What is CAPA?
CORRECTIVE ACTION & PREVENTIVE ACTION
What are Corrective Action and Preventive Action? Corrective action is an action taken to prevent the re-occurrence, Whereas Preventive action is an action to prevent the occurrence. FDA investigators focus on CAPA during inspections because it is a roadmap to identify potential and existing problems at a company. CAPA documentation provides FDA investigators, auditors, and executive management a means to review problems. Therefore, effective management of the CAPA system is critical to compliance. By following five essential steps, companies can be CAPA compliant and ensure a successful audit or inspection. The failure to either have a CAPA process, or failing to document or establish CAPA procedures, is one of the most common issues noted by the FDA. The lack of a documented CAPA system was the second most common observation by FDA investigators and was noted in more than half of all Warning Letters citing a CAPA violation.
The first step may seem obvious, but it is essential to Identify/ establish a CAPA system. Non-conformities requiring CAPA can arise from various situations and can include, but are not limited to, internal audits, external audits, regulatory Inspections, customer complaints, staff observations, trending data risk assessments, process performance monitoring, management review, etc. During this initial step of the process it is important to list the specific information available that demonstrates that the problem does exist. This description should be concise, but with sufficient information to assure that the problem is well detailed and can be easily understood from reading the explanation. Key areas to focus on are:
- What EXACTLY went wrong?
- How often has it occurred?
- How big is the problem?
- What impact does the event create?
- Who has more information?
Common pitfalls at this stage are, for instance, failing to confirm understanding, accepting opinions as facts, failing to record information.
Once the Identification phase is closed, the second step to CAPA compliance is to use statistical methodology to evaluate quality data and identify quality problems. The non-conformance is required to be assessed in terms of the potential impact, for instance in related to safety, reliability, costs, or customer satisfaction, quality audit reports, quality records, service records, complaints, returned products,. Utilizing a risk assessment tool, such the matrix in Table .1, is a recommended and suitable tool. Additionally, remedial actions might need to be implemented during this phase until the investigation is closed and the corrective action defined and implemented.
3. INVESTIGATION (RCA)
The third step to CAPA compliance is Investigation. With the further knowledge gained through the first two steps of the process, it is now time to prepare the investigation plan by reviewing the circumstances related to the issue. By applying certain techniques as described in Table 2, a list of all possible causes can be created. This will form the basis for collecting relevant information and further evidences, like test data, that will be required to drill down to the root cause of the issue. It is important to consider all possible causes (and not only focusing on one), the appropriate associated information and supplementary data to determine the root cause of the non-conformance. It is strongly recommended to consider equipment, materials, personnel, procedures, design, training, software, and external factors, and list all possible root causes to define which data must be collected for the assessment. Brainstorming sessions, Process Mapping, Value Stream Mapping, Interviews and applying the 5 Whys are the most common techniques. However it is imperative to recall that “we can’t solve problems by using the same kind of thinking we used when we created them.” (Albert Einstein) Therefore, approaching the problem from a different angle, involving a team and exploring different and/or new options is the key for an effective Investigation and root cause analysis.
The fourth step in CAPA compliance is implementation, after the investigation is closed and the potential root cause identified, the CAPA needs to be implemented. In order to proceed, a CAPA plan should be developed and should include, as appropriate:
- All actions to be completed, for example review of other batch records
- Required documents (e.g., SOPs) to be changed
- Process / Procedure changes – Process changes should be described in sufficient detail so that it is clearly understood what needs to be done (avoid generic statements). The expected outcome must be clarified and described
- Employee training
- Monitors / Controls to be implemented to prevent the problem to reoccur.
The CAPA plan must also identify the person responsible for completing each task, including time lines and further resources needed, if applicable. To identify and implement a plan is simply not enough; effective follow-up to ensure that the plan is addressing the problem and is not creating any new problems is indispensable. Companies should always be cognizant that fixing one problem may create another. With this in mind, any changes to the production process that fix an issue should also be viewed as a potential source of new problems. Therefore, after preventive or corrective actions have been taken, companies must ensure that not only the original problem has been solved but also that no new problems have arisen as a result of that action
The Final step in CAPA compliance is verification. One of the most fundamental steps in the process is to provide evidence that the CAPA has finally been implemented successfully. This assessment must allow answering several key questions:
- Has the root cause been tackled appropriate to prevent the issue from recurring?
- Have all defined actions and changes been completed and verified?
- Are proper controls in place?
- Is there any chance that the solution implemented has any adverse effect on the product, process, or service?
- Is everything well documented?
CAPA systems are not only a regulatory requirement; they make good business sense to secure the patient’s life. Companies must ensure that appropriate corrective actions include both short-term actions to address the immediate problem and long-term actions to prevent the recurrence of a problem. In order to successfully manage the CAPA system, we need to simplify the procedures, and to filter and prioritize the corrective and preventive actions. Senior management must allocate proper resources to identify and remove the root causes of recurring problems. The most complex CAPA issues may be found in non-routine channels, such as customer surveys. Companies have to uncover and rectify the tough-to-spot problems, before they trigger an FDA warning letter. By removing the root causes of recurring problems, companies will benefit twice – by meeting the regulatory expectations as well as business requirements.