Corrective and Preventive Action (CAPA)

What is CAPA?  

Corrective and Preventive Action (CAPA) is a fundamental quality process for medical device manufacturers including SaMD.  From the regulations it is really not that complicated.  

21 CFR 820.100 reads:

(a) Each manufacturer shall establish and maintain procedures for implementing corrective and preventive action. The procedures shall include requirements for:

(1) Analyzing processes, work operations, concessions, quality audit reports, quality records, service records, complaints, returned product, and other sources of quality data to identify existing and potential causes of nonconforming product, or other quality problems. Appropriate statistical methodology shall be employed where necessary to detect recurring quality problems;

(2) Investigating the cause of nonconformities relating to product, processes, and the quality system;

(3) Identifying the action(s) needed to correct and prevent recurrence of nonconforming product and other quality problems;

(4) Verifying or validating the corrective and preventive action to ensure that such action is effective and does not adversely affect the finished device;

(5) Implementing and recording changes in methods and procedures needed to correct and prevent identified quality problems;

(6) Ensuring that information related to quality problems or nonconforming product is disseminated to those directly responsible for assuring the quality of such product or the prevention of such problems; and

(7) Submitting relevant information on identified quality problems, as well as corrective and preventive actions, for management review.

(b) All activities required under this section, and their results, shall be documented.

CAPA is simply the process of finding and correcting quality problems. The CAPA process is the foundation of your quality management system. It is the continuous improvement part of quality management system.

Within the CAPA process we start with reviewing all of the problems that come out of the quality system data. Major problems go straight to CAPA for investigation, and other quality problems not as major will be documented and monitored. Once an issue is identified that requires an investigation, the CAPA system is used to conduct that investigation.

The goal of the CAPA investigation is to first find the root cause of the problem. After that, then define the corrective action and preventive action for that problem. Implement those actions and verify that they are effective in mitigating the quality problem. Every action taken has to be documented.

CAPA Evaluation

It is relatively easy to ensure one has the correct steps in the CAPA process.  Namely:

  • Have a defined procedure
  • Be clear on the mechanism for quality system data to funnel into CAPA consideration, including (and most importantly at times) trend analysis
  • Ensure appropriate attention to working and closing CAPA – be timely
  • Be honest with effectiveness evaluation of corrections and preventive actions


  1. Staff does not make everyone aware of potential quality problems.  This can be cultural – are you creating an atmosphere that encourages and celebrates reporting quality issues?  Or the opposite – do people who point out quality problems get “shutdown.”  Encourage reporting but also encourage that all reports be accompanied by suggested solutions.
  2. Good things are happening – but changes and updates are not tied to the CAPA records.  Generally this is an awareness problem and CAPA project management problem.  This can also be an issue with software related CAPA.
  3. Too much CAPA – unnecessarily creating CAPA records for issues that are not endemic or systematic;  could be a one-off type problem.  Solution:  use trend analysis.
  4. Too little CAPA – avoiding the truth when clear trends are present.  This is a receipt for failure.  Create a quality culture.
  5. Overly complicated effectiveness evaluations – effectiveness evaluation should be commensurate with problem.  Avoid complicated and unnecessarily long term effectiveness evaluations.  Guide:  effectiveness should show at the granularity of the trend analysis.

See our post on Software CAPA Can be Challenging.

About the author

Joel is a quality systems associate and researcher for SoftwareCPR. After working for 7 years in the medical field with the United States Army, he now spends his time exploring tech development and programming. He is the father to two wonderful children and avid fisherman.

Latest News!

Updated Risk Management training course now available.  Includes:

  • Coverage of ISO 14971, IEC 62304; amd1, and IEC/TR 80002-1.
  • Why FMEA is incomplete for medical device risk management.
  • How to perform software hazards analysis.
  • And more!

3-days onsite with group exercises, quizzes, examples, Q&A.  Contact

Corporate Office

15148 Springview St.
Tampa, FL 33624
Partners located in the US (CA, FL, MA, MN, TX) and Canada.