CPA Types
| Type | Database Value | Description |
|---|---|---|
| Corrective | corrective | Addresses an existing deficiency or nonconformity. Eliminates the root cause of a detected problem. |
| Preventive | preventive | Prevents a potential deficiency from occurring. Addresses conditions that could lead to future problems. |
CPA Statuses
| Status | Database Value | Description |
|---|---|---|
| Draft | draft | CPA has been created but not yet approved or assigned. |
| Open | open | CPA has been approved and assigned to an owner. |
| In Progress | in_progress | Work on the CPA is actively underway. |
| Pending Verification | pending_verification | The action has been completed and awaits verification of effectiveness. |
| Verified | verified | The action has been verified as effective. |
| Closed | closed | The CPA is formally closed. |
Status Lifecycle
Detailed Status Definitions
Draft
The CPA record has been created, typically from an investigation recommendation or a risk assessment output. Fields can be edited freely. The CPA is not yet assigned to an owner. Available actions: Edit, assign owner, set due date, approve. Who can transition: Safety manager, admin.Open
The CPA has been approved, assigned to an owner, and given a due date. The owner has been notified. No work has started yet. Available actions: Begin work, reassign, update due date. Who can transition: CPA owner, safety manager, admin.In Progress
The assigned owner is actively working on the CPA. Progress notes and evidence can be attached during this phase. Available actions: Add progress notes, attach evidence, mark action complete. Who can transition: CPA owner, safety manager, admin.Pending Verification
The CPA owner has marked the action as complete. A verifier (typically the safety manager or a designated reviewer) must confirm that the action was implemented effectively and that the original deficiency or risk has been adequately addressed. Available actions: Verify effectiveness, return to in progress (if verification fails). Who can transition: Safety manager, admin. The CPA owner cannot verify their own CPA.Verified
The action has been independently verified as effective. The CPA awaits formal closure. Available actions: Close. Who can transition: Safety manager, admin.Closed
The CPA is formally closed. The record is read-only and retained per the organization’s records retention policy. Available actions: None. The record is immutable. Who can transition: Safety manager, admin.CPA Fields
| Field | Type | Required | Description |
|---|---|---|---|
title | String | Yes | Brief description of the action. |
description | Text | Yes | Detailed description of what must be done. |
type | Enum | Yes | corrective or preventive. |
priority | Enum | Yes | low, medium, high, or critical. |
owner | User reference | Yes (at Open) | The person responsible for completing the action. |
due_date | Date | Yes (at Open) | Target completion date. |
status | Enum | Yes | Current lifecycle status. |
source | Enum | Yes | Origin of the CPA: investigation, risk_assessment, audit, or manual. |
linked_report | Report reference | No | The safety report that triggered this CPA. |
linked_investigation | Investigation reference | No | The investigation that recommended this CPA. |
verification_date | Date | No | Date the CPA was verified as effective. |
verified_by | User reference | No | The person who verified effectiveness. |
verification_notes | Text | No | Notes from the verification review. |
created_at | Timestamp | Auto | Record creation timestamp (UTC). |
updated_at | Timestamp | Auto | Last modification timestamp (UTC). |
Priority Levels
| Priority | Database Value | Description | Typical Response Time |
|---|---|---|---|
| Critical | critical | Immediate safety risk. Requires urgent action. | 24-48 hours |
| High | high | Significant safety concern. Prompt action required. | 1-2 weeks |
| Medium | medium | Moderate safety concern. Action within normal timeframe. | 30 days |
| Low | low | Minor concern. Action at next convenient opportunity. | 90 days |
Verification Process
Verification is the independent confirmation that a CPA has been effectively implemented and that the original deficiency or risk has been adequately addressed. The verification process consists of:- Completeness check — Confirm that all planned actions were carried out.
- Evidence review — Review attached evidence (documents, photos, records) demonstrating implementation.
- Effectiveness assessment — Determine whether the action has eliminated or adequately mitigated the identified risk.
- Documentation — Record verification notes, date, and verifier identity.
in_progress with notes explaining what additional work is required.
Status Transition Rules
| From | To | Permitted Roles | Conditions |
|---|---|---|---|
| Draft | Open | Safety manager, admin | Owner and due date assigned |
| Open | In Progress | CPA owner, safety manager, admin | None |
| In Progress | Pending Verification | CPA owner, safety manager, admin | Completion evidence attached |
| Pending Verification | Verified | Safety manager, admin | Verifier is not the CPA owner |
| Pending Verification | In Progress | Safety manager, admin | Verification failure reason required |
| Verified | Closed | Safety manager, admin | None |
Overdue Tracking
CPAs that pass their due date without reachingpending_verification are flagged as overdue. The system generates notifications to:
- The CPA owner
- The safety manager
- The accountable executive (for critical priority CPAs)
Regulatory Alignment
| Part 5 Section | Requirement | CPA Component |
|---|---|---|
| 5.55 | Safety risk assessment and control | CPA as a risk control mechanism |
| 5.73 | Safety performance assessment | Verification of CPA effectiveness |
| 5.75 | Continuous improvement | Systemic corrective and preventive actions |
| 5.97 | SMS records | CPA records retained as long as control remains relevant |