Year after year, the corrective and preventive action (CAPA) process continues to be the most widely shared challenge for most medical device companies.
FDA recommends that all companies have clearly documented CAPA procedures and that the company is actually following those procedures. The regulations are relatively clear, yet CAPA is still one of the most common compliance issues companies get caught up with in their development cycle. Planning an effective approach to CAPA is important, not just from a regulatory standpoint, but for the good of your company as a whole.
1. Lack of Cross-Functionality
2. Reactive instead of Proactive
4. Poor Root Cause Determination
5. Poor Definition of a CAPA Process
Bonus Resource: Click here to download your free PDF of the CAPA Process Diagram.
CAPA is most often a process owned by the Quality team in any organization. This group makes the decision about whether a CAPA needs to be issued, and more often than not, they make that call unilaterally. Does this make sense? Not always.
Over the years it seems that by default, Quality has been deemed as the responsible party for all things CAPA-related. However, CAPA in my view should be treated like any other major project - all functions who are involved with the issue should be involved with the CAPA, as well. This is really the only way to clearly determine the root cause or underlying issues, but a lot of companies don’t do this, leaving CAPA at quality’s door.
Cross-functional teams are important because they help to provide a more holistic view of what is going on within the organization. If you place the full responsibility of a complex process, such as CAPA, with one department, they will inevitably apply their own biases and critical information may be missed. It is seldom the case that a CAPA issue really only involves quality anyway.
One of the best things a company can do is to balance knowledge throughout all parts of the business.
Another recommendation would be to implement consistent, cross-functional management review meetings. During an inspection, companies are expected to be able to provide proof that a management review policy has been established. The last thing you want to happen is to receive a 483 observation during your next inspection, so I encourage you to start assembling a management review board (MRB) of some kind within your organization as soon as possible.
Now, a lot of companies view the task of conducting a management review as some kind of annual (or semiannual) checkbox activity. This is the wrong way to look at it. If you’re meeting once or twice a year, you’re only gathering pixels from the actual picture. The reality is, there could be issues happening at any time and you may either miss them, or recognize them when it’s too late.
If you take my advice and conduct these meetings on a frequent, regular basis, you’ll have a much better chance of quickly flagging issues that could warrant a CAPA upon review. Ultimately, the goal of the MRB is to review, assess, evaluate, prevent, correct, and control quality issues - this definitely requires the knowledge of a cross-functional team.
As an industry, we’ve become very good at corrective action, but not so good at preventive action. It might sound a bit Utopian, but what if we simply set the bar higher? What if we aimed for no complaints or nonconformances? Being proactive starts early in the design and development phase - this is when you consider how you might create a product with the lowest amount of risk possible.
One of the challenges for the medical device industry is that we’re often relying on lagging data to take certain actions. A complaint or nonconformance relates to something that has already happened. What if we collected more leading data? For example, we could proactively seek feedback or survey customers before there’s any kind of issue at all.
Many companies opt for an easier solution to mitigating risk by adding some disclaimers to the labeling of their product. There is a more systematic and proactive approach that can be taken to ensure that the device was developed as intended and meets all user needs. This very same process can and should be implemented when managing CAPAs.
Every company and device is different, so it’s impossible to expect that the regulatory criteria that is currently published will be perfectly applicable to each device. Companies should proactively establish their own criteria (including any regulatory requirements, of course), based on their own knowledge of their products. It’s not feasible to treat symptoms all the time, we need to take the necessary steps before there are any symptoms to prevent them from happening in the first place.
Are CAPAs used too frequently or not frequently enough?
The key thing about the CAPA process is that there are a lot of different processes that feed into it. You need to be diligent, but also apply scrutiny to what does and doesn’t require CAPA. Remember, every issue you come across does not warrant a CAPA!
So, when should you, or when should you not issue a CAPA? Put simply, a CAPA should be used to address a systemic issue. If you turn every complaint into a CAPA, you will overburden your resources and costly mistakes will be sure to ensue.
In the same breath, I’d also say, don’t wait for something bad to happen before you issue a CAPA. For example, if there is a fitting that is not operating as it should, be proactive about investigating whether that fitting is used in any other products or processes. This way you address any real issues well before they become too complex to tackle without a CAPA.
Of course, you shouldn’t underuse CAPA either. Serious, systemic issues warrant a CAPA and the FDA is looking to see that you act on them and follow up.
I often notice that there seems to be little time spent determining the root cause of an issue. A common mistake is to simply restate the problem with different wording and pass that off as the root cause determination. Of course, it isn’t - it’s the symptom generated by the root cause.
The danger of not properly identifying and defining root cause is that you’re likely to encounter the same issue again, perhaps even as a recurring event, and this is because the real root cause was never addressed nor resolved.
In terms of determining the root cause of an issue, there are many different types of methods one can use. A personal favorite of mine is the “Five Whys” technique. This method is pretty true to its name as it involves asking more or less 5 “why” questions until you get to the bottom of the issue with an actionable root cause. The reason why I say “more or less” is because sometimes it will only take a few questions and other times it will take closer to 10; every situation is unique, so it just depends.
Let’s look at an example using the standard 5 question sequence to determine the root cause of a device that broke during use...
Why? → The device is being exposed to extreme forces at point of use.
Why? → The use technique at facility ABC is different than intended.
Why? → Facility ABC did not receive in-service training.
Why? → There is no resource assigned to provide training for that facility.
Why? → No process to confirm that all use facilities require in-service training before products can be sold to a facility.
For the last several years, CAPAs have remained as the leading culprit for 483 observations issued during inspections. If your company is a recipient of one of these, it usually means one of three things:
Your defined CAPA process is not being followed.
Your defined CAPA process is not compliant.
You have not defined a CAPA process.
There seems to be a common theme here. So what can you do to avoid finding yourself in this position in the first place? Let’s use that proactive approach I mentioned earlier in the article. Try issuing yourself with an annual “CAPA on your CAPA” - an internal review of your CAPA process to ensure everything is working properly or if there are any holes that need to be fixed.
This holistic approach to managing CAPAs can also help you become attune to patterns and be proactive in your approach. Think of your own process in terms of “PACA” rather than CAPA. Ideally, we want to be proactive first, that way the corrective action is no longer needed or at least minimal.
Bonus Resource: Click here to download your free PDF of the CAPA Process Diagram.
For medical device companies, CAPA management will always need to be at the forefront of your quality system. The good news is, the costly and exhaustive problems that sometimes result can be avoided if managed properly by the organization.
I encourage you to assess your own CAPA process and implement any necessary changes to avoid future pitfalls and spend less time putting out fires. Having clear criteria outlined and understood by your company, as well as adhering to that criteria is a great start. You should also be working towards adopting more proactive approaches. If we can flip CAPA on its head, the proactive/preventive action is the first and most important step we must follow.
One of the surest ways you can optimize your CAPA engine is through an electronic quality management system (eQMS) that’s been specifically designed for the medical device industry to manage the unique and ever-changing regulations that device makers must comply with when bringing a product to market.
Greenlight Guru is the only eQMS software built exclusively for medical device companies. This cloud-based system has ready to use, dedicated workflows specifically designed for risk-based CAPA management, as well as managing Complaints and Nonconformances. With Greenlight Guru, medical device companies are now able to reduce their risk, accelerate their time to market, and improve the overall quality of their medical devices.
Jon Speer is a medical device expert with over 20 years of industry experience. Jon knows the best medical device companies in the world use quality as an accelerator. That's why he created Greenlight Guru to help companies move beyond compliance to True Quality.