Does the Case for Quality: CAPA Process Improvement initiative introduce uncontrolled risk to the CAPA process for certain businesses?
The Medical Device Innovation Consortium (MDIC) published a new take on the “dreaded” Corrective Action and Preventive Action (CAPA) program and how enhancements to the program could change the perception of CAPA as a chore, as well as boost the usefulness of CAPA to drive improvements to product and process quality, as it was always intended to do.
Published in December 2019, the proposed changes highlighted in MDIC’s Case for Quality CAPA Process Improvement Whitepaper do not represent changes to regulation or guidelines at this time. Furthermore, it is suggested that the program be “piloted” before broad adoption.
While CAPA is a fundamental quality system process in Pharmaceutical manufacturing, it tends to follow a Deviation, which drives the Investigation and Product Quality Assessment or Risk Assessment. Accordingly, many of the recommendations discussed may be of less relevance to those who utilize CAPA in this manner.
Where Sparta Agrees
When we compare the CAPA program to some of the other Quality Processes that exist, it is apparent that the CAPA program had a very broad funnel of inputs.
In §820.100(a)(1), the input funnel is unbound, “analyzing processes, work operations, concessions, quality audit reports, quality records, service records, complaints, returned product, and other sources of quality data, to identify existing and potential causes of nonconforming product, or other quality problems.” This can be restated to include all realized and unrealized sources of quality problems where nonconforming product is an example of a quality problem.
The downside is that any issue that falls within the unbound funnel is subject to warranting CAPA. In addition, there is no consideration provided for a risk-based approach to CAPA handling. The investigation, action planning, action verification, and validation processes are not mentioned “as applicable,” but are described as “requirement” of the CAPA.
The landscape becomes even less clear when we introduce global regulation.
ISO 13485 defines the CAPA input funnel as “changes necessary to ensure and maintain the continued suitability, adequacy, and effectiveness of the quality management system as well as medical device safety and performance.” In addition, corrective actions are “Action to eliminate the cause of nonconformities in order to prevent recurrence,” with nonconformities defined in ISO 9001 as “non-fulfillment of a requirement”.
This provides a better-defined input funnel, focused on Quality Management System suitability and product safety and performance more so than product conformity. ISO13485 also provides a measure of “scalability” in the CAPA process by permitting that “corrective actions shall be proportionate to the effects of the nonconformities encountered.”
Based on the disparity between two very visible, often-cited regulations, there is an opportunity for global alignment and clarity on which interpretation of CAPA is the correct interpretation for the Medical Device industry to follow.
Ideally, ISO 13485, with its clear definition of CAPA inputs and expectations and larger global footprint, would be the enforced regulation.
Clarity, with respect to the layering of the various quality processes and how they interact with each other and the CAPA program elements, would also certainly help to alleviate some confusion about which events should be handled under the CAPA program – and which are fine to be addressed with other quality processes.
Given the range and breadth of medical devices, firms, and quality system maturity stages, the regulations should allow for enough interpretation to account for all potential combinations in order to assure that the patient-user population has access to the high-quality medical devices they need and want.
Where Sparta Disagrees
Risk assessment and risk-commensurate response are often cited concepts these days. More and more, firms utilize a risk-based approach to optimize their resource utilization to address problems and deploy solutions that deliver value.
That said, the use of outcome-based risk perception to justify deferral or decrease of efforts to understand cause and scope of an event introduces a degree of risk itself when considering the Fast Track CAPA path.
The MDIC whitepaper presents, as an example, a situation where an organization has discovered a “progressive worsening” of a process that is generating increasing numbers of line rejects, despite post-market data not corroborating the trend. The absence of nonconforming product escaping is cited as a contributing factor in the decision to utilize the Fast Track path for the CAPA.
However, the absence of complaints and the absence of NC product escaping are a function of the suitability of screening and quality control to identify and segregate nonconforming product, not a function of a high-quality process.
Poor processes with good screening and quality control could avoid the traditional External CAPA path, avoid investigation, and be allowed to exist as is, without optimization, while generating defects.
As we’ve discussed in other posts, there is the potential for mature quality operations in one quality layer to mask ineffectiveness of another quality layer; this is an example of one such case.
Broadly speaking, the prioritization of post-market data over manufacturing data, when determining risk, has the potential to decrease the attention paid to internally detected quality issues.
While post-market identification of a quality issue warrants a greater action in response than identification of the same quality issue prior to release, the efforts taken to understand the cause should not decrease because an issue identification process worked and thwarted the propagation of the quality issue from the manufacturing floor to the marketplace.
The proposed CAPA workflows, which use risk assessment as a basis for determining the applicability of traditional CAPA, as opposed to Fast-Track CAPA and handling in another suitable system, would be appropriate for an organization with a very mature quality system.
The way risk assessment is utilized makes Risk Management a lynchpin system that is critically required to understand and contextualize likelihood of patient/ user impact and make appropriately informed decisions about how the CAPA should be structured.
If risk management files are poorly characterized, not maintained, utilize variable nomenclature, etc. then many of the questions that are asked as part of CAPA evaluation cannot be answered confidently. Therefore, firms with less mature risk and quality management and quality managements systems should continue to utilize the traditional CAPA approach.
TrackWise Digital Value
A mature and connected QMS can provide the traceabilty between the lower risk processes (NC) and the corrections made to those instances. The ability to assess and connect risk levels in a QMS with the appropriate information needed to make well-informed risk-based decisions becomes critical to effectively improving CAPA.
The architecture of TrackWise Digital is well attenuated to linking related records, then reassessing risk of the group of records. Users can capture, track, and report on quality-related processes across the business – all from a single, cloud-based, SaaS solution. Built on over two decades of experience, TrackWise Digital combines best practice processes with the flexibility and configurability to support companies with varying maturity and complexity.
About the author
Daniel Burns is a Director of Product Management. Dan brings a wide breadth of industry experience coupled with practical knowledge as an end user of TrackWise and TrackWise Digital. He is very knowledgeable of the current FDA, EMEA and Health Canada regulations regarding manufacturing operations, packaging operations, quality control, R&D, warehouse management and distribution practices.