13485cert

Archive for the ‘CAPA’ Category

Why 5 Why?

In CAPA, QA, Quality, Quality Management Systems, Root Cause, Root Cause Analysis on October 2, 2011 at 1:03 am

It’s been a while since I made the time for a posting, but I’ve seen a trend of companies overusing the “5 Why” technique so I just felt the need to share this. Enjoy one of my favorite songs too. If you could only hear me sing it in the shower too.

If an auditor finds a nonconformity, the process owner is assigned to a CAPA. The first step of the CAPA process is to investigate the cause or causes. Some auditors recommend using a technique called the “5 Why” process to identify the root cause. PLEASE TELL THEM TO STOP!

The purpose of investigating the causes of a nonconformity is to determine how big the problem is (i.e. – breadth) and what the underlying causes are (i.e. – depth). The 5 Why process only addresses depth. So why do auditors recommend using this tool? Because the concept is simple to understand.

Unfortunately, not every problem is deep. Other problems have more than one cause. There is no magic behind asking why five times. The principle behind this overly-used technique is to encourage process owners to look deeper into the underlying issues instead of stopping at the obvious specific causes. The intent behind implementing a mandatory “5 Why” process is admirable—but wrong.

There are other techniques. Please try using them.

Cause and Effect Diagrams, also known as “Fish Bone Diagrams” or “Ishikawa Diagrams”, are popular tools for investigating problems in the automotive and aerospace industries. This method involves systematically investigating six categories of potential causes. These six categories are often referred to as the six “M’s”: 1) manpower, 2) mother-nature, 3) machine, 4) material, 5) method, and 6) measurement. This technique is particularly effective, because it is a systematic technique that investigates breadth of problems. Is/Is Not Analysis is another tool used to help process owners narrow down the source of a problem when they really don’t know which category of potential causes matter. For example, an investigator might ask the following questions in conjunction with the Cause and Effect Diagrams: 1) “Is this problem observed with any other employees?”, 2) “Did this problem only occur during hot and humid summer months?”, 3) “Did this problem occur in cavity #4 of parts or all cavities?”, 4) “Is this problem observed in cobalt chrome parts only or titanium implants as well?”, 5) “Do we observe failed crystals for only circuit boards that are reworked by hand or for circuit boards that are built entirely by automated assembly as well?”, and 6) “Were all the defective parts inspected using the same thread gauge?”

The above questions are sophisticated questions that may require a cross-functional team to properly answer. It may be necessary to review lots of records from previous lots. It may be necessary to interview operators to gather information that is not included in the records. It might be necessary to design experiments to verify theories. Often it is necessary to use multiple techniques together. The point is that a thorough investigation is not simple.

If a finding is a simple administrative oversight, there are four common causes: 1) insufficient training, 2) insufficient resources, 3) insufficient management oversight, and 4) insufficiently detailed procedures. If multiple people believe that one of these four causes is the problem, look to other areas to see if a similar problem occurs elsewhere—this is investigation of breadth. If the problem is observed in other places, there is a systemic problem that requires asking “Why?” at least one more time. If the problem is isolated, to the area where it was found, then there is probably no need for asking “Why?” again and again.

If your company’s CAPA procedure requires that you use the “5 Why” technique, please consider rewriting the procedure to encourage process owners to “investigate the cause with an appropriate root cause investigation technique such as one of the following…”. This flexible approach requires more thorough training, resources, and management oversight. However, an overly prescriptive CAPA procedure is often ineffective at preventing recurrence of problems.

Advertisement

Death by CAPA

In CAPA, ISO, ISO 13485, Quality, Quality Management Systems on June 15, 2011 at 9:15 am

I have no theme to relate this song with my posting, but you just can’t go wrong with blue jeans and a black t-shirt…

You might want to play this video twice…it’s a long posting.

I completed almost 100 audits in the past two years, and I review the Corrective Action and Preventive Action (CAPA) process during every single audit. Surprisingly, this seems to be a process with more variation from company to company than almost any other process I review. This also seems to be a major source of non-conformities. In the ISO 13485 Standard, clause 8.5.2 (Corrective Action) and clause 8.5.3 (Preventive Action) have almost identical requirements. Third-party auditors, however, emphasize that these are two separate clauses. We are purists. Although we acknowledge that companies may implement preventive actions as an extension to a corrective action, we also expect to see examples of actions that are strictly preventive in nature.

Many companies seem to be confused, but it doesn’t need to be. Just ask yourself one question. What is the source of this action?

If the answer is a complaint, audit nonconformity, or rejected components—then your actions are corrective.

If the answer is, a negative trend that is still within specifications or an “opportunity for improvement” (OFI) identified by an auditor—then your actions are preventive.

If you are investigating the root cause of a complaint, people will sample additional records to estimate the frequency of the quality issue. I describe this as investigating the depth of a problem. The FDA emphasizes the need to look to other product lines, or processes, to see if a similar problem exists. I describe this as investigating the breadth of a problem. Most companies describe actions taken on other product lines and/or processes as “preventive actions.” This is not always accurate. If a problem is found elsewhere, actions taken are corrective. If potential problems are found elsewhere, actions taken are preventive. You could have both types of actions, but most people incorrectly identify corrective actions as preventive actions.

Another common mistake is to characterize corrections as corrective actions.

The most striking difference between companies seems to be the number of CAPAs they initiate. There are many reasons, but the primary reason is failure to use a risk-based approach to CAPAs. Not every quality issue should result in the initiation of a formal CAPA. The first step is to investigate the root cause of a quality issue. The FDA requires that the root cause investigation is documented, but if you already have an open CAPA for the same root cause…

DO NOT OPEN A NEW CAPA!!!

If you do not have a CAPA open for the root cause that you identify, then what should you do?

I know this will shock everyone, but…it depends.

The image below gives you my basic philosophy.

 

 

 

 

 

 

 

 

Most investigations document the estimated probability of occurrence for a quality issue. This is only half of the necessary risk analysis I describe below. Another aspect of an investigation is to document the severity of potential harm resulting from the quality issue. If customer satisfaction, safety or efficacy are affected by a quality issue—the severity is big. Risk is the product of severity and probability of occurrence.

If the estimated risk is low and probability of occurrence is known, then alert limits and action limits can be statistically derived. These quality issues are candidates for continued trend analysis—although the alert limit or action limit may be modified in response to an investigation. If the trend analysis results in identifying events that require action, then that is the time when a formal CAPA should be opened. If the trend remains below your alert limit, then no formal CAPA is needed.

If the estimated risk is moderate or the probability of occurrence is unknown, then a formal CAPA should be considered. Ideally, you will be able to establish a base-line for occurrence and demonstrate that frequency decreases upon implementation of corrective actions. If you can demonstrate a significant drop in frequency, this verifies effectiveness of actions taken. If you need statistics to show a difference, then your actions are not effective.

If estimated risk is high or there are multiple causes that require multiple corrective actions, a quality improvement plan may be more appropriate. There are two clauses in the Standard that apply. Clause 5.4.2 addresses planning of changes to the Quality Management System. For example, if you correct problems with your incoming inspection process—this addresses 5.4.2. Clause 7.1 addresses planning of product realization. For example, if you correct problems with a component specification where the incoming inspection process is not effective—this addresses 7.1. Depending upon the number of contributing causes and the complexity of implementing solutions, the plan could be longer or shorter. If it will take more than 90 days to implement a corrective action, you might consider the following approach.

Step 1 – open a CAPA

Step 2 – identify the initiation of a quality plan as one of your corrective actions

Step 3 – close the CAPA when your quality plan is initiated (i.e. – documented and approved)

Step 4 –verify effectiveness by reviewing the progress of the quality plan in management reviews and other meeting forums…you can cross-reference the CAPA with the appropriate management review meeting minutes in your effectiveness section

If the corrective action required is installation of new equipment and validating that equipment, the CAPA can be closed as soon as a validation plan is created. The effectiveness of the CAPA is verified when the validation protocol is successfully implemented and a positive conclusion is reached. The same approach also works for implementing software solutions to better manage processes. The basic strategy is to get the long-term improvement projects started with the CAPA system, but monitor the status of these projects outside the CAPA system.

Best practices would be the implementation of Six-sigma projects with formal charters for each long-term improvement project.

NOTE: I believe in closing CAPAs when actions are implemented, and tracking the effectiveness checks for CAPAs as a separate quality system metric. If closure takes more than 90 days, the CAPA should probably be converted to a Quality Plan. This is NOT intended to be a “work around” to give companies a way to extend CAPAs that are not making progress in a timely manner.

%d bloggers like this: