Problems with Corrective and Preventive Action: How to Solve it
Last month I talked about common problems seen with how companies handle the Corrective and Preventive Action (CAPA) part of their systems. This month I will talk about some ways on how to solve them.
Before I get into the problems stated last month, let me first set the stage by stating the requirements for CAPA in section 8.5.2 and 8.5.3.
A "30,000 foot" view of the standard shows a document that provides a model to help organizations to consistently produce conforming products. It also recognizes that Nonconformities can occur. When they do, those must be handled according to section 8.3 to ensure that nonconformities are corrected, and the nonconforming product is not used as if it is conforming product.
The nonconformities then need to be assessed to decide if Corrective and Preventive Action (CAPA) is necessary, and if selected, then actual and potential nonconformities should be prevented from reoccurring/ occurring in the future.
The first problem mentioned last month is that many people feel compelled for various reasons to take corrective action against all nonconformance’s that are detected during conduct of business. The two principal misinterpretations are:
1. The Standard requires it
2. The standard may not require it, but it is the best way to ensure that all problems are eliminated forever.
1. For the first misinterpretation: the standard in the first paragraph of 8.5.2 says that "Corrective Actions shall be appropriate to the effects of the nonconformities encountered". This clearly gives Management the responsibility to assess the degree of the risk posed by a possibility that the nonconformance under review may repeat in the future. So, therefore, if the risk and its effect are minimal or negligible, then it will be quite appropriate to not take any corrective action at all. It will be quite appropriate to depend on the same mechanisms designed to detect nonconformance to detect it again when it happens, and take actions to correct the nonconformities per section 8.3-control of Nonconforming Product. The key is that proper corrective actions require deliberate and involved actions to research causes and redesign, and implement underlying processes. This involves expenditures beyond and in addition to just correcting the nonconformity, and should be invoked only when the assessed value of the risk is greater than the cost of implementing a corrective action.
2. A corollary to the argument in the above paragraph is that care should be taken to elevate corrective actions to a level that is clearly higher than taking action to correct nonconformities. Corrections include repair and rework, and clearly are focused on the product, while Corrective Actions are focused on the process that produces the product. Forcing corrective actions on all nonconformities usually end up in just stating the correction as a corrective action, and the spirit of corrective actions is lost. It is like "crying wolf", and when the big problems do happen, the culture and mechanisms in place do not do a good job of ensuring that the problem is really prevented in the future. Each Corrective Action should be viewed and handled as full blown project in Continual Improvement of relevant business processes.
The second problem mentioned last month had to do with the confusion between correction and corrective action. Again, the confusion stems from the fact that in common usage, the terms do have similar meanings. The simple way to differentiate is to remember that correction is under the jurisdiction of section 8.3, while Corrective Action is under 8.5.2. A simple rule of thumb to remember is that when you do correction, you affect the product only. When you do corrective action, you will be changing the process that caused the nonconformance.
The third problem mentioned last month had to do with the confusion created by the term "prevention". It is true that Corrective Actions prevent problems from occurring in the future. Preventive Actions also prevent problems from occurring in the future. The difference is that in Preventive Actions, the problems are potential problems, while in Corrective Actions the problems have already occurred. The steps for doing them are similar, as they must be. The only difference is in the way the problems are detected: whether they are actually experienced, or are forecasted as probable occurrences.
- Next will be the final of this series of CAPA related issues, and will present the CAPA portion of an ISO 9001 based system as a complete subsystem with a bold new restatement of the requirements in an easier to understand language.***