A risk assessment should be performed as part of the CAPA process, says Susan J. Schniepp, distinguished fellow at Regulatory Compliance Associates.
Q: How much data do I need to support opening a corrective and preventive actions (CAPA)?
A: This is an interesting question because it raises the issue of whether a company is overusing or underusing the CAPA system. One data point is enough to open a CAPA depending on whether that data point is a significant occurrence. On the other hand, multiple similar deviations may be overlooked because they are deemed minor with little impact on operations. The most effective way to determine whether you should open a CAPA is to perform a risk assessment of the data.
A single significant deviation, such as putting the wrong label on the product, should justify opening a CAPA. This type of production error carries a high risk. If the mislabeled product is released with the incorrect label, it creates a serious risk to patient safety. The CAPA is necessary because it will enable the company to determine the appropriate actions needed to prevent the issue for recurring. In addition, the CAPA will prompt the company to review data across manufacturing lines and manufacturing facilities so the corrective solution to prevent recurrence can be implemented across the company. An example of a single data point that does not necessarily need a CAPA opened might be a field complaint of a bottle of tablets that contained 99 instead of 100 tablets. This occurrence should be investigated, but because it is low risk and more of an inconvenience to the patient, it may not require a CAPA. Opening a CAPA for this one event could be considered overusing the CAPA system. That being said, if the complaint department tracks these data and finds a significant upward trend of short count bottles over a short period of time, a CAPA may be warranted.
Underusing the CAPA system is also a concern. Not opening a CAPA when faced with data that suggests there is multiple occurrences of the same/similar deviation prevents the company from continuously improving processes. Let’s suppose that in reviewing deviations you notice that a few manufacturing employees have multiple deviations for the same minor issue in the same batch record over a short period of time and that the deviation has been determined to be human error and only retraining of the operators was performed. In this scenario, it would be prudent to open a CAPA for several reasons. First, human error is rarely the cause of a deviation. Second, obviously the retraining to prevent the error is not effective because the error keeps occurring. Third, the data are telling you that you may have an issue in how effective your process for investigating deviations is being implemented.
Data generated from quality systems can also be used to prevent an event from occurring. A preventive action is used to correct potential problems, and try to address them before they happen. In the example above, based on the data collected, you can review other batch records to determine if the operator deviations have the potential to occur with other product batch records and then implement the appropriate corrections to those batch records.
There is no hard and fast rule on how much data you need to open a CAPA. It could be one data point or several data points. The best tools to use to determine whether a CAPA is needed is a risk assessment of the data and common sense.
Susan J. Schniepp is distinguished fellow Regulatory Compliance Associates.
Pharmaceutical Technology
Vol. 47, No. 4
April 2023
Page: 50
When referring to this article, please cite it as Schniepp, S.J. The Relationship Between CAPAs and Data: What’s the Right Balance? Pharmaceutical Technology 2023 47 (4).