Hi_Its_Matt
Involved In Discussions
I am thinking about streamlining my process for responding to audit findings (internal and external) and my corrective / preventive action process. In my mind, they should be very similar: document the problem, contain and correct the immediate issue, determine the root cause, determine (based on risk) whether action is needed to prevent recurrence, and finally, if actions are needed, implement them and review their effectiveness.
So with that, my two-part question:
Do you all use a different process/form/system for responding to internal versus external audit findings? And second, is this process distinct from your “CAPA system?”
I have read several threads here where people advocate for keeping responses to audit findings out of the "CAPA system." However this seems to be driven more by the idea that the "CAPA system" is a very big hammer to wield for what are potentially small issues. My counter to that would be to modify the CAPA process to be more flexible and risk-based, rather than having it be so burdensome.
Extraneous details on how this all came up:
The company I work for recently received a non-conformance from our notified body stating that our corrective action process is not fully effective because we “have not defined a process for the correction, corrective action, preventive action, or effectiveness review of nonconformities identified during external audits.” (Ironic, isn’t it).
The evidence is we had a 2019 finding that was entered into our corrective action system, but the 2020 findings were not entered into the corrective action system, and we just used the form that the notified body provided to us. (This handling difference was caught in the 2021 audit, which generated the finding above.) The real cause of this is that the 2019 issue required real corrective action, while the 2020 findings required just correction. What caught the auditors eye is that we didn’t have documented evidence that we reviewed the effectiveness of the corrections we took to address the 2020 findings. The corrections were indeed implemented, and it was self-evident that they were effective, we just didn’t document that anywhere. I started in early 2021, so these were both before my time.
I DO agree with the auditor that our processes are not clear (i.e. not documented) on how to handle external audit findings (do we use our "audit finding response form" or our "corrective action form"). And so I am looking to document such process. The whole effort just has me wondering why we use separate forms and systems in the first place.
For what its worth, this is a small (<20 person) medical device design consulting company, so we are able to change things up to suit our needs quite easily, without the bureaucracy that may come at a larger organization.
So with that, my two-part question:
Do you all use a different process/form/system for responding to internal versus external audit findings? And second, is this process distinct from your “CAPA system?”
I have read several threads here where people advocate for keeping responses to audit findings out of the "CAPA system." However this seems to be driven more by the idea that the "CAPA system" is a very big hammer to wield for what are potentially small issues. My counter to that would be to modify the CAPA process to be more flexible and risk-based, rather than having it be so burdensome.
Extraneous details on how this all came up:
The company I work for recently received a non-conformance from our notified body stating that our corrective action process is not fully effective because we “have not defined a process for the correction, corrective action, preventive action, or effectiveness review of nonconformities identified during external audits.” (Ironic, isn’t it).
The evidence is we had a 2019 finding that was entered into our corrective action system, but the 2020 findings were not entered into the corrective action system, and we just used the form that the notified body provided to us. (This handling difference was caught in the 2021 audit, which generated the finding above.) The real cause of this is that the 2019 issue required real corrective action, while the 2020 findings required just correction. What caught the auditors eye is that we didn’t have documented evidence that we reviewed the effectiveness of the corrections we took to address the 2020 findings. The corrections were indeed implemented, and it was self-evident that they were effective, we just didn’t document that anywhere. I started in early 2021, so these were both before my time.
I DO agree with the auditor that our processes are not clear (i.e. not documented) on how to handle external audit findings (do we use our "audit finding response form" or our "corrective action form"). And so I am looking to document such process. The whole effort just has me wondering why we use separate forms and systems in the first place.
For what its worth, this is a small (<20 person) medical device design consulting company, so we are able to change things up to suit our needs quite easily, without the bureaucracy that may come at a larger organization.