Every organization has its share of problems; customer complaints, process defects, faulty components, misleading data or reports, and a plethora of non-conformances and discrepancies that can seriously halt its growth and success. Other times the issues can be trivial and dismissable. Whatever the size, scope of an issue, an organization needs an effective system of methodical steps that can help sort out and eliminate such problems; a system that can promote efficiency and efficacy during problem solving. Enter the CAPA system.

What is CAPA? 

CAPA, an abbreviation for Corrective and Preventive Action, is an integral part of all QMS (quality management systems) and consists of rules that encapsulate the entire problem detection, assessment, and solving process that companies employ when dealing with non-conformances. CAPA is an indispensable asset of any firm that wishes to maintain quality and productivity throughout its operation. CAPA can be broken down into two constituents: 

Corrective Action

The corrective action is the direct consequence of an effective root cause analysis (RCA) outcome. The root cause analysis is a method via which the source and the base causes of non-conformances are discovered after a comprehensive problem-solving process, data analyses, and deduction. After the root cause analysis, the set of actions taken to solve the “root” of the problem for that non-conformance/s is classified as a set of corrective action procedures. These actions are taken to prevent the encountered non-conformities from recurring again. The corrective actions taken, then act as a proactive barrier to safeguard against the original non-conformance/s. This system also includes any short term corrections that are used as “band-aids” to fix existing non-conformances.

Preventive Action

In contrast to corrective actions that safeguard an organization from already identified issues, a preventive action is one that relies on proactive methodologies to seek out potential problems that may exist in process or products. This means that preventive actions are born as a consequence of risk assessment vs. existing problem corrections in the case of corrective actions.

The need for CAPA systems

So why need CAPA? 

First and foremost, CAPA is extremely important in the scope of quality. Organizations can suffer from poor quality products and ineffective systems due to underutilizing and underestimating the need for proper CAPA systems. Quality is an intrinsic property for those that follow good practices and processes, and what maintains and improves these processes? The CAPA system. CAPA helps regulate processes and deals with non-conformances and problems in any part of the workflow. In fact, the CAPA system is used in most key industries such as medicine, food, aerospace, automotive, and many others, where the smallest of issues and deviations can prove to be fatal later. With so little room for error, such organizations often utilize CAPA for their quality needs and wants. It is also especially useful due to the risk assessment part of CAPA (the preventive action part) that industries rely on before deployment of products; modern CAPA systems help organizations achieve long-term quality instead of short-run correction principles. Other than correction and prevention, CAPA is also used as reports for management reviews, audits, and inspection as data to quantify and evaluate system objectives and policies put in place; it can be significant enough to dictate when entire processes need to be changed or updated. Finally, it is also used in training and updating practices and procedures of employees, as in the case of human resource quality management.

CAPA in IS0-9001

While many ISO standards continue to employ the standard bread and butter approach to CAPA, with corrective actions and the like, the CAPA process has been reiterated to better serve overall long-term improvements. CAPA in ISO-9001:2015 is more structured around the idea of prevention as opposed to cure. With the introduction of Section 6.1. et al and the risk-based thinking matra of the new standard, the focus has shifted to more risk-based assessment and elimination thinking that seeks to target potential risks before they even lead to non-conformities. To learn more, please visit.

Bridging the gap between non-conformity and CAPA

Non-conformity in products and processes

So, what initiates a CAPA response? The triggers for CAPA can be anything that deviates from expectancies and standards if they are major in impact. From customer complaints about defective products to non-conforming processes and components inspected during internal and external audits by investigating bodies can all initiate a CAPA response. Non-conformity (find out about NCRs here) according to ISO-9001 standards or other standards all warrant CAPA provided the non-conformity seriously impedes or has the potential to seriously injure an organization’s daily workflow. As mentioned, CAPA is especially used in industries where products need to strictly comply with standardized outlines since non-compliance can mean devastating effects and legal consequences (like faulty medicine due to improper manufacturing methods utilization). 

With regards to customer complaints, CAPA is usually triggered whenever the complaints are systemic or when they show similarities, implying common root causes. Major customer complaints that result from dangers to safety or from similar scenarios, should be raised for root cause analysis and CAPA.

Human resources and non-compliance

CAPA is also used as a way of dealing with non-conformances stemming from human resources. For example, corrective actions can be used when certain departments or personnel are non-compliant with good work practices and deviate from standard procedures that can lead to subpar results or even bring to question the organization’s integrity. It can also be issued for seemingly simpler issues such as improper reporting and omission. The bottom line is corrective action plans can be used to correct these issues and this corrective action can come in the form of disciplinary reviews or simple updates to training and work practices.


Internal and external audits can rigorously scrutinize processes for faults. This is a good place for discovering systemic issues that can plague an organization. It is, therefore, also a good place where CAPA is triggered from and used in.

When to initiate CAPA

All organizations, big or small, suffer from non-conformance and defects. These defects can be minor or major in nature, and so CAPA is precisely there to rectify and prevent them. So, to initiate CAPA procedure, the priority in the checklist is the existence of a problem. With a problem in hand, the second priority is the nature of the problem; where is it located? Is it significant enough and needs to be dealt with immediately? What function does it exactly hamper? Who is affected by it, and where it might come from. The approach should be a holistic one with as many variables and risks that can be addressed. Decisions should be based on risk factors and should look for causes instead of treating symptoms (especially important for root cause analysis). 

While an organization can suffer from various issues and non-conformances, not all need to be raised for CAPA. So, what issues might warrant the need for CAPA? Systemic ones are CAPA worthy. If a problem has been reported repeatedly, or if similarly themed issues keep popping out, there is a base case that is usually common to them. This is when the organization needs to perform root cause analysis and combat the underlying issue directly. But there can also be other instances where the need for CAPA arises; reports of customer harm or property damage are pressing and often require initiating a CAPA response even if it seems like a one-off thing. Remember, any injury or damage resulting from use of products leads to dire consequences for the customer and then the organization; a CAPA in such an event is the only natural course of action to take, systemic or not. On the flip side, there can be small discrepancies in processes from normal working procedures or minor non-conformance issues, all which can be fixed with slight corrections and do not arise again in the future; in such cases CAPA is an overkill. So before deciding to put out a CAPA request, the issue encountered should be examined carefully. If it is systemic, or whether it has caused harm in some way, or if it has violated statutory laws and requirements, and if so, whether it is significant enough to adversely affect the organization profile and operation. Once these aspects are discussed and concluded, the question whether to initiate a CAPA request or to apply a “quick fix” becomes evident. Depending on the severity of the case, the decision to follow CAPA or not is taken. 

The CAPA Process

So, let us say that the issue is severe or data from non-conformance reports, audits, and complaints show that the issue is recurring and has the potential to turn nasty. Logically the answer should be to initiate the CAPA, but how does one start? 

Initially, the CAPA process is usually broken into corrective and preventive sets, each with its own agenda and methodical steps that are followed sequentially. The steps demonstrated below are very similar in format to the 8D method employed by automotive and manufacturing industries to resolve problems and perform corrective actions:

The Corrective Action Part

Identify and assess the problem.

When an issue is first brought up to quality controls and identified, the first things to check are the nature of the issue, where it is from, and what caused it. With a robust non-conformance reporting system in place, the data of the issue should be there with all necessary details such as where it is located, what is the nature of it, and when it happened, etc. As described in the “When to Initiate CAPA” you usually need to check whether it is systemic and worthy of CAPA procedures. If the issue is easily fixed with certain correction actions and there is no chance of recurrence, initiating any sort of CAPA will probably be wasteful. If the issue seems bad enough, then you can put out a corrective action request or CAR to start the process.

An effective Risk Assessment program is essential in determining the need to undertake a corrective action related to an identified issue or problem. The use of a risk-matrix methodology that is designed to account for levels of risk across variables such as severity, occurrence and detectability affords the user with a tool that can aid in risk-level severity and whether to employ CAPA measures. These types of variables produce an RPN, or risk priority number that an organization can rely upon to assess what level of risk exposure it may be faced with relative to a recognized issue.

If the tool determines that an issue is low in risk, a simple correction can resolve the matter at hand. If, however, the RPN is high enough to raise a risk probability, then the initiation of a CAPA would be warranted. Simple tools can be designed using Excel.

Simple software applications are also available that automate the process, assist in decisions, and above all—provide a data-base of history to assure a sustained and continuing monitoring of risks. 

Initiate the CAPA

Once the issue is deemed as significant, a CAPA request is initiated by the quality department and is assigned a reference or tracking number. The CAPA process has now begun. Once the CAPA is underway, the next step of action is damage containment and identification of parties involved with the non-conformances. Once parties are identified, they are often notified of the formal CAPA request and must collaborate with quality personnel to weed out all the issues (this team formation and collaboration among different departments is very useful in the next root cause analysis step). The status of the non-conformance at hand must be checked. What is the damage containment plan (or correction action) taken to mitigate the problem? Is it already in place? If not, what can be done? Should processes be halted momentarily? Any product recalls? Different correction actions are formulated to make sure that the issue at hand is immediately brought to conformance. Once a short-term solution is reached, the major long-term corrective action process can begin.

Root Cause Analysis (RCA)

With the conclusion that the issues have some pattern and are systemic (or are very serious in nature), the root cause analysis follows naturally. To identify the base root cause, collaborate, and involve all the personnel and departments near the issues. Having more hands-on deck and ones that are intimate with the area in question can help the investigation process and infer the correct root cause/s. There are a few different ways the root cause analysis can be further broken down into simpler steps that help the problem-solving process:

  1. Utilize the Ishikawa diagram:
    The idea for the Ishikawa diagram (or fishbone diagram) is very simple. Starting from the discovered deficiency, draw a horizontal line running from it. The “bones” of the diagram are the lines from each side of the horizontal line and are the main categories where the defect could have stemmed from. From there, brainstorm potential problem sources for each of the major categories and jot them down near the bone with the corresponding category. This process is continued, and the horizontal line is extended with more bones added till the team feels a satisfactory resolution to the root cause has been found.
  2. The five whys:
    Another powerful tool for root cause analysis is the 5 whys assessment. The premise behind the 5 whys is straightforward, involving simple brainstorming as to why the defect occurred. Once an answer for the original question appears, continue to ask why the answer popped up when discussing the original defect. Continue this inquisitive chain of whys whenever an answer is reached and keep doing it till the very base case is successfully uncovered. There you go, that is the root cause. For example, you might ask why there was a faulty leakage pipe, and you might answer that the pipe itself was structurally deficient. From there, you can ask why the pipe was like that, to which the answer might be: a defective batch unit. Ask again why there was a defective pipe and the answer might be that the supplier did not check the quality of the manufacturing process. The final question might be why the supplier did not check the manufacturing process from which the root cause might turn out that the calibration program used by the supplier is underperforming. The seemingly simple 5 whys have led to a convincing root cause deduction.

Form an action plan

With the help of the collaborating departments, quality can now form an action plan that directly tackles the root issue and can stop the recurrence of the deviations in the future. Assign individuals and departments with different disposition actions, which may include long-term process redesigns, or product redesigns and/or updates, and even scraping out entire products and services. If the root issue happens to be in the parts for a product and comes from the component supplier side of things, the corrective action might be to change suppliers entirely. If the methods for measurements of parameters or policies are incorrect, then an update to the practices and policies is formed. The key point is that there is an action plan that is formed for the root cause of the preceding step.

Execute the Corrective action

With the corrective action plan (CAP) formulated, they are put into motion. These actions are then carried out by the persons the responsibilities were assigned to and can range from a change in simple policies to redesigning or reworking products or processes from the ground up. For human resources, these corrective actions can come in the form of warnings and/or updates to working and standard protocols.

Verify the outcomes

The inspection step is put in place to verify the efficacy of the corrective action placed thus far. This includes establishing a set of criteria that checks whether the corrective action brings about the required conformance in products and processes. For example, in manufacturing, the criteria to be met might be certain parameter measurements of the output from the system rectified, so checking if the measurements are satisfactory would mean that the corrective action is appropriate and in place. For this purpose, internal audits, calibration programs, and inspections can be useful. Verifying makes sure that the same problem (or any new ones) will not arise with the changes implemented.

Formalize the process and document it

The final step needs to be properly documenting and providing clarity to the entire outline. The tabulations need to be clear and concise and must include the problem statement, the evidence that the corrective action works and is in place, its efficacy, and the steps taken to achieve it. Be sure to update all specification changes brought about by the changes from the CAPA and obtain appropriate signoff and acknowledgment from project consultants and/or quality managers. This report will be used to completely update current practices and protocols and thus needs to be sufficiently technical and explained. The report can be the basis for training employees on new methods.

The Preventive Action Part

Modern ISO standards require quality management systems, and their CAPA processes shift from proactive to reactive systems. Products and processes are interconnected and an issue in one area often translates to other areas and so it is important to have smooth, accessible data flow between different departments. Preventive actions are very prediction-based and require organizations to go out of their way to review different trends, potential process risks, and life cycles of their products for risk assessment. 

The problem with dealing with non-conformities and errors via corrective actions is that this can lead to a perpetual case of just reacting. Wouldn’t it just be better to recognize and eliminate potential sources of problems before they even rise to the surface? To this effect, there are things that an organization can do to make sure it always stays on top, such as frequent audits and performance reviews whereby internal procedures and product specifications are regularly stress tested for efficiency and conformance. Risk analysis, as mentioned in the corrective action part, can also be extended here, and can include assessing potential points of failure internally or monitoring trends and/or points of failure in the competition. There should also be backup plans for processes and production in case anything was to go awry and can include alternative processes to address this. In the case of manufacturing firms, it is beneficial to always inspect raw components and suppliers for any non-conformities from the supplier side of things, and calibration control programs are a very good way to assess such issues. 

So how would you shift to prevention rather than cure?

There are a few standardized processes that need to be adapted to your CAPA systems to prevent problems rather than react. To do this, you can:

  1. Analyze for patterns in customer complaints. Small oneshot problems will require corrections; ones occurring frequently will need to be issued as CAPA problems. Start delving more into complaint handling processes.
  2. Hold more stringent internal audits as these can help uncover different issues within the processes. The more frequent the audits, the more scope for detecting potential problems and in turn, reliable output. Likewise, non-conformance data should also be inspected to see if they warrant CAPA or not. Non-conformances can be picked up during audits and inspections of components and processes.
  3. Implement customer feedback for products that can help to procure data on where to make improvements, desirable features, etc. Customer feedback should not be confused with complaints, the latter of which comes into account after an issue is discovered. Customer feedback helps to analyze trends and create room for improvement for your products from the viewpoint of the most important party, your customers.
  4. Start emphasizing on supplier management to detect non-conformance/s earlier since these issues often translate to faulty outputs. This is true for manufacturing industries that rely on quality inputs for quality outputs. This can be likened to a risk-based process whereby constantly inspecting input components from suppliers, you can ensure your own outputs have no defects.
  5. Use calibration programs for equipment and measurement monitoring.
  6. Keep contingency plans for most things in case something goes wrong.
  7. Use risk management and assessment tools like risk matrices and failure mode and effect analysis (FMEA). Data from conformity issues, complaints, audits, and inspections can be used to build and quantify the risk factors and is used to calculate the probability of risks based on the likelihood of occurring and their potential associated consequences. This data is then plugged into matrices called the risk matrix. The spread of data dictates the total risk associated with the factor; The upper triangle gives low-risk factors, the middle parts constitute mid-risk factors, and the lower right triangles give high risk, high priority factors. The data spread is user-friendly and easily interpreted. An example of a risk factor could be a malformed part for a manufacturing process; then its risk would be calculated on how likely the part from a certain supplier would have the wrong measurements and what that would most likely impact in your production process. Similarly, FMEA would list all possible modes of failures and why they would occur, along with all costs you would incur from said failure.
  8. Frequent training programs for employees can impart key skills that can help to deal with detecting and handling non-conformities or improving general working practices, and this can go a long way for a properly functioning organization. With a well-trained workforce, potential issues can be detected earlier and even corrected before they have a chance to do harm.
  9. Employees throughout the work chain can give feedback on weak links or potential failure points in different areas and help contribute valuable data to management for risk analysis.

The problems in CAPA process

CAPA is an important process integrated into almost all systems, yet despite its universal familiarity CAPA is often poorly optimized for optimum performance. Knowing the biggest flaws that cause this can help you to take better steps to optimize the whole thing. The flaws in CAPA can be:

1. Reaction versus prediction

Why is this uttered so many times? Simple, most CAPA’s are designed and used with the mindset of correcting things rather than taking steps in advance. But waiting for problems to pop up means just that: you will always be waiting. So instead of waiting, it will be a better idea to take active steps to make sure that things are as close to perfect as possible, so the result has lesser errors in it. Yes, there will still be errors. Every process and product has it, but by taking proper precautions, the negatives are easily minimized.

2. Utilizing CAPA for everything

Not everything warrants corrective actions. Some issues and non-conformances can be minor enough to be fully resolved with a simple correction. Reserve CAPA only for the major issues where there is real blowback and consequence or when there is a systemic problem underneath. Too much issuance of CAPA can lead to piles of trivial, unfulfilled requests and can lead to the real issues being overlooked or put on hold due to lost time.

3. Root causes not being closed completely  

It is easy to miss out on root causes when corrective actions are put out. This will most definitely lead to the recurrence of the same issue and a failing in the corrective actions to properly rectify the issue. To properly deduce the root issues, utilize statistical and quantitative tools like the Ishikawa and 5 whys methods as listed above. Similarly, a cross-functional team of different departments related to the area of issue of the CAPA can help contribute to quality decisions and better problem-solving. Collaboration is most usually key in the root cause determination department and action plan formulation.

4. Time constraints and lack of flexibility

Operating within short, fixed time limits can hamper the progress of a CAPA. The process is oftentimes quite impacting and commands decent time and money as a resource. Best not to rush things here and proceed slowly. 

A template for CAPA

Having a quality management system is key for handling errors via CAPA, not to mention the frequency at which CAPA requests can occur at. Stacks of CAPA requests can quickly become overbearing and difficult to handle. CAPA is an entire process with the templates and styles differing between organizations. There is not any “one size fits all solution,” and a comprehensive, personalized CAPA solution is just what you might need to make sure things don’t get overbearing and run smoothly in your organization. A software CAPA solution can keep things automated, neat, organized and easily accessible. To check out a comprehensive software CAPA solution and customizable templates.


What is CAPA?

CAPA stands for corrective and preventive action and consists of the rules and processes that deal with correcting and preventing systemic issues.

What is the difference between corrective action and preventive action?

Corrective actions are those that deal with preventing recurring issues resulting from root causes. Preventive actions are those that prevent potential issues from risk calculations.

When do we use corrections?

Corrections (not to be confused with corrective actions) are taken as containment and damage control plans for discovered non-conformities and issues.

What is a non-conformance?

A non-conformance is any deviation in products and processes from standardized spec and requirements.

When do we use corrective actions?

We use corrective actions when there are systemic or significant non-conformities (such as in harm and destruction of property).

When do we use preventive actions

We use preventive actions after qualitative and quantitative risk assessment to address the risks and prevent potential risks from happening.

Are corrections a part of corrective actions?

Correction can be a part of corrective action to rectify issues in the short term.

What is root cause analysis?

Root cause analysis (or RCA) is the analysis of non-conformances and different processes to infer the possible base cases that are the precursor to the non-conformities in the first place.

What is the use of CAPA software?

To handle all corrective and preventive requests and processes.

What is CAPA in ISO?

ISO is an international regulatory body that develops standards that companies can adhere to, for certification of consistent quality, reliability and safety. CAPA in ISO-9001:2015 indicates that the CAPA system being used is of satisfactory standards according to requirements set by ISO.

Are there other certifying or regulatory bodies for CAPA?

Yes, there can be other certifying bodies, such as the FDA for food and drug that have standardized rules, regulations and protocols that need to be maintained by companies to get certified.

How often should we start CAPAs?

Use CAPA only for systemic and serious issues. Use small corrections to handle minor non-conformances that will not recur.

What are systemic issues?

Systemic issues are non-conformances that have demonstrated a pattern of recurrence and can be attributed to some unaddressed root issue that causes them.

When do we initiate CAPA?

Whenever there is a systemic or significant issue.

Which areas employ CAPA?

CAPA can be used in products, processes and human resources to solve issues.

What is an Audit?

Audits are internal inspections held by companies or external bodies (external audit)  to monitor and assess internal functions and processes within an organization.

What is a corrective action request (CAR)?

A corrective action request is a call for corrective actions to eliminate causes for discovered non-conformities and issues.

What is risk assessment?

Qualitative and quantitative methods for figuring out potential risks in a system.

What is a risk matrix?

A matrix that lists all potential risks in orders of consequence and likeliness. They are employed during risk assessment.

What is a risk priority number (RPN)?

A numeric value that helps categorize the possible risks and is calculated by multiplying numeric weights for severity of the issue, probability of occurrence and the likelihood of the failure being undetected. High risk priority numbers indicate high risk factors that need to be addressed as soon as possible.

What is the ishikawa diagram?

A pictorial assessment tool that is used in identification of causes during root cause analysis.

What are the “5 whys” ?

A tool that is used in the deduction of root cause during root cause analysis. It involves asking questions on the nature and causes of the non-conformities till the base case is successfully uncovered. 

What is a corrective action plan?

A proposed set of actions and modifications to processes and/or design in products to eliminate recurring non-conformance and issues.

Why do I need to verify the corrective actions?

To ensure that the modifications and changes are bringing about compliance and efficiency once again.

What is a calibration control program?

A method of ensuring measurements from various processes and outputs do not deviate too much from reference values. 

What is supplier management?

A set of processes and rules that encapsulate supplier governance rules, regulations, legal terms and expenses, supplier product performance and conformance.

What is Failure mode and effect analysis?

A risk assessment analysis that involves using data and logical reasoning to deduce the potential ways of failures in systems and products and their consequences and severity. It also includes preparing potential contingency plans to combat the issues and their root causes.

Choose suitable software for your business from QISS essential software list. We are always ready to provide you ISO-based QMS services through QISS QMS software.