Nancy Singer

8 Min Read
Getting Your CAPA House in Order

Singer.jpg

Mark Lagunovich

       Nancy Singer

        Mark Lagunovich

Successfully implementing and documenting corrective and preventive actions (CAPAs) is one of the critical processes in a device company’s day-to-day quality operations. CAPAs carry significant implications for both product quality andcompliance with FDA regulatory directives, and remain vital to any company’s ability to address incidents that inevitably arise in the manufacturing processes and take necessary steps to prevent them from reoccurring.CAPA remains one of the top FDA 483 citations year after year, due typically to either inadequate processes or inconsistent adherence to processes. This includes failing to define which issues should or should not be elevated to CAPA status, insufficiently documenting the data required by FDA to adequately assess the CAPA’s effectiveness, or relying on outmoded systems to collect and analyze the data and demonstrate that the firm is operating in a state of control.

This article looks at some of the common causes for inconsistency in CAPA processes, and offers several recommendations for how companies can improve their internal systems.

What Makes a CAPA a CAPA? 

ISO 9001 standards identify three distinct components that are critical to understanding how to set up a CAPA system:

  • Correction—Action to eliminate a detected nonconformity (this can be a rework or regrade).

  • Corrective Action—Action to eliminate the cause of a detected non-conformity or other undesirable situation (italics added).

  • Preventive Action—Action to eliminate the cause of a potential non-conformity or other undesirable situation (italics added).

Many companies fail to distinguish among the definitions. Traditionally, companies have thought it appropriate to have correction, corrective action, and preventive action on the same issue. But, as you can see with the above ISO definitions, not all situations require that preventive action be taken, and there are times when firms want to independently take preventive action to solve a potential problem before it actually occurs. Nevertheless, both corrective actions and preventive actions share an effectivity check, or the future verification that the issue was truly resolved and nothing else was negatively impacted.

The first thing companies typically fail to address in their CAPA programs is determining when a deviation or nonconformance in the manufacturing process should be escalated to corrective action status, and delegating the appropriate responsibility and authority to the firm’s employees to resolve the issue. The reasons for this failure vary from company to company, and the lack of precise standard operating procedures for CAPA processes and documentation makes it even more difficult for companies to determine just which issues should be escalated.

This confusion is partly due to the fact that FDA does not clearly define the correct approach to CAPA escalation processes and instead relies on companies and their management to ensure that processes will incorporate the necessary procedures and actions to effectively resolve issues. This lack of guidance often results in companies escalating too many routine deviations to CAPA status—or too few severe ones—and maintaining insufficient documentation for regulators to properly discern whether issues have been resolved correctly and within the right time frame.

A good rule of thumb to keep in mind is that CAPAs should be prioritized on risk, and take into account the frequency with which a nonconformity might occur and the severity of the risk if it does—meaning events deemed severe enough to result in a negative impact on patient safety should be escalated to CAPA status. Although FDA does not clearly define exactly what needs to be included in a firm’s CAPA procedures or processes, the agency has made it clear that management is ultimately responsible for resolving the issue. Companies have a good indicator of how they should proceed: Whatever is severe enough to report to management is worthy of consideration for CAPA status.

What Does FDA Need to See?

Now that we’ve covered some CAPA basics, we’ll look at what just what the FDA expects to see when documenting your CAPA processes. The responsibility for CAPAs ultimately falls to management, and failure to adequately and sufficiently document your CAPA processes can result in 483 observations or a warning letter from the FDA that will be posted on the FDA’s Web site, where it will also be available for the firm’s competitors and the public to view.

It is important to remember when documenting a CAPA that such documentation is intended to provide the following elements to FDA:

  • A structure for directing current and future activities.

  • A tool for forward and backward traceability.

  • The history explaining how the company complied with the requirements to correct a nonconformity and employed reasonable measures to limit the risk to its consumers of being exposed to unsafe or ineffective products.

When documenting CAPAs, it is critical to articulate the timeline for when the incidents occurred, and when each of the appropriate steps was taken to resolve them. Volume and error reports are some of the most elementary components of a quality system. These should always be evaluated as part of the CAPA process. Companies should include as much detail about the steps taken through the process so that FDA is left with little question about when the incident occurred, when and how it was corrected, and how quickly the loop was closed.

Including the names of individuals involved in the CAPA process is another step that helps FDA assess the reasonableness of the firm’s actions. Firms may be reluctant to provide such detail, and may provide only the title of the person who resolved the CAPA. However, it is important that the actual names be provided due to the frequency of personnel changes and the firm’s real need to have backward traceability during potential future regulatory or legal reviews. FDA’s investigators understand this, and may want to know the names of all personnel assigned to deal with the CAPA in question.

Another thing to remember: Don’t use passive voice, as in “the report has been distributed,” or “the complaints were closed.” Assign an actor to the CAPA, so the person reading the document understands exactly what was done, and by whom, as well as how long it took.

Correctly documenting CAPA processes is crucial to ensuring compliance and avoiding warning letters from the FDA. Don’t overlook the importance of understanding exactly how much data needs to be captured.

How to Collect the Data

Companies typically collect and manage CAPA data in one of three ways: via paper-based processes, in rudimentary electronic applications such as Excel spreadsheets or Access databases, or using purpose-built quality management software (QMS).

Paper-based processes, by far the longest-used process (for obvious reasons), have little upside in their ability to accurately capture and report CAPA data. Paper documents can be cumbersome to manage. They also often end up collecting dust on individuals’ desks for long periods of time, resulting in failures to meet project deadlines or, worse yet, inability to track and trend issues across the enterprise. Beyond this, paper-based processes are also generally poor at capturing essential data such as incident and resolution timelines.

Electronic applications like Excel spreadsheets and Access databases are somewhat better than paper. With these tools, users can manually input required CAPA data directly into the databases, while administrators can set basic access privileges by administering passwords to ensure only authorized users have the ability to manipulate the data.

Yet these applications also come with several significant problems. First, like paper processes, they offer limited visibility into the full scope of how CAPAs are initiated and resolved or the full timeline of who performed what actions and when. Second, because of the manual nature of these tools, Excel spreadsheets are enormously prone to error, with little ability to identify and correct the inconsistencies that arise in the data entry. And finally, because of their disconnected nature, Excel databases can result in major process inefficiencies and frequent miscommunication for global device organizations that typically have multiple sites and hundreds of users all requiring access to the same system.

The third common way organizations manage their CAPA processes is through QMS. There are many advantages to such a system, as most are designed specifically to manage CAPA documentation processes along with a host of other quality and compliance functions. With these QMS systems, companies can prioritize incidents that occur during the manufacturing process based on risk, and determine which of those incidents needs to be elevated to CAPA status, assigning the right personnel to initiate the CAPA. Once a CAPA is initiated, companies can then centrally manage and automate the processes of resolving it across any number of sites, setting user access privileges as necessary and setting up e-mail alerts to ensure the right personnel take the required action efficiently and effectively. Finally, and perhaps most importantly, as many such systems feature templates configured in an FDA-ready format, QMS systems prove especially adept when it comes time to extract data from the system to track and trend across departments and demonstrate compliance to third parties.

Conclusion

Regardless of which tools companies choose to manage their CAPA processes, it’s important to keep in mind that even the most effective QMS system on the market will have little use if the company is not entering the right data into that system. CAPA processes are critical to the day-to-day operation of any device organization. By following the right approach to documenting their CAPAs, companies can not only consistently meet the strict and evolving requirements of regulatory authorities, but also ensure that the products they deliver to market are consistently safe for public use.

Nancy Singer is president of Compliance-Alliance, LLC, an organization designed to help professionals employed in the medical device industry establish a culture of compliance.

Mark Lagunowich works at Sparta Systems and specializes in advising companies on solutions to improve manage quality systems, sales effectiveness, and supply chain processes.
 

Sign up for the QMED & MD+DI Daily newsletter.

You May Also Like