R2 & ITAD Practical Guides | decideagree.com

Incidents, Nonconformities & CAPA: A Practical SOP for Reporting, Root Cause, and Preventive Actions

Incidents, Nonconformities & CAPA

Written by

DecideAgree Editorial Team

in

Purpose: Provide a clear, repeatable system to capture incidents and nonconformities, analyze root causes, implement corrective and preventive actions (CAPA), and prove effectiveness to auditors.
Applies to: All personnel, contractors, and visitors on site.
Outcomes: Faster containment, fewer repeat issues, stronger audit evidence, safer operations.

1) Definitions (plain-English)

  • Incident: Any unplanned event that affects safety, environment, security, or operations (e.g., battery smoke, chemical spill, near-miss, injury, data-wipe station outage).
  • Nonconformity (NC): A failure to meet a requirementโ€”internal SOP, customer requirement, certification clause, legal requirement, or contract. Includes documentation gaps (e.g., missing signature on log).
  • Containment: Immediate actions to control or mitigate the impact (e.g., isolate affected pallets, stop shipment, place hold tags).
  • Corrective Action (CA): Action to eliminate the root cause of a detected nonconformity to prevent recurrence.
  • Preventive Action (PA): Action to eliminate the cause of a potential nonconformity to prevent occurrence (proactive).
  • Verification of Effectiveness (VoE): Evidence that the action worked over time (e.g., trend data shows reduction, sample audits pass for 90 days).

2) Roles & Responsibilities

  • All Employees: Stop unsafe work, report incidents/NCs immediately, assist with containment, record facts.
  • Area Supervisor: Open the report, classify severity, lead containment, assign temporary controls, notify the CAPA Owner.
  • CAPA Owner (often QA/EHS/Operations Lead): Drive root-cause analysis, set actions, deadlines, and metrics; track completion; verify effectiveness.
  • EHS Lead (if safety/environmental): Oversee legal reporting, medical response, spill kits, waste handling, and training.
  • Quality Manager: Maintains CAPA log, trends KPIs, escalates overdue items, prepares audit evidence.
  • Senior Management: Review monthly CAPA dashboard, approve major corrective/preventive actions, remove barriers.

3) Reporting & Intake (how to capture the issue)

When to report: Immediately for incidents; by end of shift for minor NCs.
How to report: Use a single Incident/NC Report Form (paper or digital). Keep reporting simple and non-punitive.

Minimum fields to capture

  1. Date/time and location (station/line/zone).
  2. Reporter name + contact.
  3. Type: Incident / Near-miss / Nonconformity (minor/major).
  4. Description (facts only; what was observed, not opinions).
  5. Assets/materials involved (IDs, batch, serials).
  6. Immediate actions taken (containment/first aid/shutdown).
  7. Photos or attachments (if applicable).
  8. Initial severity (S1โ€“S4; see below).
  9. Supervisor notified (name/time).
  10. Temporary hold/isolation tag numbers.

Severity classification (for prioritization)

  • S4 Critical: Injury requiring hospitalization, fire, major spill, data breach, illegal shipment, repeated failure affecting customers/regulators.
  • S3 Major: Medical treatment beyond first aid, equipment damage, batch scrap, shipment recall risk, repeated log gaps.
  • S2 Moderate: First aid case, isolated process deviation, small contained spill, single log defect without impact.
  • S1 Minor: Cosmetic/documentation detail, readily corrected on the spot, no safety/quality impact.

Escalation timing

  • S4: Notify CAPA Owner and senior management immediately.
  • S3: Notify CAPA Owner within 2 hours, management by end of day.
  • S2/S1: Log within shift; supervisor review within 24 hours.

4) Containment (stop the bleeding)

Perform before analysis to prevent spread/recurrence while you investigate.

Standard containment toolkit

  • Quarantine/hold: Red โ€œHOLDโ€ tags; move items to a designated hold area.
  • Stop & check: Halt affected line; initiate 100% check on last good lot.
  • Administrative controls: Temporary sign-offs, additional checks each hour.
  • PPE/safety: Spill kit deployment, ventilation, isolation of power, fire watch if battery thermal risk occurred.
  • Communication: Post a brief shift note and toolbox talk next day for awareness.

Record: what was contained, by whom, when, and scope (lot numbers, quantities).

5) Root Cause Analysis (RCA) that actually works

Use structured, quick-to-execute methods. Pick one:

A) 5-Whys (fast)

  1. Why did the event happen?
  2. Why was that possible?
  3. Why did the enabling condition exist?
  4. Why wasnโ€™t it detected/prevented?
  5. Why is the system designed that way?
    Stop when you land on a controllable system cause (not โ€œhuman errorโ€).

B) Fishbone (Ishikawa) for complex issues
Consider People, Process, Equipment, Materials, Environment, Measurement. Brainstorm causes in each branch, then test the most plausible with data.

C) Evidence checklist

  • Interviews with operators/supervisors (use neutral, non-blaming questions).
  • Review recent changes (new staff, new supplier, revised SOP).
  • Check records (training logs, maintenance, calibration, DDQ approvals).
  • Sampling/inspection of affected stock.
  • Time series or control charts if you track process metrics.

Avoid blame. โ€œOperator forgotโ€ is rarely the root cause; look for missing visual controls, unclear SOP steps, insufficient training, or poor workstation design.

6) Corrective & Preventive Actions (how to fix and future-proof)

Convert root causes into specific, testable actions. Use the Action Definition Rule: One action = one owner = one due date = one measurable outcome.

Common corrective actions

  • SOP update with clearer steps, photos, and acceptance criteria.
  • Retraining + competency check (quiz or observed demo).
  • Tooling or fixture change; poka-yoke/physical guide to prevent mis-assembly.
  • Additional inspection step with sampling plan for the next 30โ€“90 days.
  • Supplier corrective action (when vendor cause is confirmed).
  • Software/label template change to remove ambiguous fields or enforce required ones.
  • Maintenance/calibration schedule update.

Preventive actions (proactive)

  • Risk assessment (FMEA-lite) on similar lines or product families.
  • Addons to checklists (e.g., battery intake checklist adds state-of-charge check).
  • Visual management (color coding, floor markings, signage).
  • Change request process to evaluate impacts before implementation.
  • Internal audit focus on the new/changed process next cycle.

Action prioritization matrix (Impact vs. Effort)

  • Quick wins: low effort, high impactโ€”do immediately.
  • Projects: high impact, high effortโ€”assign project owner and timeline.
  • Fillers: low impactโ€”batch into periodic improvements.
  • Avoid: high effort, low impactโ€”justify only if required.

7) Documentation & Records (what auditors expect)

Maintain a single CAPA Log and a case file for each record.

CAPA Log (master)

  • Unique ID, date opened, type (incident/NC), severity, area.
  • Short description, containment done (Y/N, date).
  • Root cause summary.
  • Action list (owner/due date/status).
  • Verification of effectiveness plan & date.
  • Date closed, management sign-off.
  • Trend tags (battery, data wipe, downstream vendor, EHS, documentation).

Case File (per CAPA)

  • Incident/NC report, photos, interviews.
  • RCA notes (5-Whys/fishbone).
  • Updated SOPs/checklists (redline + final).
  • Training records for affected staff (attendance + competency).
  • Inspection results or sampling data (before/after).
  • VoE evidence (metrics, audit results).
  • Closure approval.

Retention: Keep for minimum 3 years (or per your certification/legal requirement); serious cases (S4) for 5+ years.

8) Verification of Effectiveness (prove it worked)

Plan VoE before you close the CAPA.

Typical VoE methods

  • Trend analysis: e.g., zero repeats for 90 days; defect rate below control limit for 3 months.
  • Targeted internal audit: sample the changed process; zero major findings.
  • Sampling: inspect 30 consecutive lots with 0 critical defects and โ‰ค defined minors.
  • Field feedback: no related customer complaints for the defined period.

Define success criteria upfront (e.g., โ€œ< 0.5% log errors for 12 weeksโ€), gather data, and attach graphs/screenshots to the case file.

9) Timeframes & Escalation (keep momentum)

  • Open report: same day (S4/S3); within 24 hours (S2/S1).
  • Containment: immediate for S4/S3; within 24 hours for S2; within 48 hours for S1.
  • RCA start: within 2 business days (S4/S3); within 5 days (S2/S1).
  • Actions due: 14 days (S4), 30 days (S3), 45 days (S2), 60 days (S1) unless justified.
  • Overdue escalation: CAPA Owner โ†’ Quality Manager โ†’ Plant Manager in weekly review.
  • Closure: after VoE evidence meets success criteria.

10) Integration with Training & Change Control

  • Training: Any SOP change triggers a targeted training event; record attendance and competency (short quiz or observed task).
  • Change Control: Major corrective actions that alter equipment, software, or layout require a documented change request and, where applicable, risk review prior to implementation.
  • Communication: Post concise โ€œWhat changed & whyโ€ notes on the work area board; include photos of new steps/labels.

11) KPIs & Dashboard (what to track monthly)

  • # of Incidents / Near-misses / NCs (by area and severity).
  • Average days to containment and to closure.
  • % CAPAs on time (by severity).
  • Top 5 root causes (trend quarter over quarter).
  • Repeat rate for the same NC category.
  • Training effectiveness (post-change audit pass rate).
  • Supplier-related NCs (by vendor, action status).

Use a simple stacked bar for counts and a line for closure time. Highlight overdue S3/S4 items in red on the management review.

12) Example, End-to-End (makes it real)

Event: Drive-wipe station produced 7 drives without verification logs for 2 hours (S3 Major).
Containment: Quarantine all 42 drives from that period; stop station; assign temporary manual verification step.
RCA:

  • 5-Whys reveals a new label template removed the โ€œVerified byโ€ required field; operator proceeded without prompt.
  • Measurement branch shows the verification script didnโ€™t block completion on missing signature.
    Corrective actions:
  1. Reinstate required field with a hard stop in software (Owner: IT; Due: 3 days).
  2. Update SOP with screenshot of correct label; add โ€œverify & signโ€ checklist step (Owner: QA; Due: 5 days).
  3. Retrain all data-wipe operators; competency sign-off (Owner: Supervisor; Due: 7 days).
  4. 100% audit of quarantined drives; re-wipe and relabel where needed (Owner: Ops; Due: 2 days).
    Preventive actions:
  5. Add change-control checklist for any template/software change impacting required fields (Owner: Quality; Due: 10 days).
    VoE plan: 8-week samplingโ€”daily random check of 20 drives; target 0 missing verification signatures.
    Closure: After 8 weeks of zero misses and a passed internal audit, CAPA closed with management sign-off.

13) Audit Readiness Tips (make your file audit-proof)

  • Use consistent IDs on reports, hold tags, action items, and training events to show linkage.
  • Put a summary sheet on top of each case file: timeline + key decisions + VoE results.
  • Redline SOPs to show exactly what changed; keep both before/after.
  • Keep meeting minutes for management reviews where CAPAs were discussed (bullet decisions and owner/dates).
  • Ensure frontline staff can explain what changed and where to find the checklist.

14) SOPโ€”Condensed Procedure (copy into your document)

  1. Report & Log: Employee reports; supervisor logs Incident/NC within shift.
  2. Classify & Escalate: Assign severity; notify per matrix.
  3. Contain: Quarantine/stop line; temporary controls; document.
  4. Assign CAPA Owner: Quality/EHS/Operations lead.
  5. RCA: Complete within defined timeframe using 5-Whys or fishbone; gather evidence.
  6. Plan Actions: Define corrective/preventive actions with owners, due dates, and success metrics.
  7. Implement & Train: Update SOPs, train affected staff, update change control if needed.
  8. Verify Effectiveness: Monitor metrics/audits; record VoE.
  9. Close & Review: Management sign-off; capture lessons learned; update risk registers if applicable.
  10. Trend & Improve: Monthly KPI review; reprioritize systemic fixes.

15) Forms & Templates (fields you can replicate)

A) Incident/Nonconformity Report

  • ID, date/time, area, reporter, type, severity, description, assets/batches, immediate actions, photos, supervisor notified, signatures.

B) CAPA Action Plan

  • CAPA ID, RCA summary, actions (owner, due date, status), resources needed, training required, affected documents.

C) Verification of Effectiveness Log

  • CAPA ID, metric, target, data source, sampling frequency, results, pass/fail, date closed, approver.

Final Notes

Keep the process simple, fast, and non-punitive so people report issues early. Tie every action to a measurable result and verify over time. When auditors arrive, a clean log, clear files, and confident operators are the best proof your CAPA system works.

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

More posts

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by