ISO 13485 :2016 - CAPA - Does every CAPA need to be checked by regulations?

[clagros]

ISO 8.5.3 d and 8.5.4 d state:
verifying that the action does not adversely affect the ability to meet applicable regulatory
requirements or the safety and performance of the medical device;
One NB auditor insisted that every CAPA has to be checked or approved by regulatory department. We think that is only related to the device, otherwise the standard would say so. For instance, a CAPA triggered by QA related training , which is not related to the 'medical device' does not need RA" blessing"- your opinion?

 

[yodon]

Do you have in your internal procedures that regulatory must check / approve each CAPA? If not, then I would think the auditor is overstepping a bit.

 

[blackholequasar]

I would think as long as the organization verifies that the action does not adversely affect the requirements, then there is really no need to have it approved any further. In the event that changes need to be made that may affect regulatory requirements or safety or performance of the medical device, then that could possibly justify checking with regulatory... though, do you have an internal regulatory department that may be required to sign off on a CAPA?

 

[clagros]

Do you have in your internal procedures that regulatory must check / approve each CAPA? If not, then I would think the auditor is overstepping a bit.

Our CAPA procedure states that when the CAPA is related to the product (the medical device) the related action items and activities are going through the ECO (change control) process, which always includes a mandatory regulatory assessment.
Otherwise (non-product related CAPAs) do not need regulatory supervision. We think we cover the ISO requirement, but the auditor insists that every CAPA needs regulatory assessment. Don't want to change the procedure just because of the auditor's interpretation. Your advice?

 

[clagros]

I would think as long as the organization verifies that the action does not adversely affect the requirements, then there is really no need to have it approved any further. In the event that changes need to be made that may affect regulatory requirements or safety or performance of the medical device, then that could possibly justify checking with regulatory... though, do you have an internal regulatory department that may be required to sign off on a CAPA?

Hi- Tnx! - please see my previous reply explaining the case.

 

[yodon]

Well, you basically have 2 choices: fight or flight.

You can press the auditor for clarification on what, exactly, the nonconformance is and then escalate the matter if you still feel it's unwarranted.

Or you can just loop Regulatory in on each CAPA. (Do you have so many CAPAs that it would be a burden for regulatory to approve each?)

I don't necessarily like the capitulation option as it only promotes bad auditor practices. But sometimes you pick your fights.

 

[Tagin]

ISO 8.5.3 d and 8.5.4 d state:
verifying that the action does not adversely affect the ability to meet applicable regulatory
requirements or the safety and performance of the medical device;
One NB auditor insisted that every CAPA has to be checked or approved by regulatory department. We think that is only related to the device, otherwise the standard would say so. For instance, a CAPA triggered by QA related training , which is not related to the 'medical device' does not need RA" blessing"- your opinion?

It all seems to hinge on the interpretation of 'verifying'. To me, 'verifying' leaves it up to the company as to how they satisfy that requirement. Indeed, it could be argued that you are using a two-stage verification, where stage one is:
"CAPA group classifies this CAPA as non-product related, and therefore is verification that applicable regulatory requirement are not adversely affected"

This could be strengthened if your regulatory department make some kind of policy statement, along the lines of:
"We have determined that non-product CAPAs do not require any additional verification review by our department to ensure that applicable regulatory requirement are not adversely affected."

Edit: Another way to state this is that the auditor is claiming that verification can only be performed by the regulatory department, whereas I am speculating that the regulatory department can delegate some of that review process to the CAPA group.

 

[levatorsuperioris]

I have a through on the possible issues: They are probably coming from a certain perspective. "Accept as is" NCR/CAPA result is not ok if it violates regulatory requirements ... this call is somewhat regulatory complex.

 

[François]

Our CAPA procedure states that when the CAPA is related to the product (the medical device) the related action items and activities are going through the ECO (change control) process, which always includes a mandatory regulatory assessment.
Otherwise (non-product related CAPAs) do not need regulatory supervision. We think we cover the ISO requirement, but the auditor insists that every CAPA needs regulatory assessment. Don't want to change the procedure just because of the auditor's interpretation. Your advice?

In the handbook of ISO 13485, the following is written in the intent :

verifying that a corrective action does not adversely affect the ability (of product, process or QMS) to meet applicable regulatory requirements, or
a medical device’s safety and performance.

So it seems that all CAPA must have a regulatory assessment (but not necesseraly by your RA team).

 

[TWA - not the airline]

I'm with Francois here. There may be types of CAPAs where you can generally determine beforehand that they never impact regulatory requirements, but these will be very few and special and the distinction product-related vs. not product-related will not be a satisfactory definition for this. If you add a signature field for RA on your CAPA form, then you're done, no further description/SOP needed. If you or your RA department wants to delegate then you need to put more into the CAPA SOP to show how you fulfil the requirement.