Example CAPAs

CAPA Name

The individual name given for the CAPA.

Internal audits need to be established and carried out on a regular basis

Status

The term status refers to the current condition or state of a Corrective and Preventive Actions (CAPA).

• Open - This status indicates that a CAPA has been identified and is under investigation. At this stage, further investigation or analysis may be required to determine the appropriate action to take.

• Closed - This status indicates that the CAPA has been implemented and the corrective or preventive action has been completed. At this stage, the results of the action taken may be evaluated to determine if the issue has been resolved satisfactorily.

For the purposes of this example, we'll say that this CAPA is resolved now.

Closed

Rating

• Minor - This CAPA is seen as a minor improvement to be made to the organisation.

• Major - This CAPA is seen as a major improvement or correction that must be made by the organisation.

Major

CAPA Owner

The CAPA Owner section refers to the person responsible for implementing and managing the corrective and preventive actions identified as part of the ISMS.

Bilbo Baggins

Identified By

The person responsible for identifying this CAPA.

Bilbo Baggins

Asset Affected

Select an asset from the asset list which is most affected by the CAPA.

Since this CAPA doesn't really affect an asset, we'll leave this blank.

CAPA Description

The description section offers a detailed and complete summary of the CAPA, providing the reader with a clear understanding of what it entails.

We currently do not carry out internal audits to determine what areas of the organisation may be lacking in terms of compliance. We will start planning and conducting these quarterly.

Date Identified

The specific date on which the CAPA was raised.

03/08/2023

Date Completed

The specific date on which the CAPA was actioned. If ongoing then leave section blank.

09/08/2023

What Investigation was carried out?

Provide a detailed explanation of what investigation was carried out.

Audit of internal processes

Root Cause Analysis

A root cause analysis (RCA) for a Corrective and Preventive Action (CAPA) in an Information Security Management System (ISMS) is a process of identifying the underlying cause(s) of an issue or problem in the organisation's security controls, processes, or procedures.

The purpose of conducting an RCA is to determine the source of the problem and prevent its recurrence in the future. The RCA process involves identifying the problem, analysing the problem's symptoms, identifying the contributing factors, and identifying the root cause(s) of the issue.

ISMS implementation was in early stages and this had not yet been implemented.

Corrective Action

Describe what actions have been identified as needed and how they have been put in place.

We now have a documented internal audit schedule.

Have you verified that the actions are effective?

If the corrective actions have been verified to be effective in solving the problem.

Yes