What mistakes the MDR is making and why you shouldn't be talking about CAPAs.
The FDA (in 21 CFR part 820 – QSR) and ISO 13485 differentiate between corrective actions, preventive actions and corrections.
Unfortunately, the MDR and IVDR do not clearly differentiate between these concepts. Some manufacturers also believe they can combine corrective and preventive actions into CAPAs. But this is just as imprecise as the lack of distinction between “corrections” and “corrective actions.”
This article defines the terms and helps you avoid deviations in audits and even illegal marketing of devices caused by this confusing terminology. It lists the regulatory requirements and uses examples to explain how to differentiate between the pairs “corrective action” and “correction” and “corrective action” and preventive action.”
ISO 9000 defines the term correction as follows:
“action to eliminate a detected nonconformity”
Source: ISO 9000:2015 3.12.2
Examples of corrections are:
a) Corrective actions in ISO 9000 and ISO 13485
ISO 9000:2015 defines the term corrective actions as follows:
“action to eliminate the cause of a nonconformity and to prevent recurrence”
Source: ISO 9001:2015 3.12.2
Therefore, the aim of a corrective action is to identify and eliminate not just nonconformities but also the causes of nonconformities that have already occurred and to ensure that such nonconformities do not occur again.
Colloquially, actions intended to ensure that a nonconformity does not occur again are often referred to as preventive actions. However, according to the definition, this is not a preventive action.
Examples of corrective actions
Examples of corrective actions include:
b) Corrective actions according to the MDR and IVDR
Unfortunately, the MDR has not adopted the definition of corrective action from ISO 9000 and ISO 13485:
“action taken to eliminate the cause of a potential or actual non-conformity or other undesirable situation;”
Source: MDR Article 2
This definition is very unfortunate because it mixes the elimination of the cause of a potential nonconformity and the elimination of the cause of an existing nonconformity. Elimination of a potential nonconformity is usually considered a preventive action.
Regrettably, the MDR and IVDR also use the term “field safety corrective action” in addition to the term “corrective action.”
“corrective action taken by a manufacturer for technical or medical reasons to prevent or reduce the risk of a serious incident in relation to a device made available on the market;”
Source: MDR Article 2(68)
Although neither the MDR nor the IVDR define the term preventive action, they do use it. But only in the phrase “corrective and preventive action.” Why this mixing of the two terms is a problem is explained later in this article.
ISO 9000:2015 and ISO 13485 do define the term preventive action:
“action to eliminate the cause of a potential nonconformity or other potential undesirable situation.”
Source: ISO 9000:2015 3.12.1
Interestingly, ISO 9000:2015 defines the term, but ISO 9001:2015 no longer requires any preventive actions.
Examples of preventive actions
Preventive actions are aimed at avoiding future nonconformities that have not yet occurred.
These actions can relate the design of a device to improve its safety, e.g.:
Other actions might relate to quality management, e.g.:
If you were to take one of these actions to prevent a nonconformity that has already occurred from occurring again in the future, these actions would not be preventive actions, they would be corrective actions. In another words:
you can’t take a preventive action if the problem has already occurred. If, after a problem has occurred, you want to make sure it doesn't occur again, that would be a corrective action not a preventive action, even though both have the same aim: to prevent a future problem.
Because most manufacturers only react when problems occur, there are a lot of corrective actions and not many preventive actions.
a) ISO 13485
In section 8.5 (“Improvement”), ISO 13485 requires both corrective actions (section 8.5.2 “Corrective action”) and preventive actions (section 8.5.3 “Preventive action”).
Manufacturers must define processes and keep records for them and provide an explanation if they do not take any corrective or preventive actions in response to a customer complaint.
The FDA requires corrective and preventive actions in 21 CFR part 820.100. The requirements are essentially the same as those in ISO 13485.
The MDR and, likewise, the IVDR establish requirements for corrective and preventive actions. These include:
The term CAPA stands for “corrective action and preventive action.” However, this combining of the two types of action is problematic for several reasons.
a) Problems with standard operating procedure
Some companies create a standard operating procedure (SOP) with the title “CAPA” and use this SOP to establish a common procedure for both corrective actions and preventive actions. However, you can’t only have one procedure because the two differ in several aspects, for example:
The employee suggestion scheme, the list of future standards and laws or technological trends indicate future and potential nonconformities. They are not really sources of information that report existing nonconformities whose causes the manufacturer needs to address with a corrective action.
Activities and roles
A corrective action requires different or additional activities and, in some cases, roles than a preventive action:
ISO 13485 has very precise requirements for handling nonconformities. This means that manufacturers have less freedom when it comes to corrections and corrective actions than they do with preventive actions.
If the MDR and IVDR had adopted the definitions contained in ISO 13485, we wouldn’t need to consider whether corrective actions as defined by the MDR are the same as corrective actions and preventive actions combined as defined by ISO 13485.
b) Problem with “non-significant changes”
The MDR grants transitional periods for “non-significant changes.” However, according to the MDCG, what is considered a non-significant change depends on whether it is related to a corrective action.
Do preventive actions now also have to be considered “non-significant design changes”? This would open a whole range of possibilities for manufacturers. Or does the MDR now make a precise distinction between corrective and preventive actions?
Precise definitions of terms and consistent use of these terms would prevent such discussions.
The clear separation of corrections, corrective actions and preventive actions makes sense and manufacturers should pay attention to it. The fact that the EU regulations (MDR, IVDR) of all things destroy this conceptual integrity is annoying.