The CAPA workflow

CAPA stands for Corrective And Preventive Action. It’s the universal language of fixing safety findings. SteadyOn implements a four-stage workflow that maps onto the way real organisations work.

The four stages

Open  →  In progress  →  Completed  →  Verified

Stage	Set by	Means
Open	System	Action created and assigned. Work not started.
In progress	Anyone	Assignee is actively working on it.
Completed	Anyone	Assignee says the work is done.
Verified	Admin or owner	A second person confirmed the work is done and effective.

Why four stages, not two

Many organisations use Open / Closed only. That’s a mistake.

Completion is not the same as effectiveness. A worker can install a guard incorrectly, mark the action complete, and walk away convinced they’ve done the job. The guard works in theory; it fails in practice. Without a verification step, no one would ever notice.
Two-person sign-off is a control in itself. It’s the same reason aircraft maintenance has independent inspection — the person who did the work has incentive to mark it done; the person who verifies has none. Splitting the role splits the bias.

The verification step is what makes CAPA defensible to a regulator. Without it, your action register is a list of promises. With it, it’s a list of checked outcomes.

Corrective vs preventive

The two action types:

Corrective — fixes a known problem. Something has already broken or is currently broken; this action puts it right. Example: replace a guard that’s missing.
Preventive — heads off a future problem. The thing isn’t broken yet, but the analysis suggests it will be. Example: schedule annual replacement of guards before they wear out.

Both are valuable. Preventive actions are how a safety system matures from “constantly reacting” to “systematically managing”.

Where actions come from

Three sources:

From a finding — a hazard’s recommended control, an incident’s investigation, or an inspection’s failed item. These are the most useful kind because the source is preserved automatically. (See Raise an action from a finding.)
Standalone — typed from scratch. Useful for genuinely independent work (“buy three new fire extinguishers”), but often a sign that the originating finding wasn’t recorded.
From CSV import — when migrating a backlog from a previous system.

When the source is a finding, the link is captured in the entity-relationships graph. The action’s Related tab shows the source; the source’s Related tab shows the action. Either side can be opened from the other.

What makes a good action

A good action is:

Specific. “Install anti-slip vinyl flooring throughout kitchen (20m²)” — not “fix the floor”.
Assigned to a named person. Not a team or a role.
Time-bound. A real due date, set when the action is created, not when it’s almost overdue.
Linked. To the hazard, incident, or inspection finding it came from.
Single-purpose. “Install flooring AND retrain staff” is two actions.

Vague actions are the most common quality issue in CAPA logs. They get marked complete on debatable evidence and quietly never close the underlying finding.

Why “Verified” requires admin or owner

The role split mirrors the work split.

The person who did the work is rarely a manager — and shouldn’t need to be.
The person who verifies should have authority to push back if the work isn’t acceptable. That authority sits with admin or owner roles.

If there’s no admin around (a one-person org), the owner verifies. If there’s a member-only contractor, an admin verifies their work.

This means in a healthy CAPA programme, owners and admins spend a chunk of their time verifying, not just creating actions. The verification work is the real signal of an active safety culture.