For the medical device arena (my area of expertise; not sure of your industry), I'll say that, to realize successful corrective and preventive actions, I can't think of a topic more relevant than establishing at the outset a clear distinction between the formal FDA / ISO definitions for corrective action (CA) vs. preventive action (PA). Specifically, CA are aimed to prevent REcurrence of a problem that has, somewhere in your system, already happened. In stark contrast, PA are aimed to prevent OCcurrence of a problem that has NOT YET happened anywhere in your system. I think this approach can be applied universally across industries.
Did you know that CA can be in full compliance with regulatory requirements even though it includes no PA? How can I make such a bold assertion? The key to understanding this concept lies in the aforementioned definitions for CA and PA. Notice that both definitions include a preventive aspect. In my opinion, this is a leading cause of the confusion that often arises between CA vs. PA. Moreover, further confounding the issue, many CAPA practitioners (me included), and also agencies like the FDA typically use the full acronym "CAPA" in reference to any action taken under the corrective and preventive action system, even if an action is only a CA, or only a PA. Case in point: In a recent FDA 483 I helped remediate for one of my clients, the FDA investigator refers to a particular CA as a "CAPA".
Indeed, this discussion would not be the first time such confusion has arisen. In its CAPA guidance document, the GHTF elected to abandon use of the "CAPA" acronym altogether because "…the concept of corrective action and preventive action has been incorrectly interpreted to assume that a preventive action is required for every corrective action..."
So my strong recommendation is that CAPA practitioners very simply categorize all improvement actions based on the ISO / FDA / GHTF / AdvaMed definitions of CA and PA. That is to say, if the improvement action is aimed to correct and prevent REcurrence of an actual nonconformity that happened anywhere in the system, then it is a CA. But if the improvement action is to prevent OCcurrence of a nonconformity when no nonconformity has yet been logged anywhere, then it is a PA. When these definitions are always applied to filter and categorize improvement actions, then a CA is always a CA, and a PA is always a PA, and they remain starkly distinct. Try not to get ensnared by the fact that both CA and PA have inherent preventive features. I recommend that CAPA forms have a check box at the top requiring designation as either CA or PA, but not both. Separate tracking numbers should be assigned for CA vs. PA.
Here's a brief case study from a prior commentary I wrote: If, in response to a single failed valve, we fix other valves that haven't yet failed, then these actions are still part of the CA for the first valve. In contrast, valve improvements would be a PA if no valves had failed anywhere yet, but where we intervene because we see a metric drifting toward a failure threshold.
Here is a basic decision-tree that may help clarify the proper process flow:
- Has an actual nonconformity occurred somewhere? If yes, then commensurate with risk, initiate CA to prevent recurrence anywhere else. But if no actual nonconformity has occurred yet, then go to the next question.
- Does the potential exist for a nonconformity? If yes, then commensurate with risk, initiate PA to prevent occurrence. If no potential nonconformity is evident, then you simply continue monitoring the data sources to survey for future actual or potential nonconformities.
Hope this helps,
------------------------------
Kevin Randall, ASQ CQA, RAC (U.S., Canada, Europe)
Principal Consultant
ComplianceAcuity, Inc.
Golden CO
United States
www.complianceacuity.comCopyright 2018 by ComplianceAcuity, Inc. All rights reserved.
------------------------------
Original Message:
Sent: 31-Mar-2018 15:53
From: Anonymous Member
Subject: Preventive Action
This message was posted by a user wishing to remain anonymous
Hello everyone,
Seeking some guidance regarding Preventive Actions.
A recent finding from an audit determined our Preventive Actions (PA) should be launched independently from a Corrective Action (CA). Our current practice is to document PAs concurrently with a CA. For example, if a nonconformance occurs within one product, our preventive action is to prevent nonconformance in all other products as well; the documentation is recorded in one place. Our current practice was deemed acceptable by multiple previous auditors.
With the recent finding, we are struggling to figure out when independent PAs are launched. It seems like many actions we are taking as a company could be determined as preventive in some way, but adding extra documentation as PA seems unnecessary. For example: process improvement, implementation of new software, creating more robust training programs etc.)
When launching a PA independently from a CA, how does one determine what should be documented as a PA?
Any advice is appreciated.
Thanks!