1.3 Incident / near-miss reporting and CAPA linkage

A silent factory is often a highly dangerous factory. In mature, high-reliability manufacturing organizations, it is critical that bad news travels fast. If an operator hides a minor electrical shock or a small chemical spill—often out of a genuine fear of punitive action—the entire engineering system loses the critical weak-signal data it desperately needs to prevent a future, more severe incident. This chapter establishes the protocol for capturing physical failure signals—incidents and near-misses—and systematically converting them into permanent engineering improvements via the formal Corrective and Preventive Action (CAPA) system.

Event Categorization and Reporting Logic

Teams must be trained to treat every single unplanned event as a valuable system data point. Anomalies are not reported to “tattle” on colleagues or to assign blame; they are reported to debug the facility’s engineering and administrative controls.

To manage this data properly, events must be categorized upon intake using clear definitions rather than subjective feelings:

• Incident: An event resulting in actual harm, such as physical injury, property damage, or an uncontrolled environmental release. Example: A forklift impacting a pallet rack, or a technician suffering a chemical burn.
• Near-Miss: An event where the primary safety barrier ultimately held, but chance played a major factor in preventing actual harm. Every near-miss must be treated as a “free lesson.” Example: A heavy steel fixture falls from a test bench but lands just a few centimeters away from an operator’s foot.
• Unsafe Condition: A latent, static hazard that is simply waiting for a dynamic trigger to become a full-blown incident. Example: A critical fire extinguisher completely blocked from view by a careless stack of empty pallets.

The engineering decision logic for responding to these events should be equally clear:

Event Severity / Type	Required Action
Requires Medical Intervention/First Aid	A Level 1 Investigation must be triggered immediately; a formal Root Cause Analysis (RCA) must be completed within 24 hours.
Realistic Potential for Fatality (e.g. Arc Flash)	This must be treated exactly as an actual incident and unequivocally require a full RCA.
Unsafe Condition Observed	This must be logged in the system. If permanently fixed immediately (e.g. establishing a new physical boundary), the log may be closed quickly.

The CAPA loop (Corrective & Preventive Action)

Reported data points become useless noise if they do not drive a systematic resolution. The CAPA system serves as the formal engineering feedback loop designed specifically to prevent any recurrence of an issue. It is crucial that teams do not confuse a fast correction with a true corrective action.

• Correction: An immediate, temporary containment merely meant for “stopping the bleeding.” Example: Manually mopping up a hydraulic oil spill from the factory floor.
• Corrective Action: Permanently removes the direct, physical cause of the specific failure. Example: Fully replacing the degraded, leaking rubber gasket on that specific hydraulic pump.
• Preventive Action: A systemic, wide-scale fix designed to eliminate the entire risk class. Example: Systematically replacing all aging hydraulic pumps facility-wide with modern, seal-less magnetic-drive pumps.

The investigation protocol

The overriding goal of any safety investigation centers entirely on discovering the root cause, never simply assigning blame to an operator.

• Minor, Straightforward Incidents: The “5 Whys” methodology must be used to drill down to the foundational failure.
• Complex, Multi-Factor Failures: A Fishbone (Ishikawa) Diagram must be utilized to map the interactions between different systems.

There is one golden rule for investigations: if the conclusion is simply “Human Error,” then the investigation remains fundamentally incomplete. It must be asked why the engineering or administrative system allowed a human to make that error in the first place. Root causes often trace back to poor UI labeling on a control panel, excessive fatigue driven by scheduling, or poor workstation ergonomics.

Critical Factor

Closing a CAPA record with the action item “Retrain Operator” should be avoided. Statistically, training is the weakest administrative control available to engineers. If the operator failed, the inherent design of the process likely failed them. The hazard should be engineered completely out of the system—for example, by adding a physical, interlocked machine guard that removes the choice to perform the task incorrectly.

---

Recap: Incident Classification and CAPA Escalation Protocol

Event Type	Classification Criteria	Required Action	CAPA Level
Incident	Actual harm: injury, property damage, or environmental release.	Trigger Level 1 investigation immediately. Complete formal RCA within 24 hours.	Corrective Action
Near-Miss	Safety barrier held, but chance prevented harm.	Treat as an incident. Complete formal RCA.	Preventive Action
Unsafe Condition	Static, latent hazard (e.g., blocked fire extinguisher).	Log immediately. If permanently fixed on-site, log may be closed.	Correction / Corrective Action
Potential Fatality	Realistic risk of death (e.g., arc flash).	Treat exactly as an incident. Mandatory full RCA.	Preventive Action
Investigation Root Cause	Conclusion cannot be “Human Error”.	Use “5 Whys” (minor) or Fishbone Diagram (complex). Action must engineer hazard out of system.	N/A