Еконтроль
Back to Resources

CAPA in Defense Manufacturing: Corrective Actions Under AQAP 2110 That Actually Work (2026)

CAPA under AQAP 2110: nonconformities, root cause analysis (RCA), corrective and preventive actions, effectiveness verification. UAV example. Bureau Veritas partner.

Published July 9, 202614 min read
CAPA in defense manufacturing — corrective actions under AQAP 2110 for the defense manufacturer

What CAPA is and why AQAP 2110 calls it out separately

CAPA AQAP 2110 (Corrective and Preventive Actions) is a formal mechanism for handling nonconformities and risks that the NATO standard demands far more strictly than civilian QMS. In most Ukrainian defense teams, CAPA is treated as "close the nonconformity and write that we did better next time." In practice it's three distinct layers of action, and mixing them is exactly where most Stage 2 audits fall apart.

First layer — Correction. Direct fix of a specific defect: rework the assembly, replace the board, sort the batch, scrap the rejects. Correction doesn't touch the cause, it handles the consequence right here and now. If you only fixed the defective drone and did nothing else, that isn't CAPA, that's rework.

Second layer — Corrective Action. This eliminates the root cause so the specific nonconformity doesn't repeat. Instead of inspecting the board more carefully every time, you change the process: introduce AOI inspection, retune the reflow oven temperature profile, rewrite the operator instruction. CA works on the cause, not the symptom.

Third layer — Preventive Action. This stops potential problems that haven't occurred yet but could. If one assembly line has a problem and the sister line doesn't but the conditions are similar, you proactively deploy the same fix on line two. PA works on risk.

ISO 9001 in the 2015 edition formally removed the separate preventive action requirement and replaced it with risk-based thinking. AQAP 2110, published by the NATO Standardization Office and supplemented by industry guidance IAQG 9137, went the opposite way: the standard explicitly requires a documented PA program alongside CA, mandatory RCA for every significant nonconformity, and a full documentation cycle from NCR to closure. The differences between ISO and AQAP are spelled out in our AQAP 2110 vs ISO 9001 comparison. Why this matters specifically for defense: a recurring nonconformity isn't just a customer complaint or batch return. It's blocked deliveries on a government contract, a lost certificate, and in the worst case a criminal investigation if the defect cost lives. The standard's nonconformity requirements are covered in the complete AQAP 2110 guide and tie to the system described on /en/aqap-2110.

Correction vs Corrective vs Preventive Action

The three layers confuse even experienced quality engineers, and a Bureau Veritas auditor will probe this immediately at Stage 2. Correction — you fix the specific defect (replaced the board on one drone). Corrective Action — you remove the cause so this defect can't recur on this line (added AOI, changed the oven temperature). Preventive Action — you apply the same fix on the neighboring line where the problem hasn't surfaced yet but conditions are similar. AQAP 2110 requires all three layers with documentation; ISO 9001:2015 formally went silent on PA, but the auditor still expects it via risk-based thinking.

CAPA lifecycle: 7 steps from detection to closure

A working CAPA is a sequence of seven steps where each one has a specific document, owner, and a realistic timeline. If even one step is missing, the auditor sees it in five minutes in the NCR log. Let's walk the full cycle on a typical FPV drone manufacturer nonconformity.

Step 1. Detection and recording. A QC operator finds cold solder joints on the flight controller's power connector in a batch of 50 drones. First step is to file an NCR (Non-Conformance Report) with description, where it was found, on what quantity, from which batch, photo evidence, and a unique number. If the NCR isn't filed the day it's found, problems begin: the drone risks moving into the next operation, data gets forgotten.

Step 2. Containment. As soon as the NCR is filed, isolate the problem: the whole batch is tagged "Hold," pulled from the flow, the neighboring batch is checked, and you find out whether any drones from this batch have already shipped. Containment is the most time-critical step: hours, not days. If you see the issue at 14:00 and the batch is blocked the next morning, shipments keep moving and the export risk is real.

Step 3. Immediate correction. Now you fix the specific defects: rework joints, scrap, send for refurbishment. This is rework, it doesn't solve the cause, but it closes the operational risk. Often at this step part of the team thinks CAPA is done. That's the most common mistake — you haven't even started real CAPA yet.

Step 4. Root Cause Analysis (RCA). Here you answer the question "why did this happen." Not "the operator missed it," but the real cause: equipment, process, instruction, supplier, training, design error. RCA takes a few hours for simple cases up to 2-3 weeks for systemic ones. Without RCA no CA will work — you'll treat symptoms, not the disease. Methods are covered in the next section.

Step 5. Designing the CA. With the root cause in hand, the quality engineer together with the process engineer and production designs a concrete fix: change the oven settings, add AOI inspection, rewrite the instruction, retrain operators on the updated method. The CA must be SMART and documented with owner, deadline, and resources.

Step 6. Implementation and effectiveness check. The fix is deployed and monitoring begins. Not just "done — closed," but a real check: did defect frequency drop in 30-90 days, is the new procedure actually being followed, did side effects appear. Covered in detail below.

Step 7. Closure + lessons learned. The NCR is formally closed with a complete package: containment record, RCA report, CA implementation evidence, effectiveness verification result. Lessons learned go out to adjacent processes and teams — that's the bridge to Preventive Action. NCR archive — minimum 10 years under AQAP 2110, for critical products life cycle plus 10.

StepActionOwnerDocumentDuration
1. DetectionRecord the nonconformity with description, photos, quantityQC operator / inspectorNCR with unique numberDay of detection
2. ContainmentIsolate the batch with a Hold tag, check neighboring and shipped batchesQuality engineer + line supervisorContainment record, updated lot status2-8 hours
3. Immediate correctionRework, scrap, dispose of defective unitsProcess engineer + rework crewRework log, disposal act if needed1-5 days
4. RCARoot cause analysis using a chosen method (5 Why, Fishbone, FTA, 8D)Quality engineer + cross-functional teamRCA report with findings and evidence2-15 days
5. CA designDesign the corrective action with owner and deadlineQuality engineer + process engineer + productionCA plan, updated instructions, ECO if needed5-15 days
6. Implementation + checkDeploy the fix, monitor effectiveness for 30-90 daysProcess engineer + quality engineerImplementation record, effectiveness report30-90 days
7. Closure + lessons learnedFormal NCR closure, share knowledge with adjacent processesQuality engineer + QA managerClosure record, lessons learned, updated risk register1-3 days

RCA: 5 root cause analysis methods for defense

RCA is the heart of CAPA. Without an honest root cause analysis you're stuck forever at "the operator missed it" and you treat symptoms. In defense projects we use five core methods, and the right choice depends on the problem type, criticality, and time available.

Method 1. 5 Whys. Simplest and fastest: ask "why" five times in a row until you reach the systemic cause. FPV board defect walkthrough: "Why didn't the board boot? — Cold solder on the power connector." "Why cold solder? — Reflow oven temperature was low." "Why was the temperature low? — Profile wasn't recalibrated after switching solder type." "Why wasn't it recalibrated? — The instruction doesn't include a recalibration step." "Why doesn't the instruction include it? — Instruction wasn't updated when the solder supplier changed." Root cause — stale instruction and no link between supplier change and instruction review. CA — update the instruction plus a rule to review instructions on every material change. 5 Whys fits most nonconformities with an obvious symptom, takes 30-60 minutes.

Method 2. Fishbone (Ishikawa). For multi-factor problems where the symptom can have several parallel causes. The diagram splits possible causes into 6 categories (6M): Man, Machine, Method, Material, Measurement, Environment. The team sits together, generates hypotheses for each category, then validates each with facts. Classic case — unstable solder quality across batches: causes turned out to be people (new shift supervisor), equipment (worn oven profile), material (solder batch with a different melt temperature), and environment (cold-month cyc temperature swings). Fishbone — 2-4 hours of team work, effective for systemic problems.

Method 3. Fault Tree Analysis (FTA). Logical event tree for critical defects: takes an undesired event (e.g., loss of UAV control in flight) and breaks it into branches of causes with AND/OR logic gates. Lets you estimate probability and find the most critical nodes. Mandatory for avionics, weapons systems, missile tech — accounts for failure combinations. More complex method, needs a trained engineer, takes 1-2 weeks for a serious analysis. Governed by IEC 61025 and usually paired with FMEA.

Method 4. 8D Methodology. Ford-developed standard defense-response to customer complaints. Eight disciplines: D1 — team, D2 — problem description, D3 — interim containment, D4 — RCA, D5 — permanent CA, D6 — implement, D7 — preventive measures, D8 — close-out. 8D is the report format expected by Ukrainian MoD, NSPA, and NATO export contracts. Reference walkthrough — the ASQ 8D methodology. For a customer complaint, 8D is practically mandatory because that's the format the customer is used to.

Method 5. Pareto Analysis. Not RCA in the pure sense, more of a prioritization tool. By 80/20: 80% of nonconformities come from 20% of causes. Gather NCR data for 3-6 months, group by defect type or cause, rank by frequency. The top 5 causes are your real priorities for systemic CAPAs. Classic result at a drone manufacturer: 60% of NCRs are cold solder and missing components, another 20% are calibration errors, the remaining 20% are everything else. Conclusion: invest CAPA effort in the first two categories, don't scatter. Pareto is a monthly routine, not a one-shot method. For UAV manufacturers this pairs well with the drone manufacturer certification approach, because ranked causes give focus for QMS changes.

MethodProblem typeComplexityDefense example
5 WhysObvious symptom, one main causeLow (30-60 min)Cold solder on an FPV board from a stale instruction after solder change
Fishbone (Ishikawa)Multi-factor problem, several parallel causesMedium (2-4 h team)Unstable solder quality across batches — combination of people, equipment, material, environment
Fault Tree Analysis (FTA)Critical defects, life and safety riskHigh (1-2 weeks engineer)Loss of UAV control in flight — avionics, firmware, power failure combinations
8D MethodologyCustomer complaints from MoD, NSPA, NATOMedium-high (formatted report)Customer complaint on a drone batch with a systematic optics defect
Pareto AnalysisPrioritizing systemic CAPAsLow-medium (monthly routine)Top-5 NCR types over 6 months at an FPV maker — CAPA resource focus

Designing a corrective action: criteria that work vs. don't

Finding the root cause is 60% of the job. The remaining 40% is designing a CA that actually removes the cause instead of creating the illusion of work. Unfortunately, in the vast majority of NCR logs we see during diagnostic audits, the CA is worded in a way that can't work in principle.

A good CA is SMART: Specific (not "improve the process"), Measurable (with a success criterion), Assignable (with a clear owner), Realistic (achievable within resources), Time-bound (with a deadline). If one of the five is missing, that's not a CA, that's a statement of intent.

A common anti-pattern is wording like "be more attentive," "tighten control," "conduct a briefing," "remind the staff." None of these change the system, all of them push responsibility onto the human factor, which is already the weak link. Another anti-pattern — "write a new instruction" without changing the actual process: now you have a new instruction, but the equipment, material, and conditions are the same, so the defect comes back.

Let's walk an example. Defect — cold solder on the flight controller. Bad CA: "Instruct the operator to watch the soldering more carefully. Owner — supervisor. Deadline — ongoing." This closes nothing: the operator is already trying, briefings change nothing physical, "ongoing" means the CA will never be closed. Good CA: "Deploy automated optical inspection (AOI) after the soldering operation on 100% of flight controller boards. Add temperature sensors to the reflow oven with an alarm at >5°C profile deviation. Update the operator instruction with a recalibration step on supplier change. Owner — lead process engineer. Deadline — 45 days. Success criterion — zero cold solder defects in the next 200 units." Concrete fix that changes the system, not the person.

It helps to lean on the hierarchy of controls borrowed from occupational safety and adapted for defense quality. Best to worst: elimination (remove the cause entirely — e.g., switch to lead-free solder that's more stable), substitution (swap the problem element — a different solder supplier), engineering controls (physical barriers and automation — AOI, oven alarms), administrative controls (new procedures, instructions, training), PPE/human factor (individual control, retraining). If your CA only sits at the bottom layer, the RCA was shallow or the CA was rushed. A concrete example of building a quality CAPA system for a UAV maker is detailed in the drone manufacturer certification guide, and the documents required for it — in the AQAP 2110 documents checklist.

Ready to build a working CAPA system?

Free 30-minute consultation with assessment of your current processes. Bureau Veritas partner in Ukraine.

Get consultation

Effectiveness verification: how to confirm a CA actually worked

Based on our diagnostic audit data, roughly half of closed NCRs didn't actually solve the problem — the defect comes back in 3-6 months, sometimes in another form. The reason is simple: teams tick "implemented" and consider CAPA closed without checking the real effect. AQAP 2110 clause 10.2 explicitly requires review of effectiveness, and auditors check this at Stage 2 routinely.

A working effectiveness verification leans on four data sources. First — repetition tracking. Maintain a rejected lots register or dashboard tracking how often similar defects recur in 30, 60, 90 days after the CA. If the defect reappears in 90 days, the CA didn't work, the RCA was shallow, escalate. Second — sample verification. Random sample of 20-30 units after CA introduction, focused specifically on the parameter the CA targeted. Not general QC, but a targeted check of the effect.

Third — document and process review. Walk the shop floor physically 2-4 weeks after deployment and check whether the new procedure is actually followed in real work. Operators often revert to old habits, especially on shifts without a quality engineer present. If the new procedure isn't being followed, the CA didn't work in practice regardless of paperwork. Fourth — trend analysis. Look at KPIs like frequency of NCRs of a specific type over 6 months: if the trend line didn't bend down, the CA solved a point case, not the systemic problem.

Review of effectiveness should be a scheduled point in the CAPA procedure, not a one-off activity. Typical frequency — 30 days for operational NCRs and 90 days for systemic ones. The review result is logged in a dedicated NCR section and affects closure: if the CA is ineffective, the NCR stays open, RCA is revisited, CA is redesigned. If effectiveness is confirmed, the NCR is formally closed. This loop is directly checked during a customer audit by the MoD: the auditor picks 5-10 closed NCRs from the last 12 months and asks for effectiveness evidence. If it's missing — major nonconformity with certification blocked until corrected.

Preventive Action: stopping problems before they happen

Preventive Action is the least popular part of CAPA in Ukrainian manufacturers. In most NCR logs we review, the PA column is empty or filled formally. Yet AQAP 2110 requires a PA program on par with CA, and it's PA that distinguishes a mature defense team from one that only reacts.

PA sources are concrete data, not guesses. First — trend analysis on your own NCRs: if you see growth in category X defect frequency over the last 3 months, don't wait for a critical incident, launch PA now. Second — customer feedback: complaints, GQAR remarks, export customer claims. If similar issues come from multiple customers, that's a signal. Third — supplier issues: if your board supplier suddenly switched factories, or your aluminum supplier had a problem batch, assess the risk to your processes and launch PA. Fourth — audit findings, including your internal ones. Fifth — lessons learned from adjacent projects and teams.

Risk-based approach is the foundation of modern PA methodology. Don't try to "prevent everything," it's unrealistic. Take the top-5 high-risk processes from your risk register and focus there. For a UAV maker that's usually: critical avionics soldering, flight controller firmware, flight testing, final batch certification, shipping. Those five processes account for 80% of manufacturing defect risk, and that's where main PA effort goes.

PA integration with the risk register is a mandatory AQAP 2110 requirement. Each identified potential threat (via any of the sources above) is registered in the risk register with likelihood and impact assessment. For high-risk items, PA is launched with the same disciplines as CA: SMART wording, owner, deadline, effectiveness check. PA is closed with effectiveness documentation. A good integration example — the link between PA and configuration management under AQAP 2110: a design change reducing assembly error risk is a typical preventive action. Another link — with batch traceability: improved traceability is itself a PA, because it shortens reaction time to a potential defect and limits its spread.

5 common CAPA mistakes Ukrainian defense manufacturers make

From diagnostic audit experience in the defense segment, the same problems show up over and over. Almost all of them are a consequence of "CAPA for certification" rather than "CAPA as a quality management tool." Five most painful ones.

First — NCRs closed on the fact of correction, without RCA. Defect found, resoldered, log says "defect removed," closed. No cause analysis, no containment record, no CA. To an auditor this looks like a rework log labeled NCR. At Stage 2 the auditor picks 10 closed NCRs and asks for RCA evidence. If it's missing on 5 of 10 — major nonconformity.

Second — "retrain the staff" as a universal CA. Almost half of NCRs in undeveloped systems are closed with "conduct repeat operator briefing." That's not a CA, it's a declaration. The root cause — equipment, material, or process — stays untouched. In 2-3 months the defect comes back. Fix it with a rule: "training as CA" only works if RCA proved the root is a competency gap, and training is accompanied by a test and competency record.

Third — no effectiveness verification. The NCR is closed the day the CA is deployed. A week later the defect reappears, but as a new NCR with the same description. In the log you'll see a series of identical NCRs with the same symptom, each closed with "CA deployed," and no review trace. Fix it by making an effectiveness check mandatory 30 days after closure, with the result documented in the NCR itself.

Fourth — PA isn't run at all. In most logs, the Preventive Action column is empty or has the boilerplate "PA not needed, problem is local." AQAP 2110 explicitly requires a PA program, and its absence is a guaranteed nonconformity. Fix it by launching a quarterly PA meeting analyzing sources: trends, customer feedback, audit findings.

Fifth — CAPA register in Excel with no link to production processes. A separate spreadsheet maintained by one quality engineer, not linked to production accounting, warehouse, design ECOs. A defective batch can quietly ship because the warehouse doesn't see the NCR. Fix it by either integrating CAPA with ERP (for teams of 30+), or a strict notifications procedure: any NCR immediately triggers a lot status update at the warehouse and a production halt.

The biggest CAPA mistake

The most painful and most common mistake — "retrain the staff" as a universal corrective action. Almost half of NCRs in immature CAPA systems get closed with exactly this phrase. That's not a CA, it's avoidance of system-change accountability. The defect root — in the process, equipment, or material — stays untouched, and in 2-3 months the same defect returns. The Bureau Veritas auditor at Stage 2 always asks: "Show evidence the training was effective and the defect didn't recur in 90 days." If you can't, you get a major nonconformity and certification is blocked. Set a hard rule: training as CA only if RCA proved a competency gap, and the training is paired with a test and competency record.

FAQ — Common questions about CAPA in AQAP 2110

We collected answers to the questions that come up most often on first calls about CAPA with defense manufacturers. If your question isn't here, reach out — we'll add it to the next revision.

Tags