SBS - The best value in QMS software

Any good examples of CAPA forms that include a risk based approach?

I need help with coming up with an easy to follow CAPA form that meets the necessary requirements of the standard. Anybody have any examples? We are a very small business and the less complex the better.
Elsmar Forum Sponsor


Involved In Discussions
I have no forms. But, a good practice is to assess both product risk as well as QMS risk in your process. Keep these items separate to drive prioritization.

Ed Panek

QA RA Small Med Dev Company
Trusted Information Resource
Classify it based on:

High Risk -

This change will impact a high number of users;

or impact a smaller number of users in a significant manner for the intended use of the device;

or this affects in any manner the safety of the device/device user.

Else; Low Risk

Something like this.


Staff member
Super Moderator
Realize that risk, per the standard, "pertains to safety or performance requirements of the medical device or meeting applicable regulatory requirements." So my hierarchy is along the lines of the product risk rankings with regulatory folded in. I generally use: death (if you have a CAPA that deals in this, you probably have bigger issues), serious injury, non-serious injury / major noncompliance, inconvenience / minor NC, annoyance.

You can try to fold in impact to number of users (patients) but an annoyance that may affect a broad population would need to be lower on the risk scale than something that potentially causes death, for example.

Possibly the more challenging aspect than ranking the risk is how that affects the CAPA process. For High risk, for example, do you set a target of establishing the root cause(s) and defining the action plan for, say 1 week? Whereas low risk maybe gets 30 days? (Please avoid a pre-defined target closure period as you can never hard-code the time it takes to establish effectiveness.)

Bev D

Heretical Statistician
Staff member
Super Moderator
Our system includes two elements of risk. We use it for both our quality system compliance (which includes USDA regulations, etc.) and our product quality performance. The vast majority of our corrective actions (8D) are for product quality simply because these are the higher risk (effect and actual occurrence or defect rates). We use a simple 1-5 scale - although a 1-3 scale might work for you - for severity of effect and then we list the actual defect rate.

The key we have found is to keep it simple, don't guess, and be honest in your assessment.
After you have determined the risk (high, medium, or low) what do you require differently for the CAPA based upon the risk? Is the approach the same regardless of risk or are you doing anything differently for different risk CAPAs. What are the requirements between high, medium, and low risk?


Involved In Discussions
Something fundamental about a "risk-based approach" is that it is basically asking you not do things in a one-size-fits-all way. A philosophically "perfect" risk-based approach would take each element of a problem and analyse it deeply to come up with a rich description of the nature of risk at hand, and what actions are appropriate for that problem.

This is a good thing, because it means you don't need to go through an enormous process to resolve minor issues - and it means that you aren't "punished" for taking the time necessary to properly resolve major ones.

The complication, of course, is that people don't necessarily think the same way - so taking a risk-based approach in a way that is consistent for your organisation can be difficult to do. This is why there is a need to establish a framework of acceptance criteria, et cetera, for risks. If you're a one-person business (for the sake of argument), maybe you could just have a simple blank space for risk assessment as long as you are diligent enough to put in a consistent assessment every time; but it quickly gets hard and unreasonable to rely on this consistency.

For this reason, I would say this problem is much less about the form, and more about your general process, attitudes and conventions around risk assessment in general. If you are assessing the risk of something, how will you actually go about it? How will you write your justification? How will you make sure different things are assessed in a consistent and reasonably repeatable way?

If you can answer these questions, I think it will become obvious what sort of form you need to provide.


Staff member
Super Moderator
The MDIC has a "Case for Quality" initiative going and one of the Projects is for improving CAPA. They have a framework defined for a risk-based approach and have enrolled 15 companies to pilot the program. They had a public forum yesterday where they had one rep from one of the companies piloting discussing how it was going. I think the video will eventually be posted on their resource page but you can poke around on the site and see some earlier materials for the CAPA project.

This is also coupled with their NC Grading approach and, to me, it makes a lot of sense. In the forum yesterday, they did discuss being audited / inspected and, while there was some initial push-back, the auditors / inspectors eventually agreed that the approach met regulatory requirements. I think with a reputable organization like MDIC backing it, the concepts have a better chance at acceptance than just one company trying something new.

P.S. They are still looking for additional companies to participate in the pilot program.
Thread starter Similar threads Forum Replies Date
M Examples of Combination Products - MDR Article 1 (8) and MDR Article 1(9) Medical Device and FDA Regulations and Standards News 3
M Combination products - examples CE Marking (Conformité Européene) / CB Scheme 1
qualprod Examples to mitigate risk from Covid ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
B Two excellent examples of process capability analysis from Quality Magazine Capability, Accuracy and Stability - Processes, Machines, etc. 5
U Examples of Quality Objectives for a Medtech start up ISO 13485:2016 - Medical Device Quality Management Systems 4
B ITAR Visitor Log Examples AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
J Process FMEA Template with examples - Cold and Hot Forged components FMEA and Control Plans 4
R DFA & DFM - Examples for Design for assembly and design for manufacturability Lean in Manufacturing and Service Industries 2
E Non-GMP examples in Pharmaceutical industry Pharmaceuticals (21 CFR Part 210, 21 CFR Part 211 and related Regulations) 2
I Quality Policy and Objectives examples Elsmar Cove Forum Suggestions, Complaints, Problems and Bug Reports 5
Y Examples of TRB Reports for MIL-PRF-31032 Qualification AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
I ISO 22000:2018 - Operational Prerequisite Program Examples Food Safety - ISO 22000, HACCP (21 CFR 120) 2
S Examples of software changes that required a 510k US Food and Drug Administration (FDA) 2
W SOP examples wanted - Soil, Concrete and Asphalt testing ISO 17025 related Discussions 3
M Where can I find examples of PPAP? APQP and PPAP 6
O Examples of Critical process parameter (CPP) and Critical quality attribute (CQA) Manufacturing and Related Processes 2
S AS9100D PEAR - Examples for organization's method for determining process results? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
L IATF 16949 FCA (Fiat Chrysler) Specific Requirements - Examples of AQR and MPFMEA Service Industry Specific Topics 1
L IATF 16949 Warranty Management System examples IATF 16949 - Automotive Quality Systems Standard 0
A Examples of Pre-Sub, SRD, PMA Shells and Templates Other US Medical Device Regulations 3
S IAF Codes - Examples of what falls under each code General Information Resources 2
R Examples of inherent safety by design ISO 14971 - Medical Device Risk Management 83
O Examples of the external and internal issues and their risks and opportunities IATF 16949 - Automotive Quality Systems Standard 2
M Medical Device Traceability Matrix - Examples EU Medical Device Regulations 8
P Examples of Nonconformance, Corrective Action Requests, and Root Cause Analysis Nonconformance and Corrective Action 2
Ajit Basrur Looking for examples of "User Training" - ISO 13485 section 7.2.1 d) ISO 13485:2016 - Medical Device Quality Management Systems 6
S Manufacturing Work Instruction examples that include process pictures Manufacturing and Related Processes 3
G Uncertainty Budget Examples for Caliper, Micrometer and Dial Gauge Measurement Uncertainty (MU) 3
Albert G. What are general examples of audit findings with ISO 9001:2015? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
Q Risks Examples in Top Management ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
R ISO 13485:2016 - Quality Objectives Regulatory Requirement Examples ISO 13485:2016 - Medical Device Quality Management Systems 1
Sidney Vianna Blockchain Technology - Any examples of practical application? The Reading Room 21
Z SAP Validation for Part 11 Compliance - Examples (executed protocols) Qualification and Validation (including 21 CFR Part 11) 3
M How to Document Internal & External Communications - Suggestions/examples pls IATF 16949 - Automotive Quality Systems Standard 3
Y Examples of Risk and Opportunities based on ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
R Examples of Quality Objectives related to ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 6
M CAAC-145 Manuals - Looking for examples of MOM's, MMM's Capability Lists, etc. Federal Aviation Administration (FAA) Standards and Requirements 13
D Seeking Corrective Action Process Examples Nonconformance and Corrective Action 3
P ISO 9001:2008 Design and Development Process & Forms examples wanted Design and Development of Products and Processes 3
K AS9100 5.3 Authorities (Looking for examples) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
B Risk Requirements to meet the explicit Risk Based Approach of ISO 13485:2016 Examples ISO 13485:2016 - Medical Device Quality Management Systems 21
F ISO 14001:2015 EMS Procedures and Form Examples wanted ISO 14001:2015 Specific Discussions 10
K EN ISO 15223-1:2012 Clarification or Examples on when to use Safety Symbols Other Medical Device Related Standards 3
A SIPOC (Suppliers Inputs Process Outputs Customers) examples wanted Quality Manager and Management Related Issues 1
A AS 9100 - Risk Management Procedure and Flow Chart examples AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
A Aseptic Sampling Procedure Examples (Syringe and Dipper) wanted Manufacturing and Related Processes 1
S Customer Scorecard Analysis Templates and Examples IATF 16949 - Automotive Quality Systems Standard 3
H Root Cause Corrective Action Examples Nonconformance and Corrective Action 4
S Seeking examples of Nonconforming Materials Nonconformance and Corrective Action 5
C Need examples for Controlled Shipping I and II (CSL) IATF 16949 - Automotive Quality Systems Standard 3

Similar threads

Top Bottom