Root Cause and Corrective Action for CAPA's lacking validation/verification

mrsrobinson1110

Starting to get Involved
#1
Our 13485 auditor found that some of our corrective and preventive actions lacked adequate verification or validation activities/documentation. My question is, how would I go about completing an investigation and root cause analysis on a procedural problem? I find myself repeating the same things for both......when completing an investigation/root cause analysis for a specific issue or problem, the investigation and root cause analysis are fairly straight forward, but I'm having trouble with what to put on procedural corrective action reports. Any suggestions? Thanks!
 
Elsmar Forum Sponsor

Tagin

Trusted Information Resource
#2
When you say "CAPA's lacking validation/verification", was the auditor referring to 8.5.2f & 8.5.3e ("reviewing the effectiveness of the corrective/preventive action taken, as appropriate")? If not, what clause(s) did the auditor cite?
 

Bev D

Heretical Statistician
Leader
Super Moderator
#4
Here’s to you mrsrobinson :)LOL:): What kind of corrective and preventive actions were found to be non complaint? Can you give specifics? Can you quote the finding?
 

QuickSpace

Starting to get Involved
#5
Our 13485 auditor found that some of our corrective and preventive actions lacked adequate verification or validation activities/documentation. My question is, how would I go about completing an investigation and root cause analysis on a procedural problem? I find myself repeating the same things for both......when completing an investigation/root cause analysis for a specific issue or problem, the investigation and root cause analysis are fairly straight forward, but I'm having trouble with what to put on procedural corrective action reports. Any suggestions? Thanks!
If I'm getting your question right, below is my input. Basically, when you are defining a Corrective and preventive action plan, you should always identify what is your plan to verify those corrective and preventive actions after it is implemented. For example, as part of a Corrective action plan, you are introducing a new process, updating that in your procedure, and releasing it, your verification will basically be, to verify whether the new process is implemented by your team, to see if there is the occurrence of same nonconformance which may be attached the evidence to it, it can be anything. If your corrective action is providing training, your verification will be training effectiveness evidence and training record. Verification would be checking your corrective action is effective - as simple as that.
 
Last edited:

Bev D

Heretical Statistician
Leader
Super Moderator
#6
If you implement a “new process” verification would be that some procedural document was written or revised and released and probably that training was completed. BUT final validation of EFFECTIVENESS would be to audit/review/observe that the new process eliminated or substantially reduced the actual occurrence of the non conformance.
 

mrsrobinson1110

Starting to get Involved
#7
The auditor said specifically

"your firm failed to include requirements for validating the corrective and preventive actions to ensure that such action is effective and does not adversely affect the finished device. In addition, CAPA records reviewed during the inspection did not include verification or validation activities to demonstrate effectiveness."

I believe the problem stemmed from the CAPA's being written in such a way that there was an assumption that if the stated action was completed then the action would be effective. The actions WERE effective, but there was lack of follow-through in documenting the proof. I'm having a hard time putting into words how to validate a corrective action that is intended to correct un-validated corrective actions. It feels like I'm talking in circles! I think I'm going to go with re-training and verification/validation will be done during next audit.
 

Ronen E

Problem Solver
Moderator
#8
My take:

First, Verification and Validation are not the same. They are actually quite different, at least in my world. When someone instructs you to "verify something" or they instructs you to "validate something", referring to the exact same "something", the resulting course of action necessary to comply with such instruction can be significantly different. Further, when it's required to "verify or validate" that "thing", it's quite different from requiring to verify it; to validate it; or to verify and validate it - because "verify or validate" means you can choose either, and suffice with that only (which to me doesn't make too much sense - the person should know what exactly they require, and if they don't they should use words like "ensure")... In the regulatory field words do matter. A lot.

Second, it's critical to note what exactly we're required to verify or validate.
Is it:
"the CAPA"...?
"the CAPA activity"...?
"the CAPA effectiveness"...? (and does that relate to the non-recurrence of the NC, or to the elimination of the perceived root cause?)
"the creation/existence of documented requirements / SOP for CAPA"...?
"the device's safety and effectiveness"...? (at what point/stage?)

There is a lot to observe/clarify here.

It seems to me that the auditor mentioned above did not care too much about these issues and didn't go to the trouble of clarifying these aspects beyond any practical doubt. Therefore, it's the auditee's job to ask the auditor questions proactively, until they are certain what exactly the NC is about and what they need to do to eliminate it (and prevent recurrence, haha). I would have actually asked the auditor "If we do <X> and show you <Y>, would we be on the right path to closing this NC?"

A prime source of guidance on this issue is ISO 13485:2016 Practical Guide. Highly recommended.
 
Last edited:

Tidge

Trusted Information Resource
#9
The auditor said specifically

"your firm failed to include requirements for validating the corrective and preventive actions(*1) to ensure that such action is effective and does not adversely affect the finished device. In addition, CAPA records reviewed during the inspection did not include verification or validation activities to demonstrate effectiveness.(*2)"
(*1) This reads to me as if the procedures themselves are silent on the need to have an effectiveness check for CAPA Action Items.

(*2) This reads to me as if the CAPA records themselves are incomplete and require remediation; the remediation ought to be commensurate with the procedural updates made to satisfy (*1). Remediating all of the past CAPA can be painful, but without revisiting them for verification of effectiveness the same finding is likely to be found on the next inspection.

It should go without saying: Responding to this observation should be its own Corrective Action, with multiple action items.

I believe the problem stemmed from the CAPA's being written in such a way that there was an assumption that if the stated action was completed then the action would be effective. The actions WERE effective, but there was lack of follow-through in documenting the proof.
I have no reason to disbelieve you. Unstated assumptions and ad hoc-ery are dangerous things when trying to demonstrate any sort of "system", especially a quality management system.
 

mrsrobinson1110

Starting to get Involved
#10
My take:

First, Verification and Validation are not the same. They are actually quite different, at least in my world. When someone instructs you to "verify something" or they instructs you to "validate something", referring to the exact same "something", the resulting course of action necessary to comply with such instruction can be significantly different. Further, when it's required to "verify or validate" that "thing", it's quite different from requiring to verify it; to validate it; or to verify and validate it - because "verify or validate" means you can choose either, and suffice with that only (which to me doesn't make too much sense - the person should know what exactly they require, and if they don't they should use words like "ensure")... In the regulatory field words to matter. A lot.

Second, it's critical to note what exactly we're required to verify or validate.
Is it:
"the CAPA"...?
"the CAPA activity"...?
"the CAPA effectiveness"...? (and does that relate to the non-recurrence of the NC, or to the elimination of the perceived root cause?)
"the creation/existence of documented requirements / SOP of CAPA"...?
"the device's safety and effectiveness"...? (at what point/stage?)

There is a lot to observe/clarify here.

It seems to me that the auditor mentioned above did not care too much about these issues and didn't go to the trouble of clarifying these aspects beyond any practical doubt. Therefore, it's the auditee's job to ask the auditor questions proactively, until they are certain what exactly the NC is about and what they need to do to eliminate it (and prevent recurrence, haha). I would have actually asked the auditor "If we do <X> and show you <Y>, would we be on the right path to closing this NC?"

A prime source of guidance on this issue is ISO 13485:2016 Practical Guide. Highly recommended.

Is that the Practical Field Guide for ISO 13485:2016 by Myhrberg and Raciti?
 
Thread starter Similar threads Forum Replies Date
B NADCAP Rejection Response to Root Cause Analysis and Corrective Action. Nonconformance and Corrective Action 1
E CAR (Corrective Action Report) with questionable Root Cause ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 16
P Examples of Nonconformance, Corrective Action Requests, and Root Cause Analysis Nonconformance and Corrective Action 2
H Root Cause Corrective Action Examples Nonconformance and Corrective Action 4
D Root Cause and Corrective Action - Is our Practice Acceptable? ISO 13485:2016 - Medical Device Quality Management Systems 5
B Root Cause Analysis and Corrective Action Program for Inventory Inaccuracies Nonconformance and Corrective Action 8
Fender1 Corrective Action and Root Cause Analysis for a Missing Assembly Part ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
C Root Cause and Corrective Action Training Training - Internal, External, Online and Distance Learning 4
T Drop Down ("Standard") Categories for Corrective Actions & Root Cause Nonconformance and Corrective Action 4
T Corrective Action and Root Cause Training Training - Internal, External, Online and Distance Learning 3
C System Root Cause and CA (Corrective Action) for ISO 13485 Audit Nonconformances ISO 13485:2016 - Medical Device Quality Management Systems 3
U Non Conformance - Root Cause & Corrective Actions - Civil Construction Projects ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
L Root Cause Condition / Corrective Action Condition Problem Solving, Root Cause Fault and Failure Analysis 2
W Corrective Actions - Getting to the True Root Cause Problem Solving, Root Cause Fault and Failure Analysis 12
F Can we reply to a CAR (Corrective Action Request) without Root Cause? Problem Solving, Root Cause Fault and Failure Analysis 24
E Please Critique my Root Cause Corrective Action Form training Problem Solving, Root Cause Fault and Failure Analysis 4
E RCCA (Root Cause Corrective Action) Training Materials Training - Internal, External, Online and Distance Learning 8
Q Corrective Action - CAPA - Root Cause - Not following the training procedure! Problem Solving, Root Cause Fault and Failure Analysis 13
E Root Cause Corrective Action - Identification and Traceability Problem Solving, Root Cause Fault and Failure Analysis 5
K Corrective Action and Root Cause Training Presentation wanted Problem Solving, Root Cause Fault and Failure Analysis 10
Q Preventive Action vs. Corrective Action - What about Root Cause? Problem Solving, Root Cause Fault and Failure Analysis 30
S Developing and implementing a Corrective Action Reporting System w/ Root Cause Analy Problem Solving, Root Cause Fault and Failure Analysis 3
B Reviewing corrective action - How to ensure that root cause analysis is correct Problem Solving, Root Cause Fault and Failure Analysis 5
T Effective Root Cause Analysis / Corrective Action - Managements root cause ideas Problem Solving, Root Cause Fault and Failure Analysis 7
A Root Cause Verification - Corrective Action Effectiveness, or Root Cause Verification Problem Solving, Root Cause Fault and Failure Analysis 24
B Root cause analysis software - Off the shelf software to guide Corrective Action team Problem Solving, Root Cause Fault and Failure Analysis 9
C 8D Corrective Action Root Cause Problem Solving Training Problem Solving, Root Cause Fault and Failure Analysis 6
Marc True root cause in a corrective action process - How do you know? Problem Solving, Root Cause Fault and Failure Analysis 35
Marc Corrective Action and Root Cause - The Humourous Boeing Repair Responses Problem Solving, Root Cause Fault and Failure Analysis 5
R Root Cause Analysis - Nonconformance and Corrective Action - 8D - Root Cause Problem Solving, Root Cause Fault and Failure Analysis 2
G Root cause for outsourced pest control service not in approved supplier list ISO 13485:2016 - Medical Device Quality Management Systems 4
qualprod Subsequent failure can also be a root cause? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
qualprod Root cause only the first step, or the next? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
Y MD Recall root cause Medical Device and FDA Regulations and Standards News 4
J Contingency Plan missing Utility Interruptions - Root cause support needed IATF 16949 - Automotive Quality Systems Standard 8
M Root cause for lack of quality objectives for HSE Dept. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
Q Lack of transparency root cause US Medical Device Regulations 18
M Root cause General Auditing Discussions 6
J NADCAP Root Cause - Misinterpretation of Checklist Requirement Various Other Specifications, Standards, and related Requirements 5
Lee Taylor Indentifying human error as a root cause Human Factors and Ergonomics in Engineering 51
K HR concerns with listing human factors as root cause Problem Solving, Root Cause Fault and Failure Analysis 11
qualprod What is exactly the root cause? Nonconformance and Corrective Action 9
M Test failure Root cause not found Customer Complaints 13
Tagin You're Gonna Need a Bigger Root Cause Coffee Break and Water Cooler Discussions 12
Q IATF audit - Root Cause Analysis results IATF 16949 - Automotive Quality Systems Standard 5
qualprod D5 of 8D clarification, how to verify root cause Problem Solving, Root Cause Fault and Failure Analysis 26
T Tactics for Root Cause Analysis Problem Solving, Root Cause Fault and Failure Analysis 4
W Misinterpretation of requirement acceptable as root cause? Problem Solving, Root Cause Fault and Failure Analysis 19
T Root Cause Failure Analysis - Not following Customer packaging Specification Problem Solving, Root Cause Fault and Failure Analysis 9
D Root Cause for Missed Audits Misc. Quality Assurance and Business Systems Related Topics 1

Similar threads

Top Bottom