A formal CAPA should be triggered when a nonconformance indicates a credible risk of systemic failure, safety or airworthiness impact, regulatory exposure, or recurring quality escapes. In aerospace, this decision must follow documented criteria in your quality system and be supported by objective evidence and risk assessment, not only by the severity of a single defect.
Typical triggers for a formal CAPA in aerospace
While specific thresholds belong in your internal procedures, aerospace organizations commonly require a CAPA when one or more of the following apply:
- Safety or airworthiness impact is credible
Nonconformances that could affect flight safety, structural integrity, or critical system performance, even if detected before shipment or installation. This includes issues on safety-critical characteristics, key characteristics, or special processes.
- Regulatory or customer obligations are implicated
Events that may require notification to aviation authorities or customers (e.g., potential reportable occurrence, significant escape, or field issue), or that are raised through regulatory or customer findings.
- Evidence of systemic or process-level failure
Nonconformances that indicate a breakdown of a controlled process, such as repeated similar defects, failures linked to the same operation, program, supplier, or design feature, or issues suggesting your FMEA/control plans are ineffective.
- Repeat or clustered occurrences
Same or similar nonconformances recurring within a defined period, lot, or configuration, even if each individual event is classified as minor. Clustering in time, product family, or workstation often indicates underlying systemic causes.
- Formal findings from audits or inspections
Major or repeated minor findings from internal audits, customer audits, or regulatory surveillance that point to ineffective controls, documentation, or previous corrective actions.
- Supplier or sub-tier systemic issues
Supplier nonconformances that show a pattern (e.g., multiple lots affected, multiple part numbers, repeated failures to meet agreed controls or special process requirements).
- Field issues, escapes, or service disruptions
Nonconformances discovered after delivery or installation, especially if they cause rework, AOG events, service disruption, or concessions that require engineering disposition across multiple units.
- Failures of previous corrective actions
Recurrence of a problem that was previously addressed by a corrective action, indicating that prior root cause analysis or fixes were incomplete or ineffective.
- Risks to key business or program objectives
Nonconformances that materially affect on-time delivery, cost, or contractual obligations (e.g., repeated scrapped high-value hardware, program-level delays tied to the same cause).
When a nonconformance may stay at the local level
Not every nonconformance should trigger a formal CAPA. In a mature system, many issues are addressed by contained corrective actions at the point of occurrence. In general, local correction and containment (without a full CAPA) can be appropriate when:
- The event is clearly isolated and low risk to safety and airworthiness.
- There is no pattern of recurrence in recent data for the same process, part, or supplier.
- The cause is obvious, promptly eliminated, and effectively prevented through routine process control (e.g., work instruction clarification, minor fixture adjustment) without needing full root cause analysis.
- It falls below defined thresholds in your risk and escalation matrix for cost, severity, detectability, or occurrence.
Even in these cases, the nonconformance and decision not to open a CAPA should be recorded, traceable, and periodically reviewed so that patterns are not missed.
Defining clear CAPA triggers in your QMS
Because expectations differ by customer, regulator, and product line, the triggers for CAPA must be explicitly defined in your quality procedures, not handled ad hoc. Common good practices include:
- Risk-based criteria
Use a defined risk model (e.g., severity, occurrence, detection rankings) linked to decision rules, so CAPA decisions are consistent and auditable.
- Data-driven thresholds
Specify quantitative triggers such as a certain number of similar defects within a time frame, scrap/rework cost thresholds, or statistical signals from SPC or defect trend charts.
- Category-based rules
Define nonconformance categories that always require CAPA (e.g., critical characteristic escape, suspected counterfeit part, loss of special process control, unapproved repair on safety-critical hardware).
- Explicit supplier escalation rules
Clarify when supplier nonconformances escalate from SCAR or local actions into a formal CAPA within your own QMS.
- Governance and review
Have a cross-functional group (e.g., MRB, quality board, safety board) periodically review nonconformance data and confirm that triggers are being applied as intended.
Brownfield and system coexistence considerations
In most aerospace environments, nonconformance data, CAPA records, and risk assessments are distributed across multiple systems (MES, ERP, QMS, PLM, supplier portals) and sometimes paper. CAPA triggers will only work reliably if:
- Nonconformances from all relevant sources are visible in one consolidated view or report.
- Linkages between events, lots, part numbers, and processes are maintained so systemic issues can be detected.
- Changes to triggers or escalation rules are managed under documented change control and, where applicable, validated before use.
Attempts to replace legacy systems purely to improve CAPA triggering often run into qualification burden, downtime risk, and integration complexity. Many organizations instead overlay analytics and reporting on existing systems, and phase in changes under disciplined change control.
Traceability and documentation expectations
Regardless of whether a formal CAPA is opened, aerospace regulators and customers typically expect:
- A clear record of the nonconformance, including classification and risk assessment.
- Traceability from the event to the decision (why CAPA was or was not initiated).
- Evidence of containment, disposition, and verification of any local corrective actions.
- Periodic review of nonconformance data to confirm that CAPA triggers remain effective.
Defining explicit, risk-based criteria and applying them consistently is usually scrutinized more closely than the absolute number of CAPAs opened.
