Preventive Action requirement in the ISO standards

I'm curious as to how other organizations meet this requirement. My organization meets it in a few different ways: logging continuous improvements, having consistent management/staff meetings, reviewing policies/procedures on a consistent basis, to name a few. However, it often confuses auditors based on the fact that it's not in one neat and tidy ‘package’ that I can point to directly.

2 Replies
Tambra Thomas‍, auditors are working with time constraints as well as biases toward “what good looks like.” Consider having examples of CI or PA part of your Management Review record or deck, or having photos of before and after on hand for audits. You don’t have to show every example, but having a few close at hand will help the auditor quickly check “acceptable” and move on. This is especially helpful if your auditor is new to your organization or location.
Tambra Thomas‍ if you define it procedurally - x, y, and z are how we do preventive action - you should be able to point to the records for those elements. It doesn't matter if you point to a number of different processes - you just need to be able to demonstrate that you're doing it.