We in the medical device industry throw the term CAPA around like it's a word that is common-place in our society (though, here in Pittsburgh, you'll get a lot of confused looks if you tell someone you've opened a CAPA as it is a local performing arts school. That's a strange nightmare with future Broadway stars re-enacting a root cause analysis!).
The Corrective Action is well-known: A mistake is made, take action to limit the damage and fix the issue at-hand, investigate the root cause, propose action to prevent recurrence, implement, verify, close. Done.
Its much misunderstood, hipster-esque brother, the Preventive Action, is not understood quite as well. In fact, it's one of the components of the quality system typically relegated to the corner of the party trying to figure out how to beat the next level of Angry Birds.
Why is it that the Preventive Action is left in solitary while the rest of the QMS is partying on? It's difficult to predict the future. By definition, the Preventive Action is intended to be used as a method of forecasting our impending product quality issues. It's so difficult that I've been told by a few people that auditors will accept as little as 1 preventive action, or simply evidence that data is being trended to potentially be used for preventive action.
How do companies begin to understand the Preventive Action and it use within a QMS? Extensive research, analysis, acceptance criteria, and data. Let's face it - as humans we are not the best at forecasting our own pitfalls. We say and do things incorrectly and the words "foot" and "mouth" are uttered in the same breath. A defined plan is the best way of ensuring a healthy Preventive Action system:
- Define the types of data to trend;
- Establish acceptance criteria for the data sets;
- Trend internal data;
- Gather external data;
- Review data against criteria; and
- Manage exceptions.
In a way, it's not much different from V&V. A plan and protocols are written, defining the activities needed to deem the product acceptable. The tests are conducted. Results are reviewed against the acceptance criteria. Deviations (exceptions) are handled.
I wouldn't expect that a company's volume of Preventive Action will ever match that of their Corrective Actions. But, with a little planning, the Preventive Action system will drop the Droid, take off the plastic-rimmed glasses, and join the party.