Pharma /

Gmp

/

Allowed Process Workflows

Allowed Process Workflows

Depending on the situation, the system supports multiple workflows for managing complaints, deviations, investigations, CAPAs, and change controls.

Each workflow follows a predefined logic, ensuring full traceability, regulatory compliance, and process integrity.

All possible workflows can be grouped into four main types, which reflect the most common and allowed scenarios in the system. Each of them includes optional steps, depending on the outcome of the review or assessment at each stage.

Below is a complete list of the allowed flows within these four types:

  • Complaint → Investigation → Deviation (if needed) → CAPA (if needed) → Change Control (if needed)
    • Complaint → Investigation → no Deviation → close
    • Complaint → Investigation → Deviation → no CAPA → close
    • Complaint → Investigation → Deviation → CAPA → no Change Control → close
    • Complaint → Investigation → Deviation → CAPA → Change Control
  • Deviation → (Investigation if needed) → (CAPA if needed) → (Change Control if needed)
    • Deviation → no Investigation → close
    • Deviation → Investigation → no CAPA → close
    • Deviation → Investigation → CAPA → no Change Control → close
    • Deviation → Investigation → CAPA → Change Control
  • Deviation → (CAPA if needed) → (Change Control if needed)
    • Deviation → no CAPA → close
    • Deviation → CAPA → no Change Control → close
    • Deviation → CAPA → Change Control
  • Direct Change Control
    • Change Control (initiated directly)

Each of these workflows is described in detail in the sections below. The structure explains when each step is required, what decisions are made, and what paths are allowed based on the situation.

Complaint → Investigation → Deviation (if needed) → CAPA (if needed) → Change Control (if needed)

When a Complaint is registered, the system always starts an Investigation.

The Investigation analyzes the situation and can lead to two outcomes:

  • If everything is acceptable or no issue is confirmed, no Deviation is created. The process ends after the investigation is closed.
  • If a problem is confirmed, a Deviation is registered.

After the Deviation is created:

  • It cannot start a new Investigation, because the case was already investigated through the complaint.
  • The deviation is reviewed, and based on the risk or impact:
    • A CAPA can be created, or
    • The deviation can be closed without a CAPA.

If a CAPA is created, the process can continue to Change Control, but only if a permanent or procedural change is needed.

Summary of possible paths:

  • Complaint → Investigation → no Deviation → close
  • Complaint → Investigation → Deviation → no CAPA → close
  • Complaint → Investigation → Deviation → CAPA → no Change Control → close
  • Complaint → Investigation → Deviation → CAPA → Change Control

Key rules:

  • Only one Investigation is allowed in this chain.
  • Only one CAPA can be created from the deviation.
  • The process is one-directional and traceable.

Deviation → (Investigation if needed) → (CAPA if needed) → (Change Control if needed)

This workflow starts with a Deviation, which is reported when something unexpected or non-compliant happens during operations.

Once the deviation is registered, it goes through a review and approval process. During this stage, the responsible approvers decide whether an Investigation is needed.

If no investigation is needed:

  • The deviation can be closed after review.
  • No further actions are required.

If an investigation is needed:

  • The process continues with an Investigation to analyze the root cause and assess the impact.

During the investigation, the quality team evaluates whether a CAPA is necessary.

From the investigation:

  • If the issue is minor or already resolved, no CAPA is created. The deviation is closed after the investigation.
  • If corrective or preventive action is needed, a CAPA is created.

Inside the CAPA, the team evaluates whether a Change Control is required to apply long-term changes (e.g., updates to procedures, specifications, systems).

From the CAPA:

  • If no procedural or system change is needed, the CAPA ends the process.
  • If a change is required, the process continues with a Change Control.

Allowed flows in this workflow:

  • Deviation → no Investigation → close
  • Deviation → Investigation → no CAPA → close
  • Deviation → Investigation → CAPA → no Change Control → close
  • Deviation → Investigation → CAPA → Change Control

Key rules:

  • Only one investigation can be created from a deviation.
  • The investigation cannot create a new deviation, because the deviation already exists.
  • Only one CAPA can be created per investigation.
  • Only one Change Control can be created from the CAPA.

Deviation → (CAPA if needed) → (Change Control if needed)

This is the most direct workflow.

It starts with a Deviation, which is registered when a non-conformity or unexpected situation occurs.

After review, the responsible team evaluates whether a CAPA is needed.

From the Deviation:

  • If no corrective or preventive action is required, the deviation is reviewed and closed.
  • If action is required, a CAPA is created directly, without starting a separate investigation.

Inside the CAPA, the team assesses whether a Change Control is needed.

From the CAPA:

  • If the actions do not require updates to documents, procedures, or systems, the CAPA is completed and the process ends.
  • If a permanent or formal change is required, a Change Control is started to implement it.

Allowed flows in this workflow:

  • Deviation → no CAPA → close
  • Deviation → CAPA → no Change Control → close
  • Deviation → CAPA → Change Control

Key rules:

  • Only one CAPA can be created per deviation.
  • Only one Change Control can be created per CAPA.
  • No investigation is part of this flow.
  • The flow is used when the root cause is clear and no further analysis is needed.

Direct Change Control

In some cases, a Change Control can be created directly, without going through a deviation, investigation, or CAPA.

This applies to planned or proactive changes, such as:

  • Process improvements
  • Equipment upgrades
  • Procedure updates
  • Regulatory-driven changes
  • Periodic reviews

These changes are not triggered by a non-conformity or issue, but are part of ongoing quality system maintenance or business improvements.

How it works:

  • A user with the appropriate role initiates a Change Control request.
  • The request goes through the standard approval process, including quality and regulatory review if required.
  • The change is implemented only after full approval.

Allowed flow in this case:

  • Change Control (initiated directly)

Key rules:

  • No deviation, investigation, or CAPA is required before starting.
  • All standard validation, documentation, and approval steps still apply.
  • This type of change must still follow full traceability and audit trail requirements.