Corrective and preventive action also called CAPA are improvements to an organization’s processes taken to eliminate causes of non-conformities or other undesirable situations. CAPA is a concept within good manufacturing practice (GMP), and numerous ISO business standards.

It focuses on the systematic investigation of the root causes of identified problems or identified risks in an attempt to prevent their recurrence (for corrective action) or to prevent occurrence (for preventive action).

The intention of this article is to provide a general understanding of the CAPA process within a regulated environment.

Regulatory

There are two primary drivers for the CAPA system:

  • In the US, there’s the Food & Drug Administration’s (FDA’s) Code of Federal Regulations, Title 21, Part 820 (and specifically, Subpart J–Corrective and Preventive Action, Sec. 820.100 Corrective and preventive action.
  • In the EU and for anyone accepting ISO 13485 as the basis for a Quality System, there’s EN ISO 13485:2012, there’s section 8.5.2 Corrective Action and section 8.5.3 Preventive Action.

Note that throughout the remainder of this article, we’ll refer to “820” as 21 CFR 820 and “13485” as EN ISO 13485:2012. (And note there’s no effective difference in the CAPA requirements between 13485:2003 and the harmonized 13485:2012).

Both the US FDA and ISO 13485 explicitly require documented CAPA procedures. Note that in the descriptions, both explicitly address nonconformities.

Regulatory Explanation

To be eligible for entry in the CAPA system, a nonconformance must have occurred or is likely to occur under the current circumstance.

The obvious place a nonconformity can occur is in product (or components). Something physical. The less obvious place is in the process. Regulations require that you follow certain processes, collect and manage certain artifacts, etc. If the processes aren’t followed or if artifacts aren’t collected or managed properly, process nonconformities can be realized.

There are two distinct components to CAPA: Corrective Action and Preventive Action.

Corrective Actions are conducted for systemic nonconformities that have occurred (nonconformance has been realized) and Preventive Actions are conducted in cases where nonconformities are likely to occur but have not (yet) been realized.

Only About Compliance?

There is considerable debate about the CAPA system. On one hand, if systemic nonconformities are realized (exist) then it makes good business sense to get to the bottom of the problem (the “root causes”), fix them, and take actions to ensure they never happen again. On the other hand, the “Preventive Action” aspect is, frankly, difficult! Companies do “Preventive Actions” all the time (e.g., reviews, prototypes, etc.) but rarely run these actions through the “Preventive Action” process.

FDA inspection findings in CAPA have been consistently at the top of the list. But is this making products safer or more effective? With all the recalls and litigation, it hardly seems so!

A very non-scientific look at the types of findings, though, start to paint a picture of many of the findings being self-inflicted through a CAPA process that is not well-understood and thus implemented incorrectly.

One of the worst offenses is stating (in the CAPA Standard Operating Procedure or SOP) that all CAPAs will be closed within some time period, say, 60 days. Again, this shows a lack of understanding of the CAPA process and implements a process that cannot be followed. Inspectors, in such cases, have no choice but to issue findings!

Throughout this discussion, we’ll take a pragmatic approach to the CAPA process to hopefully help you avoid those self-inflicted wounds (findings) and give you the tools to implement a compliant process that supports the business.

The Basics: CA

The first ‘half’ of CAPA is “Corrective Action.” As noted, this is triggered when systemic nonconformities are identified.

Unfortunately, the language in 820 propagates a little confusion. In addressing a CA, actions must be taken to prevent recurrence of the nonconformity.

The Basics: PA

The second ‘half’ of CAPA is “Preventive Action.” This is triggered when nonconformities are LIKELY to occur if actions aren’t taken to prevent them.

In 820, CA and PA aren’t presented as separate / unique entities. In 13485, they are!
As noted earlier, Preventive Actions are taken all the time.

This is inherent in product Risk Management, project risk management, activities such as design (review) for manufacturing, preventive maintenance, etc. The challenge is to know when to enter something in the “PA” process.

The Takeaway

Many of the problems (findings) with CAPA systems arise from inconsistent use of terminology.

Corrections: those actions taken to resolve problems.

For example, if we have a circuit board with a blown capacitor, replacing that capacitor is a correction. If we have a software bug that allows an invalid value to be entered by a user, the change for that immediate issue is a correction.

Corrective Actions: those actions taken to stop the problem from occurring.

Using these examples, we may find that the capacitors from a certain supplier aren’t as reliable so we’ll only use resistors from a supplier that has better reliability. The programmer that wrote code to allow an invalid entry may need to be trained on programming practices to always validate entries before accepting.

Preventive Action: those actions taken to prevent the problem from recurring.

Maybe the capacitor selected was on the edge of the rating needed for the particular application and a peer review would have detected the likelihood of failure earlier. For software development, maybe implementing coding standards and peer reviews would have helped avoid the problem.

Please use the comments box below to add any comments you have about your understanding of the CAPA process.