CPA Types
| Type | API Value | Description |
|---|---|---|
| Corrective | corrective | Addresses an existing deficiency or nonconformity. Eliminates the root cause of a detected problem. |
| Preventive | preventive | Prevents a potential deficiency from occurring. Addresses conditions that could lead to future problems. |
CPA Statuses
| Status | API Value | Description |
|---|---|---|
| Open | open | CPA has been approved, assigned to an owner, and given a due date. |
| In Progress | in_progress | Work on the CPA is actively underway. |
| Implemented | implemented | The action has been completed and awaits independent verification of effectiveness. |
| Verification | verification | The action is being verified for effectiveness by someone other than the owner. |
| Closed | closed | The CPA is formally closed. Record is immutable. |
Status Lifecycle
Status Transition Rules
| From | To | Permitted Roles | Conditions |
|---|---|---|---|
| Open | In Progress | CPA owner, safety manager, admin | None |
| In Progress | Implemented | CPA owner, safety manager, admin | Completion evidence attached |
| Implemented | Verification | Safety manager, admin | Verifier is not the CPA owner |
| Verification | Closed | Safety manager, admin | Effectiveness confirmed |
| Verification | In Progress | Safety manager, admin | Verification failure reason required |
Priority Levels
| Priority | API Value | Description | Target Response Time | Escalation |
|---|---|---|---|---|
| Critical | critical | Immediate safety risk requiring urgent action. Operations may need to be halted or modified. | 24 — 48 hours | Accountable executive notified immediately. |
| High | high | Significant safety concern. Prompt action required to prevent escalation. | 1 — 2 weeks | Safety manager notified daily until resolved. |
| Medium | medium | Moderate safety concern. Action within normal operational timeframe. | 30 days | Standard overdue notifications. |
| Low | low | Minor concern. Action at next convenient opportunity. | 90 days | Standard overdue notifications. |
CPA Fields
| Field | Type | Required | Description |
|---|---|---|---|
code | String | Auto | Auto-generated tracking code (e.g., CPA-2026-0015). |
title | String | Yes | Brief description of the action. |
description | Text | Yes | Detailed description of what must be done. |
type | Enum | Yes | corrective or preventive. |
priority | Enum | Yes | critical, high, medium, or low. |
owner | User reference | Yes (at Open) | The person responsible for completing the action. |
due_date | Date | Yes (at Open) | Target completion date. |
status | Enum | Auto | Current lifecycle status. |
source | Enum | Yes | Origin: investigation, risk_assessment, audit, or manual. |
linked_report | Report reference | No | The safety report that triggered this CPA. |
linked_investigation | Investigation reference | No | The investigation that recommended this CPA. |
progress_notes | Array | No | Timestamped notes documenting work progress. |
evidence | Array | No | Attached files demonstrating implementation (documents, photos, records). |
effectiveness_criteria | Text | No | Measurable criteria the verifier will use to confirm effectiveness. |
verification_date | Date | No | Date the CPA was verified as effective. |
verified_by | User reference | No | The person who verified effectiveness. |
verification_notes | Text | No | Notes from the verification review. |
created_at | Timestamp | Auto | Record creation timestamp (UTC). |
updated_at | Timestamp | Auto | Last modification timestamp (UTC). |
Verification Process
Verification is an independent confirmation that a CPA has been effectively implemented and that the original deficiency or risk has been adequately addressed.Verification Components
Verification Components
| Step | Component | Description | |:----:|-----------|-------------| | 1 | Completeness
check | Confirmation that all planned actions were carried out as described. | | 2 |
Evidence review | Review of attached evidence (documents, photos, training records,
procedure revisions) demonstrating implementation. | | 3 | Effectiveness assessment |
Evaluation of whether the action has eliminated or adequately mitigated the identified risk
against the defined effectiveness criteria. | | 4 | Documentation | Recording of
verification notes, date, and verifier identity in the CPA record. |
Separation of Duties
Separation of Duties
The verifier must be a different person from the CPA owner. The system enforces this constraint
— the
Verify action is unavailable to the assigned owner.Verification Failure
Verification Failure
A failed verification returns the CPA to
in_progress with notes documenting what additional
work is required. The due date may be extended. The CPA owner is notified.Overdue Tracking
CPAs that pass their due date without reachingimplemented are flagged as overdue. The system generates notifications as follows:
| Recipient | Notification Trigger |
|---|---|
| CPA owner | Due date reached. Repeated at configurable intervals. |
| Safety manager | Due date reached. Daily digest of all overdue CPAs. |
| Accountable executive | Critical-priority CPAs overdue by more than 48 hours. |
CPA Sources
| Source | API Value | Description |
|---|---|---|
| Investigation | investigation | Generated from an investigation’s recommended actions. Links to the investigation record. |
| Risk Assessment | risk_assessment | Generated when a risk assessment identifies the need for controls. Links to the risk assessment. |
| Audit | audit | Generated from an internal safety audit finding. Links to the audit finding report. |
| Manual | manual | Created directly by the safety manager without a linked source record. |
Regulatory Alignment
| Part 5 Section | Requirement | CPA Component |
|---|---|---|
| 5.55 | Safety risk assessment and control | CPA as a risk control mechanism |
| 5.73 | Safety performance assessment | Verification of CPA effectiveness |
| 5.75 | Continuous improvement | Systemic corrective and preventive actions |
| 5.97 | SMS records | CPA records retained as long as control remains relevant |
Related
Create a CPA
CPA creation and assignment.
Investigation Workflow
How investigations generate CPA recommendations.
Your First CPA
Tutorial walkthrough of the CPA lifecycle.
Risk Assessment Matrix
Risk assessment criteria that drive CPA creation.