Corrective and Preventive Action Form

This topic is part of the SG Systems Global regulatory & operations glossary.

Updated October 2025 • CAPA Data Structure & Templates • QA, Operations, Engineering, IT

A Corrective and Preventive Action (CAPA) form is the structured template—paper or electronic—that captures all required information about a CAPA: trigger, risk, investigation, root cause, corrective actions, preventive actions, implementation, and effectiveness checks. It is the data model behind the CAPA process. In regulated environments, the CAPA form must do two things simultaneously: guide users through a disciplined, risk-based investigation and produce a complete, inspection-ready record that satisfies ISO 13485, GMP, and device/sector-specific expectations. A poorly designed CAPA form almost guarantees poor CAPA behavior—garbage structure in, garbage evidence out.

“Show me your CAPA form and I can usually tell, in one page, whether your quality system really learns or just files paperwork.”

1) Purpose of the CAPA Form

The CAPA form is not just a record; it is a workflow scaffold that should:

• Prompt users to capture all required information in a logical sequence.
• Enforce risk-based thinking and prevent premature “quick fixes”.
• Standardize how problems, causes, and actions are described for trending and analytics.
• Make it easy for auditors, customers, and management to follow the story from trigger to outcome.

If investigators have to improvise their own structure in free-text fields, the form is failing its primary job.

2) Core Sections of a Corrective and Preventive Action Form

While layouts vary, most robust CAPA forms contain at least:

• Header & identifiers: CAPA number, revision, dates, site, product, process, and owner.
• Source/trigger section: linked NC, complaint, audit, risk, PMS references.
• Problem statement & scope: concise description of what is wrong and which units/batches/customers are in scope.
• Initial risk assessment: severity, occurrence, detectability or equivalent, with rationale.
• Investigation & data review: summary of evidence examined.
• Root cause & contributing factors: structured space for causes and method used.
• Corrective actions: actions, owners, due dates, and success criteria.
• Preventive actions: broader/systemic actions, if applicable.
• MOC / validation / document updates: references to related changes.
• Effectiveness check: plan, data, and conclusion.
• Approvals & closure: signatures, dates, and residual-risk verdict.

In digital systems, these appear as required fields, dropdowns, and structured tables rather than blank paragraphs.

3) Header & Identification Fields

The header section of the CAPA form typically includes:

• Unique CAPA ID / number and form revision.
• Site / facility, department, and product family.
• Process / system affected (e.g., blending, sterilization, labeling, software module).
• CAPA owner and team members.
• Key dates (initiated, approved for investigation, actions completed, effectiveness reviewed, closed).

These fields allow cross-referencing with batch records, NCs, and management-review dashboards.

4) Source & Trigger Section

A good CAPA form dedicates space to “why we are here”:

• Check-boxes for source types: NC, complaint, audit, inspection, PMS signal, risk review, others.
• Fields for linked record IDs (NC numbers, complaint IDs, audit references).
• A short narrative describing the triggering event or trend.
• Flags indicating if regulatory reporting (e.g., recall, vigilance) may be required.

Without this section, CAPA becomes unmoored from the events it is supposed to address and is harder to trend by source.

5) Problem Statement & Scope Fields

The form should force a clear, factual problem statement:

• “What happened?” and “Where/when did it occur?” as separate prompts.
• Fields for affected lots/batches/serials, products, customers, and geographies.
• Prompt to distinguish between a single incident and a systemic pattern.

Many sites add guidance text: “Describe what is wrong in neutral, measurable terms; avoid causes or blame in this section.” That steers users toward clean statements instead of early speculation.

6) Risk Assessment Segment

Risk-based CAPA forms include explicit risk fields:

• Severity / impact category (e.g., patient safety, product quality, compliance, supply).
• Occurrence and detectability ratings, if used.
• Overall risk level (e.g., critical/major/minor) mapped to QRM rules.
• Text box for rationale, including links to risk registers or FMEA entries.

These fields drive deadlines, approval levels, and expectations for investigation depth and effectiveness checks.

7) Investigation & Data Review Section

Instead of a single “investigation” free-text box, mature CAPA forms provide structure:

• Fields listing data sources (batch records/eDHR, lab data, logbooks, MES/WMS data, calibration records, supplier docs).
• Prompts to compare “good vs bad” samples (batches, lines, shifts).
• Space to document key observations and eliminated hypotheses.
• Optional checklists or dropdowns for commonly reviewed elements, to standardize practice.

This section creates traceability between the evidence examined and the root causes later claimed.

8) Root Cause & Contributing Factor Fields

A strong CAPA form makes it hard to skate past root cause analysis:

• Separate fields for primary root cause(s) and contributing factors.
• Dropdown for cause categories (process, equipment, method, design, supplier, training, documentation, environment, management system).
• Field to record analysis method used (5 Whys, Ishikawa, FTA, FMEA update, etc.).
• Prompt to explain why other plausible causes were excluded.

Many organizations also add a warning: “‘Human error’ alone is not acceptable as root cause without supporting system analysis.” The form is where that expectation is enforced.

9) Corrective & Preventive Action Planning Fields

The action section is the core of the form and typically includes a small table or grid:

• Action type (corrective vs preventive).
• Action description, mapped to specific causes.
• Owner and due date.
• Linked MOC / change record ID, if applicable.
• Planned evidence of completion (updated SOP, validation report, training completion, system config screenshot).

The form should discourage vague statements like “review procedure” by demanding concrete deliverables and owners.

10) MOC, Validation & Document Control Links

Because CAPA actions often change the system, the form should:

• Include fields for associated MOC numbers or engineering change orders.
• Capture whether re-validation is required and which protocols/reports are involved.
• List SOPs, work instructions, or forms to be revised (with document IDs and versions).
• Record training requirements and completion status for updated documents or systems.

This turns the CAPA form into the index page for all downstream changes and evidence.

11) Effectiveness Check & Closure Fields

To prevent “checklist closure”, the form should force explicit effectiveness planning and results:

• Planned observation period and data sources (e.g., next 20 batches, 6 months of complaints, audit results).
• Objective success criteria (recurrence thresholds, trend targets, capability improvements).
• Fields for actual results and conclusion (effective / not effective) with explanation.
• Separate QA/Quality Unit approval for closure, with e-signature and date.

Without these fields, it is too easy to close CAPA the moment tasks are ticked off, regardless of impact.

12) Data Integrity & Form Design

The design of the CAPA form itself influences data integrity:

• Mandatory fields for critical data (root cause, actions, effectiveness) with validation rules in electronic systems.
• Logical field ordering to minimize back-dating or “fill it in later” behavior.
• Controlled lists and dropdowns to standardize codes, categories, and references.
• Built-in audit trail and versioning in electronic forms.

Paper forms need clear instructions about corrections (no obliteration, reason for change, initials/date) to uphold ALCOA(+) principles.

13) Common Design Errors in CAPA Forms

• Too much free text. No structure for root cause, actions, or risk → impossible to trend or benchmark.
• No risk fields. All CAPA treated the same, regardless of impact.
• No link fields. No place to record NC, complaint, batch, or MOC IDs, so evidence is scattered.
• Missing effectiveness section. CAPA appears complete once tasks are ticked, with no outcome check.
• Overloaded forms. So many fields and attachments that users avoid raising CAPA or fill them lazily.

Getting the form “thin but complete” is a design exercise, not an afterthought.

14) What Belongs in the CAPA Form SOP

The site’s CAPA / Corrective Action Procedure should explicitly define how to use the form:

• Which sections must be completed at initiation vs after investigation vs at closure.
• Who is allowed to create, edit, review, and approve entries; which fields QA controls.
• Instructions for linking CAPA forms to NC, complaint, audit, PMS, and risk records.
• Expectations for quality of content in problem statement, root cause, and effectiveness fields.
• Rules for amending forms after closure (e.g., re-opening CAPA vs creating a new one).

The form and SOP should be developed together; otherwise they work against each other.

15) How Corrective and Preventive Action Forms Fit with V5 by SG Systems Global

Electronic CAPA forms in V5 QMS. In the V5 Quality Management System (QMS), the Corrective and Preventive Action Form is implemented as a configurable electronic template. Mandatory fields for problem statements, risk ratings, investigation summaries, root causes, corrective and preventive actions, and effectiveness checks are enforced with e-signatures and effective dating, supporting ISO 13485 and data integrity expectations.

Live links to NC, complaints & audits. V5 QMS CAPA forms link directly to Nonconformance records, complaints, audit findings, and risk assessments. Users select source records from controlled lists; the CAPA form automatically pulls IDs, product, lot/serial, and severity, eliminating re-keying and strengthening traceability.

Embedded production evidence via V5 MES. With the V5 MES, CAPA forms can reference specific eDHR/eBR batches, process parameters, and in-process test results. Investigators attach or link MES data directly into the form, so the CAPA’s investigation and root cause sections are backed by real shop-floor evidence, not reconstructed spreadsheets.

Inventory & logistics context via V5 WMS. The V5 WMS connects CAPA forms to affected lots, locations, and customers. Fields in the CAPA form can show where impacted inventory is stored, what has been quarantined, and which shipments or returns are part of the scope, driven from real-time WMS data.

Platform-wide view through V5 Solution Overview & V5 Connect API. Within the broader V5 Solution Overview, CAPA forms become part of an integrated dataset. The V5 Connect API exposes CAPA form fields to BI and ERP tools for trending CAPA volume, cycle time, root cause categories, and effectiveness rates across plants, product lines, and suppliers—without exporting uncontrolled spreadsheets.

Bottom line: V5 turns the Corrective and Preventive Action Form from a static PDF into a living, ISO-ready data structure tied directly to QMS, MES, WMS, and integration layers—making CAPA easier to execute, monitor, and defend.

16) FAQ

Q1. What is the difference between a CAPA form and a CAPA report?
The CAPA form is the template or data structure used to capture CAPA information; the CAPA report is the completed instance for a specific CAPA. In practice, they are often the same document type—blank vs completed—but it’s useful to distinguish the template design from the content it produces.

Q2. Who should design the Corrective and Preventive Action Form?
Design should be led by QA, but with input from operations, engineering, IT, and regulatory. The form must meet regulatory requirements and be usable on the shop floor; leaving design solely to any one group usually produces either over-complex forms or ones that miss critical data.

Q3. How many fields is “too many” on a CAPA form?
Enough to cover problem, risk, investigation, cause, actions, and effectiveness; no more. If users consistently leave fields blank or copy/paste boilerplate, the form is probably too long or poorly structured. Risk-based tailoring (shorter forms for low-risk CAPA, full forms for high-risk) can help.

Q4. Can we reuse the same CAPA form template across multiple sites?
Yes—and you usually should, to standardize data and metrics. Local variations can be handled with configuration (required vs optional fields, extra site-specific fields) in an electronic system like V5 QMS, rather than maintaining separate uncontrolled templates.

Q5. Does a CAPA form have to be electronic?
No, but paper-based CAPA forms make it harder to enforce mandatory fields, link to NC/batch data, trend results, and maintain audit trails. Regulators increasingly expect electronic CAPA in mid-to-large organizations; paper is still possible, but you pay for it in labor and risk.

Q6. How often should we review and revise our CAPA form?
At least when major standards or regulatory expectations change, and whenever audits, inspections, or internal reviews highlight weaknesses (e.g., poor root cause quality, missing risk logic, weak effectiveness checks). Changes should go through document control and include retraining of users.

Related Reading
• CAPA Core: CAPA – Corrective & Preventive Action | Corrective Action Procedure | Corrective and Preventive Action Report | Deviation / Nonconformance (NC)
• QMS & Risk: ISO 13485 Requirements | Quality Management System (QMS) | Risk Management (QRM) | Management of Change (MOC)
• Data & Records: Data Integrity | Audit Trail (GxP) | eDHR Software
• V5 Platform: V5 Solution Overview | V5 QMS | V5 MES | V5 WMS | V5 Connect API