The purpose of a CAPA program — that is Corrective Action and Preventive Action — is, as the name implies, to correct process or product non-conformances and to take steps to prevent or eliminate them in the future. CAPA can be triggered in a number of ways: management reviews or audits of a management system, quality system or performance metrics. CAPA can sound simple and necessary, but its successful implementation is a challenge that most pharmaceutical manufacturers grapple with.
Putting a CAPA program in place requires adhering to some basic principles. First, CAPA programs should make sense. They should be easily implemented and managed. Many CAPA programs are after the fact, addressing problems after they occur and documenting them on a CAPA action form. But a CAPA program must go beyond this. It must be proactive and able to correct problems at all levels of the organization, be easy to use and track progress of the action and be able to show results that it is working. That is, a CAPA program must be systematic and measurable.
CAPA should account for more than just reacting to problems. It should have the potential to improve efficiency and effectiveness of the organization.
Pleasing the Powers That Be
ISO 9001:2000 provides a description of Corrective Action and Preventive Action Requirements and may be helpful to establish your CAPA program. But ultimately, whose responsibility is CAPA? Usually the Quality Assurance manager is responsible for the CAPA program and for defining, developing, implementing and maintaining documented procedures for the program. The most qualified person to investigate problems is typically someone else — often a Quality Control engineer or process engineer. The person who implements the corrective action should be the manager who is responsible for the affected work area or process.
It’s often thought that FDA’s 21 CFR Part 11 contains a clause for CAPA. Not so: Clear guidance can be found in 21 CFR 820, Subpart J – Corrective and Preventive Action Requirements.
What does FDA really want to see? Here’s a good list:
- non-conformance documentation
- investigation reports of causes of non-conformances
- identification of the actions needed to prevent recurrence
- response to non-conformances using prescribed problem-solving methods
- evidence of active searching for potential causes of problems
- response to problems in proportion to the situation and level of risk
- evidence that corrective actions are effective
- changes in the CAPA program as needed
- appropriate records of CAPA and their effect
- investigation reports of any product returned from customers
- how customer complaints are handled
- identification of deficiencies in quality records, audits and inspection reports
- tracking of action item responsibilities and completion (close out) status
- analysis of trends and reporting results
- review and evaluation of preventive action taken
Provisions for all of the above should be part of any CAPA program.
What Not to Do
What FDA does not want to see is usually spelled out very clearly in warning letters it issues to pharmaceutical manufacturers that are not what it deems to be CAPA compliant. The letter usually states, "Failure to establish and maintain procedure for implementing corrective and preventive action (CAPA) procedures as required by 21 CFR 820.100 (a). Specifically, your firm has no written CAPA procedure for your devices.”
Warning letters that I have surveyed from 2008 will then list the problem activities, such as failure to properly execute product handling, investigation of causes of nonconformities, complaint handling, testing (malfunctions), returned product, service reports, labeling changes, analyzing procedures, work operations, verification of corrective actions and so forth. You can be sure that when an FDA inspector reviews your company’s GMP compliance, your CAPA program will be inspected. CAPA, along with Training and Procedures, make up the majority of the Form 483 deficiencies.
CAPA requires constant attention to many areas. Nevertheless, it does not have to be difficult. If your organization is ISO 9000 certified, you should already have a CAPA program in place and should take steps to ensure that the ISO guidelines are being adhered to, and that those items above are being followed. If your company is ISO 9000 certified, a first step is to consider it and take a close look at the requirements.
Fixing problems is always more costly than preventing them. The model provided here will help you put in place a CAPA program until the FDA publishes guidelines for 21 CFR Part 211: current Good Manufacturing for Finished Pharmaceuticals.
John W. Rohrer is director of marketing and a field performance analyst for the Interlock Group, a performance improvement company. He is also a certified Six Sigma Yellow Belt and Quality Auditor.
21 CFR 820, Subpart J – Corrective and Preventive Action Requirements Para 820.100 (a) Each manufacturer shall establish and maintain procedures for implementing corrective and preventive action. The procedures shall include requirements for: (1) Analyzing processes, work operations, concessions, quality audit reports, quality records, service records complaints, returned product and other sources of quality data to identify existing and potential causes of nonconforming product, ort other quality problems. Appropriate statistical methodology shall be employed where necessary to detect recurring quality problems. (2) Investigating the cause of nonconformities relating to product, processes and the quality system. (3) Identifying the action(s) needed to correct and prevent recurrence of nonconforming product and other quality problems. (4) Verifying or validating the corrective and preventive action to ensure that such action is effective and does not adversely affect the finished device. (5) Implementing and recording changes in methods and procedures needed to correct and prevent identified quality problems. (6) Ensuring that information related to quality problems or nonconforming product is disseminated to those directly responsible for assuring the quality of such product for the prevention of such problems. (7) Submitting relevant information on identified quality problems, as well as corrective and preventive actions, for management review. (b) All activities required under this section, and their results, shall be documented. |