CAPA ISO 13485

Requirements of CAPA in ISO 13485

Corrective Action Preventive Action helps businesses fix quality issues following root cause analysis to identify the real cause, contain damage, and prevent future recurrence. This is a regulatory requirement across various industries, and regulatory frameworks, such as the Food and Drug Administration, IATF, etc., align with ISO’s requirements, such as 9001 and 13485.

In ISO 13485:2016, two separate clauses address the CAPA - Corrective Action is addressed in 8.5.2 and Preventive Action in 8.5.3.

8.5.2 Corrective Action: This section requires organizations to eliminate the root cause of any, without delay, appropriate to the impact of the nonconformities and to prevent its recurrence. The organization is also required to document the process followed for implementing CAPA, including

• The review of nonconformities, including complaints
• Identifying the root cause
• Assessing the action needed to prevent the recurrence of the nonconformities
• Plan and document the action recommended and implementing
• Track the impact of the corrective action to ensure it does not cause noncompliance
• Monitor the effectiveness of the corrective action taken
• Maintain the documents associated with root cause analysis and the action taken

8.5.3 Preventive Action: Identifying the root causes and addressing them is also essential to prevent the recurrence of nonconformities or the occurrence of new ones. These should be prioritized based on the potential impact of the issues. The organization is also expected to document it and include:

• The potential impact of nonconformities and their causes
• Assessing the action needed if any
• Planning and documenting the recommended action and its implementation
• Ensuring the implemented action does not introduce noncompliance
• Tracking and monitoring the effectiveness of the preventive action taken
• Maintaining the records of the results of the root cause analysis and the action taken

Download the whitepaper to find the best way to implement CAPA: https://www.compliancequest.com/whitepaper/fool-proof-plan-for-building-capa-process/

Markets or Geographical Areas CAPA ISO 13485 Compliance Impact

Across geographies, ISO 13485 is applicable in the medical devices industry to ensure quality and safety of the devices. In the current world, there is also an effort to harmonize the regulations to enable global companies to be better compliant with minimum modification to their existing processes, and ISO 13485 forms the foundation for this harmonization effort.

The US Food and Drug Administration (FDA), the European Medicines Agency (EMA), and the European Union (EU) all require a CAPA system to be put in place to determine and mitigate risks that can prevent adverse events and product failures.  The following regulations delineate the CAPA requirements:

• FDA’s 21 CFR Part 820 that focuses on Quality System Regulation
• EMA’s ICH Guideline Q10 which emphasizes Pharmaceutical Quality System
• European Union Medical Device Regulation (EUMDR)
• Canadian Medical Device Regulations (SOR 98-282)
• Saudi Food & Drug Authority (SFDA)
• Japanese (MHLW MO 169 for Medical Devices and In-vitro Diagnostic Devices

• The regulations require the creation and implementation of procedures aimed at reducing nonconformance by identifying, documenting, correcting, and preventing the causes of the deviations and other potential problems in the quality system.
• They require the impacted companies to conduct root cause analysis to identify the real reason for the nonconformities and implement corrective actions to eliminate the root cause.
• The corrective actions must be implemented promptly, and the effectiveness must be monitored and measured.
• Documenting and maintaining the records related to ISO 13485 CAPA requirements, processes, and activities.

Know all about the CAPA process. Visit: https://www.compliancequest.com/nc-capa/

Revisions made to CAPA ISO 13485 Requirements in the 2016 Updates

Since 2016, the ISO 13485 standards have taken a risk-based approach to quality management. Harmonization of software validation requirements for the various software applications in the different clauses of the standard is another key requirement in the revised version.

Training is another aspect emphasized in this version to ensure the competence of the personnel in discharging their duties effectively and achieving their objectives.

ISO 13485:2016 has also introduced requirements for design transfer and design records for medical device designing and development. It requires verification and validation of the design process and the medical device software. Confidentiality of health information is another area of emphasis.

Complaint handling and corrective and preventive action processes must be documented in detail.

Complying with ISO 13485:2016 will enable businesses to align with the alignment of global regulatory needs, strengthen supplier control processes, and focus on feedback mechanisms.

Download the Ultimate Guide to prepare for ISO 13485:2016 audits and inspections: https://www.compliancequest.com/cq-guide/iso-13485-audits-and-inspections-steps/

 Does FDA Acknowledge Compliance with CAPA ISO 13485 Requirements?

Many of ISO 13485 quality management principles are stronger than those of the FDA 21 CFR 820, which the FDA acknowledges. Globally, there is a move to harmonize the regulations to facilitate faster and easier compliance. This harmonization has ISO 13485 as its base, as it is accepted by almost all leading regulations.

The 21 CFR Part 820.100 requires every medical device manufacturer to establish and maintain processes for CAPA  implementation. It should include 

• An analysis of processes, operations, quality audit reports and records, service records, complaints, data on returned products, and quality data. This determines causes for nonconformance, existing and potential, and other quality problems.
• Conducting root cause analysis of the cause
• Determining the appropriate controls to implement corrective and preventive action
• Measuring the effectiveness of the corrective and preventive action
• Documenting changes to methods and procedures when implementing the corrective and preventive measures
• Sharing information about the nonconforming product and the CAPA taken to all stakeholders, and
• Sharing data on quality issues and corrective and preventive actions taken for management review.

FDA, too, recognizes CAPA as an important aspect of quality management.

CAPA ISO 13485 vs. ISO 9001

CAPA in ISO 9001 is process-driven, while CAPA in ISO 13485 is more granular in guiding organizations on continuous improvement of quality management to safer and more effective medical products. The key areas of differences between 9001 and ISO 13485 CAPA requirements pertain to

• Customer feedback,
• Product performance monitoring
• Dealing with a non-conforming product

ISO 13485 CAPA has more detailed procedures to integrate the feedback system for early warning of nonconformances, reviewing the nonconformances within the feedback system, monitoring and measuring product quality during the product lifecycle ensuring conformance and compliance to quality requirements, documenting any rework done, enabling data-driven analytics, and creating documented procedures for notifying regulators in case of any adverse events.

Entities Responsible for Upholding CAPA ISO 13485 Standards

The quality team must be entrusted with the responsibility of tracking and ensuring the effectiveness of the CAPA compliant with the ISO 13485 standards. Based on the nature of business and operations, the team can measure the number of deviations that occurred, the nature and severity of the deviations following the solution being implemented, and the impact of the new process on the specific product. The documentation of the tracking and monitoring can be done using the CAPA form or the electronic tracking system.

CAPAs that are high risks and can be life-threatening or life-altering need to be put on high prioritization and investigated quickly. The low-severity defects, or those with low impact, can be deprioritized. Therefore, the quality team must be able to assess the impact and the frequency of events. 

The parameters of CAPA for ISO 13485 must be specified for monitoring and tracking to enable being measured against and appropriate changes made. The impact of the changes must also be made to ensure they are low risk.

Some of the common ways to monitor performance include:

• Capturing Trends — This helps determine if a problem is recurring and whether the corrective measure was effective or needs modification.
• Inspections — Review the remediated process to see if it is followed and its impact.
• Sampling — Test samples to ensure no deviations and that the corrective actions deliver the expected results.

Learn how to automate the ISO 13485 Workflows. Download the whitepaper here: https://www.compliancequest.com/whitepaper/automation-of-iso-13485-workflows/