James A. Dunning, Principal, QPC Services LLC04.03.19
You might be wondering why I’m writing about Corrective and Preventive Action (CAPA) in a regulatory column. What else, after all, can be said about CAPA that hasn’t already been articulated? Not much, but there is one thing: how important the CAPA system is to compliance.
Nobody will argue the fact that CAPA is essential to maintaining regulatory compliance. All quality management system (QMS) elements, in fact, are essential to compliance; no organization, for example, could be compliant without a Change Control System. And I wholeheartedly agree.
So why single out CAPA as having special importance to regulatory compliance? The answer, actually, is quite simple: Because companies must rely on their CAPA systems to repair noncompliant issues and/or systems. CAPA is the QMS tool used to repair itself. Other QMS elements establish and/or maintain QMS compliance, which is essential to regulatory acquiescence as a whole.
Of course, CAPA does not magically fix problems all on its own; there are other QMS elements that feed into the system. Management review, internal audits, complaint handling, and nonconforming material are some common QMS ingredients factoring into a CAPA system. Personally, I think training and sales can even provide input to a company’s CAPA system because training can sometimes identify cases where the QMS is not clear. Also, when training is provided, workers are providing valuable feedback that could eventually be used to prevent or correct problems down the road. Likewise, sales can sometimes identify cases where customers may not properly use the product, thereby identifying an opportunity for improvement. Nevertheless, I believe the CAPA system best drives a company’s corrective actions, and allows its QMS to repair itself.
For argument’s sake, let’s assume that my premise is an accepted standard, and the CAPA system does indeed have a greater impact on regulatory compliance than any other QMS element. Theoretically then, regulatory compliance should be relatively simple to achieve through the creation of a robust CAPA system. Unfortunately, it’s not quite that easy (when is life ever that simple?). Thus, with this challenge in mind, I’m going to share with you some common pitfalls I have found in various CAPA systems:
Before I end this column, I’d like to address the concept of CAPA ownership. Often, it is Quality that owns the CAPA system, and performs the administrative oversight of CAPAs as they are being performed. Although I believe the Quality Functions is best suited to own the CAPA system, Subject Matter Experts (SMEs) must be involved and have a significant level of ownership on individual CAPAs in order for the corrective plan to be effective. Further, I believe a team approach is the best way to implement corrective actions (and preventive actions for that matter).
James A. “Jim” Dunning’s consulting career began in 2001. He has provided quality and regulatory consulting services for various companies ranging from Fortune 500 medical device firms to startups. Dunning’s passion, however, lies with startups and small companies, especially those in regulatory distress. He has amassed significant experience in preparing 510(k) applications, developing complete Quality Management Systems, providing Quality System Training, and advising on quality, business, and leadership issues. Dunning is a senior member of the American Society for Quality (ASQ) and a member of the Regulatory Affairs Professional Society (RAPS). He can be reached at jdunning@qpcservices.com.
Nobody will argue the fact that CAPA is essential to maintaining regulatory compliance. All quality management system (QMS) elements, in fact, are essential to compliance; no organization, for example, could be compliant without a Change Control System. And I wholeheartedly agree.
So why single out CAPA as having special importance to regulatory compliance? The answer, actually, is quite simple: Because companies must rely on their CAPA systems to repair noncompliant issues and/or systems. CAPA is the QMS tool used to repair itself. Other QMS elements establish and/or maintain QMS compliance, which is essential to regulatory acquiescence as a whole.
Of course, CAPA does not magically fix problems all on its own; there are other QMS elements that feed into the system. Management review, internal audits, complaint handling, and nonconforming material are some common QMS ingredients factoring into a CAPA system. Personally, I think training and sales can even provide input to a company’s CAPA system because training can sometimes identify cases where the QMS is not clear. Also, when training is provided, workers are providing valuable feedback that could eventually be used to prevent or correct problems down the road. Likewise, sales can sometimes identify cases where customers may not properly use the product, thereby identifying an opportunity for improvement. Nevertheless, I believe the CAPA system best drives a company’s corrective actions, and allows its QMS to repair itself.
For argument’s sake, let’s assume that my premise is an accepted standard, and the CAPA system does indeed have a greater impact on regulatory compliance than any other QMS element. Theoretically then, regulatory compliance should be relatively simple to achieve through the creation of a robust CAPA system. Unfortunately, it’s not quite that easy (when is life ever that simple?). Thus, with this challenge in mind, I’m going to share with you some common pitfalls I have found in various CAPA systems:
- Incorrect intent. Management in companies that have inadequate CAPA systems often view a corrective plan as an administrative function. Many even consider the CAPA system a headache. Management in large corporations often associate some level of corporate politics with the CAPA system, such as how many corrective action plans are enough; or how many are too many. Moreover, they don’t consider (or don’t want to consider) the repercussions of discovering an unpleasant problem.
- Inputs to the CAPA System may not be robust. The CAPA system relies on other QMS elements to identify opportunities for corrective actions. When these inputs are not robust, the CAPA System is negatively affected.
- Investigations may be performed solely to “Get-R-Done” rather than find the true cause of the problem. Also, the proper time and (trained) resources may not be devoted to performing investigations. In many cases, these investigations are viewed by management as non-value added overhead.
- CAPA systems often do not allow adequate time to perform the investigation and analyze potential root causes. Often, the people performing these probes are not adequately trained and rely on what they know about the problem rather than what they can learn about the problem and its potential cause(s).
- CAPA systems are often too complex. CAPA system procedures, policies, and tools are sometimes developed, at least in part, to impress regulators. Complex CAPA systems, or any complex system for that matter, are difficult to implement and maintain.
- Investigators are sometimes hesitant to identify the root cause of the problem because they are concerned they might be proven wrong at a later time. Company culture is a primary reason for this. Making the wrong choice can lead to criticism or reprimands, but the same is not true for those that make no choice. Investigators who don’t make a determination about the cause of a problem are rarely held accountable. Rewarding ambiguity keeps the problem from being solved.
- Effectiveness Checks. The Medical Device Quality System Regulation, in 21CFR Part 820.100 Corrective and Preventive Acton, a) (4) verifying or validating the corrective and preventive action to ensure that such action is effective and does not adversely affect the finished device, requires what we typically called Effectiveness Checks. There are two common issues with Effectiveness Checks. One is they are too complicated, and require perfection as opposed to significant improvement. The other issue is that Effectiveness Checks do not really challenge the effectiveness of the CAPA; in the way it’s designed, it is too easy to “pass” or claim success.
- Keep it simple. Investigations and Effectiveness Checks are the two components that benefit most from simplicity.
- Focus on what should be the intent of the CAPA System—correcting problems in such a way that they do not return.
- Remove company politics from the process, to the greatest extent possible. I know it is next to impossible to completely remove company politics, but organizations can certainly drive the focus toward correcting problems and not spend time and energy worrying about the number of CAPAs.
- Managers should focus on correcting the problem so it doesn’t return, and should spend the proper time and resources required to complete the CAPA action.
- Make decisions. Perform the investigation according to procedures and use all available tools. Identify a root cause so actions can be directed toward a clear target.
- Stop thinking of the CAPA system as an administrative process.
- Make the Effectiveness Check simple but on point. Do not expect perfection.
- Train people on the CAPA system, including Investigations and Root Cause Analysis.
- Don’t blame the CAPA owner if corrective actions are not effective. Use this opportunity to drive company/corporate knowledge.
- Don’t accept training as a corrective action unless it is truly associated with the Root Cause of the problem.
Before I end this column, I’d like to address the concept of CAPA ownership. Often, it is Quality that owns the CAPA system, and performs the administrative oversight of CAPAs as they are being performed. Although I believe the Quality Functions is best suited to own the CAPA system, Subject Matter Experts (SMEs) must be involved and have a significant level of ownership on individual CAPAs in order for the corrective plan to be effective. Further, I believe a team approach is the best way to implement corrective actions (and preventive actions for that matter).
James A. “Jim” Dunning’s consulting career began in 2001. He has provided quality and regulatory consulting services for various companies ranging from Fortune 500 medical device firms to startups. Dunning’s passion, however, lies with startups and small companies, especially those in regulatory distress. He has amassed significant experience in preparing 510(k) applications, developing complete Quality Management Systems, providing Quality System Training, and advising on quality, business, and leadership issues. Dunning is a senior member of the American Society for Quality (ASQ) and a member of the Regulatory Affairs Professional Society (RAPS). He can be reached at jdunning@qpcservices.com.