Having a repeatable procedure for Corrective and Preventive Action (CAPA) is a key FDA requirement for medical device developers. But it’s a requirement that many fail to deliver on effectively.
But one of the most common reasons for the issuance of the FDA’s 483 warning letter (a notice to highlight any potential regulatory violations found during an inspection) is ‘inadequate Corrective and Preventive Action’ procedures being in place.
So what is actually required from your CAPA process and why do device developers so often get it wrong?
What does the FDA say about CAPA?
"The purpose of the corrective and preventive action subsystem is to collect information, analyze information, identify and investigate product and quality problems, and take appropriate and effective corrective and/or preventive action to prevent their recurrence.”
Your procedures must include:
- Data collection and analysis
- Investigating the cause of the non-conformities
- Identifying the actions needed to correct and prevent recurrence
- Verifying/validating the corrective and preventive action
- Implementing and recording resulting changes in methods and procedures
- Ensuring that information is shared with those responsible for quality in the organisation
- Submitting relevant information for management review
- Documenting all the above activities.
1. Are you collecting and analysing information?
FDA guidelines mean that you should have both reactive and proactive processes in place to trigger CAPA procedures when required.
As well as having a process for capturing and dealing with complaints and feedback from product users, you also need to have procedures in place to routinely check for potential non-conformities in the way you work and your end-products. In all cases, you should be systematically analysing collected data to detect recurring quality problems.
QSR 820 says developers should be:
“Analyzing processes, work operations, concessions, quality audit reports, quality records, service records, complaints, returned product, and other sources of quality data to identify existing and potential causes of nonconforming product, or other quality problems. Appropriate statistical methodology shall be employed where necessary to detect recurring quality problems”
2. How are you investigating?
Once a non-conformity has been identified and logged, you must evaluate whether it is a systemic issue. If it is found to be a systemic problem then the CAPA investigation process should be triggered.
The purpose of the investigation is to understand the root cause of the non-conformity - in other words why did the issue happen? Don’t confuse the symptoms of the problem with the cause. You need to keep digging to see what lies behind each identified failure.
Every CAPA investigation needs
- A clear objective
- A repeatable and documented procedure to be followed
- A cross functional team who will contribute to the investigation
The investigation should result in a report or record that documents your findings, including:
- A full description of the nonconformity event
- A root or probable cause for the nonconformity event
- Provide objective evidence supporting conclusions
- Description of statistical methods used
- Final risk assessment
3. Can you identify actions to correct and prevent reoccurrence?
This is the whole point of a CAPA process. Based on the investigation and evidence, you need to document the corrective steps that need to be taken to resolve the issue - and then what steps will need to be taken to prevent it from recurring. But these preventive steps are often the most complex and far-reaching changes that need to be made, as they often require a fundamental alteration to established quality processes. Failing to take and document preventive action is an area where organisations often fall down, leading to a 483 letter.
4. Verifying and/or validating the corrective and preventive action
Your CAPA responsibilities clearly do not end when required actions are identified and implemented within your system. You need to have the tools to verify and validate that they are working. In implementing new processes and procedures you may even have introduced new problems that could result in fresh problems. How does your QMS trigger and control validation activity following changes? Without the tools to automate and remind the business of the need to do this, these vital checks can end up being neglected.
5. Implementing and recording resulting changes in methods and procedures
SOPs and other quality documentation need to be fully updated to reflect any changes in the way you work following a CAPA investigation. Again, do you have the automated change control procedures in place to set these updates in train?
6. Ensuring that information is shared with those responsible for quality in the organisation
Your QMS should be the single source of truth for the entire organisation around quality practice. But even if you dutifully update and republish dense SOPs documentation to alert workers to required changes on the manufacturing floor you may not be successful in changing behaviour. Choosing a graphical quality management system (gQMS) where SOPs and dependencies are depicted in a ‘top layer ‘of flow charts and diagrams can help workers quickly engage with changing requirements, while storing more detailed documentation behind deep links into your DMS. Your QMS should also have the ability to alert and notify specific users when contents relevant to them are updated. There’s no point making a change if no one knows they have been made, or where to review them.
7. Submitting relevant information for management review
Do you have the systems in place to formally share details of CAPA investigations and recommended changes with senior management? The FDA need to see evidence of how they are alerted and kept apprised of developments.
Does your eQMS help management routinely monitor progress against plans, as well as effectiveness metrics and outcomes?
8. Documenting all the above activity
And, of course, it goes without saying that all of the activity above should be documented in real-time and auditable on demand.
As you build your SOPs to create fail-safe development processes that make quality the ‘way you do things’, you shouldn’t ignore your CAPA responsibilities. These are the ongoing efforts that your business must make to capture and monitor systemic quality issues as they arise, as well as attempting to prevent others from occurring in the first place.
To be really effective, awareness of the importance of CAPA needs to be imprinted at a cultural level across your organisation. When you are developing your QMS you should be looking for digital tools that allow you to embed and automate CAPA processes into the way you work from the very beginning of a project.