PROCEDURE FOR RCA & CAPA

INTEGRATING THE RISK BASED APPROACH

Abstract
The document aims to lay down the detailed procedure of identifying, evaluating, and
analyzing failures or non-conformity incidents. This document integrates Risk analysis to
the CAPA backed by detailed RCA. The procedure guides on devising principle of
verification & evaluation defining the effectiveness of CAPA.
1.0 PURPOSE:

The purpose of this document is to define a methodical approach in analyzing and eliminating
the root cause (RCA) to solve counterproductive issues or events.
This document shall also lay down procedures to be followed for the administration of the
Corrective and Preventive Actions (CAPA) including tracking and reporting of the status of CAPA.
This document also aims to link risk assessment and risk-based thinking to the CAPA, which
means to control and manage the risks to prevent recurrence, hiking beyond the normal Risk
management.

2.0 SCOPE:
This procedure document shall be applicable for tracking and to follow up on RCA, CAPA, and
risk integration into RCA for developing CARA as well as verification of the activities.

The scope of this document is applicable to the following areas:

1. Asset Care – On failures and Breakdowns with unplanned shutdowns as well as extensions
of maintenance beyond planned durations and scope.
2. Operations – On deviations in Production plan and shortcomings against the Targets set,
including unplanned shutdowns as well as extensions of beyond planned durations and
scope.
3. Quality – Deviations in the parameters of monitoring and improvement on the set values
through initiations to completions of the projects by the DMAIC approach.
4. Customer Complaints & Sustainability – To target the defects and aberrations resulting in
the degradation of the Customer Service level commitments.

3.0 PHILOSOPHY:

3.1 ROOT CAUSE ANALYSIS:

Root cause analysis (RCA) is a systematic process for identifying “root causes” of problems or
events and an approach for responding to them. RCA is based on the basic idea that effective
management requires more than merely “putting out fires” for problems that develop but
finding a way to prevent them.
RCA helps avoid the tendency to single out one factor to arrive at the most expedient (but
generally incomplete) resolution. It also helps to avoid treating symptoms rather than true,
underlying problems that contribute to a problem or event.

3.1.1 Principles
Focusing on corrective measures of root causes is more effective than simply treating the
symptoms of a problem or event.
RCA is performed most effectively when accomplished through a systematic process with
conclusions backed up by evidence.
There is usually more than one root cause for a problem or event.
The focus of investigation and analysis through problem identification is WHY the event
occurred, and not who made the error.
 For the processes, and philosophies of accomplishing RCA need to analyze various enterprise
activities such as:
a) Accident analysis and occupational safety and health
b) Quality control
c) Efficient business process
d) Engineering and maintenance failure analysis
e) Various systems-based processes, including change management and risk management

3.1.2 RCA methods

The nature of RCA is to identify all and multiple contributing factors to a problem or event. This
is most effectively accomplished through an analysis method. The methods used in RCA include:

 The “5-Whys” Analysis” — A simple problem-solving technique that helps users get to
the root of the problem quickly. It was made popular in the 1970’s by the Toyota
Production System. This strategy involves looking at a problem and asking “why” and
“what caused this problem”. Often the answer to the first “why” prompts a second
“why” and so on—providing the basis for the “5-why” analysis.
 Failure Mode and Effects Analysis — A “system engineering” process that examines
failures in products or processes.
 Fish-Bone Diagram or Ishikawa Diagram — Derived from the quality management
process, it’s an analysis tool that provides a systematic way of looking at effects and the
causes that create or contribute to those effects. Because of the function of the
fishbone diagram, it may be referred to as a cause-and-effect diagram. The design of the
diagram looks much like the skeleton of a fish—hence the designation “fishbone”
diagram.
 Pareto Analysis — A statistical technique in decision making that is used for analysis of
selected and a limited number of tasks that produce significant overall effect. The
premise is that 80% of problems are produced by a few critical causes (20%).

3.1.3 Functions:
RCA can be decomposed into four steps:

a) Identify and describe the problem clearly.

b) Establish a timeline from the normal situation up to the time the problem occurred.
c) Distinguish between the root cause and other factors (e.g., using event correlation).
d) Establish a relation between the root cause and the problem.

a) Identification and description: Effective problem statements and event descriptions (as
failures, for example) are helpful and usually required to ensure the execution of
appropriate root cause analyses.
b) Chronology: RCA should establish a sequence of events or timeline for understanding
the relationships between contributory (causal) factors, the root cause, and the problem
under investigation.
c) Differentiation: By correlating this sequence of events with the nature, the magnitude,
the location, and the timing of the problem, and possibly also with a library of previously
 analyzed problems, RCA should enable the investigator(s) to distinguish between the
root cause, causal factors, and non-causal factors. One way to trace down root causes
consists in using hierarchical clustering and data-mining solutions (such as graph-theory-
based data mining). Another consists in comparing the situation under investigation
with past situations stored in case libraries, using case-based reasoning tools.
d) Relation graphing: Finally, the investigator should be able to extract from the sequences
of events a subsequence of key events that explain the problem, and convert it into a
relation graph.

3.1.4 Solutions:
a) Design a Solution: When working on solutions, Root Cause Analysis aims:
i. Solutions to solve the immediate problem.
ii. Steps to prevent the same problem from recurring.
iii. Decide on checks and balances on implementing the solution devised and
whether it works as planned.
b) Implement the Solution: Implementation means change, and change must be carefully
managed. All stakeholders concerned need to be communicated about the solution and
the reasoning that led to believe in the solution to the problem.
c) Evaluate the Results: When the solution is designed, decision on key indicators that
would allow to assess on the solution effectiveness.
i. These Key Indicators to follow up.
ii. Analyze & record if new issues arise elsewhere as a result of the changes made.

3.2 CORRECTIVE AND PREVENTIVE ACTIONS:

3.2.1 Principles
Corrective action:
The action was taken to rectify, fix or correct a specific deviation, defect or undesirable
situation.
Preventive action:
The action was taken to eliminate the cause of deviation, defect, or other undesirable
situation in order to prevent the future occurrence of such or similar an event.
Source documents for CAPA:
i. Deviations
ii. Laboratory Analysis Investigations
iii. Internal /External Audit Reports
iv. Performance Reviews / Management Action Plans
v. Changes in regulatory / statutory requirements
vi. Equipment Failures / Incidence Reports
vii. Root Cause Analysis – Derivations

3.2.2 Functions:

Each identified root cause is to be determined against the best process to reduce or
prevent it from triggering the event. At least one corrective action should be developed
to reduce or eliminate each root cause.
 These actions might require creating a new process or making a change to a current
process.
The corrective actions identified shall be analyzed/recorded on the following counts:

i. Safeguards are needed to prevent this root cause from happening again?
ii. What contributing factors might trigger this root cause to reoccur?
iii. Steps to prevent the Root cause from happening?
iv. In an event of recurrence of the Root cause, steps to contain or prevent the
event?

Corrective actions are broadly categorized:

Stronger Actions
i. Change physical surroundings
ii. Engineering controls into system
iii. Simplify / Standardize process and remove unnecessary steps
Intermediate Actions
i. Software enhancements/modifications
ii. Eliminate/reduce distractions
iii. Checklist/cognitive aid
iv. Enhanced documentation/communication
Weaker Actions
i. Double checks/ Additional study/analysis
ii. Warnings and labels/ New procedure/memorandum/policy
iii. Training
Concurrent with implementation of action plans, mechanisms are to be established to
gather data over a Time frame; that will be used to measure the success of the corrective
action. Hence, the CAPA implementation has been described by:
a) Did the recommended corrective actions actually get done?
b) Are the recommended changes being complied with?
c) Outcome of the changes; over a time period; made a difference?
3.3 CORRECTIVE ACTION, CRITICALITY ASSESSMENT & RISK ASSESMENT:
3.3.1 Principles:
Along with the defined corrective action procedures, a predefined risk-based prioritization
eliminates small nonconformities that can solve when the problems are discovered without
initiating corrective procedures. The goal is to mitigate risk, and for those that cannot be
eliminated, to reduce them to a level as low as reasonably practicable.
Risk assessment (or impact assessment) is required for any CAPA process and involves the
identification, analysis, and prioritization of risks, and the subsequent application of effort to
minimize, monitor, and control the probability and/or impact of a negative outcome.

3.3.2 Functions:
CAPA risk matrix following these three steps:
i. Review of historical data to determine risk attributes, frequency, and impacts.
ii. From this information determine its baseline risk exposure as well as risk tolerance.
iii. Quantify the risks and impacts using an agreed-upon methodology.
iv. Plot a 2 x 2 matrix (probability vs severity)/ 3 x 3 matrix (probability vs severity vs
detectability) to focus on the high-risk and high-impact category.
This CAPA risk matrix becomes a tool that allows to determine the corresponding actions to
events based on those criteria, including no action if it falls within the acceptable risk category.

3.3.3 Criticality identification through Risk Evaluation:

Further, for an event that required action based on its risk rank as defined by the matrix, an
effectiveness review becomes more analytical since a new severity (in light of mitigation
strategy employed) and frequency can be measured to produce a follow-up ranking.
4.0 PROCEDURE:
4.1 CRITERIA: As per Department Procedure; Doc Ref No: PRMMDPII001
a) RCA : Root Cause Analysis
To be initiated for deviations in achieving of KPI Targets and for Breakdowns
based on the following:
i. Outage in 1 shift exceeding 4hr.
ii. Single outage continued from 1 shift through next shift with cumulative time
exceeding 4hr.
iii. From the initiation of outage till the turnaround time with cumulative time
exceeding 4hr.
iv. Top 5 Breakdown / outages through the total frequency and / or duration of
the faults / failures, in the month.
v. Based on Criticality analysis through Risk Matrix as detailed in this document.
b) CAPA : Corrective Action & Preventive Action
The Department is to identify and decide the qualifying failures / faults for
CAPA, which have the potential to affect, or have affected the objectives of
the department: as detailed in the Criticality Matrix as detailed in this
document.
CAPA is also done for deviations in achieving of KPI Targets for 3 consecutive
months.
c) CARA : Corrective Action & Risk Assessment
The Department shall identify the events that qualify for CAPA based on the
criticality analysis through the risk matrix shared in this document, or as may
be directed through the Management directives and/or through the Team
deliberations; risk management referral.
CAPA shall be basis of such CARA and monitoring of the outcome post
implementation is to be ensured as per the procedures of closure: detailed
here in.

4.2 ADMINISTRATION:

The responsibility of Root Cause Analysis is with the Department concerned. The DH/SH has the
authority to identify events of non-conformity and engage a team for resolution of the same.
Based, on the criticality analysis matrix the DH reserves the discretionary authority to either approve or
deny the initiation of RCA/CAPA in certain instances of non-conformity.
The authority to approve and certify the completion of RCA/CAPA through Risk analysis rests with the
DH.
All deviations as mentioned in the criteria listed above are to be analysed through RCA.

Steps:

a) Source document: incident report, breakdown report, maintenance audit, risk management
referral etc.; shall provide the basis for analysis of proposed corrective and preventive actions.
b) Once an event is selected to achieve performance improvement involving RCA, preliminary
information, including the incident report and any documentation from the preliminary
investigation, is to be collected for discussion by the team.
c) Carry out root cause analysis and write the description based on the source document.
 d) Write in brief the CAPA description from the source document and corrective and preventive
action details.
e) All Deviations, Discrepancy reports giving rise to CAPA shall be addressed through CAPA form.
f) The proposed corrective and preventive actions shall be approved by DH/SH prior to
implementation.
g) The proposed corrective and preventive actions shall be verified during CAPA evaluation in form.
h) Risk evaluation of the CAPA proposed shall be completed prior to implementation.
i) The "CAPA" form shall be treated as a tracking form of Corrective and Preventive actions from
the source document.
j) Date of CAPA initiation and Proposed completion date shall be mentioned in the form.

Review Meeting:

a) DH shall review / verify the CAPA quarterly in Review Meeting.

b) Information and documents related to CAPA shall be drawn from internal audits, breakdown
reports, maintenance records, check-sheets of Asset inspections as have been considered.
c) Verify that the data received by the CAPA system are complete, accurate and timely.
d) Determine if failure investigation procedures are followed to the degree to which a quality
problem or nonconforming product is investigated is commensurate with the significance and
risk of the nonconformity.
e) Determine if failure investigations are conducted to determine the root cause.
f) Performance track period after CAPA must meet either of the following:
1) 3 months post implementation. OR
2) 3 times the PM cycle duration for the Asset.
g) Analyze & record if new issues arise elsewhere as a result of the changes made. If yes, then
proceed through point (d), (e) to (f) in light of the new scenarios.
h) On satisfactory performance of the CAPA measures, the identified activities must be replicated
horizontally across the similar Asset Group.

CAPA Closure and Verification:

a) On completion of actions, the DH shall certify that the proposed CAPA is completed and
implemented along with associated actions.
b) Post implementation of any action under CAPA initiation; trends & data to be monitored for at
least 3 months, before concluding the CAPA.
c) For the CAPA to be declared completed, horizontal replication across similar Asset lines is to be
completed, wherever applicable/possible.
d) Any change in the basic facility, asset structure proposed as a result of CAPA shall be through
the Management of Change. Reference of the same shall be mentioned in the CAPA format.
e) If any improvement/ change in maintenance schedule/activity is proposed through the CAPA,
then the relevant documents; SOP/SMP needs to be reviewed accordingly. Reference of the
same shall be mentioned in the CAPA format.
f) All facility up-gradations / Capital purchase requirements / major changes in quality system for
compliance to regulatory commitments giving rise to CAPA shall be addressed through CAPA
form.
Steps Explanation Control Parameter
Events and issues from many sources (e.g., incident
report, breakdown report, maintenance records,
1. Identify the event to be Within 48 hr. of the
internal/external audits, risk management referral,
investigated and gather identifying the non-
department citation).
preliminary information conformity.
The process for selecting events that will undergo an
RCA is clearly defined.
Team must include personnel who were involved in
the primary rectification of the event at the time of Within 48 hr. of the
2. Charter and select team
occurrence and members with knowledge of the identifying the non-
members
processes and systems involved in the event to be conformity.
investigated.

Collect and organize the facts surrounding the event

3. Describe what happened
to understand what happened.

4. Identify the contributing The situations, circumstances or conditions that

factors increased the likelihood of the event are identified.

A thorough analysis of contributing factors leads to

5. Identify the root causes identification of the underlying process and system
issues (root causes) of the event.
Through the Risk matrix perform the criticality
6. Perform the Risk analysis
analysis and devise the risk control or mitigate risks
and evaluate the criticality
through CAPA implementation.
7. Design and implement The team determines how best to change processes
changes to eliminate the root and systems to reduce the likelihood of another
causes: CAPA similar event.
1. 3 Months from the
implementation of
CAPA/RCA
8. Measure the success of Like all improvement projects, the success of
2. 3 times the PM cycle
changes improvement actions is evaluated.
duration post
implementation of
CAPA

FORMATS:
1. RCA –
2. CAPA –
3. Closure –
4. Tracking& Trends –
5.0 FLOW CHART: