PROMISE: Our kitties will never sit on top of content. Please turn off your ad blocker for our site.
puuuuuuurrrrrrrrrrrr
Jon Speer
Published: Tuesday, December 19, 2017 - 12:03 Corrective and preventive action (CAPA) is an important process for your medical device company. In fact, the U.S. Food and Drug Administration (FDA) states in its Quality System Inspection Technique (QSIT) guide, “One of the most important quality system elements is the corrective and preventive action subsystem.” A solid CAPA process is foundational and an indicator of the health of a medical device company. While a healthy CAPA process is key to a healthy quality management system (QMS), it is equally important to understand how other QMS processes connect with CAPA. Some of the key QMS processes related to CAPA include: Once a product is launched, one of the first areas that provides an indication for product opportunities and issues are your customer feedback and complaint handling processes. From an FDA perspective, complaint handling is a very critical process. How and what you do when you receive complaints is important. Why? If a complaint caused an adverse event, then this could require a thorough investigation as well as reporting to the FDA and other regulatory agencies. Even if a complaint is not an adverse event in nature, it still is an indicator of your product’s performance. Investigating complaints requires a robust process very similar in concept to a CAPA process: Define the issue, determine root cause, and establish an action plan to address and correct the situation. Generally speaking, complaints are often more reactive in nature. In other words, it’s usually an event that has already happened. You seldom seek out complaints. Instead, you are contacted after a complaint has occurred. When you learn of the complaint, addressing the immediate issue is corrective in nature. But here is where understanding the connection between complaint handling and CAPA processes is important. Just because you have a complaint does not mean you automatically need to issue a CAPA. As noted, if your complaint process is robust, it will help ensure the complaint issue is properly addressed. Remember, CAPA is ideal for addressing systemic issues. Monitoring complaints and analyzing the underlying issues is important in determining if you have systemic product issues to address. Let me illustrate with an example: You get a call from a doctor that your device has an issue with a connector. You conduct a complaint investigation and address the situation for the doctor. When you review other complaint records and analyze the data, you discover that there have been other connector issues with this product line, as well as a couple other product lines. This analysis uncovers a potential systemic issue regarding connectors. This type of scenario is CAPA-worthy. Although addressing a singular complaint is somewhat reactive in nature, analyzing data for other similar issues is a way for you to be more proactive. The approach, however, that most companies seem to take is to wait for the connector issue (or omething similar) to surface multiple times as individual complaints and then issue a CAPA. Customer feedback is a concept that was introduced to the medical device industry with the emergence of ISO 13485 several years ago. The basic premise of customer feedback is that you are seeking feedback on your products, rather than just waiting for the feedback to come to you. Very few companies have successfully implemented a good customer-feedback process. Most rely heavily on complaint handling as a primary means of getting feedback. And as noted above, complaints are reactive in nature. Ideally, implementing a robust customer-feedback process will help you to identify opportunities for improvement for your products before product issues surface. A thorough customer feedback process is about being proactive. It’s about adopting an approach of continuous improvement. How does customer feedback relate to CAPA? It’s about evaluating and analyzing data. It’s about understanding where there are opportunities for improvement. When you identify these opportunities, evaluate them to see if addressing them is CAPA-worthy. Do you see how this approach is being proactive? When you launch your device into the market, you need to have processes in place to evaluate and ensure that the product conforms to established specifications prior to release. In the event your product doesn’t meet the defined specifications, the product is nonconforming. A solid nonconformance process is a good proactive measure; potential product issues should be identified before the product is shipped. A solid nonconformance process identifies the issue, incorporates root cause determination, and includes action plans to address the situation. If a nonconformance issue happens one time, this is not necessarily CAPA-worthy. Like the previous complaint example, analyzing nonconformance data is a proactive means to identify whether systemic issues are prevalent. If so, then yes, by all means, issue a CAPA to address the issue. Taking this type of approach is being proactive to address situations instead of just reacting to them after the fact. Every medical device requires production and process controls. Production and process controls include documented steps required to manufacture medical devices. This includes inspection procedures. Production and process controls are provisions you establish to ensure that the device is manufactured according to established safety specifications. Production and process controls also apply to software-based medical devices. While software as a medical device products are not “manufactured” per se, you do need to have established processes to ensure specifications are met and inspection criteria are defined. You must ensure that your software as a medical device is safe. Technically speaking, product issues identified during the production process should be captured as nonconformances. A nonconformance is the initial means to address issues with product not meeting established specifications. If the nonconformance is systemic in nature, then issuing a CAPA investigation is a best practice. There could also be issues with production-related processes. If you identify issues with production processes, then you need to determine a course of action. You can likely tackle these via your change-management process. However, if the issues are more systemic in nature, then consider a more thorough CAPA investigation. Supplier management involves qualifying, evaluating, and monitoring the performance of your suppliers. If you identify issues with items purchased from suppliers, then the first step is to issue a nonconformance. Again, a nonconformance is a means to document an issue when an item does not meet established specifications. When this happens, you need to determine, within the nonconformance documentation, whether to use the item as is, rework it, or return it to supplier. If this happens once, then managing the issue via nonconformance is likely sufficient. If a supplier has repeat infractions of failing to provide items that meet your specifications, then this is systemic. Yes, you guessed it: A CAPA investigation would then be a best practice. But what type of CAPA? Should this be handled internally by your company only? Possibly. Maybe you did a poor job of establishing the specifications. There might also be times when you need to issue a supplier corrective action request (SCAR) to your supplier. Issuing a SCAR is elevating the seriousness of the issue both within your company and (hopefully) with your supplier. If you issue a SCAR, you should track the actions related to this within your CAPA process, identifying the problem as supplier related. In the medical device industry, we are subjected to all kinds of audits and inspections: ISO audits, FDA inspections, supplier audits, internal audits, and so on. Most companies dread the thought of being audited. Although they’re time-consuming and strain resources, audits uncover issues that often need to be addressed—especially if discovered by an FDA inspector or ISO auditor. From another point of view, audits can be great opportunities for making improvements and discovering potential issues before they become problems. Internal audits are comprised of activities to self-assess and self-evaluate your QMS effectiveness. However, too many companies do not take this approach with respect to internal audits. Many companies do internal audits because they have to—a check-box activity. But internal audits, done properly, should be more rigorous and challenging than any other ISO audit or FDA inspection. In fact, this should be the goal of your internal audit program. As you conduct internal audits, you may uncover items to address. If these issues are systemic in nature, then they’re likely candidates for a more thorough CAPA investigation. Design controls are all about ensuring you have demonstrated, proven, and documented that your medical device is safe, effective, and meets the needs of the end-user. If you have a significant number of product nonconformances or product complaints, then I suggest you take action. The volume of nonconformances and complaints are a direct reflection of your design controls process. Design controls best practices are the number one way to reduce product-related quality events. Your executive leadership should be evaluating the effectiveness of your quality management system pretty routinely. Management reviews are times to assess the health of your medical device company. Reviewing customer feedback and complaints, nonconforming products, audits, and supplier performance are all invaluable inputs to management review. CAPA is one of the most important quality system elements, and as such, CAPA effectiveness is the keystone of management review. I’ve shared some insights about how QMS processes for customer feedback, complaints, nonconforming product, production and process controls, supplier management, audits, design controls, and management review interact and relate to CAPA. If these other QMS processes are effective, then congratulations—your quality system is likely right-sized and effective. If not, then do something about it! Establish an effective CAPA process to address your systemic issues, and get to a state of QMS effectiveness. Quality Digest does not charge readers for its content. We believe that industry news is important for you to do your job, and Quality Digest supports businesses of all types. However, someone has to pay for this content. And that’s where advertising comes in. Most people consider ads a nuisance, but they do serve a useful function besides allowing media companies to stay afloat. They keep you aware of new products and services relevant to your industry. All ads in Quality Digest apply directly to products and services that most of our readers need. You won’t see automobile or health supplement ads. So please consider turning off your ad blocker for our site. Thanks, Jon Speer is the founder and vice president of quality assurance and regulatory affairs at Greenlight Guru, a software company that produces the only medical device quality management software solution. Device makers in more than 50 countries use Greenlight Guru to get safer products to market faster. Speer has served more than 20 years in the medical device industry and helped dozens of devices get to market. As a thought leader and speaker, he regularly contributes to numerous industry publications. He is also the host of Global Medical Device Podcast. How CAPA Connects to Other QMS Processes
Building a healthy system foundation
• Complaint handling
• Customer feedback
• Nonconforming product
• Production and process controls
• Supplier management
• Audits
• Design controls
• Management reviewComplaint handling
Customer feedback
Nonconforming product
Production and process controls
Supplier management
Audits
Design controls
Management review
Bottom line
Our PROMISE: Quality Digest only displays static ads that never overlay or cover up content. They never get in your way. They are there for you to read, or not.
Quality Digest Discuss
About The Author
Jon Speer
© 2023 Quality Digest. Copyright on content held by Quality Digest or by individual authors. Contact Quality Digest for reprint information.
“Quality Digest" is a trademark owned by Quality Circle Institute, Inc.
Comments
CAPA connects to other QMS processes
First, thinking in the 1980s paradigm of a QMS is extremely dangerous and confusing to both management and employees of a business. Which take priority the QMS or the EMS or the HSMS or the SMS or C-TPAT or BIS export management of SOX financial management system? The answer to the modern business is none of these. Every business already possesses a Management System, a framework in which they operate which is most conducive to their own business and customer needs. Pressing ones business into the mold of ISO is the lest intelligent move any organization could ever make. taking that pathway will most certainly cause mass confusion and infective management.
I have been working as an auditor for decades and I observe this same phenomenon with many businesses who adopt ISO MSS as their saving grace. What I observe in the majority of cases is a more convoluted system of mismanagement. Its as if we took everything Deming taught us and simply threw it out the window, in order to build a pathway for an NGO to become the global authority for standards.
What is Corrective or Preventive action other than the ability of an organization to recognize and reduce or eliminate variation at meeting the expectations of its customers and interested parties? However, ISO MSS nor the majority of (some volume of step) corrective action programs ever eluded to the existence of variation existing either in the product of process. Most focus on the non-repetitive decision process, masked in the ideal of a root cause of failure related to a process. A process which has a plethora of variables acting upon it at any one point in time, will not have a root cause..... ever. That is simply flawed thinking. Further how many business understand their processes, map them and include all the variables in that mapping process? The answer is of course few to none at all.
Corrective action in most business is a hip shot at solving a problem using an 8 step process which bears no focus upon the variation of meeting expectations of customers or interested parties. Most start with defining the problem statement .... in this fish bone (ishikawa) diagram...... and so on and so forth until some result is reached called corrective action.
In order for true corrective action to occur, Management must understand its business processes as a whole including the interaction between various Transactional (ERP) systems and other minor support software. Understanding at this level could provide a picture of where variation might rear its ugly head and cause expectation not to be met. The result would then be to reduce variation based upon the severity of its occurrence, and the ability of an organization to detect it.
Its sure that any attempt to perform "Corrective Action" without understanding hos that action might effect the Management-system of the organization overall can be more disruptive than doing nothing at all. Organizations must understand ti impact corrective action has upon its overall system of meeting the expectations of Customers and Interested parties and not simply focus on one moving part which is the case with most corrective actions activities.
Preventive Acton is simply understanding ones business process designed to meet the expectations of customers and interested parties and any variation which could occur from those processes based upon the severity related to the variation, then putting controls in place or changing processes to reduce variation by its severity... All to often preventive action is bound up in risk assessment and continual improvement, neither of which focus on the variation related to overall business process which disrupt the ability of an organization to meet the expectation of its customers and its interested parties.
All organization actually do in relation to ISO stated corrective action is solve a localized symptom regardless of its impact upon the overall management system. so they can appease some external auditors whim. That is about the extent of most corrective action taken within an ISO management system. I have observed it time an again in my many decades of auditing. All an auditor need do is ask the manager presenting the corrective action hoe that action effects the business management systems ability to meet the expectations of Customers and Interested Parties and watch how the manager performs the tap dance. Managers don't answer because the majority of them have no clue regarding what the overall management system is related to their organization. If they make the QMS registrars auditor happy, things are corrected.... Right?