A preventive action is a change implemented to address a weakness in a management system that is not yet responsible for causing nonconforming product or service.
Candidates for preventive action generally result from suggestions from customers or participants in the process but preventive action is a proactive process to identify opportunities for improvement rather than a simple reaction to identified problems or complaints. Apart from the review of the operational procedures, the preventive action might involve analysis of data, including trend and risk analyses and proficiency-testing results.
The focus for preventive actions is to avoid creating nonconformances, but also commonly includes improvements in efficiency.[1] Preventive actions can address technical requirements related to the product or service supplied or to the internal management system.
Many organizations require that when opportunities to improve are identified or if preventive action is required, action plans are developed, implemented and monitored to reduce the likelihood of nonconformities and to take advantage of the opportunities for improvement. Additionally, a thorough preventive action process will include the application of controls to ensure that the preventive actions are effective.
In some settings, corrective action is used as an encompassing term that includes remedial actions, corrective actions and preventive actions.
Risk and decision making
Preventive actions rely upon on the consequences of change. Once changed, inevitably, risks should be taken into consideration. In this case preventive actions aim to minimize or, where possible, eliminate the risks.
Risks arise when little is known and understood about a particular situation. The chances of risk are minimized whilst one has better knowledge of the opportunities and consequences that could follow a situation. In order to reduce risk, a full analysis of potential best and worst results is required. Before taking into consideration any plan, people should be aware of the consequences of both success and failure. Not only the internal aspects - capability, expertise and willingness of staff- but also the external aspects of an organisation - stakeholders, customers, clients - should be assessed.[2]
Strategic risk management works with defining an organisation's approach to risk in terms of condition, attitudes and expertise. It identifies the possible areas of risk and assures that the proper approach is used. Then operational risk management will insure that steps for minimizing or eliminating the risk are followed. A strategic approach of the risk management includes studying the environment and being aware of the issues that must be considered in any situation.[2]
Risks can occur due to a range of unexpected possible and potential events outside of the organisation's control, such as: political instability, change in currency, changes of the weather which could lead to a change in customer behavior, etc.[2]
Therefore, in an organisation it is important to know and understand what events could take place, where and why. So, managers should prioritize some steps of preventive actions in order to anticipate these kind of issues, especially focusing more on:
Patterns of behavior
Accidents
Single events and errors
"Patterns of behavior" relates to the morale and motivation of people. The effects of human behavior (such as victimization, bullying, harassment and discrimination) could affect confidence, weakening the relationships meant to lead to performance.
Accidents could happen anytime and anywhere. Thus, an organisation has to assure that the accidents are kept to a minimal level. In this situation preventive actions should focus more on the nature and quality of the working environment, safety aspects and technology.
Single events and errors are very hard to be managed and impossible to be eliminated. The risk should be kept at a minimum through supervision systems, regular inspections and procedures.
In order to perform a change, an organisation has to do a forecast, deeply understanding where that event could lead and its consequences. Thus, the risk of a particular event and its probability of occurring should be clear. Using this information, one can understand and better make future decisions, proposal and initiatives.[2]
Examples in management
Preventive actions differ from one organisation to another.[3][4] Their number is vast, among them counting:
Assessing business trends
Monitoring processes
Notifications regarding any situation
Perform risk analysis
Assessing new technology
Regular training and checking
Recovery planning
Safety and security policies
Audit analysis
Technology safety and security
Nowadays, due to fast changes in engineering, there is a large emphasis in the enhancement of safety and security regarding technology. However, in order to avoid some issues, more powerful safety analysis techniques are constantly being developed. As safety and security issues can occur anytime, intentionally or not, more preventive strategies against loss or hacking are enhanced. These actions aim to focus on the possible causes of the problem, rather than solving an already critical situation.[5]
Computing
Computer security tries to defend computers by assuring that their networks are not accessed or disrupted. They approach different tactics in order to protect against attackers, creating barriers or lines of defense, through firewalls or encryption. However, losses result also from actions not executed properly (such as human errors) or from system errors among components.
Losses could be prevented through preventive strategies and tactics. Security analysts could find possible attackers, highlighting their reasons, potential and purpose. Owning proper knowledge, security experts could assess their own system and identify the most suitable defense strategy. Tracing is one of the methods used by people in order to find any issue or deficiency in their system.
Focusing first on strategy rather than tactics[6] can be achieved by adopting a new system-theoretic causality model recently developed to provide a more powerful approach to engineering for safety.[5] Causality models used in accidents are either traditional, caused by human errors, or more complex, caused by wrong interaction between components and systems errors.
STAMP (System-Theoretic Accident Model and Processes) is a model of accident causality used in investigating potential accidents that can occur. In this case, issues are seen as results of inadequate control of the safety components used.[7]
Nowadays more powerful systems that analyse safety have been created. STPA (System-Theoretic Process Analysis) uses such techniques, being based on the STAMP model of causality.[8] Once the cause is identified, STPA examines the system, creating a proper scenario that could solve the issue.
Information systems
Regarding technology, not only the safety and security of computers and isolated devices can be threatened, but also of entire complex information systems. As not all decisions made in an organisation are based on known rules, the analytical manager will examine in details the situation and anticipates potential issues that can occur. However. many decisions could have a great impact on some aspect of the organisation and cannot be easily reversed.[9]
Thus, modelling and simulating play the roles of preventive actions, being applied earlier for the design of the process, where real factual data is not available. It is an abstract representation, that includes all aspects of a process so its potential impact could be better analysed. Such a representation before implementing can be done through business process modeling (BPM).
On one hand, there are indeed the deterministic systems that rely on the input data and are capable of predicting accurate output. On the other hand, there is the probabilistic system[10] as well, which does not forecast with completely accuracy. However, both deterministic and probabilistic systems need some earlier actions that could prevent issues.[9]
Analysis and design count are among the most important activities done before starting-up a business. During analysing, one gets a better understanding over the potential of the business; a diagrammatic model ensuring the agreement between IT professionals and system users. System design aims to design the way in which the system will work, this being eventually followed by system building.[9]
In society
Preventive healthcare
Preventive healthcare or preventive medicine refers to the measures taken in order to prevent and treat diseases. As there is a wide range of diseases in the world, there is also a wide variety of factors that influence those health disorders, such as environment, genetic and lifestyle. Preventive healthcare relies on the anticipation of the diseases, before they take occur. Among these preventing methods,[11] there are:
regular check-ups at the doctors, in order to prevent risk factors or to monitor different diseases
getting scanned, such as scanning of chronic diseases (cancer, diabetes, heart diseases)
vaccinations
trying to have a healthy lifestyle, through healthy eating and regularly exercising
avoiding some harmful habits, such as tobacco or alcohol
life insurance
However, these traditional healthcare strategies[12] are not the only actions that could prevent health diseases. A very important step is recognizing and being aware of some certain health changes that can turn into real health threats. Examples of minor problems that people usually do not take seriously into consideration are numerous, such as losing involuntary weight, lasting coughs, body changes and others aches and pains. Once with noticing a disorder, people can take action by checking a specialist in order to avoid the situation getting worse.
Crime prevention
Crime prevention relies on the actions that defend and fight against criminals and crimes, such as murders, robberies, burglaries, black mail, high jacking or smuggling.
Criminologists focus on preventing the risks that can cause crime rather than reacting to crime that have already occurred.
There is a great number of techniques used in reducing crime. These could be split up into ones at a large scale, such as strategies implemented by a society or community, and others at a smaller one, such as personal security.
Examples of collective strategies preventing criminality:[13]
Increasing capacity of the police in an area
Investing in jails
Monitoring areas
Support exchange of information regarding violent activities and events
Enforcing the security
Introducing violence preventing behavior in education
However, in most of the cases people tend to rely on their own personal skills and capabilities that could help them in preventing and defending criminal attacks. For example:
Preventive actions taken against acts of terrorism could either be preventive lockdown (preemptive lockdown to mitigate the risk) or an emergency lockdown (during or after the occurrence of the risk).
The August 2019 clampdown in Jammu and Kashmir[14] is an example of preventive lockdown to eliminate the risk to the lives of civilians from the militants, violent protesters and stonepelters.
^ abcBocij, Paul; Greasley, Andrew; Hickie, Simon (2008). Business information systems : technology, development and management (4th ed.). Harlow, England: FT Prentice Hall. ISBN9780273716624.