One reason to invest in the CAPA program is that you will see fewer deviations over time as you fix issues. That is true, but it takes time. Yes, you’ve dealt with your backlog, improved your investigations, integrated risk management, built problem-solving into your processes, and are truly driving preventative actions. And yet your deviations remain high. What is going on?
It’s because you are getting good at things and working your way through the bolus of problems. Here’s what is going on:
Improved Detection and Reporting: As a CAPA program matures, it enhances an organization’s ability to detect and report deviations. Employees become more adept at identifying and documenting deviations due to better training and awareness, leading to a temporary increase in reported deviations.
Thorough Root Cause Analysis: A well-functioning CAPA program emphasizes thorough root cause analysis. This process often uncovers previously unnoticed issues and identifies additional deviations that need to be addressed.
Increased Scrutiny and Compliance: As the CAPA program gains momentum, management usually scrutinizes it more, which can lead to the discovery of more deviations. Organizations become more vigilant in maintaining compliance, resulting in more deviations being reported and documented.
Systematic Process Improvements: The CAPA process often leads to systemic improvements in processes and procedures. As these improvements are implemented, any deviations from the new standards are more likely to be identified and recorded, contributing to an initial rise in deviation reports.
Cultural Shift Towards Quality: A successful CAPA program fosters a culture of quality and continuous improvement. Employees may feel more empowered and responsible for reporting deviations, increasing the number of deviations captured.
Expect these changes and build your metric program around them. Avoid introducing a metric like a reduction in deviations in the first year, as such a metric will drive bad behavior. Instead, focus on metrics that demonstrate the success of the changes and, over time, introduce metrics to see the overall benefits.
A deviation backlog in a regulated industry, such as pharmaceuticals, can pose significant risks to compliance, product quality, and overall operational efficiency. Addressing this backlog effectively requires a structured approach that prioritizes risk management, resource allocation, and continuous improvement.
You need to do two things first:
Prioritize Urgent Requests
Identify Critical Issues: Focus on resolving high-priority and time-sensitive deviations first to drive compliance.
Isolate and Organize
Separate Backlog from Ongoing Deviations: Create distinct queues for backlog deviations and new deviations to streamline management.
Create a Backlog Team: Assign a dedicated team to tackle the backlog, ensuring that regular support operations continue smoothly.
From there, you can then proceed into the next steps to tackle a deviation backlog:
1. Prioritize Based on Risk
Not all deviations have the same impact. Prioritizing the backlog based on the severity and risk part of each deviation is crucial. This involves:
Assessing Severity: Evaluate the potential impact of each deviation on product quality, patient safety, and regulatory compliance. Ideally you already classify deviations into categories such as minor, moderate, and major. based on those you will need to additional work to prioritize the backlog.
Risk-Based Approach: Focus on resolving high-risk deviations first to mitigate the most critical issues promptly.
2. Allocate Adequate Resources
Addressing a backlog efficiently often requires additional resources. Consider the following actions:
Increase Staffing: Temporarily augment your team with additional personnel or external consultants to handle the increased workload.
Specialized Teams: Form dedicated teams to focus solely on backlog reduction, ensuring that regular operations are not disrupted.
3. Improve and Make Robust Deviation Management Processes
A systematic approach to deviation management helps prevent backlogs from recurring. Key steps include:
Root Cause Analysis (RCA): Conduct thorough investigations to identify the underlying causes of deviations.
Corrective and Preventive Actions (CAPA): Develop and implement CAPA plans to address root causes and prevent future deviations. Ensure these plans are reviewed and approved by relevant stakeholders.
4. Regular Monitoring and Review
Continuous monitoring and regular reviews are essential to keep the backlog under control:
Track Progress: Use metrics and key performance indicators (KPIs) to monitor the progress of backlog reduction efforts. Tools like burndown charts can be helpful.
Periodic Reviews: Conduct regular review meetings to assess the status of the backlog and make necessary adjustments to the plan.
5. Enhance Deviation Management Systems
Improving your deviation management system can prevent future backlogs and streamline the resolution process:
Automation and Software Tools: Implement a eQMS or evaluate and improve the current one.
Training and Education: Ensure that all employees are well-trained in deviation management processes and understand the importance of timely reporting and resolution.
Promote a culture that values continuous improvement and proactive problem-solving:
Encourage Reporting: Create an environment where employees feel comfortable reporting deviations without fear of retribution.
Learn from Deviations: Analyze deviation trends to identify areas for process improvement and implement changes to prevent recurrence.
7. Set Clear Goals and Deadlines
Establish clear goals and deadlines for backlog reduction:
Set Due Dates: Assign due dates for resolving backlog items to ensure timely action. Items that exceed their due dates should be reviewed and either expedited or reassessed for relevance.
Regular Updates: Keep all stakeholders informed about the progress and any changes to the plan through regular updates and communication.
Conclusion
Addressing a deviation backlog effectively requires a combination of prioritization, resource allocation, robust processes, continuous monitoring, and a culture of improvement. By implementing these strategies, organizations can reduce their backlog, improve compliance, and enhance overall product quality and safety.
ICH Q9(r1) can be reviewed as a revision that addresses long-standing issues of subjectivity in risk management. Subjectivity is a widespread problem throughout the quality sphere, posing significant challenges because it introduces personal biases, emotions, and opinions into decision-making processes that should ideally be driven by objective data and facts.
Inconsistent Decision-Making: Subjective decision-making can lead to inconsistencies because different individuals may have varying opinions and biases. This inconsistency can result in unpredictable outcomes and make it challenging to establish standardized processes. For example, one manager might prioritize customer satisfaction based on personal experiences, while another might focus on cost-cutting, leading to conflicting strategies within the same organization.
Bias and Emotional Influence: Subjectivity often involves emotional influence, which can cloud judgment and lead to decisions not in the organization’s best interest. For instance, a business owner might make decisions based on a personal attachment to a product or service rather than its market performance or profitability. This emotional bias can prevent the business from making necessary changes or investments, ultimately harming its growth and sustainability.
Risk Management Issues: In risk assessments, subjectivity can significantly impact the identification and evaluation of risks. Subjective assessments may overlook critical risks or overemphasize less significant ones, leading to inadequate risk management strategies. Objective, data-driven risk assessments are essential to accurately identify and mitigate potential threats to the business. See ICHQ9(r1).
Difficulty in Measuring Performance: Subjective criteria are often more complicated to quantify and measure, making it challenging to track performance and progress accurately. Objective metrics, such as key performance indicators (KPIs), provide clear, measurable data that can be used to assess the effectiveness of business processes and make informed decisions.
Potential for Misalignment: Subjective decision-making can lead to misalignment between business goals and outcomes. For example, if subjective opinions drive project management decisions, the project may deviate from its original scope, timeline, or budget, resulting in unmet objectives and dissatisfied stakeholders.
Impact on Team Dynamics: Subjectivity can also affect team dynamics and morale. Decisions perceived as biased or unfair can lead to dissatisfaction and conflict among team members. Objective decision-making, based on transparent criteria and data, helps build trust and ensures that all team members are aligned with the business’s goals.
Every organization I’ve been in has a huge problem with subjectivity, and I’m confident in asserting none of us are doing enough to deal with the lack of objectivity, and we mostly rely on our intuition instead of on objective guidelines that will create unambiguous, holistic, and universally usable models.
Understand the Decisions We Make
Every day, we make many decisions, sometimes without even noticing it. These decisions fall into four categories:
Acceptances: It is a binary choice between accepting or rejecting;
Choices: Opting for a subset from a group of alternatives;
Constructions: Creating an ideal solution given accessible resources;
Evaluations: Here, commitments back up the statements of worth to act
These decisions can be simple or complex, with manifold criteria and several perspectives. Decision-making is the process of choosing an option among manifold alternatives.
The Fallacy of Expert Immunity is a Major Source of Subjectivity
There is a widely incorrect belief that experts are impartial and immune to biases. However, the truth is that no one is immune to bias, not even experts. In many ways, experts are more susceptible to certain biases. The very making of expertise creates and underpins many of the biases. For example, experience and training make experts engage in more selective attention, use chunking and schemas (typical activities and their sequence), and rely on heuristics and expectations arising from past base rate experiences, utilizing a whole range of top-down cognitive processes that create a priori assumptions and expectations.
These cognitive processes often enable experts to make quick and accurate decisions. However, these mechanisms also create bias that can lead them in the wrong direction. Regardless of the utilities (and vulnerability) of such cognitive processing in experts, they do not make experts immune from bias, and indeed, expertise and experience may actually increase (or even cause) certain biases. Experts across domains are subject to cognitive vulnerabilities.
Even when experts are made aware of and acknowledge their biases, they nevertheless think they can overcome them by mere willpower. This is the illusion of control. Combating and countering these biases requires taking specific steps—willpower alone is inadequate to deal with the various manifestations of bias.
In fact, trying to deal with bias through the illusion of control may actually increase the bias due to “ironic processing” or “ironic rebound.” Hence, trying to minimize bias by willpower makes you think of it more and increases its effect. This is similar to a judge instructing jurors to disregard specific evidence. By doing so, the judge makes the jurors notice this evidence even more.
Such fallacies’ beliefs prevent dealing with biases because they dismiss their powers and existence. We need to acknowledge the impact of biases and understand their sources to take appropriate measures when needed and when possible to combat their effects.
Fallacy
Incorrect Belief
Ethical Issues
It only happens to corrupt and unscrupulous individuals, an issue of morals and personal integrity, a question of personal character.
Bad Apples
It only happens to corrupt and unscrupulous individuals. It is an issue of morals and personal integrity, a question of personal character.
Expert Immunity
Experts are impartial and are not affected because bias does not impact competent experts doing their job with integrity.
Technological Protection
Using technology, instrumentation, automation, or artificial intelligence guarantees protection from human biases.
Blind Spot
Other experts are affected by bias, but not me. I am not biased; it is the other experts who are biased.
Illusion of Control
I am aware that bias impacts me, and therefore, I can control and counter its affect. I can overcome bias by mere willpower.
Six Fallacies that Increase Subjectivity
Mitigating Subjectivity
There are four basic strategies to mitigate the impact of subjectivity.
Data-Driven Decision Making
Utilize data and analytics to inform decisions, reducing reliance on personal opinions and biases.
Establish clear metrics with key performance indicators (KPI), key behavior indicators (KBI), and key risk indicators (KRI) that are aligned with objectives.
Implement robust data collection and analysis systems to gather relevant, high-quality data.
Use data visualization tools to present information in an easily digestible format.
Train employees on data literacy and interpretation to ensure proper use of data insights.
Regularly review and update data sources to maintain relevance and accuracy.
Standardized Processes
Implement standardized processes and procedures to ensure consistency and fairness in decision-making.
Document and formalize decision-making procedures across the organization.
Create standardized templates, checklists, and rubrics for evaluating options and making decisions.
Implement a consistent review and approval process for major decisions.
Regularly audit and update standardized processes to ensure they remain effective and relevant.
Education, Training, and Awareness
Educate and train employees and managers on the importance of objective decision-making and recognizing and minimizing personal biases.
Conduct regular training sessions on cognitive biases and their impact on decision-making.
Provide resources and tools to help employees recognize and mitigate their own biases.
Encourage a culture of open discussion and constructive challenge to promote diverse perspectives.
Implement mentoring programs to share knowledge and best practices for objective decision-making.
Digital Tools
Leverage digital tools and software to automate and streamline processes, reducing the potential for subjective influence. The last two is still more aspiration than reality.
Implement workflow management tools to ensure consistent application of standardized processes.
Use collaboration platforms to facilitate transparent and inclusive decision-making processes.
Adopt decision support systems that use algorithms and machine learning to provide recommendations based on data analysis.
Leverage artificial intelligence and predictive analytics to identify patterns and trends that may not be apparent to human decision-makers.
Risk-based thinking is a crucial component of modern quality management systems and consists of four key aspects: anticipate, monitor, respond, and learn. Each aspect ensures an organization can effectively manage and mitigate risks, enhancing overall performance and reliability.
Anticipate
Anticipating risks involves proactively identifying and analyzing potential risks that could impact the organization’s operations or objectives. This step is about foreseeing problems before they occur and planning how to address them. It requires a thorough understanding of the organization’s processes, the external and internal factors that could affect these processes, and the potential consequences of various risks. By anticipating risks, organizations can prepare more effectively and prevent many issues from occurring.
Monitor
Monitoring involves continuously observing and tracking the operational environment to detect risk indicators early. This ongoing process helps catch deviations from expected outcomes or standards, which could indicate the emergence of a risk. Effective monitoring relies on establishing metrics that help to quickly and accurately identify when things are starting to veer off course. This real-time data collection is crucial for enabling timely responses to potential threats.
Respond
Responding to risks is about taking appropriate actions to manage or mitigate identified risks based on their severity and potential impact. This step involves implementing the planned risk responses that were developed during the anticipation phase. The effectiveness of these responses often depends on the speed and decisiveness of the actions taken. Responses can include adjusting processes, reallocating resources, or activating contingency plans. The goal is to minimize the organization’s and its stakeholders’ negative impact.
Learn
Learning from the management of risks is a critical component that closes the loop of risk-based thinking. This aspect involves analyzing the outcomes of risk responses and understanding what worked well and what did not. Learning from these experiences is essential for continuous improvement. It helps organizations refine risk management processes, improve response strategies, and better prepare for future risks. This iterative learning process ensures that risk management efforts are increasingly effective over time.
The four aspects of risk-based thinking—anticipate, monitor, respond, and learn—form a continuous cycle that helps organizations manage uncertainties proactively. This approach protects the organization from potential downsides and enables it to seize opportunities that arise from a well-understood risk landscape. Organizations can enhance their resilience and adaptability by embedding these practices into everyday operations.
Implementing Risk-Based Thinking
1. Understand the Concept of Risk-Based Thinking
Risk-based thinking involves a proactive approach to identifying, analyzing, and addressing risks. This mindset should be ingrained in the organization’s culture and used as a basis for decision-making.
2. Identify Risks and Opportunities
Identify potential risks and opportunities. This can be achieved through various methods such as SWOT analysis, brainstorming sessions, and process mapping. It’s crucial to involve people at all levels of the organization since they can provide diverse perspectives on potential risks and opportunities.
3. Analyze and Prioritize Risks
Once risks and opportunities are identified, they should be analyzed to understand their potential impact and likelihood. This analysis will help prioritize which risks need immediate attention and which opportunities should be pursued.
4. Plan and Implement Responses
After prioritizing, develop strategies to address these risks and opportunities. Plans should include preventive measures for risks and proactive steps to seize opportunities. Integrating these plans into the organization’s overall strategy and daily operations is important to ensure they are effective.
5. Monitor and Review
Implementing risk-based thinking is not a one-time activity but an ongoing process. Regular monitoring and reviewing of risks, opportunities, and the effectiveness of responses are crucial. This can be done through regular audits, performance evaluations, and feedback mechanisms. Adjustments should be made based on these reviews to improve the risk management process.
6. Learn and Improve
Organizations should learn from their experiences in managing risks and opportunities. This involves analyzing what worked well and what didn’t and using this information to improve future risk management efforts. Continuous improvement should be a key goal, aligning with the Plan-Do-Check-Act (PDCA) cycle.
Training and cultural adaptation are necessary to implement risk-based thinking effectively. All employees should be trained on the principles of risk-based thinking and how to apply them in their roles. Creating a culture encouraging open communication about risks and supporting risk-taking within defined limits is also vital.
Ensures that metric analysis and reporting meet all stakeholder needs
Ensures that adequate and appropriate resources (e.g., funding, personnel, tools) are available to properly perform metrics implementation, collection, and ongoing support.
Ensures that appropriate change management activities are undertaken
This is one of those that can be done at several levels, and it usually has several cuts, from a top-level strategic document to the process owner level to potentially deeper cuts lower in the organization. I am a big fan of each process owner owning their parts and it passing up.
Investigations of a Dog 