CAPA

Corrective Action and Preventive Action

Where to Locate Preventive Action Sources

3 Comments / CAPA / By / , ,

%name Where to Locate Preventive Action Sources

The author discusses why preventive action is important in developing a sustainable and robust quality system and where to locate preventive action sources.

Most ISO auditors and FDA inspectors view CAPA as one of the most important processes in your quality system. Still, the approach to preventive actions is distinctly different between the ISO Quality System Standards (i.e., – ISO 9001 and ISO 13485) and FDA regulations (i.e., – 21 CFR 820.100). Throughout the FDA QSR, corrective action and preventive action are always found together, while in the ISO Standards, preventive action is a separate clause (i.e., – Clause 8.5.3). The wording of the two clauses is nearly identical, but ISO certification auditors tend to be purists. Therefore, your ISO certification auditor will expect you to have at least some examples of CAPAs that are 100% preventive. Many auditors will issue a nonconformity if you have no examples that are 100% preventive.

Why is Preventive Action Important?

While I was conducting certification audits, I noticed that the better quality systems tended to have several examples of preventive actions. There were a few companies that had more preventive actions than corrective actions, and the quality systems at those companies happened to be much stronger in general—not just their CAPA process. Is this a coincidence?

No, the CAPA process is how you correct and prevent quality problems. In order to find preventive actions, you have to develop your other quality system processes. These companies have strategically chosen to create their quality systems to a higher level of performance because they know that preventing quality problems results will cost substantially less than waiting until problems occur, and then fixing those problems. These companies often talk about the “Cost of Quality,” and when you tour their facility, you see quality objectives being communicated to everyone.

I have only had a couple of clients in the past decade that argued about the importance of preventive actions, but most clients ask me, “Where can we find more?”

Guidance Documents

As a certification auditor, I was not allowed to “consult,” but was able to mention guidance documents that might help. Therefore, the number one guidance document I recommend is 13485 Plus (a document sold by the Canadian Standards Association – http://bit.ly/ShopCSA).

13485 Plus includes all Clauses of the 13485 Standard, including text from ISO 14969—an international guidance document for the implementation of ISO 13485. In section 8.5.3 of the guidance document, you will find the following list of preventive action sources:

  1. The purchased product rejected on receipt
  2. Evidence that previous decisions affecting product conformity were false
  3. Products requiring rework
  4. In-process problems, wastage levels
  5. Final inspection failures
  6. Customer feedback,
  7. Warranty claims,
  8. Process measurements,
  9. Statistical process control documents,
  10. Identification of results that are out-of-trend, but not out-of-specification,
  11. Difficulties with suppliers,
  12. Service reports, and
  13. Need for concessions.
Practical Experience

In addition to the sources listed in guidance documents, there are three other sources that I like to recommend consulting clients. One source is your internal audit process. Auditors verify the conformity of processes, but internal auditors should also look for processes that are inefficient and need improvement. When auditors are performing a process audit, some process owners have difficulty identifying process metrics that are being tracked for each process. Auditors should be trained to follow the audit trail when process monitoring is absent because processes that are not already measured usually have more room for improvement than processes currently being measured.

Another source of preventive actions is the Total Product Lifecycle Database on the FDA website (http://bit.ly/FDATPLC). Every three-letter product code has a corresponding database report that you can use to identify product malfunctions and adverse events associated with competitor products. Learning from the mistakes of your competitors and implementing appropriate preventive actions internally is a great way to avoid the need for corrective actions—especially for design malfunctions.

The most fruitful source of preventive actions, however, is data analysis of process control monitoring. This source can identify negative trends within your company’s manufacturing process and suppliers’ processes. Catching a negative trend before products and components are nonconforming reduces the number of corrective actions needed, the cost of scrap or rework, and eliminates delays that result in customer complaints.

Setting a CAPA Quality Objective

As your company begins to develop additional sources of preventive actions, you may want to consider establishing a Quality Objective for your CAPA process. The most common Quality Objectives for a CAPA process are:

  1. Initiate at least one new preventive action per quarter
  2. Close all CAPAs within 90 days
  3. Reduce the average aging of CAPAs to <45 days

However, I would like to suggest another possible Quality Objective:

  1. Increase the ratio of preventive actions to corrective actions to > 1.00

To be successful in achieving this Quality Objective, you will need to increase your preventive actions and decrease the number of corrective actions. The reduction of corrective actions indicates that you are identifying potential problems before corrective action is required. In contrast, the increase in preventive actions indicates that your process for identifying potential problems is becoming more effective.

%name Where to Locate Preventive Action Sources

If you are interested in learning more about preventive action, please register for the Medical Device Academy’s CAPA Workshop on September 9 in Orlando, or on October 3 in San Diego. Click here to register for the event: http://bit.ly/MDAWorkshops.

Root cause analysis – Learn 4 tools

16 Comments / CAPA / By / ,

The author describes four tools (Five Why Analysis, Is/Is Not Analysis, Fishbone Diagram, and Pareto Analysis) and how each one can help conduct effective root cause analysis.

Quality problems are like weeds. If you don’t pull them out by the root, they grow right back.

Training on the 4 Tools

Most companies are doomed to repeat their mistakes because the root cause of their mistakes is not fixed. Why don’t companies fix their mistakes? Because the people responsible for the corrective actions (CAPA), were not adequately trained on root cause analysis. Adequate training on root cause analysis requires three things:

  1. Courage to admit that your process is broken
  2. Learning more than one tool for analyzing problems
  3. Practicing the use of root cause analysis tools

If your auditor identifies a nonconformity and you disagree with the finding, then you should not accept the finding and state your case. If an inspector rejects a part, and you believe the part is acceptable, then you should allow the part to be used “as is.” In both of these cases, however, you need to be very careful. Sometimes the problem is that “acceptable” is not as well-defined as we thought. I recommend pausing a moment and reflecting on what your auditors and inspectors are saying and doing. You may realize that you caused the problem.

Once you have accepted that there is a problem, you need to learn how to analyze the problem. There are five root cause analysis tools that I recommend:

Root Cause Analysis Tool # 1 – 5 Why Analysis

A “Five Why Analysis” is not just five questions that begin with the word “why.” Taiichi Ohno is credited with institutionalizing the “Five Why Analysis” at Toyota as a tool to drill down to the root cause of a problem by asking why five times. I have read about this, used this tool, and taught this concept to students, but I learned of a critical instruction that I was missing when I read Toyota Under Fire.

In that book, Jeff Liker makes the following statement, “Toyota Business Practices dictates using the ‘Five Whys’ to get to the root cause of a problem, not the ‘Five Whos’ to find a fire the guilty party.” At the end of the book, there are lessons learned from Toyota’s experience. Lesson 2 says, “There is no value to the Five Whys if you stop when you find a problem that is outside of your control.” If your company is going to use this tool, it is important that the responsible person is the one performing the five why analysis, and asks why they didn’t take into account forces that are out of their control.

5 why analysis for root cause analysis 1024x700 Root cause analysis Learn 4 tools

Root Cause Analysis Tool # 2 – Is/Is Not Analysis

The next tool was presented to me at an AAMI course that I attended on CAPA. One of the instructors was from Pathwise, and he explained the “Pathwise Process” to us for problem-solving. A few years later, I learned that this tool is called the “Is/Is Not Analysis.” This tool is intended to be used when you are having trouble identifying the source of a problem. This method involves asking where the problem is occurring as a potential clue to the reason for the problem. For example, if the problem only occurs on one machine, you can rule out a lot of possible factors and focus on the few that are machine-specific.

The reverse approach is also used to help identify the cause. You can ask where the problem is not occurring. This approach may also lead you to possible solutions to your problem. For example, if the problem never occurs on the first or second shift, you should focus on the processes and the people that work on the third shift to locate the cause. The “Is/Is Not Analysis” is seldom used alone, but it may be the first step toward locating the cause of a quality problem.

Root Cause Analysis Tool # 3 – Fishbone Diagram

fishbone Root cause analysis Learn 4 tools

This name comes from the shape of the diagram. Other names for this diagram are the “Cause and Effect” or “Ishikawa” diagram. If a problem is occurring in low frequency and has always existed, this might not be your first tool. However, I typically start with this tool when I am doing an investigation of nonconforming product—especially when rejects suddenly appear.

If you are baffled about the cause of a problem, brainstorming the possible causes in a group sometimes works. However, I like to organize and categorize the ideas from a brainstorming session into the “6Ms” of the Fishbone Diagram.

Root Cause Analysis Tool # 4 – Pareto Analysis

The fourth root cause analysis tool is the Pareto Analysis named after Antoine Pareto. This tool is also a philosophy that was the subject of a book called The 80/20 Principle: The Secret to Achieving More with Less. The Pareto Analysis is used to organize a large number of nonconformities and prioritize the quality problems based upon the frequency of occurrence. The Pareto Chart presents each challenge in descending order from the highest rate to the lowest frequency. After you perform your Pareto Analysis, you should open a CAPA for the #1 problem, and then open a CAPA for the #2 problem. If you get to #3, consider yourself lucky to have the time and resources for it. We have an example of a Pareto Chart in our article on FDA 483 inspection observations from 2013.

Additional Training Resources

If you are interested in learning more about root cause analysis and practicing these techniques, please register for the Medical Device Academy’s Risk-Based CAPA training.

A3 Reports – The Missing Link to Effective CAPA Process Management

Leave a Comment / CAPA / By / ,

A3 Workbook A3 Reports – The Missing Link to Effective CAPA Process ManagementYour CAPA process is the most important process in your Quality System for two reasons. First, CAPA is the tool you use to fix quality problems. Second, your CAPA process is guaranteed to be an area of interest for your next FDA inspector.

If CAPA is so important, why do companies still have inefficient CAPA processes?

When auditors review a CAPA process, some of them start by reading the procedure. When FDA writes a 483 observation about CAPA processes, the wording begins with “Procedures for corrective and preventive action have not been adequately established. Specifically…”. The approach of auditors and inspectors seems to suggest that your procedure is the key to an effective CAPA process, but your procedures are not the reason for the success or failure of processes.

Processes are effective when the management of the processes is effective. If a CAPA falls behind schedule, writing a justification for an extension is a process “solution.” A real solution is managing the process better. Management needs to monitor the progress of CAPAs regularly, should prioritize resources to ensure that CAPAs are completed on time, and needs to make decisions on which actions should be taken to prevent recurrence of quality problems. Therefore, you need to spend more time developing a method of managing CAPAs than you spend developing the CAPA process itself.

What is an A3 Report?

An A3 report is a tool that is ideally suited for managing CAPAs. “A3” refers to the size of the paper used (i.e., – approximately 11”x17”). An A3 report is a one-sided, single piece of paper that is used to build consensus among company management when you are making an important decision. The initial draft of the A3 report is distributed to each of the affected departments to ensure that all possible inputs to a quality problem are received. By encouraging 360-degree feedback for a proposed solution to a quality problem, you will ensure that the CAPA you develop addresses the issue completely.

In addition to encouraging 360-degree feedback, an A3 report includes an analysis of the problem, identification of the cause, proposed actions that require management decision, a section for documenting actions taken, and a follow-up section for management to review at specific milestones during the implementation plan. Including all of this information in one page forces CAPA owners to summarize information for management, and the standardized format makes it easier for managers to locate the information they want.

Here’s how these sections would be used for managing CAPAs.

Analysis of the Problem

This section is identical to the section of a traditional CAPA record, where the investigation of the problem is documented. This is where tools such as 5 Why analysis, Pareto charts, and Fishbone Diagrams would be used to illustrate the analysis of the problem. This section may change a great deal during the 360-degree review of the A3 report.

Root Cause or Potential Cause

In this section, there should be a concise statement of the root cause for corrective action plans or the potential cause(s) for preventive action plans. During the initial review of the A3 report, management may ask the person or team assigned to the CAPA to investigate the problem in greater depth or investigate other possible sources of information if the analysis appears to be inadequate. Management should also ensure that the causes are within the control of the company to correct or prevent. Identifying a cause that is outside the control of the company is just placing blame.

Proposed Actions

This section is similar to a typical CAPA plan, but the section includes the reason(s) why the proposed actions are recommended. The reasons why actions are proposed is important during the process of management reviewing the initial A3 report and approving the recommended actions. The best practice is to phrase the reasons in terms of quantitative results that will be achieved because this will provide a framework for metrics during follow-up by management.

Actions Taken

This section of the A3 report is updated throughout the implementation of the project. By comparing this section with proposed actions, management can monitor the status of each task included in the CAPA plan.

Follow-up

This section of the A3 report identifies how management will monitor the implementation of actions and when. The initial A3 report identifies what management will be monitoring, how it will be monitored, and at what milestones. Ideally, the monitoring includes quantitative metrics that demonstrate the effectiveness of the CAPA. During the implementation of the CAPA plan, actual metrics will be recorded in this section, and any adjustments that management makes are recorded here.

If you are interested in learning more about A3 reports, you can learn more from Daniel Matthews at http://bit.ly/A3Workbook.

You can also learn more about improving your CAPA process by attending one of the workshops on CAPA: September 9 in Orlando or October 3 in San Diego. Each workshop is one day, and early bird pricing is $249 per day if you register before August 1. Click Here to learn more: http://bit.ly/12AxxQ0

CAPA Form – 15 tips to avoid CAPA failure

5 Comments / CAPA / By / ,

This blog reviews 15 tips for creating an effective CAPA form including source, quality issue description, and the root cause investigation.

Your cart is empty

CAPA Form 1024x362 CAPA Form 15 tips to avoid CAPA failure

The reason for creating a “great CAPA form” is to improve the effectiveness of your CAPA process. Anyone in your company could be assigned to a CAPA, but not everyone is a CAPA expert. Therefore, designing an effective CAPA form can reduce errors and improve the effectiveness of the actions taken. You can also purchase our CAPA procedure and CAPA form, which is compliant with ISO 13485:2016.

Corrective and Preventive Action CAPA Procedure CAPA Form 15 tips to avoid CAPA failure
SYS-024 Corrective and Preventive Action (CAPA) Procedure, Form, and Log
SYS-024 - Medical Device Academy's newly updated CAPA procedure is a 6-page procedure. Your purchase will also include our CAPA form (FRM-009), and our CAPA log (LST-005). The procedure is compliant with ISO 13485:2016, 21 CFR 820.100, SOR 98/282, and the EU MDR. You will also receive free updates in the future. We are currently distributing our 16th version of the procedure.
Price: $299.00

Provide adequate space in CAPA form

The most important feature of a CAPA form is to ensure that there is adequate space for writing a complete response for each section. Having sufficient space is more important than the benefits of a shorter record.

Date your CAPA form was initiated

The date your CAPA form begins to be completed can be used to verify that there was no “undue delay” in the initiation of a CAPA in response to internal audit findings. The date of initiation is also used to calculate the due date for completing the investigation and providing a corrective/preventive action plan.

Include a cross-reference number in your CAPA form

This is typically a sequentially assigned CAPA log number. Ensure the number is prominent on all pages—just in case pages are separated.

CAPA source

The source of a CAPA is useful information when performing data analysis—especially for internal audits where the audit schedule should reflect the results of previous audits. Examples of CAPA sources include:

  • Complaints/Reportable Events
  • Internal, Supplier, and Third-Party Audits
  • Service Work Orders
  • Nonconforming Materials
  • Management Reviews

Description of CAPA issue

I use the word “issue” instead of nonconformity because you need a CAPA form that will work for potential nonconformities (i.e., – preventive actions), as well as nonconformities. Typically, the wording is identical to a customer complaint or an auditor’s text, but the description of the issue identifies the symptoms observed. Specific references to records, locations, times, equipment, products, and personnel involved may be necessary for the root cause investigation.

The investigator assigned and target due date for the plan

In ISO 13485:2016, the only change to the requirements for corrective actions and preventive actions was the clarification that planning is required. Since this was always implied in the standard, your procedure should already comply with clauses 8.5.2 and 8.5.3 in the 2016 version of ISO 13485.

This section of your CAPA form should identify who is going to investigate the root cause of the issue and the date that a corrective/preventive action plan is needed. The FDA requires submitting a corrective action plan for all 483 observations within 15 business days, or it will result in an automatic Warning Letter. Most certification bodies require a plan within 30 days. Your target due date should be risk-based unless there is a specific regulatory requirement. The date will also need to be based upon the date the issue was identified—not necessarily the date the CAPA was initiated.

Documenting the investigation of the root cause is the #1 item in a CAPA form

This section always reminds me of the story about the Ohno Circle. Every company asks if they can close a nonconformity during an audit, and the answer should always be “No.” You can correct a problem, but you cannot perform a root cause investigation and implement an effective corrective action during the same audit. You need to investigate the cause and the investigation documented. Some companies include a specific tool in this section, such as a “Fishbone Diagram.” This is also a mistake because there are many root cause analysis tools, and you need to select the best one for your specific situation. You might even need to use more than one tool.

Is your CAPA form missing containment of nonconforming product?

If the issue requires preventive action, there is nothing to contain. If the issue is specific to a procedure’s deficiency, there is also nothing to contain. If the issue requires corrective action and nonconforming materials or products are involved, then you need to quarantine the affected items. If the affected product has already left the company’s direct control (see 21 CFR 806.2(l) for a definition), then you have a potential recall. Regulators often look for “bracketing” or “bounding” of the upper and lower lot limits for an issue. Therefore, this section is where you document the rationale for why certain lots of products/materials are quarantined, and other lots are not.

Correction(s) – Your CAPA form must separate this from corrective actions

Fixing the immediate problem does not prevent a recurrence, but regulators will verify that each occurrence of the issue identified during the investigation of the root cause has been corrected. You should verify that each of the nonconformities identified in the original finding and the investigation is addressed in this section of your CAPA form. For preventive actions, this section is not applicable.

Corrective Action Plan/Target Due Date for Implementation

These are the steps planned to prevent a recurrence. If the plan changes, then it should be updated. There is no need to delete the old version of the plan, but the new version should include a date when the plan was revised. For preventive actions, this section is not applicable. The target date of implementation should reflect the risk associated with the issue.

Preventive action plan / target due date for implementation

These are the steps planned to prevent the occurrence of nonconformity. If an issue occurred for one product, but not for others, the actions taken for other products can be preventive. In this case, both the corrective action plan and the preventive action plan sections should be completed. The target date of implementation should reflect the risk associated with the issue.

Corrective and preventive actions implemented – Update your CAPA form weekly

This section details what specific actions were performed—both corrective and preventive actions can be documented here. The dates of completing actions should be documented, and reasons for delays and overdue actions should be identified.

How to document your plan for verification of effectiveness – CRITICAL

I recommend filling this section before the plan for corrective and preventive action is developed. This often helps the person developing the plan to ensure that the actions planned are adequate. Whenever possible, this should be quantitative, and it helps to identify a specific date for performing the effectiveness check.

Verification of effectiveness

This section of your CAPA form is where you document verification of effectiveness. Specifically, what verification activities were performed to ensure that the corrective and preventive actions you implemented were effective. The date verification of effectiveness was performed should be documented, and if the actions were not effective, then a new CAPA should be referenced here.

Signature and closure date

Someone needs to review, sign, and date your CAPA form when it is completed. Often, regulators will review only closed records.

CAPA Case Study

2 Comments / CAPA / By /

This blog presents a CAPA training case study related to hundreds of open CAPAs, and how to effectively remediate this issue using a CAPA filter to avoid “death by CAPA.”

Years ago, when I took my first CAPA course, the student sitting next to me explained that he was taking the course as part of a consent decree with the US FDA. Evidently. his company had hundreds of open CAPAs that were not being closed promptly, and the CAPAs were ineffective when the records were finally closed.

Hundreds of open CAPAs?!

I was in total shock. You probably only have five to ten open CAPAs at your company. How could anyone have hundreds open?

He told me that every time a customer asked for technical support, a person was paged. If the page was not answered within three minutes, this was considered a customer complaint, and a new CAPA was opened automatically. The course instructor described the situation as “Death by CAPA.” His company did three things wrong    

1. Overreaction with Microscopic Focus

The company incorrectly identified failure to meet the three-minute target response time as a customer complaint. Also, several complaints related to the same issue should not result in a CAPA specific to each complaint.

2. Lack of Management Oversight

Nobody was tracking how long CAPAs remained open. There were no actions taken when target completion dates were missed. There were no reports to management on the status of CAPAs, and the only time CAPAs were discussed in a meeting was at the annual Management Review meeting.    

3. Failure to Check Effectiveness

Instead of verifying that corrective actions were effective, the company confirmed that corrective actions were implemented. Most of the corrective actions involved “retraining” or “revising the procedure.”

For any process to work correctly, you need to ensure that the process can handle the volume. If one person is responsible for managing hundreds of CAPAs each year, the CAPA process will be ineffective. You need more resources or fewer CAPAs. My recommendation is to use a CAPA filter.

 

Capa funnel photo CAPA Case Study

A CAPA filter does two things. First, it sorts CAPAs into problem categories. For example, all the poor response times to pages should be one problem with one CAPA. Second, a CAPA filter sorts CAPAs according to risk. A response to a page within five minutes instead of three minutes results in a customer waiting longer. A customer receiving no response could have a more severe impact, especially if the customer has diabetes that cannot seem to get their glucose monitoring device to work correctly.

Trend Analysis

Therefore, response rates to pages should be a metric subject to monitoring and measuring—not necessarily a CAPA. You have a positive trend if the number of late responses is declining, and the average delay is steadily shrinking. In this case, there may be no need for a CAPA. You have a negative trend if the number of late responses is increasing, or the average delay is getting longer. In this case, one or two CAPAs may be needed—not one CAPA for each occurrence.

Depending upon the issue, there may be a safety issue associated with extreme limits. In this case, it is recommended to establish alert limits and action limits. Alert limits may increase the frequency of monitoring and measuring, and corrections may also be implemented. However, if the action limit is reached, then a CAPA may be required.

Quality Plan

When I audit a company, it is not uncommon to observe a problem and to quickly identify a root cause. This frequently happens when the issue is familiar to many companies, and the root cause is: 1) inadequate procedures, 2) insufficient training, or 3) inadequate management oversight. If the problem is limited to one area, a CAPA may be entirely appropriate. However, if I observe the same type of problems in several areas, then the root cause is systemic. This can happen in a company where the following problems exist at the same time:

  1. The training procedure does not require demonstrating training effectiveness
  2. Employees are only required to “read and understand” procedures
  3. The top management has put a “freeze” on spending related to training

In a small company, this trifecta of doom is not uncommon. Therefore, in these cases, a CAPA does not address the root cause. Many companies will mistakenly identify the root cause as an “inadequate procedure.” The correction will be to fix the problem caused by the inadequate procedure. The corrective action will be to revise the procedure.

This is only a partial solution because it does not address the root cause. A stronger approach is to identify the root cause as an “ineffective training process.” The correction will be the same. The corrective action, however, will be expanded to include the initiation of a Quality Plan for changing the company training process.

The combined approach of a CAPA plan and a Quality Plan is a better solution because the process change will affect the entire Quality Management System and will require many months to implement fully. This is especially true if resources are constrained.

Here are a couple of upcoming webinars I am doing on CAPA and Complaint Handling:

Scroll to Top