Most manufacturing sites these days have CAPA systems – a mechanism to capture, record, control and approve or reject Corrective Actions.  Despite the fact that a lot of focus has been given to CAPA in recent years, there is a great deal of misunderstanding and a clear lack of clarity on what CAPA actually is.  This may explain why many organisations feel that they are still in “fire-fighting” mode – always dealing with yesterday’s problems rather than preventing future issues from occurring.

Lack of regulatory guidance

“Corrective and Preventive Action” is mentioned a few times in EU GMP, most notably in Chapter 1 under Product Quality Review (1.5).  The words “CAPA” or “CAPA systems” are not mentioned at all.

Both the FDA’s “Guidance for Industry: Quality Systems Approach to Pharmaceutical CGMP Regulations” (September 2006)and ICH Q10 “Pharmaceutical Quality System” (May 2007 – DRAFT) talk about CAPA and CAPA systems, and here the main problem starts to be highlighted.  This problem comes from combining the two (having CAPA) rather than CA and PA, which are in-fact two distinct processes.

Poor definitions

The FDA’s “Guidance for Industry: Quality Systems Approach to Pharmaceutical CGMP Regulations” (September 2006) talks about CAPA as follows (reference III D):

CAPA is a well-known CGMP regulatory concept that focuses on investigating, understanding, and correcting discrepancies while attempting to prevent their recurrence.  Quality system models discuss CAPA as three separate concepts, all of which are used in this guidance.

  •  Remedial corrections of an identified problem
  • Root cause analysis with corrective action to help understand the cause of the deviation and potentially prevent recurrence of a similar problem
  • Preventive action to avert recurrence of a similar potential problem

And this is very much peoples’ understanding of CAPA.  But dig deeper and in the same document you’ll find contradiction in the glossary with regard to CA and PA.

  • Corrective Action – Action taken to eliminate the causes of an existing discrepancy or other undesirable situation to prevent recurrence.
  • Preventive Action – Action taken to eliminate the cause of a potential discrepancy or other undesirable situation to prevent such an occurrence.

These two definitions are closer to the ISO 9000 series of definitions for CA and PA, which does not join the two up.  In other words Corrective Action is re-active and Preventive Action is pro-activeIt is not possible to do Preventive Action once a problem has occurred, PA takes place before a problem has occurred in the first place.

We can learn a lot from ISO 9000 in how it defines the terms Correction, Corrective Action and Preventive Action. In ISO 9000 theses are defined as below, with an analogy provided by the author.

Correction (3.6.6) – action to eliminate a detected nonconformity.

  • Analogy – we retrain the operator, rework the batch, recalibrate the gauge.

Corrective Action (3.6.5) – action to eliminate the cause of a detected nonconformity.

  • Analogy – we perform a root-cause analysis to find out why the problem occurred and put in mechanisms to prevent it from ever happening again.

Preventive Action (3.6.4) – action to eliminate the cause of a potential nonconformity.

  • Analogy – before we started to run the process we did a detailed risk-assessment of where anything could possibly go wrong and put in systems to prevent these from occurring in the first place.

In many cases where I have seen CAPA systems in pharmaceutical operations the actions that they term Corrective Actions are actually “Corrections”.  The actions that they term Preventive Actions are actually “Corrective Actions” and Preventive Action (doing something before a problem occurs) does not actually feature in the generally re-active CAPA system.

The lack of getting to the root-cause of a problem (doing “Correction” rather than “Corrective Action”) along with no real formal system for Preventive Action may well explain why many organisations are fighting fires and dealing with problems that keep coming back.

This may well not be the case in your own organisation, but I strongly suggest you just take a brief look at what your own internal definitions and general understanding of CA and PA actually are.  This may well be a couple of minutes well spent.

Please feel free to make a comment on what you think of this article.  It has already raised great interest and debate.