1 / 33

Identify dangers in CAPA 2015, and build a Comprehensive Improvement System

Highlighting the risks in CAPA 2015 and suggesting a comprehensive improvement system for ISO 9001:2015. Explore the dangers in the current system, propose solutions, and provide examples. Address issues with Preventive Actions and introduce Risk-Based Thinking. Discuss the need for Risk Assessment and automation for effective system management.

robertmann
Download Presentation

Identify dangers in CAPA 2015, and build a Comprehensive Improvement System

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Identify dangers in CAPA 2015, and build a Comprehensive Improvement System PRESENTED BY WALI ALAM Quality Institute of America, (QIA) QMS Services and Software, Houston, TX Houston, Texas, USA PRESENTED AT AQI-ISO 9000 CONFERENCE 03/2019, SAN ANTONIO, TX.

  2. Identify dangers in CAPA 2015, and build a Comprehensive Improvement System • ISO 9001:2015 has several strong points, as well as some aspects that could pose a danger (risks) to the building and operation of an effective Quality Management System. • This paper will identify some of the major risks, propose a solution to the risks, and show an example of such a solution.

  3. Some First Principles • The fundamental purpose of having a Quality Management System (QMS) is to Plan a product, and processes to build it, so that: • Nonconformances (NCs) are minimal, and if they do happen, they are identified, prevented from unintended use, and disposed of in a manner that protects the customer. • There are systems that will ensure that processes that pose unacceptable risk are improved to reduce nonconformances in the future.

  4. Some First Principles-2 • The essence is to provide Continual Improvement (CI) to the organization • Core elements are Nonconformance Control and Corrective & Preventive Actions or CAPA

  5. Unintended Dangers • There is no Preventive Actions in ISO 9001:2015. • Replaced by Risk Based Thinking (RBT). The reason is that it is not necessary to mention by name, since there are enough places in the new standard that require a general requirement for Risk Based thinking. The output of this risk based thinking should generate a more complete source of triggers for the traditional Preventive Actions. • The problem is, there is no guidance regarding how to take these triggers through a robust set of steps. • The problem is that good CA as well as PA, have always been triggered by an assessment of risk of the NC happening again.

  6. Unintended Dangers-2 The difference between CA and PA is that the first identification is done by: Actual occurrence of a NC, Potential occurrence of a NC The thinking has been that eliminating PA and replacing by RBT would be more pervasive and have much more mature approach. However: RBTis somewhat nebulous and does not have the force of compliance like PA used to have. RBT’s first step is Risk Assessment. Registration auditors noticing since 2016 that this is not being continued (much) after the first time Context of the Organization (COTO) is done. No guidance on how to do risk assessment. Some just do a (group) “thinking”, and surmise there are no risks.

  7. Unintended Dangers-3 • The most popular tool for assessing risk are the Excel based tools with the Red, Yellow and Green grids. These look elegant and powerful but turn out to be not a popular activity. All such tools have link with the seminal FMEA tool developed around WWll by the US Navy. Only problem is that they seem to be used only once, and maybe freshened up to show to the auditor. • Both CA and PA have always been risk based, and the first step was always a Risk Assessment (formal or not). The occurrence of a problem or NC did not automatically require a CA. ISO 2015 could be interpreted otherwise and could pose a danger of diluting the power of a true Corrective Action.

  8. Unintended Dangers- 4 • The 2015 version has linked Corrective Action directly with “dealing with the consequences” of nonconformances, as the first step towards taking Corrective Action. • Could cause confusion about the need to take corrective actions against nonconformances. The danger is to believe that corrective actions need to be taken against all nonconformances. This goes contrary to the big deal requirement of RBT!!

  9. Unintended Dangers- 5 • Many practitioners have believed this to be true, and initiated the process of corrective actions for each and every nonconformance. This is dangerous, because the system could be bogged down by too many corrective actions. • some of which may not be necessary due to the low level of risks involved, which could be taken care of by creating barriers between the problem and the organization, such as setting up inspection steps for weeding out nonconforming products.

  10. Unintended Dangers- 6 • The big improvement in the Standard is RBT—pervasive and constant alertness towards recognizing risks and processing them quickly. This is hard to do without an assist from technology. This paper will show how to use data-based technology to help get the most out of the full Risk Based Improvement Program (RBIP). • The secret would be to provide automation to eliminate the drudgery which prevents people from handling large amounts of Risk Assessments and Mitigations which would be necessary to finally get the full benefit of RBT. This paper will discuss how such a Risk Based Improvement Program (RBIP) might work. • We are proposing the following “Risk Based Improvement System” steps to capture the essence of what has been offered by the Quality Management System standards from 1987 to 2015.

  11. The Solution • Collect potential candidates for evaluating the risk that they could pose to the Organization’s mission and goals. Remember to include negative as well as positive risks. These could be from: • Product nonconformances, all the way from raw materials to delivered products • Process nonconformances, all the way from manufacturing processes, procurement, design, calibration, maintenance, audits, and other. • Recognition of threats and opportunities that may present themselves from a study of the context of the organization, management review, etc. • Monitoring of data from customer satisfaction surveys, trade news and networking, etc. • When selecting candidates for risk analysis, an effort should be made to look at other similar sources of risk. This would be especially true for larger organizations

  12. The Solution- 2 • Conduct a Risk Analysis of the above candidates. This analysis could follow a version the Failure Mode and Effect Analysis (FMEA) model first put together by the US military seventy years ago. • Organization should have a data-base of risks that it evaluates and deals with over time. • Check if the risk candidate has already been considered in the past. If so, pull it up and review results of the last analysis and any further actions. The risk should be evaluated in terms of the severity of damage that could be caused, the likelihood of its occurring, and the difficulty of detecting it, should it did occur. • The Risk Analysis should yield a Risk Priority Number (RPN) on a scale of say, 1000. There should be thresholds set up to help decide at which RPN should next steps be taken: abort and close the analysis if it is low enough, or start a Cause Analysis step.

  13. The Solution- 3 • Conduct a (Root) Cause analysis using tools such as 5-Why, Fish-Bone diagram, Design of Experiments, etc. This is the step where you willisolate process(es) that could cause the negative risk to materialize, or provide a potential path to improve and enhance organization’s mission and objectives. • Consult organizational knowledge base to help in the process • Make a decision on whether or not to reduce the harmful effect of the process, or enhance its beneficial effect. This will depend on the cost of changing the process, against the benefit of doing so. • Abort or proceed according to the cost/ benefit analysis

  14. The Solution • If proceeding forward, then decide on the plan of Improvement Action for doing so. This may involve process engineering, human error elimination/ reduction, capital expenditures, etc. • Implement the plan • Check if the plan produces the results desired, and record such results • Determine the effect of the Improvement Action on the RPN in 2.c above. If the RPN has not been reduced sufficiently, then a follow up plan may be required • Take steps to spread the beneficial results of the Improvement Action to other parts of the organization • Update the Quality Management System, the Organizational Knowledge Base, including the Human Error Prevention part of the knowledge base.

  15. GRAPHICAL VIEW OF RBIP

  16. Risk Assessment

  17. “Root” Cause Analysis

  18. Local Prevention

  19. Global Prevention

  20. Management of Change MOC

  21. MoC (Cont..)

  22. COMPUTERIZING THE RBIP

  23. Identify the Risk The candidate is picked from defect databases: NC’s, Inspection Reports, Customer Complaints, or Trend analysis, SPC data, SWOT analysis, Market studies, Competitive analysis, Customer praise. (Risk can be negative or positive (opportunity))

  24. Record consequence, calculate RPN The RPN is a one example of quantifying a risk for the sake of deciding Whether or not to take next steps.

  25. Perform Cause Analysis with Five-Whys Cause analysis could yield multiple causes. The idea is to identify the processes that we will need to improve, or create new. The next step is to estimate cost/ benefit of going ahead.

  26. Five-Why (Cont..)

  27. Preventing a Risk, or enabling an Opportunity Similar to CAPA, this slide shows the initiation of a local preventive action to address an identified risk.

  28. Preventing the occurrence of the identified Risk (Cont..)

  29. Preventing the occurrence of the identified Risk (Cont..) This slide reflects the revised RPN after RCA and preventative measures have been taken. This revised numbers must fall within an organization’s acceptable risk level.

  30. Contingency Planning A good Risk Management program should include a contingency plan, in case the prevention did not work. Unexpected. Could have to re-open the Risk Prevention project

  31. Comprehensive Risk Dashboard One of the advantages of having a computerized program is the automatic creation of reports, dash-boards and other data-bases. All these can become a part of the Organizational Knowledge base, to help improve the improvement process

  32. THANK YOU!

More Related