Corrective and Preventive Actions
Anyone work in a regulated industry where you have a definition of a nonconformity in an IT environment in order to meet regulatory CAPA requirements?
Re: Corrective and Preventive Actions
I work in an FDA regulated environment - we use the same definitions for IT as for all other process related activities when categorizing CAPAs. A software non-conformity violates the same "rules" as a non-software non-conformity. The QSR does not seem to differentiate between the two.
Maybe the concepts of non-conformity and software bug are blending together? I would not call a bug a non-conformity until it is present in a LIVE system. Prior to going LIVE, a bug is not a non-conformity from a CAPA point of view.
On the other hand, good software process says that one should learn from their mistakes. Therefore, a bug at any time is a chance to pursue corrective and preventive action. This would/could/should include root cause analysis and risk assessment.
End of the story is that mixing development process with LIVE non-conformities could add a great deal of work that adds little value. If there is a formal process improvement initiative, most (if not all) of its content would not be showing in the CAPA system.
Thanks for listening. It sure is nice to see another "CAPA'er" out there.