PA, CA and Risk-Based Decision Making - Need Input

D

DPH0020

Registered
I am revising QMS documentation for a Class II medical device company subject to ISO 13485, 21 CFR 820, and Canadian Medical Device Regulations (CMDR) part 1.
I am thinking about promoting Preventive Action from the neglected orphan of QMS's everywhere that it often is, to be a sort of King of Processes. It goes like this: all instances of "bad news" originating anywhere, and all results of "Analysis of Data" activities are inputs to Preventive Action. Data is aggressively and proactively mined for the earliest possible detection of problems.
The PA process then selects and uses a structured Risk Assessment tool/method and decides weather or not there is actionable information. If so, then Structured Problem Definition and Cause Analysis tools, already in place for Corrective Action, are used to develop an action plan. If not, then the data is retained for further developments/monitoring. ALL activities for which Risk-Based decision making is suggested or required (FDA - Supplier selection and management, Inspection planning, Complaints, MDR, etc) go thru Preventive Action.
Furthermore, the vast majority of Corrective Actions are expected to also produce Preventive Actions. If a CA is a systemic issue, then it can be fixed (i.e. common cause), but the systemic issue will usually have the potential to cause non-conformances in more than the specific instance that triggered the CA - so a PA is also needed. Conversely, if it is a non-systemic issue (i.e. special cause) then effort should be made to poke-yoke the system -- a preventive action.
The Objectives for these processes then should be nothing less than Zero Corrective Actions, and 100% Preventive Actions which are 100% effective. Everything about the QMS Strategy is "Risk-Based and Data-Driven".
What do you think?
 
Y

yodon

Leader
Super Moderator
To me, it sounds like you're adding complexity to an already complex process. Certainly mining the system for PAs is a good deal. But the CA process you described sounds odd.

The expectations for root cause analysis on a CA is, as you describe, to find the systemic reason and then fix it. Don't confuse corrections with corrective actions. Part of the analysis is, indeed, to see what else is impacted and ensure the corrective actions (and corrections!) are implemented accordingly. Since it's already occurred, you can't really say it's preventive.

Just my thoughts. I try to simplify where I can.
 
D

DrM2u

I have to agree with Yodon ... I had a hard time following the process as you described it. From what I gathered it seems like you are trying to use data analysis to detect potential problems before they take place instead of waiting until they actually occur. If this is the case then this is commendable and proactive from your part!:applause:

Going back to the process, I am not sure that I understand your definition of corrective and preventive actions. Like Yodon indicated, the typical definitions are: the corrective means the problem already occurred while preventive means that the problem did not actually take place, only was identified as a potential event to occur unless certain action is taken. I have seen other definitions employed by organizations. One that I thought was interesting was: corrective actions are taken for any problems that occur after delivery of the product while preventive actions are taken to prevent NC product from reaching the customer.

:topic: My personal approach is that any action taken with the intent to result in an improvement unless it is deliberate sabotage. Therefore I disregard what triggers the action (customer complaint, data trends, NC product, etc) and focus on the (existing or perceived) problem description or suggestion for improvement (what is vs. what should/could be) and the root cause. The actions then follow based on the root cause analysis and they can include corrections (short term) and preventions (long term, across the board, systemic or process level). I have posted a reference procedure that outlines this process, it is called 'Improvement Actions' in case you want to look it over.

What is your definition for CA & PA? The definitions will dictate the approach to take in order to ensure compliance with the applicable requirements. That's my :2cents:, right or wrong.:tg:
 
Jen Kirley

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Sounds like you are considering using APQP/Six Sigma/7 Management Tools to perform problem solving for corrective and preventive actions. And why not? We need it, especially in medical devices...yes?

I made the attached NC Tracking Log for my Environmental Engineer. He uses it to track internally found and managed nonconformances - why wait for me, the auditor, to find them and force an action via a formal CAR? That's the beauty of his approach: the ownership for such things is being accepted outside QA. :D

Maybe this will help.
 

Attachments

  • NC Tracking log - generic.xls
    210.5 KB · Views: 1,999
Michael Malis

Michael Malis

Quite Involved in Discussions
DPH0020 said:
...The Objectives for these processes then should be nothing less than Zero Corrective Actions, and 100% Preventive Actions which are 100% effective. Everything about the QMS Strategy is "Risk-Based and Data-Driven".
What do you think?
Click to expand...

It is not a realistic objective - 0 corrective actions? (in reality you should have corrective and hopefully preventive action).
I am all for Risk Management because (if it is done right) it is a great tool, however, let's stop thinking about perfect 6 sigma world and focus on reality!
 
Jen Kirley

Jen Kirley

Quality and Auditing Expert
Leader
Admin
Michael Malis said:
It is not a realistic objective - 0 corrective actions? (in reality you should have corrective and hopefully preventive action).
I am all for Risk Management because (if it is done right) it is a great tool, however, let's stop thinking about perfect 6 sigma world and focus on reality!
Click to expand...
Good point - it's true we should not fixate on a goal of 100% or zero...except perhaps "Zero customers harmed by our product" or something similar. If I went about my auditing and never found any issues needing corrective action, based on the statistical rule of "variation exists" I would eventually start to doubt my abilities.
 
Ajit Basrur

Ajit Basrur

Leader
Admin
DPH0020 said:
I am revising QMS documentation for a Class II medical device company subject to ISO 13485, 21 CFR 820, and Canadian Medical Device Regulations (CMDR) part 1.
I am thinking about promoting Preventive Action from the neglected orphan of QMS's everywhere that it often is, to be a sort of King of Processes. It goes like this: all instances of "bad news" originating anywhere, and all results of "Analysis of Data" activities are inputs to Preventive Action. Data is aggressively and proactively mined for the earliest possible detection of problems.
The PA process then selects and uses a structured Risk Assessment tool/method and decides weather or not there is actionable information. If so, then Structured Problem Definition and Cause Analysis tools, already in place for Corrective Action, are used to develop an action plan. If not, then the data is retained for further developments/monitoring. ALL activities for which Risk-Based decision making is suggested or required (FDA - Supplier selection and management, Inspection planning, Complaints, MDR, etc) go thru Preventive Action.
Furthermore, the vast majority of Corrective Actions are expected to also produce Preventive Actions. If a CA is a systemic issue, then it can be fixed (i.e. common cause), but the systemic issue will usually have the potential to cause non-conformances in more than the specific instance that triggered the CA - so a PA is also needed. Conversely, if it is a non-systemic issue (i.e. special cause) then effort should be made to poke-yoke the system -- a preventive action.
The Objectives for these processes then should be nothing less than Zero Corrective Actions, and 100% Preventive Actions which are 100% effective. Everything about the QMS Strategy is "Risk-Based and Data-Driven".
What do you think?
Click to expand...

Welcome to the cove :bigwave:

The system gets continually improved by CA and its respective PA. The CA removes the cause of the existing defect while the PA takes care of potential defects. The corrective action process is essentially a problemsolving process, while the preventive action process is a risk-analysis process. In other words, a preventive action is targeted at a potential nonconformity,
in that one will most likely occur unless an action to eliminate its cause is taken.

In this chain of continuality (not sure if this word exists :tg:), there is no chance for a "perfect" state and thus the concept of 100 % Preventive Actions may not be realized.
 
C

cmontminy

Hi!

I'd like to use your NC tracking log for our construction project.

Could you please help me understand how to prepare the dropdown menu

Enter name of problem types in Subclassification table (blue cells AV144 to AV154).
Enter name of problem types in Root Cause table (orange cells AT145 to AT176)

What are examples of subclassification (orange cell)?

Let say that in functional area I put - Receiving department - in subclass what would it be?

thanks
 
You must log in or register to reply here.

Similar threads

J
Structuring progression of information for deviations, NC to CAPA.
Replies
0
Views
263
Jean_B
J
E
IATF 16949 QMS in OEM
2 3
Replies
20
Views
2K
Sidney Vianna
Sidney Vianna
E
Desperately Needed Advice
Replies
6
Views
838
Tidge
T
iMPact Business Group
  • Locked
Hiring: Quality Engineer
Replies
1
Views
713
Jim Wynne
Jim Wynne
iMPact Business Group
  • Locked
Hiring: Sr. Supplier Quality Engineer (Fully Remote)
Replies
1
Views
696
Jim Wynne
Jim Wynne
Top Bottom