SBS - The Best Value in QMS software

Separate Corrective Action and Preventive Action Procedures

Lemko

Registered
#1
Hello, I saw the very old thread related to Separate or Combine CAPA procedures, but I am looking for some more recent guidance/news.

I recently changed jobs from one of the big Medical Device Manufacturers (class II and III devices) to a small company that has mostly unregulated but some class I devices which just had their 1 year ISO 13485 surveillance audit a month before I arrived. The company is very much immature in their transition from 'job shop' to medical device manufacturer.

One of the findings was related to insufficient documentation in the CAPA procedure detailing requirements to determine a PA. As a correction the company apparently told the auditor they were going to split the CAPA procedure up in order to address the finding-based on the auditor telling them it should be split up. I'm having a disagreement stemming from my interpretation of the finding and ultimately the appropriate correction to be making. Per the individuals I am working with, this company was told by the auditor that the term CAPA is not being used in international regulations/standards as they are being revised, and I was further told that IMDRF specifically call this out as two separate processes and that the FDA will move forward to emphasize two separate processes.

Not only is this the first time I've heard this (having a fair share of regulatory involvement and external auditor interaction as front room lead at my previous large company), I have also been trying to find any discussion on the web about it and am coming up empty. Am I being given run-around as the new guy coming in with unwanted ideas, or is this an actual movement within the industry to require CAPA be split into two different procedures? Also I don't want to get into a discussion of what path is correct (probably either depending on the company situation), just curious on requirements.

Thank you.
 
Elsmar Forum Sponsor

contigo123

Starting to get Involved
#2
I have not heard of this, and we recently had an ISO audit. What was the actual finding? Does the current CAPA procedure not have all the PA requirements from ISO 13485?
 

Ninja

Looking for Reality
Staff member
Super Moderator
#3
As a correction the company apparently told the auditor they were going to split the CAPA procedure up in order to address the finding
I am not in medical, anything I say should be with that in mind.

IMO, That was a really bad call.
Keep them together, and address the finding itself (if it is even valid, not enough info to tell).
 

Tagin

Trusted Information Resource
#4
Regardless of whatever the 'trend' might be, if you compare the flow and requirements of CA vs. PA in 8.5.2a-f vs. 8.5.3a-e there is overlap, but to me they are sufficiently different if flowcharted that its not unreasonable to have two similar - but different - procedures. That doesn't mean they have to be two different systems - CAs and PAs could still be in the same system; it's just that each is handled according to its type.

One of the findings was related to insufficient documentation in the CAPA procedure detailing requirements to determine a PA
Did the auditor reference 8.5.3 "The organization shall determine action to eliminate the causes of potential nonconformities..." or 8.5.3a "determining potential nonconformities and their causes" in this NC? If neither, what is the exact text of the NC?
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#5
Hello, I saw the very old thread related to Separate or Combine CAPA procedures, but I am looking for some more recent guidance/news.

I recently changed jobs from one of the big Medical Device Manufacturers (class II and III devices) to a small company that has mostly unregulated but some class I devices which just had their 1 year ISO 13485 surveillance audit a month before I arrived. The company is very much immature in their transition from 'job shop' to medical device manufacturer.

One of the findings was related to insufficient documentation in the CAPA procedure detailing requirements to determine a PA. As a correction the company apparently told the auditor they were going to split the CAPA procedure up in order to address the finding-based on the auditor telling them it should be split up. I'm having a disagreement stemming from my interpretation of the finding and ultimately the appropriate correction to be making. Per the individuals I am working with, this company was told by the auditor that the term CAPA is not being used in international regulations/standards as they are being revised, and I was further told that IMDRF specifically call this out as two separate processes and that the FDA will move forward to emphasize two separate processes.

Not only is this the first time I've heard this (having a fair share of regulatory involvement and external auditor interaction as front room lead at my previous large company), I have also been trying to find any discussion on the web about it and am coming up empty. Am I being given run-around as the new guy coming in with unwanted ideas, or is this an actual movement within the industry to require CAPA be split into two different procedures? Also I don't want to get into a discussion of what path is correct (probably either depending on the company situation), just curious on requirements.

Thank you.
ISO 13485:2016 has ISO 9000:2015 as a normative reference. The definitions of corrective and preventive action are provided there. Let's remember that ISO 13485:2016 did not follow the HLS, which dropped "substituted" preventive action for risk based thinking. Source 1 of confusion.

The term CAPA, typically used in the Medical Device Sector is not in line with the ISO 9000 definitions. In CAPA, (Corrective Action Preventive Action), the CA normally relates to correction (as per ISO definition) and PA normally relates to corrective action (as per ISO definition) . Source 2 of confusion. By the way, I had made a comment about this in this post.

As for FDA and CAPA new guidance, I found this article from a couple of years ago. An excerpt reads: "...FDA has revised section 820.100(a)4 to reflect that preventive and corrective action must be verified or validated. One of the things that was brought out in the preamble discussion was why do we have to go back and validate or verify preventive action? ..."The article also points to this guidance document. (also attached below)

Let's remember that under the old structure (pre-HLS) of ISO 9001, we saw countless and mind numbing discussions in this space about preventive actions and some of that might be at play here.

My advice for the OP is to make sure he understands CLEARLY what the auditor was referring to; meaning was the auditor referring to PA as prevention of recurrence (which is corrective action by ISO 9000 definition) or prevention of POTENTIAL nonconformities.

Good luck.
 

Attachments

Tidge

Trusted Information Resource
#6
One of the findings was related to insufficient documentation in the CAPA procedure detailing requirements to determine a PA. As a correction the company apparently told the auditor they were going to split the CAPA procedure up in order to address the finding-based on the auditor telling them it should be split up. I'm having a disagreement stemming from my interpretation of the finding and ultimately the appropriate correction to be making. Per the individuals I am working with, this company was told by the auditor that the term CAPA is not being used in international regulations/standards as they are being revised, and I was further told that IMDRF specifically call this out as two separate processes and that the FDA will move forward to emphasize two separate processes.
It should make no difference if there are separate/parallel or distinct processes for CA and PA.

My personal sense is that there was a push towards making CA and PA nearly identical; for example I'm seeing more places require an 'effectiveness check' for PA, whereas in previous eras a PA process would stop with 'implementation'.
 

Lemko

Registered
#7
Thank you for the replies, there is good information here for me to think about. This is the exact wording of the finding for those interested:

Finding: The Preventive action process observed not to be fully effective

Requirement: The organization shall determine action to eliminate the causes of potential nonconformities in order to prevent their occurrence. Preventive actions shall be proportionate to the effects of the potential problems. The organization shall document a procedure to describe requirements for:
a) determining potential nonconformities and their causes;
b) evaluating the need for action to prevent occurrence of nonconformities;
c) planning and documenting action needed and implementing such action, including, as appropriate, updating documentation;
d) verifying that the action does not adversely affect the ability to meet applicable regulatory requirements or the safety and performance of the medical device; e) reviewing the effectiveness of the preventive action taken, as appropriate.

Records of the results of any investigations and of action taken shall be maintained (see 4.2.5).

Objective Evidence: One could not verify from the established procedure for preventive action how the organization describe requirements for determining potential nonconformities.
 

Bev D

Heretical Statistician
Staff member
Super Moderator
#8
Words matter.
Unfortunately the people who wrote these standards used the same root word (prevent) in two very different ways. And then too many users misinterpreted and smashed them together to create the extremely unfortunate acronym CAPA.
Look at the requirement: this is only about taking preventive action for non-conformities that have not yet occurred. This type of preventive action is a bit intangible as many people have difficulty understanding something that hasn’t yet occurred.

Now when a non-conformity has occurred we can take either corrective action (only fix the nonconforming thing) or corrective action to prevent the re-occurence of the nonconformity in the future.

These two things are very different and are not to be conflated, mashed up or confused.
 

John Broomfield

Staff member
Super Moderator
#9
Preventive action is driven by planning, risk assessment and the analysis of data. Whereas corrective is driven by nonconformity. So, each type of action starts in a different way.

Both PA and CA require the removal of root causes from the system. So, PACA may share the same problem solving activities within these two separate processes.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#10
Preventive action is driven by planning, risk assessment and the analysis of data
There are many reasons why "preventive action", as a stand-alone process was obliterated removed from the common text in the HLS. From one of (many) TC 176 papers:

One of the key changes in the 2015 revision of ISO 9001 is to establish a systematic approach to considering risk, rather than treating “prevention” as a separate component of a quality management system.

Risk is inherent in all aspects of a quality management system. There are risks in all systems, processes and functions. Risk-based thinking ensures these risks are identified, considered and controlled throughout the design and use of the quality management system.

In previous editions of ISO 9001, a clause on preventive action was separated from the whole. By using risk-based thinking the consideration of risk is integral. It becomes proactive rather than reactive in preventing or reducing undesired effects through early identification and action. Preventive action is built-in when a management system is risk-based.
A QMS, by design, focuses on preventing quality problems. Having an artificial, stand-alone expectation of separate preventive actions is asinine. So much so that the HLS dropped it.
 
Thread starter Similar threads Forum Replies Date
Q Corrective Action as a Separate Procedure ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
R CAPA (Corrective Action Preventive Action) Procedures Separate or Combined Nonconformance and Corrective Action 9
A Are two separate procedures required for Corrective action and preventive actions Document Control Systems, Procedures, Forms and Templates 38
C Is a separate Corrective & Preventive Action procedure necessary? Nonconformance and Corrective Action 10
S Preventive and Corrective Procedures - Separate Procedures? Special Procedures? Nonconformance and Corrective Action 8
Marc Corrective vs. Preventive Systems and Procedures - Separate Procedures? Nonconformance and Corrective Action 12
C Warehousing two separate components to a finished device while meeting regulations Other US Medical Device Regulations 7
D ISO 13485 - 7.3.6 Design and development verification - Do most folks create a separate SOP? ISO 13485:2016 - Medical Device Quality Management Systems 6
H ISO 13485 - Separate Microbiology Audits ISO 13485:2016 - Medical Device Quality Management Systems 8
M UDI Database and EUDAMED - Will there be two separate databases? EU Medical Device Regulations 4
I Can a document (form) approval record be separate? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
J Organization merger. Should we keep two separate ISO 13485 certificates? ISO 13485:2016 - Medical Device Quality Management Systems 6
CPhelan Internal audit - Combine similar nonconformities in one or keep separate? Internal Auditing 6
S "X-MR charts do not separate piece-to-piece repeatability of the process" Statistical Analysis Tools, Techniques and SPC 2
R How far apart can you schedule separate areas or departments in your internal audit? Internal Auditing 4
S Do we need separate stand alone procedure for Suspect Unapproved Parts? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
J Facilities - Placing our assembly group into a separate building ISO 13485:2016 - Medical Device Quality Management Systems 8
W Product Audit - It must be a separate and distinct activity (IATF 16949) IATF 16949 - Automotive Quality Systems Standard 4
C ISO 14001 vs Existing Quality System - How to keep them separate? ISO 14001:2015 Specific Discussions 3
T Should Testing be a separate operation in the Control Plan? FMEA and Control Plans 5
P Two separate 510k submissions for one device from the same company Other US Medical Device Regulations 10
B ISO 9001:2015 8.4 External Providers - If work is transferred to a separate facility ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
M Is a separate ISO/TS16949 certificate required for an extension site? IATF 16949 - Automotive Quality Systems Standard 4
T Two Separate Businesses - Only Part of Company Certified ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
D Separate Classifications for Medical Device Accessories EU Medical Device Regulations 2
R One-Time parts separate from QMS? Quality Manager and Management Related Issues 9
D Is a separate spreadsheet required for the ASL (Approved Supplier List)? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
R Connection to a generic separate power supply IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
S Regulations for Selling Convenience Kit vs. Selling Separate Parts Other US Medical Device Regulations 2
cscalise Separate Forms or Procedure Attachments - What's more common? Document Control Systems, Procedures, Forms and Templates 2
C Do separate sites need separate documents? Document Control Systems, Procedures, Forms and Templates 7
A Newly Incorporated Business - Separate Scope and/or Separate Cert? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
L Should Internal Audit CAPAs be kept separate from "normal" CAPAs? ISO 13485:2016 - Medical Device Quality Management Systems 6
P Separate procedures? ISO 14k System combined with OHSAS 18001 Occupational Health & Safety Management Standards 3
J Device Registration and Listing - Separate for Device and corresponding Instruments? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
C How to handle Outsourcing with Same Site - Separate Cert ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
B Two Separate Legal Entities - Manufacturer Vs. Contract Manufacturer 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 20
Q Separate Quality System? Product line of a parent company spins off 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
P How to separate Product Design Review, Verification, and Validation Activities ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 26
C What can you do if Quality is treated as a separate function in an organization? Quality Manager and Management Related Issues 24
C Separate Certification - Can I combine documents for ISO14001, OHSAS18001 & AS4801? Miscellaneous Environmental Standards and EMS Related Discussions 3
S IEC 62366 - Embedded Software in separate Usability Engineering File? IEC 62366 - Medical Device Usability Engineering 1
K How do ISO 9001 Requirements apply to 2 sets of specifications to 2 separate vendors? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
D Include as an attachment or make a separate document? Advise on Document Numbering Document Control Systems, Procedures, Forms and Templates 1
F Multiple Business Lines (Separate Corporations) in one Facility AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
B Separate Clinical Trials in the US and the EU - When one fails - question US Food and Drug Administration (FDA) 3
M Can I be a legal manufacturer without being a separate legal entity? CE Marking (Conformité Européene) / CB Scheme 6
B Hospital Operating Room Regulations - Separate Entrances for Clean and Dirty Supplies Hospitals, Clinics & other Health Care Providers 4
S Separate Medical Device 12V Power Source - What inspection and testing is required? IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
M Does ISO/IEC 17025:2005 require the Laboratory to have separate ISO 9001 Procedures ISO 17025 related Discussions 4

Similar threads

Top Bottom