The Preventive Action (PA) has always been at the center of confusion and has been also seen as an extension of the CA, because of the common term CAPA that is mostly in use. It has taken years to clarify (hopefully) that the CA does not have to be followed up with a PA. PA in itself was left to the wild imagination of the MR, if I may say so, to manage during an audit process. At other places some had gone to the extent of capturing any and all possible actions as PA without perhaps proper linkage.
Let’s see how the new ISO 13485 helps us in understanding this. At clause 0.2, the standard limits the concept of risk to safety or performance requirement of the medical device, or meeting the applicable regulatory requirement. The Preventive Action clause 8.5.3 also tells that the action taken does not adversely affect ability to meet regulatory requirement, or the safety and performance of the medical device. Taking these clues and understanding that potential nonconformities are possible risks., when we go through the standard, we can see a lot of situations where the PA are to be taken. When these are suitably recorded and linked to the PA documented procedure as appropriate to the organization, lot of clarity will emerge towards what the Preventive Action is…
Making a simple list will capture the PA areas which I can see as following …
Control of documents [specifically the g) and h) in 4.2.4] / Human resource (more specifically a trained and competent regulatory officer) / Infrastructure (like Clean room, Pure water system, ESD work areas, specified work environment) / Contamination control / Notification of changes in purchased products (comes from FDA 21 CFR 820) / The controls of production and service provisions / Cleanliness of products / Validation / The specified particular requirements / Feedback process / ..
When you can link these said practices (your practices) as applicable to you into your PA documented procedure, you are done. Your PA are bright, clear and demystified.
Comments …..
Let’s see how the new ISO 13485 helps us in understanding this. At clause 0.2, the standard limits the concept of risk to safety or performance requirement of the medical device, or meeting the applicable regulatory requirement. The Preventive Action clause 8.5.3 also tells that the action taken does not adversely affect ability to meet regulatory requirement, or the safety and performance of the medical device. Taking these clues and understanding that potential nonconformities are possible risks., when we go through the standard, we can see a lot of situations where the PA are to be taken. When these are suitably recorded and linked to the PA documented procedure as appropriate to the organization, lot of clarity will emerge towards what the Preventive Action is…
Making a simple list will capture the PA areas which I can see as following …
Control of documents [specifically the g) and h) in 4.2.4] / Human resource (more specifically a trained and competent regulatory officer) / Infrastructure (like Clean room, Pure water system, ESD work areas, specified work environment) / Contamination control / Notification of changes in purchased products (comes from FDA 21 CFR 820) / The controls of production and service provisions / Cleanliness of products / Validation / The specified particular requirements / Feedback process / ..
When you can link these said practices (your practices) as applicable to you into your PA documented procedure, you are done. Your PA are bright, clear and demystified.
Comments …..
Last edited by a moderator: