CAPA Management


ISO standard based QMS QISS Offers CAPA Management Software System for Automating Corrective Action Processes in Regulatory Environments. Quality issues are unavoidable, no matter how much care is taken to bypass them.


As a significant part of a QMS, CAPA identifies and addresses the root causes of high-risk quality issues. Also, it limits the resulting business impression, both instantly and in the future.

CAPA Management

Figure: QISS CAPA Management Software Workflow

QISS CAPA Management Software

Corrective And Preventive Action (CAPA) or merely Corrective Action consists of improvements to an organization’s processes taken to remove causes of non-conformities or other unwanted circumstances.

This writing will discuss a CAPA Management Software System of an ISO (International Organization for Standardization) standard-based quality management software QISS.

Corrective And Preventive Action (CAPA) 

The term CAPA stands for Corrective and Preventive Actions. Although ISO 9001:2015 does not use the term “Preventive” anymore, several other standards do, and the term is familiar to most QHSE professionals. The simplest way to understand the concept is that this is where a QHSE system helps an organization to improve its business processes.

There is an axiom in Quality Management: “Product is the Result of a Process.” Therefore, if you want to consistently improve the quality of a product and thereby reliably prevent future defects, you must change/ improve the process that produces the product.

ISO 9001

ISO 9001 Clause 10.2 requires an organization to evaluate the need for actions that will prevent the recurrence of nonconformities. A non-conformity could be identified via customer complaints, trends from monitoring, inspections, or procedures not being followed. No matter the source of the non-conformity, an organization is required to evaluate the need for action(s) that will operate to prevent the re-occurrence of a problem (corrective action) or prevent an occurrence (preventative action).

The evaluation step is widely misunderstood. The best way to understand this step is to look at it as the decision step based upon which further steps and actions are to be taken. Some people think that all defects must be prevented. It may not be a wise path to follow. Please see additional articles in the “Published Articles” part of this website.

ISO 9001:2015, Section 10.2.1 Nonconformities and Corrective Action states:

When non-conformity occurs, including any arising from complaints, the organization shall:

a) react to the non-conformity and, as applicable: [This Step is commonly called “correction” and is mandatory]

1. Take action to control and correct it.

2. Deal with the consequences.

b) Evaluate the need for action to eliminate the cause(s) of the non-conformity, in order that it does not recur [Corrective Action] or occur [Preventive Action] elsewhere, by:

1. reviewing and analyzing the non-conformity; [Defining the NC]

2. determining the causes of the non-conformity; [Commonly referred to as Root Cause Analysis or RCA]

3. determining if similar non-conformities exist or could potentially occur;[Risk]

4. implement any action needed; [Corrective Action, involving changes to the business process(es) that cause the NC]

5. review the effectiveness of any corrective action taken; [Determine whether the Corrective Action has eliminated/ minimized/ reduced the probability and danger of the NC happening in the future]

6. update risks and opportunities determined during planning, if necessary; [Update Risk Score determined during the evaluation]

7. Make changes to the quality management system, if necessary. [Management of Change protocols—see the QISS Management of Change MOC module]

Corrective Actions shall be appropriate to the effects of the nonconformities encountered. [An excellent way to ensure this is to start with a Risk Assessment. The higher the Risk Score- the more robust the action needed]

Clause 10.2.2 The organization shall retain documented information as evidence of:

a) The nature of the nonconformities and any subsequent actions are taken.

b) the results of any corrective action.

How does QISS software CAPA Module help an organization with its Corrective Action requirements?

QISS offers three different versions of the CAPA module. All of them will ensure that you comply with the QHSE standard of your choice. The different versions provide progressively greater capability to handle the complete and complex demands of the organization.

Please see accompanying content on Features and Benefits. To summarize, QISS provides the tools for an organization to achieve the following objectives:

  1. Identify and define the problem (defect, error, non-conformity, etc. The problem could be detected because it has already occurred or because the organization has determined that there is a probability of its occurrence. It is essential to define the real problem. Sometimes it is not clear at first glance. Obviously, a misidentified problem will end up in spending time, effort, and money solving the wrong problem.
  2. Evaluate the need for action. Since a CAPA involves processes reengineering/ improvement, the need should be evaluated in as objective a manner as possible. A good way to do so is to do a Risk Assessment. A suitable method is the (Potential) Failure Mode & Effect Analysis (FMEA). This tool is provided in the Advanced version of QISS-CAPA.
    1. It is a good idea (and a requirement in some standards) to form a Team before proceeding. QISS-CAPA, Pro, and Advanced versions provide this ability. This ability to select a team is available at each of the CAPA steps. You can have different steps at each step or the same.
  3. Develop a Solution. It is where a solution to eliminate or minimize the causes, and root cause will be developed and planned.
  4. Implement the Solution. It is where the solution is implemented as planned and recorded.
  5. Verify Implementation. This is where the implementation is verified.
  6. Validate Effectiveness. This is where the solution’s effectiveness is validated to ensure that the solution worked/ will work as desired. At this point, another Risk Assessment is performed to calculate if the solution did eliminate the risk or bring it down to an acceptable residual level. This ability is available in the Advanced version of QISS-CAPA.

What is the QISS Corrective And Preventive Action (CAPA) System?

The QISS CAPA System is the backbone of the QISS QMS for the Continual Improvement part of the QMS. This is where an organization will go with its problems and opportunities to identify the processes in the QMS that need to be improved so as to remove the future occurrence of problems and take advantage of the opportunities. The hallmark of a good CAPA is an Effective CAPA. The execution of such a CAPA will upgrade the current QMS in a pin-pointed fashion and will change the relevant process and related culture for the better forever. QISS-CAPA provides all the tools for an organization necessary to achieve this all-important role of a QMS. It fulfills the Action step of the Shewhart- Deming Cycle.

How do the QISS Corrective And Preventive Action (CAPA) System work?

QISS-CAPA provides tools for the following essential steps of an Effective CAPA, as shown above.

The steps are: 

  1. Identify the Problem or Opportunity- both are subsets of the Risk-Based Thinking required by ISO 9001:2015.
  2. Evaluate the need for action. This is done by using the Risk Assessment app available as the second step. This step will help you automatically search for similar Risks that organizations might have evaluated in the past. At the end of the assessment, you will have a Risk Priority Number (RPN) which will help you determine whether to go forward with the rest of the CAPA steps. 
  3. The third step is to use the Root Cause analysis tool provided within QISS-CAPA. The purpose of this step is to identify the process that needs to be improved.
  4. The fourth step is for developing a solution that is aimed at improving the weak process.
  5. The fifth step records relevant details of how the solution was implemented. 
  6. The sixth step is to determine how much of an improvement was made. A Re-Assessment of the Risk does this to quantify the Residual Risk via a new RPN. If the RPN is low enough, then the CAPA is deemed to be Effective.
  7. QISS-CAPA gives you the option to set a future date when you would like to revisit the CAPA that was completed to ensure that the CAPA was, in fact, effective. This could be done by a third Risk Assessment or a review of relevant other information that could have been available with the passage of time.
  8. At the end of the completed CAPA, there is a step where you could initiate a re-do of the relevant parts of the QMS, such as revising a Procedure and training affected people on the new procedure.

Why does the QISS Corrective And Preventive Action (CAPA) System matter?

An effective Corrective/Preventive Action (CAPA) is the building block of a QMS designed to improve your QMS over time systematically. This is likely the best synthesis of all the improvement processes in practice in a modern Quality Management System. The above summary of QISS-CAPA shows how using this system can give you an advantage over your competition. It is also the most systematic manner of improving your business to be more productive and profitable.

Benefits of QISS Corrective And Preventive Action (CAPA) System

  • Get complete visibility into your corrective & preventive actions and their impact
  • Record and track all corrective & preventive actions through this centralized web-based database so you can trend information and identify areas of increased risk due to incomplete and unverified CAPAs.
  • Track costs of corrective actions
  • Ensure Compliance with common management standards.
  • Satisfy and exceed audit, nonconformance, and corrective and preventive action requirements of many common standards such as ISO 9001, ISO 14001 and ISO 45001, API Q1 and Q2, IATF 16949, ISO 13485, and others
  • Mitigate risk and avoid unnecessary costs
  • Prevent the recurrence or occurrence of discrepancies, failures, and deviations through dashboards that provide a real-time, at-a-glance assessment of the status of corrective & preventive actions
  • Advanced CAPA allows for Risk assessments and Root Cause analysis on all potential corrective actions and preventive measures
  • Respond timely to customer complaints and issues by allowing Customer access through the Customer portal
  • Respond to Safety, and Environmental Incidents, Accidents, Spills, Near Misses
  • Cultivate a companywide culture of continuous improvement

Features of Corrective And Preventive Action (CAPA) System

CAPA stands for Corrective and Preventive Actions. QISS has three (3) different modules that enable the users to manage corrective and preventive actions reporting based on their company’s needs: CAPA EZ, CAPA- Pro, and ADVANCED CAPA, which includes risk management within it.

CAPA EZ is the most basic form of corrective and preventive action reporting with a single built-in best practice for reporting and managing corrective and preventive actions.

  • Inexpensive, as little as $18/month
  • Allows for one (1) user to manage a Corrective/Preventive Action from initiation to closure
  • Web-based requires no servers or software to be downloaded.
  • Expandable to multiple users
  • Can be connected to other QISS EZ Modules

CAPA- Pro is a comprehensive module that allows for the management of corrective and preventive actions, including the following features:

  • Ability to initiate CAR from existing NCR or an identified risk
  • Ability to initiate internal, supplier, or customer CARs
  • Configurable custom fields
  • Configurable workflows with assignments, reminders, escalations.
  • Suppliers and/or Customers can be given the ability to perform or validate steps in a Corrective/Preventive action
  • Charts & Reports
  • Advanced search feature

Advanced CAPA has all the above capabilities along with the following additional features:

  • The QISS Advanced Corrective Action Reporting (CAR / CAPA) is designed to track all the activities related to corrective action and preventive action is being taken on an actual/potential Non-conformity. This Module, along with the non-conformance (NCR) Module, can be used by organizations to build an automated mechanism for finding problems and opportunities for improvement. This mechanism then helps the organization to act on the problems/opportunities in a disciplined manner.
  • Ability to Initiate CAR from “Audit” and “HSE” reports
  • Ability to assess the risk involved in the identified problem and calculate a Risk Priority Number (RPN or “Risk Score”)
  • Ability to recalculate the RPN after the Corrective Action is completed to help determine the “effectiveness” of the action taken
  • Ability to record revised RPN with a contingency plan
  • Ability to add custom fields with more type of fields (for example, date, time, number, and derived)
  • The advanced search feature to filter out records by specifying multiple match criteria

The history of the QISS Corrective And Preventive Action (CAPA) System

Introduced in 2004. The QISS software is designed to be compliant with all ISO quality standards. The QISS CAPA modules have seen evolutions related to changes in ISO standards and reflect the requirement of these standards for addressing corrective and preventive action measures.

With the advent of ISO 9001:2015, ISO introduced a new standard, unlike previous versions. ISO 9001:2015 is less prescriptive in its requirements and allows its adherents the ability to define and document their QMS in a way that is most effective for their type of business model.

The most revolutionary part of the new standard is the introduction of risk assessment and analysis. This replaces the traditional preventive actions with a model based on “risk-based thinking.” This requires that risk is assessed at all levels of an organization, and if the risk is found, a plan on reducing or eliminating the risk must be undertaken and documented.

The QISS CAPA module is specifically designed as the correct tool for addressing corrective actions and risk assessment and mitigation actions in one modular setting. The QISS CAPA module begins with the ability to determine root cause analysis to be applied to a non-conformance issue. It has steps for developing and implementing a plan of action to address the non-conformance. The final step is verification to determine if the corrective action was effective.

In relation to risk, QISS has the Advanced CAPA module. This module allows the user to assess risk and determine its value of exposure. It then follows with root cause analysis, plans development and implementation, and ends with verification. Additionally, Advanced CAPA has the ability to describe and document contingency actions related to a specific risk scenario in the event the initial plan of action is ineffective.