Skip to main content

Work Order QMS Module — CAPA Workflow Specification

Classification: Internal — Compliance Engineering
Date: 2026-02-13
Artifact: 74 of WO System Series
Status: Proposed
Source Artifacts: 58-gap-closure-prompts.md (G16), 16-prisma-data-model.md, 20-regulatory-compliance-matrix.md, 70-validation-protocol-templates.md §6

1. CAPA Overview

Corrective and Preventive Action (CAPA) is a core QMS process required by FDA 21 CFR Part 820 (Quality System Regulation), ISO 13485, and ICH Q10. In the WO system, CAPA connects non-conformances discovered during work order execution to systematic root cause analysis, corrective actions, preventive actions, and effectiveness verification.

1.1 CAPA vs. Deviation vs. Change Control

ConceptScopeTriggerOutput
DeviationSingle event anomaly during validationIQ/OQ/PQ test failureDeviation report (70-validation-protocol-templates.md §6)
Change Control (WO)Planned modification to validated systemMaintenance, upgrade, installWork order lifecycle (12-sdd.md)
CAPASystemic issue requiring root cause + preventionRecurring deviations, audit findings, complaintsCAPA record with corrective + preventive actions

A deviation may trigger a CAPA. A CAPA generates work orders for corrective and preventive actions. They are related but distinct processes.

1.2 Regulatory Requirements

RegulationSectionCAPA Requirement
FDA 21 CFR 820§820.90Nonconforming product procedures
FDA 21 CFR 820§820.198Complaint files analysis
FDA 21 CFR 11§11.10(e)Audit trail for CAPA records
ISO 13485§8.5.2Corrective action
ISO 13485§8.5.3Preventive action
ICH Q10§3.2CAPA system as part of pharmaceutical quality system

2. CAPA Data Model

2.1 Prisma Schema Extension

model CAPARecord {
  id                  String          @id @default(cuid())
  tenantId            String          @map("tenant_id")
  capaNumber          String          @unique  // CAPA-YYYY-NNNN
  status              CAPAStatus      @default(INITIATED)
  classification      CAPAClass       // CORRECTIVE | PREVENTIVE | BOTH
  priority            Priority        // LOW | MEDIUM | HIGH | CRITICAL
  source              CAPASource      // DEVIATION | AUDIT_FINDING | COMPLAINT | TREND | AGENT_DETECTED
  
  // Problem description
  title               String
  description         String
  impactAssessment    String
  affectedSystems     String[]        // Asset IDs of affected validated systems
  affectedRegulations String[]        // FDA, HIPAA, SOC2, etc.
  
  // Root cause analysis
  rootCauseMethod     RootCauseMethod? // FIVE_WHY | FISHBONE | FAULT_TREE
  rootCauseAnalysis   String?
  rootCauseApprovedBy String?
  rootCauseApprovedAt DateTime?
  
  // Actions
  correctiveActions   CAPAAction[]    @relation("CorrectiveActions")
  preventiveActions   CAPAAction[]    @relation("PreventiveActions")
  
  // Effectiveness verification
  effectivenessMethod String?
  effectivenessDueDate DateTime?
  effectivenessResult String?
  effectivenessVerifiedBy String?
  effectivenessVerifiedAt DateTime?
  
  // Closure
  closedBy            String?
  closedAt            DateTime?
  closureJustification String?
  
  // Traceability
  sourceDeviationIds  String[]        // Deviation IDs that triggered this CAPA
  sourceWorkOrderIds  String[]        // WO IDs where issue was discovered
  sourceAuditFindingId String?        // External audit finding reference
  generatedWorkOrderIds String[]      // WO IDs created to implement CAPA actions
  
  // Metadata
  initiatedBy         String
  initiatedAt         DateTime        @default(now())
  updatedAt           DateTime        @updatedAt
  version             Int             @default(1)
  
  // Relations
  riskAssessment      RiskAssessment? @relation(fields: [riskAssessmentId], references: [id])
  riskAssessmentId    String?
  approvals           Approval[]
  auditTrail          AuditTrail[]

  @@index([tenantId, status])
  @@index([tenantId, capaNumber])
  @@index([tenantId, source])
  @@map("capa_records")
}

model CAPAAction {
  id                  String          @id @default(cuid())
  tenantId            String          @map("tenant_id")
  capaId              String
  type                CAPAActionType  // CORRECTIVE | PREVENTIVE
  sequence            Int
  description         String
  assigneeId          String
  dueDate             DateTime
  status              ActionStatus    @default(OPEN)  // OPEN | IN_PROGRESS | COMPLETED | VERIFIED
  completedAt         DateTime?
  workOrderId         String?         // Generated WO for this action
  evidenceAttached    Boolean         @default(false)
  verifiedBy          String?
  verifiedAt          DateTime?
  
  capa                CAPARecord      @relation(fields: [capaId], references: [id])

  @@index([tenantId, capaId])
  @@map("capa_actions")
}

model RiskAssessment {
  id                  String          @id @default(cuid())
  tenantId            String          @map("tenant_id")
  entityType          String          // "WorkOrder" | "CAPARecord"
  entityId            String
  assessedBy          String
  assessedAt          DateTime        @default(now())
  likelihood          Int             // 1-5
  impact              Int             // 1-5
  riskScore           Int             // likelihood × impact
  category            RiskCategory    // SAFETY | COMPLIANCE | OPERATIONAL | DATA_INTEGRITY
  mitigationPlan      String
  residualRisk        Int?
  signatureId         String?         // E-sig for high-risk assessments
  
  @@index([tenantId, entityType, entityId])
  @@map("risk_assessments")
}

enum CAPAStatus {
  INITIATED
  ROOT_CAUSE_ANALYSIS
  ACTION_PLANNING
  IN_PROGRESS
  EFFECTIVENESS_PENDING
  CLOSED
  CLOSED_INEFFECTIVE     // Effectiveness check failed — re-open
}

enum CAPAClass {
  CORRECTIVE
  PREVENTIVE
  BOTH
}

enum CAPASource {
  DEVIATION
  AUDIT_FINDING
  COMPLAINT
  TREND
  AGENT_DETECTED
}

enum RootCauseMethod {
  FIVE_WHY
  FISHBONE
  FAULT_TREE
}

enum RiskCategory {
  SAFETY
  COMPLIANCE
  OPERATIONAL
  DATA_INTEGRITY
}

3. CAPA State Machine

3.1 State Diagram

INITIATED

    ▼  (risk assessment completed)
ROOT_CAUSE_ANALYSIS

    ▼  (root cause approved by QA)
ACTION_PLANNING

    ▼  (all actions assigned, WOs generated)
IN_PROGRESS

    ▼  (all corrective + preventive actions completed)
EFFECTIVENESS_PENDING

    ├──► CLOSED                 (effectiveness verified)

    └──► CLOSED_INEFFECTIVE     (effectiveness check failed)

             └──► INITIATED     (re-opened with reference to previous CAPA)

3.2 Transition Guards

TransitionGuardFailure Action
INITIATED → ROOT_CAUSE_ANALYSISRisk assessment exists; severity ≥ threshold for CAPABlock; request risk assessment
ROOT_CAUSE_ANALYSIS → ACTION_PLANNINGRoot cause documented; root cause approved by QA (e-signature for regulatory)Block; request QA approval
ACTION_PLANNING → IN_PROGRESS≥ 1 corrective action defined; all actions have assignees and due dates; WOs generated for each actionBlock; complete action planning
IN_PROGRESS → EFFECTIVENESS_PENDINGAll corrective actions completed; all preventive actions completedBlock; show incomplete actions
EFFECTIVENESS_PENDING → CLOSEDEffectiveness verification documented; verified by QA (e-signature)Block; request verification
EFFECTIVENESS_PENDING → CLOSED_INEFFECTIVEEffectiveness check performed but failedAuto-generates new CAPA referencing this one

3.3 Approval Requirements

CAPA PriorityRoot Cause ApprovalClosure ApprovalEscalation
LOWQA ManagerQA ManagerNone
MEDIUMQA ManagerQA Manager + System Owner30-day overdue → QA Director
HIGHQA DirectorQA Director + System Owner14-day overdue → VP Quality
CRITICALQA Director + VP QualityVP Quality + Executive7-day overdue → CEO

4. CAPA-to-Work-Order Integration

4.1 Automatic WO Generation

When CAPA transitions to IN_PROGRESS, the system generates work orders for each corrective and preventive action:

function generateCAPAWorkOrders(capa: CAPARecord): WorkOrder[] {
  const workOrders: WorkOrder[] = [];
  
  for (const action of [...capa.correctiveActions, ...capa.preventiveActions]) {
    workOrders.push({
      type: action.type === 'CORRECTIVE' ? 'CORRECTIVE' : 'PREVENTIVE',
      regulatory: true,                    // All CAPA-generated WOs are regulatory
      priority: capa.priority,
      title: `CAPA ${capa.capaNumber} - ${action.description.substring(0, 100)}`,
      description: action.description,
      masterId: null,                      // CAPA WOs are standalone unless explicitly linked
      metadata: {
        capaId: capa.id,
        capaNumber: capa.capaNumber,
        capaActionId: action.id,
        capaActionType: action.type,
      },
      scheduledEnd: action.dueDate,
    });
  }
  
  return workOrders;
}

4.2 Bidirectional Traceability

CAPA Record ──► generates ──► Work Order(s)
     ▲                              │
     │                              ▼
     └──── references ◄──── WO Audit Trail
     
Deviation Report ──► triggers ──► CAPA Record
     ▲                              │
     │                              ▼
     └── discovered in ◄──── Original Work Order

Every CAPA-generated WO carries metadata.capaId and metadata.capaActionId, enabling traceability from WO back to CAPA. The CAPA record maintains generatedWorkOrderIds[] for forward traceability.

4.3 CAPA Dashboard Metrics

MetricDefinitionTargetRegulatory Basis
CAPA open countTotal CAPAs not in CLOSED status< 20 at any timeFDA expectation: manageable backlog
CAPA on-time closure rateCAPAs closed by original due date / total closed> 90%FDA 483 trigger if consistently low
Average CAPA ageMean days from INITIATED to CLOSED< 60 daysIndustry benchmark
Effectiveness rateCAPAs closed as CLOSED (not CLOSED_INEFFECTIVE) / total closed> 85%ISO 13485 §8.5
CAPA recurrence rateNew CAPAs from same root cause as previous CAPA< 5%Measures preventive action effectiveness

5. Risk Assessment Integration

5.1 Risk Matrix

              Impact
        1    2    3    4    5
    ┌────┬────┬────┬────┬────┐
  5 │  5 │ 10 │ 15 │ 20 │ 25 │  ← Critical: Executive approval
    ├────┼────┼────┼────┼────┤
  4 │  4 │  8 │ 12 │ 16 │ 20 │
    ├────┼────┼────┼────┼────┤
L 3 │  3 │  6 │  9 │ 12 │ 15 │  ← High: QA Director required
    ├────┼────┼────┼────┼────┤
  2 │  2 │  4 │  6 │  8 │ 10 │
    ├────┼────┼────┼────┼────┤
  1 │  1 │  2 │  3 │  4 │  5 │  ← Low: Standard process
    └────┴────┴────┴────┴────┘

5.2 Risk-Based Routing

Risk ScoreCAPA RequiredApproval LevelTimeline
1–6 (Low)Optional; deviation report may sufficeQA Manager90 days
7–12 (Medium)RequiredQA Manager + System Owner60 days
13–19 (High)Required, priority escalationQA Director + System Owner30 days
20–25 (Critical)Required, immediate actionVP Quality + Executive14 days

5.3 Agent-Detected CAPAs

CODITECT agents can detect patterns that warrant CAPA initiation:

PatternDetection MethodAuto-Action
Same deviation type ≥ 3 times in 90 daysAgent trend analysis on deviation reportsAuto-initiate CAPA (source: TREND)
WO completion variance > 200% from estimateSchedule tracking analysisFlag for risk assessment
Compliance guard failure rate > 5% for an assetCompliance engine metricsAuto-initiate CAPA (source: AGENT_DETECTED)
Certification expiry affecting active WOsResource monitoringAuto-generate preventive WO

Agent-initiated CAPAs require human approval before progressing past INITIATED status. The agent populates the initial risk assessment and suggests root cause categories, but a human (QA role minimum) must approve.

6. Root Cause Analysis Methods

6.1 Five Whys Template

## Five Whys Analysis — CAPA-2026-0042

Problem Statement: [Description of the non-conformance]

Why 1: [First-level cause]
  Evidence: [Data, observations, records]

Why 2: [Second-level cause]
  Evidence: [Data, observations, records]

Why 3: [Third-level cause]
  Evidence: [Data, observations, records]

Why 4: [Fourth-level cause]
  Evidence: [Data, observations, records]

Why 5: [Root cause identified]
  Evidence: [Data, observations, records]

Root Cause Statement: [Concise statement of the root cause]
Root Cause Category: [HUMAN_ERROR | PROCESS_GAP | EQUIPMENT_FAILURE | DESIGN_DEFICIENCY | TRAINING_GAP]

6.2 Fishbone (Ishikawa) Categories

For WO system context:

CategoryExample Causes
PeopleTraining gaps, certification expired, unfamiliar with SOP
ProcessSOP outdated, approval chain misconfigured, guard logic incorrect
TechnologySystem bug, integration failure, model routing error
EquipmentCalibration drift, tool failure, environment misconfigured
MaterialsWrong version of reagent, expired supplies
MeasurementIncorrect test criteria, monitoring gap, metric miscalculation

7. CAPA Events

Events emitted per 73-event-catalog.md pattern:

EventTriggerConsumers
capa.initiatedCAPA record createdAudit Writer, Notification (QA alert), Metrics
capa.root_cause_approvedQA approves root cause analysisAudit Writer, Notification (assignees)
capa.action_assignedIndividual action assigned to personNotification (assignee), WO Generator
capa.work_orders_generatedWOs created for CAPA actionsAgent Orchestrator, Notification
capa.effectiveness_verifiedEffectiveness check completedAudit Writer, Notification (QA)
capa.closedCAPA reaches CLOSED statusAudit Writer, Metrics, Webhook
capa.closed_ineffectiveEffectiveness check failedAudit Writer, Notification (escalation), Auto-reopen

8. API Endpoints

Per 71-api-endpoint-specification.md pattern:

POST   /v1/capas                           # Initiate CAPA
GET    /v1/capas/:id                        # Get CAPA record
GET    /v1/capas                            # List CAPAs (filtered)
PATCH  /v1/capas/:id/status                 # Transition CAPA status
PUT    /v1/capas/:id/root-cause             # Submit root cause analysis
POST   /v1/capas/:id/actions                # Add corrective/preventive action
PATCH  /v1/capas/:id/actions/:actionId      # Update action status
PUT    /v1/capas/:id/effectiveness           # Submit effectiveness verification
GET    /v1/capas/:id/audit-trail            # CAPA audit trail
GET    /v1/capas/metrics                     # CAPA dashboard metrics

POST   /v1/work-orders/:id/risk-assessment  # Create risk assessment (from 71)
GET    /v1/work-orders/:id/risk-assessment  # Get risk assessment (from 71)

9. Compliance Traceability

FDA RequirementCAPA ImplementationEvidence
§820.90(a) — Procedures for nonconforming productCAPA state machine with mandatory guardsState machine specification, guard test results
§820.90(b) — Disposition of nonconforming productRisk assessment determines CAPA classification and timelineRisk assessment records, audit trail
§820.198 — Complaint investigationCAPA source: COMPLAINT; traceability to original complaintCAPA record with sourceAuditFindingId
§11.10(e) — Audit trailAll CAPA state changes, approvals, and actions auditedAppend-only audit trail entries
§11.50 — Signature manifestationsQA approval of root cause and effectiveness via e-signatureElectronicSignature records

10. Cross-Reference

ConcernSpecification Source
Gap G16 (original identification)58-gap-closure-prompts.md
Data model (base WO entities)16-prisma-data-model.md
State machine pattern19-state-machine-with-guards.md
E-signature for approvals17-e-signature-architecture.md
Deviation handling (validation)70-validation-protocol-templates.md §6
Risk assessment API71-api-endpoint-specification.md §8
CAPA events73-event-catalog.md
Compliance matrix20-regulatory-compliance-matrix.md
Agent detection patterns25-agent-orchestration-spec.md
RBAC for CAPA operations22-rbac-permissions-matrix.md (extend for CAPA roles)

CAPA is not optional in FDA-regulated environments — it's the process that transforms individual failures into systemic improvements. An auditor's first question after finding a deviation is "where's the CAPA?" This specification ensures CODITECT can answer that question with full traceability, electronic signatures, and an immutable audit trail.

Copyright 2026 AZ1.AI Inc. All rights reserved. Developer: Hal Casteel, CEO/CTO Product: CODITECT-BIO-QMS | Part of the CODITECT Product Suite Classification: Internal - Confidential