Preventive actions are pro-active - you take action to stop something from happening. This is also called addressing risk.
Preventive actions are pro-active - something could go wrong and these are actions taken to stop it from happening, or to stop it from becoming too severe.
ISO 9001:2015 has no clause referring to 'preventive action'. Instead, the concept is embedded in 'risk-based thinking' that is part of your planning processes to address risks and opportunities (clause 6.1).
In order to identify risks that need preventive action, adequate monitoring and controls must be in place in the quality system to assure that potential problems are identified and addressed before they happen. The same monitoring and review processes can be used to identify an opportunity and plan actions to ensure it does happen.
You can identify risks and opportunities in a number of ways:
Once you've identified a potential source of problems and the possible effects, you need to assess how likely it is to happen, and whether the costs associated with reducing the risk are worth it. This is effectively risk-management.
If you are documenting a Preventive Action or 'Managing Risk' procedure, you should include information on:
Although there's no explicit requirement to keep records under ISO 9001:2015 clause 6.1, you might decide that you ought to based on clause "4.4 QMS and its processes", which states that you should 'retain documented information' ... 'to the extent necessary' ..to.. 'have confidence that the processes are being carried out as planned'.
The records you keep on actions taken provide evidence that an effective quality system has been implemented and that it is able to anticipate, identify and eliminate potential problems.
If you decide to do nothing in response to an identified risk, be sure to document the reasons behind the decision.
You can document Risks and their controls in Toolbox under the 'Risks' module. You could also record them as an Issue in the 'Issues' module. Our user guide has more information on how Toolbox helps you manage various kinds of issues, and how to manage risk assessments