Establishing and Maintaining a CAPA System

CAPA process, CAPA requestsQ: We have a Corrective Action and Preventative Action (CAPA) system, and we find that CAPAs are almost always completed late — even though we do have an extension request form for CAPAs, and the system sends automated reminders to  employees in advance.

What can we do to resolve this issue and avoid late CAPAs?

A: I will answer this question based on the information provided.

1. Does the CAPA system rank the CAPA based on risk? If not, each CAPA should be ranked either high, medium, or low.

High risks generally mean that the problem behind the CAPA could have a negative affect on the business and put it at risk. For example, in the medical device industry, a high risk CAPA could include a regulation violation, something that can harm a device user or patient, or issues that could result in legal action against the company.

2. Does the CAPA system have a way to involve top management? If not, it should — especially if timely corrective action is not being taken in instances of high risk CAPAs.

3. Does the management review process include a statistical analysis of the time it takes to complete CAPAs?

Often, reports to management include the number of CAPAs greater than 90-days old and greater than 180-days old. In addition to reporting on the number of open CAPAs, also report on the number of CAPAs completed by the due date and the number of CAPAs that are overdue (past the original, assigned completion date).

It is a good idea to also convert these numbers into percentages to make data digestible and to allow for comparison making.

4. Next, discuss with management (if possible) to consider consequences for employees if company problems that result in a CAPAs are not addressed in a timely manner.

With this approach, proceed with caution. You must make certain that the CAPA system is robust. Not every little problem is a CAPA. A good way to weed out the CAPAs from the non-CAPAs is to ask: is this an issue that requires an investigation into the root cause? And, does this problem require corrective action to fix it? If the answers are yes, then it is probably a CAPA.

5. You may want to consider benchmarking how other organizations structure their CAPA system and look to guidance documents for help. The Global Harmonization Task Force published a guidance document help establish CAPA systems. It is for the medical device industry, but it can be applied elsewhere.

Jim Werner
Voting member to the U.S. TAG to ISO TC 176
Medical Device Quality Compliance (MDQC), LLC.
ASQ Senior Member
ASQ CQE, CQA, RABQSA Lead QMS Assessor

For more about this topic, please visit ASQ’s website

Modifying Programmable Logic Controllers (PLCs)

PLCs, programmable logic controllers

Q: I am seeking a standard to monitor, control and communicate existing Programmable Logic Controller (PLC) program changes.

We have a team of 15 electricians. They have access to various machinery and their PLCs. They can make modifications to majority of PLC programs.

The changes are under communicated and the current process in not monitored. We do capture log in/log out and some changes, but this is not sufficient.

Bud Salsbury’s take:

A: If these are Ethernet IP equipped PLCs that support remote login and can be network attached at all times, it isn’t an issue. It becomes an IT admin thing. For example, Allen Bradley’s PLCs can have their programs placed out on the network and treated like an FTP site. The PLCs can pull their programs at each start up from their predefined folders.

If we are talking about standalone PLCs, with no network,  it becomes a whole different animal. It is then more of a procedural thing. You must again place the master copy of the program on a network location, but it is up to each programmer to follow a routine, pull the program from the network, update, upload to the PLC, test/verify, and if good–replace the master copy. Now, if any step is missed, you’re up that well known waterway without any visible means of locomotion.

Ethernet IP is your friend. Note: they have to be newer/smarter PLCs to play nice.

Now if you are making changes to the program (whether it is a robot, or an NC machine, or a molding press), then these changes would probably affect the overall production process. Also, if the changes could affect the quality of the product in any way (either good or bad), then, at the very least, there should be a type of “deviation” procedure where the quality level of the product is verified after the process deviation has been implemented and prior to releasing any new parts produced off of this deviated process.  Also, there should be record of the before and after settings.

Bud Salsbury
ASQ Senior Member, CQT, CQI

Thea Dunmire’s take:

A: There are a number of significant risks associated with making modifications to PLCs used to control industrial equipment.  When you are modifying PLCs, you are making changes to “the brains” of your operations.  These changes can result in equipment that does not function properly, production lines that completely shut down or critical infrastructure that stops operating (e.g. water pumping stations that stop working). Thousands, or even millions, of dollars can be lost because of the modification or malfunction of a single PLC. These malfunctions can be caused by lack of ongoing maintenance, ill-conceived “trial-and-error” modifications, or even the insertion of malicious code by external hackers or disgruntled employees.

Organizations should have control processes in place that address all PLC modifications. Control processes are clearly required for PLCs that are used for safety-related applications or high-hazard process operations. For organizations that are certified to OHSAS 18001:2007 Occupational health and safety management systems — Requirements, management-of-change procedures must be established to assess the potential hazards of PLC modifications prior to any changes being made. After the fact validation is not acceptable.

There are a number of potentially applicable regulations and standards – whether they are actually applicable to your operations depends on the nature of the processes and equipment being controlled. It is important for organizations to carefully assess which requirements need to be met and institute the processes needed for conformance. In addition, organizations should periodically evaluate the robustness of the established systems to ensure the ongoing integrity of all PLC controlled operations.

Examples of potentially applicable regulations and standards include:

  • IEC 61508 Functional safety of electrical/electronic/programmable electronic safety-related systems defines the requirements for programmable electronic systems used in the safety-related parts of controls systems.
  •  U.S. regulations, including 29 CFR 1910.147 (Lockout/tagout requirements), 29 CFR 1910.119 (OSHA Process Safety) and 40 CFR 68 (EPA Risk Management Plan)
  • NFPA 79 – Electrical Standard for Industrial Machinery
  • ANSI B11.1 and EN 692 – safety requirements standards for mechanical presses
  • ANSI/RIA 15.06 – standard for industrial robots and robot systems

This is a complex area that requires input from individuals with specific training and competence in working with PLC controlled equipment.  It is not an area to for improvisation – the risks are too high.

Thea Dunmire, JD, CIH, CSP
Chair, ASC Z1-Audit Subcommittee
ENLAR Compliance Services, Inc.
Largo, FL
http://www.enlar.com

For more on this topic, please visit ASQ’s website.