You are on page 1of 6

Beyond CAPA

Using Risk Assessment to Streamline Your Quality System


WHITE PAPER
www.etq.com

800.354.4476

info@etq.com
Executive Summary
CAPA has Become a Catchall.
With all the processes associated with managing a quality
and compliance management system, Corrective Action and
Preventive Action (CAPA) is a prominent feature. In many cases,
if an event is found in the system, a CAPA is generated. No matter
the scope or severity, CAPA is the ultimate catchall for events in
the system.
The resultthousands upon thousands of CAPAs, with varying
degrees of severity, assigned in the order they were created,
like a pile of virtual papers stacking up on the QA managers
inbox. This becomes a problem when the critical CAPAs (those
events that have the most impact on the business as a whole),
become lost in the pile, hidden among non-critical, immediately
correctible events, and virtually invisible to the enterprise.
This paper describes a new risk-based methodology that
will effectively reduce CAPAs as a whole. By employing this
methodology, crucial CAPAs are extracted to determine the
overall business impact, correct the problem, and implement
the change throughout the enterprise.
Why CAPA Needs Help
Where does this problem begin? CAPA is an effective means of
identifying and correcting quality and compliance events within
the organizationthe heart of the quality system. However, if
every event becomes a CAPA, then the bottleneck in the system
becomes the CAPA processa quality system heart failure. How
do we keep our CAPA process healthy?
Does every event need to be a CAPA? Are there non-critical
events in a quality system? Whether it is anomalous cosmetic
defect on a single lot on the line, or a minor complaintthese
events, while important to address, can be handled directly
within the process in which they were found. This concept of
immediate correction saves time and effort, avoiding a long
CAPA process. With the proper documented process, imme-
diate corrections can be effective in handling events, while still
adhering to your quality standards and practices. That said,
trend analysis on immediate corrections can give light to any
systemic events that may require a CAPA.
By implementing immediate corrections and trend analyses,
you free up time for the critical events. But how do you discern
between the non-critical and the critical? The answer is risk
assessment.
Beyond CAPA: Using Risk Assessment to Streamline Your Quality System
Immediate Correction and Risk Assessment
high
risk
event
high
risk
event
high
risk
event
high
risk
event
high
risk
event
INITIAL ASSESSMENT / IMMEDIATE CORRECTION
RISK ASSESSMENT / FILTERING
high
risk
event
high
risk
event
event event event event event event event event
event event event event event event event event event
By using immediate correction and
risk assessment, events are assessed
and filtered. Only the events with the
highest risk are identified, while non-
critical events are immediately han-
dled in the processes in which they
were found.
www.etq.com

800.354.4476

info@etq.com
Risk Assessment Finds the Needles in the
Haystack
Risk management and risk assessment are not new to the quality
and compliance industry. In fact, risk has been a prominent
feature in such standards as ISO 13485:2003, ISO 14971, and
more. Here risk is used to effectively extract the critical events
as they are recorded and automatically initiate an investigation
for a CAPA.
As events come into the system, whether a complaint, a noncon-
formance, an audit, or any other event, the initial form will have
a risk table that includes information such as severity, frequency,
or pre-defined risk elements. Based on the risk table results, the
event can either be immediately corrected within the process
or investigated more thoroughly. The recorded results build a
knowledgebase of potential critical events to further automate
the risk assessment process.
CSI: CAPA Severity Investigation
We have filtered potential critical events using risk-based
filtering. The CAPA process could start here, but in an enterprise
environment, there may be more details to consider before
arriving at that point. Many organizations are adopting an
investigation process, a kind of pre-CAPA due diligence. This
involves subject-matter experts, additional risk filtering, statis-
tical analyses, MRB (Material Review Board) assessments and
more, all with the overall goal of determining the enterprise
impact of these events. There may be events that have true stra-
tegic, financial, and/or operational impact on the business and
require an investigation to ensure the right department or indi-
vidual is handling the process.
When the event finally enters the CAPA process, it is a significant,
critical event that will have a true impact on the quality system,
or the company as a whole.
Beyond CAPA: Using Risk Assessment to Streamline Your Quality System
Using this streamlined methodology, the CAPA process becomes a continuous improvement cycle, using the investigation and risk assessment
processes as the inputs to the process and utilizing reporting and risk mitigation history as the controls for effectiveness.
The Risk-Based Quality System Methodology (Example: Quality System for Medical Devices)
INVESTIGATION
COMPLAINT
HANDLING
NCMR
AUDITS
CALIBRATION
& MAINTENANCE
MEETINGS
INITIAL ASSESSMENT / IMMEDIATE CORRECTION
RISK ASSESSMENT / FILTERING
CAPA
QUALITY
RECORDS
EMPLOYEE
TRAINING
DOCUMENT
CONTROL
DEVIATION
CHANGE
MANAGEMENT
www.etq.com

800.354.4476

info@etq.com
The CAPA Process
Up to this point, we have defined the overall level of risk and
problems associated with our events. We have linked our event
to a process and measured the process effectiveness. The CAPA
process involves using this collected information to create
a CAPA action plan with a series of assignments, verification
criteria, and list of related events. The CAPA action plan ulti-
mately launches the process that will correct the event, lowering
the risk and overall impact on the company.
How do we know if the CAPA was effective? Often, effectiveness
can be a very subjective measure, whereby the manager of the
CAPA does a check on the process, usually confirming the
process with, yes, this works, or no, this does not work. To
ensure true objective effectiveness, risk assessment can be used
as a mitigation tool. By implementing a repeat risk measure,
CAPAs are re-assessed and the risk level is recorded. If the risk
was reduced and is within acceptable parameters, it is effective. If
the risk was not reduced, or even if the risk was reduced, but not
to acceptable parameters, it must be corrected again. Using risk
mitigation as a measure of effectiveness is extremely valuable
for ensuring the CAPA has actually solved the problem.
Using this method, the CAPA process becomes a continuous
improvement cycle, using the investigation and risk assessment
processes as the inputs to the process and utilizing reporting
and risk mitigation history as the controls for effectiveness.
This concept includes another dimension. The process of imme-
diate correction, risk assessment, and investigation has defined
the problems within our events and measured the process. The
CAPA process takes action to analyze and improve the processes,
and risk mitigation is the control that objectively determines
the effectiveness of the process. This methodology follows the
DMAIC (define, measure, analyze, improve, and control) process,
as outlined by Six Sigma. Proponents of Six Sigma will see how
the benefits of a DMAIC process can be applied to improve the
CAPA process and ensure the effectiveness of the CAPA.
Add the concept of risk assessment and risk mitigation to further
streamline how events are handled, and the process is improved
tenfold.
Beyond CAPA: Using Risk Assessment to Streamline Your Quality System
Benefits of Risk-Based CAPA System
high
risk
event
high
risk
event
high
risk
event
high
risk
event
high
risk
event
high
risk
event
CAPA CAPA
CAPA
INITIAL ASSESSMENT / IMMEDIATE CORRECTION
event event event event event event event event
event event event event event event event event event
RISK ASSESSMENT / FILTERING
INVESTIGATION
high
risk
event
A quality sys-
tem logs hundreds, if not thou-
sands of events. Typically, these
events automatically become
CAPAs, putting a strain on the qual-
ity system efficiency.
Using risk assessment
and filtering technology, non-criti-
cal events can be immediately cor-
rected in the process in which they
were discovered, and high-risk
events are identified and investi-
gated.
High-risk events are further
filtered using investigation work-
flows to determine the scope and
impact on the event across the
enterprise.
As a result, the number of events
that become CAPAs is significantly
reduced, allowing increased visibili-
ty of high-risk events, with greater
overall impact on the enterprise.
www.etq.com

800.354.4476

info@etq.com
After CAPAWhat Now?
CAPAs transform things in a company. They can change
processes, affect documentation, affect employee training,
and have an impact on the entire company. As a CAPA finishes
its cycle, it is important that the system is linked to document
control, change management, deviations, training, and more.
The result of a CAPA can initiate document change requests,
process change, training on new documents, product devia-
tionsanything affected by the outcome of the CAPA is auto-
matically linked and integrated, closing the loop on the CAPA
process.
What are the Benefits of Filtering CAPA?
The impact on filtering the CAPA process can be far reaching.
Companies can now prioritize resources on the CAPAs that have
the most critical impact and risk to the organization, rather than
taking a reactive approach to what is overdue. Analysis of risk
mitigation provides an objective way of measuring impact of
CAPAs across the enterprise.
Risk Assessment Strategyfrom Concept
to Reality
Many leading medical device manufacturers employ a risk
assessment strategy to streamlines the CAPA process. In several
cases, technology is leading the charge in not only employing
this methodology, but further automating the process. Look
for quality management software systems that incorporate risk
assessment to the CAPA process or tools that are able to filter
out critical events and set priority levels to them. The key is
finding a system that has the flexibility and depth to match your
business processes, while improving your operational control
using filtering, risk, and investigation. Many systems have inte-
gration technologies to link to other external business systems
such as MES, LIMS, eDHR, etc., and link to other processes such as
document control, deviation, change management and more.
Conclusion
Implementing such a system is a bold step toward improving the
operational control your business has on event management.
By using concepts such as immediate correction, investigation,
risk assessment, filtering, and DMAIC process-based CAPA, your
business will be able to streamline the CAPA process, eliminate
events that are immediately correctible, and focus your quality
system on the essential events that have the most impact on
your business. The end result--CAPA will become a focused
process with true operational impact, and not just a catchall.
About EtQ
Celebrating 20 Years of Excellence
Founded on March 4, 1992 by former lead auditors of Under-
writers Laboratories, EtQ has always had a unique knowledge
of compliance processes related to Quality, Safety, and Envi-
ronmental Health and Safety (EHS) Management. This year, EtQ
celebrates 20 years of excellence and continues to be the leading
Quality, Safety, EHS and Compliance solution provider for iden-
tifying, mitigating and preventing high-risk events through
integration, automation and collaboration. EtQ encompasses a
wide variety of industries, providing solutions for Quality, Food
Safety, EHS, Aviation Safety and FDA Compliance Management.
EtQ uses best in class integrated modules and enterprise appli-
cation integration to manage and measure these compliance
processes and execute organizational change. EtQs solution,
Reliance, is an enterprise suite of modules designed to foster
operational excellence in businesses with modules and utilities
such as Risk Management, CAPA, Document Control, Employee
Training, Supplier Rating, FMEA, Customer Complaints, Audits,
and many more. EtQ has been providing software solutions to a
variety of markets for 20 years. For more information, please visit
http://www.etq.com.
Beyond CAPA: Using Risk Assessment to Streamline Your Quality System
www.etq.com
info@etq.com
800-354-4476
516-293-0949
EtQ Reliance is a trademark of EtQ, Inc. All other product names and company names are trademarks or registered trademarks of their respective owners.
No endorsement of EtQ by such companies is intended or implied. Copyright 2012, EtQ, Inc.

You might also like