare strategies [12] are not the only actions that could prevent health diseases. A very important step is recognizing and being aware of some certain health changes that can turn into real health threats. Examples of minor problems that people usually do not take seriously into consideration are numerous, such as losing involuntary weight, lasting coughs, body changes and others aches and pains. Once with noticing a disorder, people can take action by checking a specialist in order to avoid the situation getting worse.

Crime prevention

Crime prevention relies on the actions that defend and fight against criminals and crimes, such as murders, robberies, burglaries, black mail, high jacking or smuggling.

Criminologists focus on preventing the risks that can cause crime rather than reacting to crime that have already occurred.

There is a great number of techniques used in reducing crime. These could be split up into ones at a large scale, such as strategies implemented by a society or community, and others at a smaller one, such as personal security.

Examples of collective strategies preventing criminality: [13]

However, in most of the cases people tend to rely on their own personal skills and capabilities that could help them in preventing and defending criminal attacks. For example:

Anti-terrorism operation

Preventive actions taken against acts of terrorism could either be preventive lockdown (preemptive lockdown to mitigate the risk) or an emergency lockdown (during or after the occurrence of the risk).

The August 2019 clampdown in Jammu and Kashmir [14] is an example of preventive lockdown to eliminate the risk to the lives of civilians from the militants, violent protesters and stonepelters.

See also

Related Research Articles

<span class="mw-page-title-main">Risk management</span> Identification, evaluation and control of risks

Risk management is the identification, evaluation, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability or impact of unfortunate events or to maximize the realization of opportunities.

<span class="mw-page-title-main">Safety</span> State of being secure from harm, injury, danger, or other non-desirable outcomes

Safety is the state of being "safe", the condition of being protected from harm or other danger. Safety can also refer to the control of recognized hazards in order to achieve an acceptable level of risk.

<span class="mw-page-title-main">Hazard analysis and critical control points</span> Systematic preventive approach to food safety

Hazard analysis and critical control points, or HACCP, is a systematic preventive approach to food safety from biological, chemical, and physical hazards in production processes that can cause the finished product to be unsafe and designs measures to reduce these risks to a safe level. In this manner, HACCP attempts to avoid hazards rather than attempting to inspect finished products for the effects of those hazards. The HACCP system can be used at all stages of a food chain, from food production and preparation processes including packaging, distribution, etc. The Food and Drug Administration (FDA) and the United States Department of Agriculture (USDA) require mandatory HACCP programs for juice and meat as an effective approach to food safety and protecting public health. Meat HACCP systems are regulated by the USDA, while seafood and juice are regulated by the FDA. All other food companies in the United States that are required to register with the FDA under the Public Health Security and Bioterrorism Preparedness and Response Act of 2002, as well as firms outside the US that export food to the US, are transitioning to mandatory hazard analysis and risk-based preventive controls (HARPC) plans.

In science and engineering, root cause analysis (RCA) is a method of problem solving used for identifying the root causes of faults or problems. It is widely used in IT operations, manufacturing, telecommunications, industrial process control, accident analysis, medicine, healthcare industry, etc. Root cause analysis is a form of inductive and deductive inference.

Troubleshooting is a form of problem solving, often applied to repair failed products or processes on a machine or a system. It is a logical, systematic search for the source of a problem in order to solve it, and make the product or process operational again. Troubleshooting is needed to identify the symptoms. Determining the most likely cause is a process of elimination—eliminating potential causes of a problem. Finally, troubleshooting requires confirmation that the solution restores the product or process to its working state.

Reliability engineering is a sub-discipline of systems engineering that emphasizes the ability of equipment to function without failure. Reliability describes the ability of a system or component to function under stated conditions for a specified period of time. Reliability is closely related to availability, which is typically described as the ability of a component or system to function at a specified moment or interval of time.

<span class="mw-page-title-main">Lockdown</span> Emergency protocol that prevents people or information from leaving an area

A lockdown is a restriction policy for people, community or a country to stay where they are, usually due to specific risks that could possibly harm the people if they move and interact freely.

Software assurance (SwA) is a critical process in software development that ensures the reliability, safety, and security of software products. It involves a variety of activities, including requirements analysis, design reviews, code inspections, testing, and formal verification. One crucial component of software assurance is secure coding practices, which follow industry-accepted standards and best practices, such as those outlined by the Software Engineering Institute (SEI) in their CERT Secure Coding Standards (SCS).

<span class="mw-page-title-main">Accident analysis</span> Process to determine the causes of accidents to prevent recurrence

Accident analysis is a process carried out in order to determine the cause or causes of an accident so as to prevent further accidents of a similar kind. It is part of accident investigation or incident investigation. These analyses may be performed by a range of experts, including forensic scientists, forensic engineers or health and safety advisers. Accident investigators, particularly those in the aircraft industry, are colloquially known as "tin-kickers". Health and safety and patient safety professionals prefer using the term "incident" in place of the term "accident". Its retrospective nature means that accident analysis is primarily an exercise of directed explanation; conducted using the theories or methods the analyst has to hand, which directs the way in which the events, aspects, or features of accident phenomena are highlighted and explained. These analyses are also invaluable in determining ways to prevent future incidents from occurring. They provide good insight by determining root causes, into what failures occurred that lead to the incident.

Corrective and preventive action consists of improvements to an organization's processes taken to eliminate causes of non-conformities or other undesirable situations. It is usually a set of actions, laws or regulations required by an organization to take in manufacturing, documentation, procedures, or systems to rectify and eliminate recurring non-conformance. Non-conformance is identified after systematic evaluation and analysis of the root cause of the non-conformance. Non-conformance may be a market complaint or customer complaint or failure of machinery or a quality management system, or misinterpretation of written instructions to carry out work. The corrective and preventive action is designed by a team that includes quality assurance personnel and personnel involved in the actual observation point of non-conformance. It must be systematically implemented and observed for its ability to eliminate further recurrence of such non-conformation. The Eight disciplines problem solving method, or 8D framework, can be used as an effective method of structuring a CAPA.

<span class="mw-page-title-main">Swiss cheese model</span> Model used in risk analysis

The Swiss cheese model of accident causation is a model used in risk analysis and risk management, including aviation safety, engineering, healthcare, emergency service organizations, and as the principle behind layered security, as used in computer security and defense in depth. It likens human systems to multiple slices of Swiss cheese, which has randomly placed and sized holes in each slice, stacked side by side, in which the risk of a threat becoming a reality is mitigated by the differing layers and types of defenses which are "layered" behind each other. Therefore, in theory, lapses and weaknesses in one defense do not allow a risk to materialize, since other defenses also exist, to prevent a single point of failure. The model was originally formally propounded by James T. Reason of the University of Manchester, and has since gained widespread acceptance. It is sometimes called the "cumulative act effect".

Quality engineering is the discipline of engineering concerned with the principles and practice of product and service quality assurance and control. In software development, it is the management, development, operation and maintenance of IT systems and enterprise architectures with a high quality standard.

The system safety concept calls for a risk management strategy based on identification, analysis of hazards and application of remedial controls using a systems-based approach. This is different from traditional safety strategies which rely on control of conditions and causes of an accident based either on the epidemiological analysis or as a result of investigation of individual past accidents. The concept of system safety is useful in demonstrating adequacy of technologies when difficulties are faced with probabilistic risk analysis. The underlying principle is one of synergy: a whole is more than sum of its parts. Systems-based approach to safety requires the application of scientific, technical and managerial skills to hazard identification, hazard analysis, and elimination, control, or management of hazards throughout the life-cycle of a system, program, project or an activity or a product. "Hazop" is one of several techniques available for identification of hazards.

Nancy G. Leveson is an American specialist in system and software safety and a Professor of Aeronautics and Astronautics at MIT, United States.

A safety management system (SMS) is designed to manage safety risk in the workplace, occupational safety being defined as the reduction of risk to a level that is as low as is reasonably practicable (ALARP) to prevent people getting hurt.

Organizational safety is a contemporary discipline of study and research developed from the works of James Reason, creator of the Swiss cheese model, and Charles Perrow author of Normal Accidents. These scholars demonstrated the complexity and system coupling inherent in organizations, created by multiple process and various people working simultaneously to achieve organizational objectives, is responsible for errors ranging from small to catastrophic system failures. The discipline crosses professions, spans industries, and involves multiple academic domains. As such, the literature is disjointed and the associated research outcomes vary by study setting. This page provides a comprehensive yet concise summary of safety and accidents organizational knowledge using internal links, external links, and seminal literature citations.

In computer security, a threat is a potential negative action or event facilitated by a vulnerability that results in an unwanted impact to a computer system or application.

Human factors are the physical or cognitive properties of individuals, or social behavior which is specific to humans, and influence functioning of technological systems as well as human-environment equilibria. The safety of underwater diving operations can be improved by reducing the frequency of human error and the consequences when it does occur. Human error can be defined as an individual's deviation from acceptable or desirable practice which culminates in undesirable or unexpected results.

Dive safety is primarily a function of four factors: the environment, equipment, individual diver performance and dive team performance. The water is a harsh and alien environment which can impose severe physical and psychological stress on a diver. The remaining factors must be controlled and coordinated so the diver can overcome the stresses imposed by the underwater environment and work safely. Diving equipment is crucial because it provides life support to the diver, but the majority of dive accidents are caused by individual diver panic and an associated degradation of the individual diver's performance. - M.A. Blumenberg, 1996

Tripod Beta is an incident and accident analysis methodology made available by the Stichting Tripod Foundation via the Energy Institute. The methodology is designed to help an accident investigator analyse the causes of an incident or accident in conjunction with conducting the investigation. This helps direct the investigation as the investigator will be able to see where more information is needed about what happened, or how or why the incident occurred.

A bow-tie diagram is a graphic tool used to describe an accidental event in terms of its initial causes, ultimate negative consequences, and safety barriers designed to prevent or control the associated hazards. It can be considered as a simplified, linear representation of a fault tree combined with an event tree, although it can maintain the quantitative, probabilistic aspects of the fault and event tree when it is used in the context of quantified risk assessments. The diagram visualizes an unintended event, usually one with the potential to escalate to undesired consequences, with all its credible initiating causes on the left of the event and its ultimate outcomes on the right. A number of barriers, either hard/engineered or administrative/procedural, are placed on the path from the initiators to the final outcomes. The shape of the diagram resembles a bow tie, after which it is named.

References

  1. "THE PA PART OF CAPA". MATLEN SILVER. 2011. Archived from the original on June 2, 2013. Retrieved December 15, 2012.
  2. 1 2 3 4 Pettinger, Richard (2006). Introduction to management (4th ed.). Basingstoke [u.a.]: Palgrave Macmillan. ISBN   9780230000384.
  3. "ISO 9001 Quality Systems Toolbox - Preventive Action". Archived from the original on 2015-11-02. Retrieved 2015-11-03.
  4. "What's the Difference Between Corrective Action and Preventive Action?". 20 August 2018.
  5. 1 2 Young, William; Leveson, Nancy G. (February 2014). "An integrated approach to safety and security based on systems theory" (PDF). Communications of the ACM. 57 (2): 31–35. doi:10.1145/2556938 . Retrieved 15 February 2023.
  6. "The Difference between Strategy and Tactics".
  7. "SKYbrary".
  8. Thomas, John (2013). "Systems Theoretic Process Analysis (STPA) Tutorial" (PDF). psas.scripts.mit.edu/. Archived (PDF) from the original on 9 December 2022. Retrieved 15 February 2023.
  9. 1 2 3 Hickie, Paul Bocij, Andrew Greasley, Simon (2008). Business information systems : technology, development and management (4th ed.). Harlow, England: FT Prentice Hall. ISBN   9780273716624.{{cite book}}: CS1 maint: multiple names: authors list (link)
  10. "Differentiate between Deterministic and Probabilistic Systems". 30 January 2013.
  11. "Archived copy". Archived from the original on 2019-11-16. Retrieved 2017-09-10.{{cite web}}: CS1 maint: archived copy as title (link)
  12. "Preventive health care: MedlinePlus Medical Encyclopedia".
  13. "What really cleaned up New York". 19 November 2011.
  14. Jeffrey, Gettleman; Raj, Suhasini; Schultz, Kai; Kumar, Hari (5 August 2019). "India Revokes Kashmir's Special Status, Raising Fears of Unrest". The New York Times. Retrieved 2019-08-08.