CAPA (Corrective and Preventive Action)

What CAPA means

CAPA stands for Corrective Action and Preventive Action. It is the regulated quality process for responding to deviations, nonconformances, audit findings, customer complaints, and other quality issues in a structured, documented, and verifiable way.

A CAPA record captures the problem, the investigation, the root cause, the actions taken to correct it (corrective action) and to prevent recurrence (preventive action), and an effectiveness check that confirms the fix worked.

Why CAPA matters in regulated industries

CAPA is one of the most-inspected areas of any regulated quality system. FDA, EMA, MHRA, and notified bodies all look at CAPA records as primary evidence of a functioning quality culture.

A weak CAPA program — missing root causes, repeat deviations, late actions, missing effectiveness checks — is one of the top reasons regulatory bodies issue 483s, warning letters, and notified body findings.

Where CAPA appears in regulations

CAPA requirements appear across most GxP regulations and standards:

• FDA 21 CFR Part 820 §820.100 — Medical device QSR CAPA procedures
• FDA 21 CFR Part 211 §211.192 — Drug manufacturing investigations
• EU GMP Chapter 1 & Chapter 8 — Quality system + deviation and CAPA
• ICH Q10 §3.2.2 — CAPA as one of four enablers of pharmaceutical quality systems
• ISO 13485 §8.5.2 and §8.5.3 — Corrective and preventive action for medical devices
• ICH Q9(R1) — Quality risk management feeds into CAPA prioritization

The CAPA lifecycle

A typical CAPA record moves through these stages:

• Initiation — source event documented (deviation, audit, complaint)
• Investigation — root cause analysis using tools like 5 Whys, Fishbone, FMEA
• Action planning — corrective + preventive actions defined with owners, due dates
• Implementation — actions executed, evidence captured
• Effectiveness check — verification after a defined period that the issue has not recurred
• Closure — formal close-out with QA approval

What good CAPA controls look like

Inspection-ready CAPA programs share common control patterns:

• Defined escalation criteria — when an event becomes a CAPA
• Controlled root cause templates — reduce shallow analysis
• Mandatory effectiveness checks — no closure without verification
• Links to source events, changes, training, and risk assessments
• KPI dashboards — open count, average age, overdue actions
• Trending and recurrence analysis — feeds into Management Review

How Complere manages CAPA

The Complere CAPA & Deviations module provides a controlled CAPA lifecycle with structured root cause capture, action plan tracking, and mandatory effectiveness checks.

• One record from deviation through effectiveness check — no handoffs between systems
• Configurable root cause taxonomy aligned to your QMS
• Automated overdue action escalation
• Dashboards surface repeat root causes and late effectiveness checks
• Full audit trail and e-signatures meeting 21 CFR Part 11
• Linked to change control, risk assessment, training, and documents

Terms related to CAPA

CAPA connects to many other quality concepts. Explore related terms to build a complete picture of a regulated quality system.

• Deviation — unplanned event that may trigger a CAPA
• Root Cause Analysis — the investigation technique inside a CAPA
• Audit Trail — the record history behind every CAPA action
• Out of Specification (OOS) — common CAPA trigger from lab testing
• Validation — CAPAs may require re-validation of systems or processes