At my current position, I work for a small industrial manufacturer in NJ. Due to the relatively small scale of our operations, we mostly deal with risk mitigation in two ways: Field Correction & Incident Reporting. As we do not have risk management departments, it falls on us in the office to field messages from customers and actively attack problems as they arise. If we had the resources, I would love to implement a traceability matrix so that customers can somehow have access to a reporting portal.

I currently work at a medical device company, and risk assessment does show up everywhere, even if it's not a full-fledged risk analysis for a new product design. For instance, if there is a nonconforming component found during the manufacturing process, a risk assessment is performed to determine whether or not the issue needs to be escalated to a CAPA request. Then if it ends up becoming a CAPA, one of the first steps is to explain the CAPA's risk. What would be the risk if the issue was not detected and the problematic component got in the hands of the user? Is there a noncompliance risk with any specific regulations? And in the interim before the CAPA actions are completed, is there a risk that the same issue will happen again? Each of these questions needs to be considered to determine the urgency of the problem and the appropriate path forward to prevent recurrence of the issue.

I have interned with a risk management team of a medical device whiles they were dealing with a pretty big non-conformance in their processes, so I have had experience in the CAPA process. CAPA stands for corrective and preventative action, which occurs when a non-conformance to procedures is identified. During this process, actions are identified to correct the non-conformance, and measures are taken to prevent this non-conformance from happening in the future. CAPAs can become quite large, costly, resource-consuming, and take a lot of time. In the time I was there, there was an overhaul of a type of risk management document which had taken about a year to reach the end of the CAPA. Every month this issue remained unresolved, other business tasks that needed to be addressed by the risk management team went on hold. Because of the CAPA, the team itself was losing the company a lot of money every single month the CAPA went unresolved. However, CAPAs can be quite tame for smaller non-conformances, and if its a big company, another process may be created so that the non-conformance does not have to be escalated to the level of a CAPA.

The document is accurate in it's mention of CAPAs, but the document itself does not go heavily in depth with it.

I've personally been involved in a CAPA after a few audit findings. First of all, audits are grueling! Any and all paperwork that has ever been documented has the chance to be scrutinized and picked apart and any processes that are not well-defined can lead to audit findings and result in actions that need to be completed within a certain time frame. For my personal experience, the entire calibration process needed to be revamped. This included rewriting entire processes and instructions for calibration techs, creating a new system to store and record calibration records and information, meet with vendors to discuss new calibration requirements, etc., etc. The entire process from the top down was picked apart first by the auditors and then by the team assembled to address the audit findings. I am actually currently still in the process of working through the CAPA, and while it is challenging, I am learning a LOT about the process and I would recommend anyone to try to get involved in a CAPA if you are still interning. You pick up a lot of translatable skills and are able to work cross-functionally with a variety of different people and groups. 

I really enjoyed reading everyone’s experiences—it’s fascinating to see how CAPAs and risk management play out in different settings. I don’t have audit experience myself, but it’s interesting to hear how findings can drive major improvements, like revamping entire calibration processes.

I’m curious, how does your team prioritize CAPAs when there are multiple findings or non-conformances to address at once? Are there strategies you’ve found helpful for managing resources efficiently?