If you’re relatively new to the medical device development industry, you will have worked out fairly quickly that there are a lot of moving parts.
It can become a bit overwhelming trying to figure out which path to take and what the endless acronyms actually mean, so we’re trying to provide some resources that break things down as simply as possible.
One of those key acronyms you must be aware of is CAPA, or “Corrective Action and Preventive Action.” This is a big focus of FDA inspections and ISO audits, so of course you need to ensure your company is on top of it.
Let’s take a look.
What is CAPA?
“Corrective Action and Preventive Action” falls under FDA 21 CFR 820.100. It requires manufacturers of medical devices to have clearly documented procedures for corrective and preventive action in the following seven areas:
(1) Analyzing processes, work operations, concessions, quality audit reports, quality records, service records, complaints, returned product, and other sources of quality data to identify existing and potential causes of nonconforming product, or other quality problems. Appropriate statistical methodology shall be employed where necessary to detect recurring quality problems;
(2) Investigating the cause of nonconformities relating to product, processes, and the quality system;
(3) Identifying the action(s) needed to correct and prevent recurrence of nonconforming product and other quality problems;
(4) Verifying or validating the corrective and preventive action to ensure that such action is effective and does not adversely affect the finished device;
(5) Implementing and recording changes in methods and procedures needed to correct and prevent identified quality problems;
(6) Ensuring that information related to quality problems or nonconforming product is disseminated to those directly responsible for assuring the quality of such product or the prevention of such problems; and
(7) Submitting relevant information on identified quality problems, as well as corrective and preventive actions, for management review.
As you can see, there are many components to CAPA, and it’s easy to see why it would be a focus for FDA audits; it’s a major safety issue to ensure that corrective and preventive actions are taken where necessary.
CAPA is part of your overall Quality Management System (QMS). Essentially, while remaining in compliance with the areas outlined in the FDA rules, you would follow these steps when any issue comes up:
- Identify the issue.
- Use root cause analysis to get to the bottom of why it has happened.
- Create and implement an action plan to remedy the issue.
Developing medical devices? You need to have CAPA in place.
Concerns with CAPA
How do you improve or fix any issues that come up, either with the manufacture of your medical device or the device itself? Many people see CAPA as one of the most critical processes for medical device manufacturing, yet still there are several concerns with it.
Here are just a few we can highlight:
- CAPA may be overused, perhaps capturing too many things and creating a cumbersome process. This was not its intent.
- CAPA may be underused or treated as an afterthought, leaving the door open to any of a vast number of possible compliance issues.
- Lack of adequate documentation.
- Lack of adequate procedures.
Those last two points are a consistent theme with 483 citations logged for 820:100. You can view a list of citations on this page. CAPA issues are consistently one of the top reasons for 483 observations and warning letters from the FDA.
The key is that you need to prepare early. It shouldn’t be a surprise that you get a FDA inspection because that’s part of the whole deal when you get into the medical device industry. The FDA should be expected every two years if you’re manufacturing class II or III products.
You should operate with the idea that a FDA inspection could happen tomorrow. A common scenario is that a company does have some procedures outlined for CAPA, but perhaps they’ve simply regurgitated regulation, the policy is unclear and/or their procedures are burdensome to follow. This can lead to the “we have a policy, but we don’t follow it” scenario.
The company becomes reactive and tends to try to use their policy to fight the big, obvious fires, while neglecting the rest. What happens next? FDA arrives to inspect and a 483 is issued, or perhaps they even decide to issue a warning letter.
Another common scenario is where companies over-burden themselves by trying to include too many things as part of CAPA that aren’t necessary. An example could be simple changes needed to be made to the dimensions of a drawing. This is relatively minor and could be done via change management as CAPA is not required.
ISO Rules on CAPA
Any discussion of CAPA should also look toward the requirements set out in ISO 13485:2016. These cover corrective action under section 8.5.2 and preventive action under section 8.5.3.
ISO is something that is highly recommended as an industry best practice--especially if you are pursuing European, Canadian, or Australian markets.
To become certified, you need a third party ISO registrar to audit your company and agree that you meet the standard. This will be expected for selling outside of the US, but even if you’re sticking to the US market, it’s a good idea. Being able to say that you’re ISO certified carries weight and can be a good marketing tool.
As far as CAPA goes, the requirements from ISO 13485 are very closely aligned with FDA, particularly since the 2016 update. There are no significant differences to report.
Tips for CAPA Implementation
So, you need to implement an effective CAPA process from the beginning. Remember those common citations? “Lack of adequate documentation” and “lack of adequate procedures” - these both should be addressed as early as possible.
Here are a few tips for better CAPA implementation:
- Create your CAPA process early, following recommended guidelines.
- Keep data centralized (such as with a software system) for better control.
- Keep your process as lean as possible to keep it easy to follow.
- Implement risk management within the first stage of a CAPA process.
- Make sure you clearly distinguish symptoms from causes. You need a clear definition of the problem to ensure you’re really getting to the root of it.
The other thing we’d say here is, even if you do end up with or have currently a 483 citation, it may not be too late to take action before it turns into something more serious. Preferably you’re so prepared that you have no citations, but otherwise, get back to basics with a good CAPA process to take care of any violations as soon as possible. They should be a wake-up call.
CAPA (corrective action and preventive action), is a key part of your QSM that should be addressed as soon as possible. It makes sense to require a good paper trail for any issues that need to be corrected and prevented from happening in the future, right?
Learn about the requirements for the market/s you are going into. Will you go for FDA, ISO or both? ISO is not always a requirement, but being certified can bring a level of prestige to your organization.
Know the common problems so that you can aim for a CAPA process that is as simple as possible for your team to follow. Need help with creating your system? Consider centralized software to keep it easy and accessible, such as Greenlight Guru.