Validation of CAPA through Risk Management

You must confirm or validate that the corrective and preventive measures you have taken to address a quality problem or nonconformity are effective and do not adversely affect the product or process if you want to validate CAPA through risk management. Additionally, you must prioritize and assess the CAPA efforts in light of the gravity of the issue and the level of risk involved.

By doing so, you can make sure that your CAPA system is in line with integrated quality management and that product flaws, failures, and recalls can all be avoided or reduced.

To perform risk analysis for CAPA, 

• you have to identify, analyze, and prioritize the risks associated with the quality problem or nonconformity, and then apply effort to minimize, monitor, and control the probability and/or impact of a negative outcome.
• You also have to use appropriate statistical methods (where necessary) to detect recurring quality problems and compare results across different data sources.

• You have to determine the root cause (where possible) and the significance and risk of the nonconformity. 
• You have to verify or validate that the corrective and preventive actions are effective and do not adversely affect the product or process.
• You have to communicate and document the risk analysis and CAPA activities to responsible people and management review.

To verify or validate CAPA actions, you have to follow these steps.

1. Specify the verification and validation criteria: 

• These are the benchmarks or metrics used to assess if the CAPA actions have produced the expected effects and objectives. 
• They ought to be founded on the problem statement, the root cause analysis, the CAPA objectives, and the legal requirements.

2. Pick verification and validation methods: 

• These are the procedures or instruments that will be utilized to assess the viability and efficacy of the CAPA actions. Testing, auditing, benchmarking, and feedback are a few examples. Utilizing techniques like sampling, inspection, measurement, modeling, or experimentation is part of testing. 
• Auditing involves using tools such as checklists, interviews, observations, or records review. 
• Benchmarking involves comparing products or processes with those of other organizations or industry best practices. Feedback involves collecting input from stakeholders, customers, or users through surveys, interviews, focus groups, or reviews.

1. You have to choose the most appropriate method for your problem and situation, depending on factors such as the type, scope, and complexity of the CAPA actions, the availability of resources and data, the level of risk and uncertainty, and the regulatory requirements. 
2. You may use more than one method to verify or validate different aspects of the CAPA actions. 
3. For example, you may use testing to verify that the CAPA actions have fixed the problem, auditing to verify that the CAPA actions have been implemented correctly, benchmarking to validate that the CAPA actions have improved the product or process performance, and feedback to validate that the CAPA actions have met the customer or stakeholder expectations.

ALSO READ: User Requirement Specifications in the Pharmaceutical Industry

3. Carry out verification and validation operations:

These are the procedures that will be followed in accordance with the plan and criteria that have been established. In order to find any gaps, problems, or possibilities for improvement, they should assess the activities' results, data, and supporting documentation. Additionally, they must inform the concerned parties of the findings and request their feedback or approval.

4. Verification and validation activity findings 

Verification and validation activity findings will be used to make judgments, which are known as evaluations of the verification and validation outcomes. They should assess the efficacy, efficiency, or dependability of the CAPA actions by comparing the actual results with the anticipated results. When deciding whether or whether the actions are acceptable, they need also take into account the criticism, dangers, advantages, and repercussions of the actions.

The regulatory reference for CAPA verification and validation

• The 21 CFR 820 Quality System Regulation, which states that: 

1. Each manufacturer shall establish and maintain procedures for implementing corrective and preventive action
2. The procedures shall include requirements for verifying or validating the corrective and preventive action to ensure that such action is effective and does not adversely affect the finished device 
3. All activities required under this section, and their results, shall be documented 

• Some other regulatory references for CAPA verification and validation are:

EU GMP, which states that: 

1. The manufacturer should have a system for implementing corrective actions and preventive actions resulting from the investigation of complaints, product rejections, non-conformances, recalls, deviations, audits, regulatory inspections and findings, and trends from process performance and product quality monitoring 
2. The corrective and preventive actions should be proportionate to the level of risk and effectiveness checked 

PIC/S, which states that: 

1. The purpose of the corrective and preventive action subsystem is to collect information, analyze information, identify and investigate product and quality problems, and take appropriate and effective corrective and/or preventive action to prevent their recurrence 
2. Verifying or validating corrective and preventive actions, communicating corrective and preventive action activities to responsible people, providing relevant information for management review, and documenting these activities are essential in dealing effectively with product and quality problems

WHO, which states that: 

1. Corrective actions should be implemented in response to investigations of complaints, product rejections, non-conformances, recalls, deviations, audits and regulatory inspections 
2. Preventive actions should be implemented in response to the identification of potential sources of non-conformity 
3. The effectiveness of corrective actions and preventive actions should be evaluated and reviewed.

ALSO READ: Frequently Asked Questions (FAQ): Data Integrity