API Q1 5 Product Realization

5.1 Contract Review

5.1.1 General

The organization must uphold a documented procedure for reviewing requirements related to product provision. This procedure should cover determining requirements, reviewing requirements, and making changes to requirements.

5.1.2 Determination of Requirements

The organization must identify requirements outlined by the customer, legal regulations, and any other applicable criteria, as well as requirements not explicitly mentioned by the customer but deemed necessary by the organization for providing the product. In cases where the customer hasn’t provided documented requirements, the organization must confirm these requirements and keep records of the confirmation process.

5.1.3 Review of Requirements

The organization must assess the requirements regarding product provision. This assessment must occur before the organization commits to delivering the product to the customer. It should confirm that requirements are identified and documented, resolve any discrepancies from previously identified requirements, and ensure the organization can meet the documented requirements. If contract requirements change, the organization must update relevant documents and inform relevant personnel of the changes. Records of the review outcomes, including any resulting actions, must be kept.

The organization must establish a documented procedure for the Contract review that defines the process for the review of the requirements related to the provision of products and required servicing. The organization shall determine stated customer requirements, legal and other requirements, and requirements considered by the organization necessary for the provision of the products. When the customer requirements are not documented, the organization must confirm the requirements with the customer and record them. Before the organization‘s commitment to deliver products to the customer, the organization shall review the requirements related to the provision of products. The organization should ensure that requirements are identified and documented. The requirements differing from those previously identified are resolved and the organization can meet the documented requirements. Where contract requirements are changed, organizations must document all changes and amend all relevant documentation and the organizations must notify all affected personnel of changes The results of the review and the action taken must be recorded

The requirement states that the organization should now include a review of the requirements arising either from customer, legal or other requirements or the organization’s customer. The organization should seek and record evidence that these requirements are considered during product and service reviews. The sub-clause mandates that your organization should not issue a quotation or accept an order until it has been reviewed to ensure requirements are defined, and that the organization can meet the defined requirements. It goes on to require that records of the review and any subsequent actions be maintained. The organization should conduct a review of customer requirements before order acceptance. It can conduct a contract review checklist with the following headings as a minimum:

Necessary information is available:

• Technical data;
• Specifications and standards;
• Drawings.
  Customer requirements are understood and can be met:
• For product acceptance (e.g. Quality, inspections & tests, verification & validation, and any special monitoring);
• For delivery expectations;
• For post-delivery expectations.
  Related standards have been reviewed and can be met:
• Statutory;
• Regulatory;
• International quality (e.g. ISO-9001:2015, API Q1);
• Other necessary and applicable standards.
  Unclear or ambiguous requirements are resolved;
  Feasibility has been determined:
• capability to meet order requirements;
• have the equipment;
• have the floor space;
• have adequate resources;
• have skilled personnel.
  Differences between the contract and quote are resolved;
  Methods of communicating with the customer are defined related to:
• Product information;
• Enquiries;
• Feedback;
• Concerns and complaints handling.
  Requirements that are not stated by the customer are defined.

If the customer does not provide their requirements in writing, the requirements must still be confirmed before they are accepted. Define your organization’s arrangements for the retention of documented information to capture the results of the review including any new requirements or changes e.g. record of contract review, including for example customer, reference, date, persons, resources, conventional/special requirements, risks outcome and changes.

5.2 Planning

The organization must identify and strategize the processes and documents necessary for product realization. During planning, the organization should address the following:

1. Management of required resources and work environment.
2. Product and customer-specified requirements.
3. Legal and other applicable requirements.
4. Design specifications.
5. Contingency planning.
6. Specific verification, validation, monitoring, measurement, inspection, and testing activities for the product, along with acceptance criteria.
7. Management of change (MOC).
8. Records are needed to demonstrate that product realization aligns with requirements.

The outcome of this planning must be documented and regularly updated to reflect changes. These plans should be organized in a structure suitable for the organization’s operations.

Planning is a critical requirement. During the discussion, participants will notice that sections (a) through (h) reference other parts of the API Spec Q1 10^th edition specification. The organization must take the referenced sections into account during planning. Once the review of requirements has occurred, organizations can begin to plan for the manufacturing or servicing of products.

(a) Resources and Management
During planning, organizations must take into account resources and work environment management necessary for manufacturing or servicing products.

(b) Product and Customer Requirements
The organization must take into account Product and Customer-specified requirements (see 5.1).
Meeting customer-specified requirements at a minimum, must be achieved for the manufacturing or servicing of product to be accepted.

(c) Legal and Other Requirements
The expectation that organizations know and understand legal and other applicable requirements resonates throughout the API Spec Q1 10^th edition. HSE, quality, and other requirements are included in this expectation. It is not possible to properly plan the manufacturing or servicing of products if the organization is not aware of the legal and other requirements that they are mandated to comply with.

(e) Contingency Planning
Based on the customer requirements for the manufacturing of the product, the organization shall identify the contingency plans for the identified risk found in the initial risk assessment to reduce and or eliminate the risk through the identified process or backup planning as well as developed employee competencies to manage the identified risk.

(f) Contingency Planning Based on Risks
Planning must include the initial risk assessments so that the risks can be mitigated.

(g) Design and Development Requirements
When planning under section 5.2 Planning, organizations must take into account section
5.4 Design and Development.

• 5.4.1 Design and Development Planning
• 5.4.2 Design and Development Inputs
• 5.4.3 Design and Development Outputs
• 5.4.4 Design and Development Review
• 5.4.5 Design and Development Verification and Final Review
• 5.4.6 Design and Development Validation and Approval
• 5.4.7 Design and Development Changes.

(h) Verification, Validation & Test
Organizations must address the following for product acceptance:

• Verification
• Validation
• Monitoring
• Measurement
• Inspection
• Test activities

(i) Management of Change
Change is in manufacturing product. When things go wrong, or something unplanned occurs, the organization can refer to the contingency plan, which is still part of . However, when changes fall outside the scope of the contingency plan, an MOC is required. If changes initiated by the organization or the customer result in risks, the organization must notify the customer through the MOC process, as previously discussed.

(j) Records
Records are needed to provide evidence that the product realization processes meet requirements. This links to the following API Q1 elements:

• 5.7.7 Inspection and Testing: Maintaining Records
• 5.9 Product Release: Maintaining Records

5.3.2 Risk Assessment
5.3.2.1 Product Delivery

Risk assessment related to product delivery must consider factors such as facility and equipment availability, including maintenance, as well as supplier delivery performance and material availability/supply.

In API Specification Q1, risk assessment related to product delivery must indeed consider various factors to ensure the reliability and consistency of the supply chain. Assess the availability of production facilities, warehouses, and distribution centres. Consider factors such as capacity constraints, maintenance schedules, and potential downtime due to unforeseen events (e.g., equipment failure, natural disasters). Evaluate the availability and reliability of production equipment, machinery, and vehicles. Consider maintenance schedules, breakdown frequency, and the availability of spare parts to minimize the risk of production delays or disruptions. Assess the delivery performance of suppliers, subcontractors, and vendors. Evaluate factors such as lead times, on-time delivery rates, quality consistency, and reliability. Poor supplier performance could lead to delays in receiving essential materials or components, impacting product delivery schedules. Evaluate the availability and reliability of raw materials, components, and supplies required for production. Consider factors such as supplier reliability, inventory levels, lead times, and potential supply chain disruptions (e.g., geopolitical events, transportation delays, raw material shortages). Assess the transportation and logistics infrastructure used for product delivery. Consider factors such as transportation modes, routes, transit times, customs clearance processes, and potential transportation-related risks (e.g., accidents, strikes, fuel shortages). Evaluate the variability in customer demand and the accuracy of demand forecasting. Consider factors such as seasonality, market trends, customer order patterns, and the potential impact of unexpected changes in demand on production and delivery schedules. Consider regulatory requirements and quality standards that must be met throughout the product delivery process. Ensure compliance with relevant regulations, industry standards, and customer specifications to mitigate the risk of non-compliance-related delays or penalties. Develop contingency plans and risk mitigation strategies to address identified risks and uncertainties. Implement measures such as safety stock levels, alternative sourcing options, supplier diversification, and business continuity plans to minimize the impact of potential disruptions on product delivery. By considering these factors in the risk assessment process, organizations can proactively identify potential risks and vulnerabilities in the product delivery process and implement appropriate measures to enhance supply chain resilience, reliability, and performance by API Specification Q1 requirements.

5.3.2.2 Product Quality

Risk assessment concerning product quality must encompass factors such as the delivery of nonconforming products and the availability of competent personnel.

Absolutely, in API Specification Q1, risk assessment concerning product quality encompasses various factors to ensure that products meet the required standards and specifications. Evaluate the risk associated with the delivery of nonconforming products to customers. This includes assessing the potential impact of defects, deviations, or failures in products on customer satisfaction, safety, and regulatory compliance. Implement measures to prevent, detect, and address nonconformities throughout the production and delivery process. Assess the effectiveness of product inspection and testing procedures to ensure that products meet quality requirements before delivery. Consider factors such as the frequency of inspections, sampling methods, testing protocols, and the reliability of testing equipment and personnel. Identify potential gaps or weaknesses in inspection and testing processes that could increase the risk of delivering nonconforming products. Evaluate the quality performance of suppliers and subcontractors to minimize the risk of receiving nonconforming materials, components, or services. This includes assessing supplier capabilities, quality management systems, compliance with specifications, and past performance history. Establish clear criteria for selecting and evaluating suppliers, and implement measures to monitor and improve supplier quality over time. Assess the competence and proficiency of personnel involved in product manufacturing, inspection, testing, and delivery. Ensure that employees have the necessary knowledge, skills, training, and experience to perform their roles effectively and contribute to product quality. Provide ongoing training and professional development opportunities to enhance employee competence and awareness of quality requirements. Evaluate the effectiveness of process controls and monitoring mechanisms to prevent quality-related issues during product manufacturing and delivery. This includes implementing procedures for process validation, control of critical parameters, real-time monitoring of production processes, and corrective actions in response to deviations or abnormalities. Assess the potential impact of changes to processes, materials, equipment, or specifications on product quality. Implement robust change management procedures to evaluate, approve, and implement changes in a controlled manner while minimizing the risk of unintended consequences or quality-related issues. Monitor customer feedback, complaints, and returns to identify potential quality issues and trends. Implement procedures for promptly addressing customer concerns, investigating root causes of quality-related problems, and implementing corrective and preventive actions to prevent recurrence. Foster a culture of continuous improvement to enhance product quality and customer satisfaction over time. Encourage employees to identify opportunities for process optimization, quality enhancement, and innovation. Regularly review and update quality management processes based on lessons learned, best practices, and industry advancements. By considering these factors in the risk assessment process, organizations can effectively manage risks related to product quality and ensure that products consistently meet customer requirements and regulatory standards in accordance with API Specification Q1.

5.3.2.3 Changes Impacting Product Quality

If any of the listed alterations have the potential to adversely affect product quality, a risk assessment concerning product quality must be conducted:

1. Changes in the organizational structure;
2. Changes in key personnel;
3. Alterations in the supply chain of critical products, components, or activities;
4. Modifications to the management system scope or procedures; and
5. Adjustments to the organization’s capacity to execute the processes needed for product realization.

Note: Changes may originate internally or externally.

The organization must establish a documented procedure to identify and control risks associated with the impact on the delivery and quality of the product. The procedure must identify the techniques and tools to be applied for risk identification, assessment, and mitigation. The risk assessment must include the availability of facilities, and availability of equipment. It must also include the maintenance of facilities and equipment. The supplier performance should be part of the risk assessment which must also include the supply/availability of material. Availability of competent personnel and delivery of nonconforming products must also be included. Record of Risk assessment and the management of risk should be available. A contingency plan may be developed as a result of risk assessment. Corrective action and /or preventive action can be taken as a result of risk assessment. Risk assessment includes consideration of severity, detection methods, and probability of occurrence.

The purpose of the procedure is to outline your organization’s risk management framework and the activities within. The risk management framework defines the current risk management process, which includes; methodology, risk appetite, methods for training and reporting. Risk Assessment and Management is fundamental to API Spec Q1, 9th edition success as well as aiding the organization to eliminate loss associated with its manufacturing products, processes and services. The API Spec Q1, foundation is about understanding and mitigating risks associated with its manufacturing processes, products and services. By design, this Specification does not detail the organization’s procedure for Risk Assessment and Management. Since there are many different methods and applications available to organizations, it will be up to the manufacturing or servicing providers to decide which procedure best fits their needs. Risk-Based Management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

1. Identify the Risks :A lot will go into the identification of potential risks for a company. There are two distinct kinds of risk that a company may encounter: external and internal. External risk is the risk incurred from the environment in which the company operates. These can be legal, regulatory, financial, and cultural risks. Internal risk is the risk incurred from within an organization. This can be caused by an organization’s structure, resource deficiencies or allocation, and hierarchy. Risk needs to be determined within the context of the business, something that will lead to different definitions of each term for different organizations.
2. Plan Your Response:As with any other part of the standard, companies are required to develop a plan for addressing the risks and opportunities they’ve identified. A company will need to do an in-depth assessment of the possible risks for this part. How likely are these risks? How disruptive would they be if they were to happen? What amount of resources is your company willing to dedicate to mitigating these risks? Can their likelihood be increased while mitigating the risk? Is the potential risk worth incurring for a chance at capitalizing on the opportunity? Once these assessments have been made, an organization can develop a plan for addressing the risks based on their stated strategies. Without properly assessing their risk appetite, an organization cannot properly plan to either mitigate it or capitalize on the opportunities it presents. These plans need to be laid out, with a plan for documenting the process and keeping clear records on it.
3. Integrate the Response into Your QMS:This step requires a company to insert the plan they’ve developed for addressing risk and opportunity into the greater framework of the QMS that they already have in place. This step is critical, in that the plan needs to allow for the rest of a company’s QMS to remain seamless. As a standard that emphasizes universal application, nature will require that the process developed for addressing risk be compatible with all other procedures in the company. For this reason, keeping a company’s QMS in mind as it goes through the process of developing a plan for addressing risk and opportunity can prove to be helpful. Developing a plan only to find that it doesn’t integrate well into the larger process means time and energy have been wasted.
4. Evaluate Effectiveness:As with any other procedure in a company, proper documentation and record-keeping processes will need to be put in place. This is where a company can record the outcomes and measure the effectiveness of its efforts. This stage in the process is also why it is crucial to develop a comprehensive assessment of the company’s willingness to take on risk and pursue potential opportunities. Without a detailed understanding of the company’s aims in regard to both risk and opportunity, it will be all but impossible to properly assess the effectiveness of the process that’s been implemented. As with any procedure, this step allows for the constant scanning of potential inefficiencies that can be improved upon. It should be noted that context is also a key factor in any risk assessment process. Risk at one juncture of the process might look different than the same risk at another juncture. This is why having a comprehensive strategy for risk assessment is critical. Preparing for and thinking about all the possibilities will help better prepare your company.

5.3.3 Contingency Planning

If the organization deems it necessary to have a contingency plan due to assessed risks, the plan must, at a minimum, outline actions needed to mitigate the impact of disruptive incidents, assign responsibilities and authorities, and establish controls for internal and external communication. These contingency plans must be documented, communicated to relevant personnel, and revised as necessary.

While contingency has been applied by the industry for years, the application has been inconsistent and has overlooked critical information to mitigate risks. The standard mandates that a documented procedure for contingency planning must be available. This requirement for the procedure will include risk mitigation for the delivery and quality of the product. Contingency planning is needed to address risk associated with the impact on:

• Delivery and Product Quality.
• Based on the assessed risk
• Communicated to relevant personnel.

Contingency planning output must be documented and communicated to the relevant operational personnel and updated as required to minimize the likelihood or duration of disruption of manufacturing. The outputs of the contingency planning must be based on assessed risks that were discussed in section 5.3 of this specification. As mentioned in the dictation under 5.5.1, the better the Risk Assessment, the less disruption and the smaller the likelihood of an incident. If an incident does occur, it is more likely to be contained or controlled through contingency planning, thereby minimizing loss.

The contingency plan shall include, at a minimum:

• Actions required in response to significant risk scenarios to mitigate effects of disruptive incidents;
• Identification and assignment of responsibilities and authorities, and
• Internal and external communications controls

Actions Required in Response to Significant Risks covers actions required in response to significant risk scenarios to mitigate effects of disruptive incidents. This is obvious and is what most manufactures often think of when doing contingency planning. This is how we prevent or mitigate the “Incident” we discussed in 5.5.1 of the specification. Here, the manufacture must review different real and potential risk scenarios and do the proper assessments to understand the in order to prevent and/or mitigate the loss. Most manufactures do this as it relates to HSE. However, API Spec Q1 requires this to be done to include delivery and product quality related incidents as well.                                        

The basic contingency planning process includes

1. Map out essential processes.

What processes are essential to your business and safely delivering your product or service to customers? If you’re a manufacturing company that ships directly to consumers, a simplified process list might look something like this:

• Getting raw materials from suppliers
• Manufacturing process
• Freight and shipping
• Packaging and warehousing
• Last-mile delivery

Looking at this list, you can see how vulnerable it is to natural disasters or even minor human errors.

2.Create a list of risks for each process.
Once the process list is created, consider what might disrupt business continuity. What can go wrong with each of these critical processes? Let’s look at an example of what could go wrong with “last-mile delivery”

• The driver can deliver single or multiple packages to the wrong address.
• The package can be damaged during delivery.
• The package could get lost at a distribution center.
• A truck full of packages could be involved in an accident.
• A flood could cripple the road system in a specific area.
• The driver could get delayed because a moose wants to lick salt splatter off the car (seriously, it’s a thing).
• And that’s only a preliminary list. Once you start thinking about it, you’ll realize how many things you rely on to avoid going wrong, even for fundamental processes.

Every business process is vulnerable to some sort of emergency or human error.

3. Evaluate the potential impact and likelihood of each risk.
Once the risks are identified, it’s essential to determine how they could impact your business. Are they likely to happen? How large will the impact on your business if they do occur? Most companies use “qualitative risk assessment” to do this.

4. Calculate costs and contingency reserves, and identify issues to mitigate.

The quantitative risk assessment approach is to assess the potential cost of each risk. This means you can make an educated decision when budgeting contingency reserves into project plans and yearly budgets. During the risk analysis, estimate the potential costs of the adverse event.

5. Create a response plan for prioritized events.

Create a response plan for events by exploring the following questions:

• What can be done ahead of time to minimize any adverse effects on the event? For example, backing up data, carrying extra stock, or having more employees on call.
• What can be done immediately after the event to minimize the impact? For example, ordering more from a secondary supplier, rerouting another vehicle, or bringing in on-call staff.

The specifics depend on your company’s unique processes and situation.

5.3.4 Records

Records documenting risk assessment and management, including the actions implemented, must be retained.

As per API Specification Q1, records documenting risk assessment and management, along with the actions implemented, must be retained by the organization. These records serve as evidence of compliance with the standard’s requirements and provide a historical record of the organization’s risk management efforts. The organization should maintain records of the risk assessment process, including the identification of potential risks, their likelihood and impact, and the criteria used to prioritize and evaluate risks. This documentation may include risk registers, risk matrices, risk assessment reports, and any supporting documentation used in the risk assessment process. Records should be kept of the actions taken to address identified risks and mitigate their potential impact. This includes documenting the specific measures implemented, responsible parties, timelines, and outcomes. For example, records may include copies of contingency plans, change management records, corrective and preventive action reports, and documentation of risk mitigation strategies. Records should document the decision-making process related to risk management, including discussions, evaluations, and approvals. This helps ensure transparency and accountability in the risk management process and provides a basis for reviewing and evaluating the effectiveness of risk management decisions over time. Records should be maintained of ongoing monitoring and review activities related to risk management. This includes tracking the status of identified risks, monitoring changes in risk factors, and assessing the effectiveness of risk mitigation measures. Records of management reviews, risk assessment updates, and audit findings related to risk management should be retained. The organization should establish a retention period for records related to risk assessment and management based on regulatory requirements, industry standards, and internal policies. Records should be retained for a sufficient period to demonstrate compliance with API Specification Q1 and to support future audits, assessments, or reviews. Ensure that records related to risk assessment and management are securely stored and protected from unauthorized access, alteration, or destruction. Implement appropriate controls to safeguard sensitive or confidential information contained in these records. At the same time, ensure that authorized personnel have access to the records as needed for business continuity and compliance purposes. Records related to risk assessment and management may be stored in various formats, including electronic or paper-based formats. Regardless of the format, ensure that records are legible, accurate, complete, and readily retrievable when needed.

5.4 Design
5.4.1 General

If the organization is accountable for product design, it must adhere to the requirements outlined in section 5.4. However, these design requirements do not apply if the product is involved in production activities, servicing, storage, distribution, or logistics.

In API Specification Q1, the requirements for product design apply specifically to organizations that are accountable for the design of products. However, these design requirements do not apply if the product is involved in production activities, servicing, storage, distribution, or logistics.

This distinction is important because not all organizations within the petroleum and natural gas industry are responsible for product design. For example, a company that primarily engages in production activities, such as drilling or refining, may not be directly involved in designing the products they produce. Instead, they may rely on suppliers or manufacturers to provide designed products, such as equipment or components, that are used in their production processes. On the other hand, organizations that are accountable for product design must adhere to the specific requirements outlined in the API Specification Q1 related to designing products. These requirements typically include:

1. Establishing a design process that ensures products meet specified requirements and are suitable for their intended use.
2. Identifying and documenting design inputs, including customer requirements, regulatory requirements, and any other relevant specifications.
3. Performing design verification and validation activities to ensure that the designed product meets the specified requirements and performs as intended.
4. Documenting the design process and maintaining records of design activities, decisions, and revisions.
5. Implementing controls to manage changes to the design and ensure that changes are properly evaluated, approved, and communicated.

By adhering to these requirements, organizations accountable for product design can ensure that their designed products meet the necessary quality, safety, and performance standards. However, organizations that are not responsible for product design are exempt from these requirements and are instead expected to focus on other aspects of their operations, such as production, servicing, storage, distribution, or logistics, as specified in API Specification Q1.

5.4.2 Design Planning

The organization must uphold a documented procedure for planning and overseeing the design process. This procedure should cover:

a) Planning, including updates to the plan(s), used for design.
b) Various stages of the design process.
c) Allocation of resources, responsibilities, authorities, and their interactions.
d) Review, verification, and validation activities required for each design stage.
e) Requirements for a final review of the design.
f) Criteria and approval process for design changes.

When design activities are outsourced or carried out at different locations within the organization, the procedure should outline controls to ensure compliance with design requirements. If design activities are outsourced, the organization remains accountable for the design and must ensure that the supplier meets outsourcing requirements. Design review, verification, and validation serve distinct purposes but can be conducted and recorded separately or in any combination, as appropriate for the product and the organization.

The organization must maintain a documented procedure to plan and control the design and development of the product. The organization’s procedures are to identify:

• Design and development plans and plan updates
• The design and development stages
• The resources, responsibilities, authorities, and their interfaces to ensure effective communication
• The review, verification, and validation activities necessary to complete each design and development stage
• The requirements for a final review of the design

Design and development for products will vary greatly in complexity. Some products present low risks while others may present significant risk, based upon their design and application. All product in the Petroleum, Oil and Gas Industry is expected to meet the requirements of 5.4 Design & Development. The organization shall maintain a documented procedure to plan and control the design and development of the product.

• Plans and Updates: Plan and control procedure must include the design and development plans and plan updates.
• D&D Stages: Under this Subpart, organizations are required to identify the D&D stage in its plan and control procedure.
• Resources, Responsibilities & Authorities: Plan and control procedures must include the resources, responsibilities, authorities and their interfaces to ensure effective communication for the D&D activities
• Review Activities: In addition to identifying the different D&D stages in the plan and control procedure, organizations must include the review, verification, and validation activities necessary to complete each design and development stage.
• Final Review: The plan and control procedure the requirements for a final review of the design.

Design planning must specify the design and development stages, activities and tasks; responsibilities; timeline and resources; specific tests, validations and reviews; and outcomes. There are many tools available for planning ranging from a simple checklist to complex software. Control product design and development planning activities including:

1. Scope of the design e.g. customer requirements design rationale, design assumptions, objectives, complexity, size, detail, timescales, criticality, constraints, risks, producibility, accessibility, maintainability;
2. Stages of the design process, distinct activities and review e.g. work breakdown structure, work packages (tasks, resources, responsibilities, content, inputs/outputs), concept design, preliminary design, detail design, design review gates preliminary design review, detail design review, critical design review);
3. Verification and validation activities comprising checks, trials, tests, simulations, and demonstrations are required to ensure requirements are met;
4. Assignment of responsibilities and authorities e.g. job profiles, CVs, accountability statements, delegation of authority, levels of approval, register of authority and approvals, authorized signatories;
5. Internal and external resources such as knowledge acquisition, people, competency, investment, funding, facilities, equipment, innovation, technology, interested parties (customers, external providers, research establishments), information (principles, standards, rules, codes of practice);
6. Organizational interfaces such as personnel and functions e.g. sales, project management, production, procurement, quality, finance, customers, and end-users;
7. Levels of control required or implied by interested parties (customers, regulators, end users etc.) e.g. customer acceptance, safety checks, risk management, verification/validation activity, product certification;
8. Required documented information e.g. design plan, design reviews, design outputs (specifications, schemes, drawings, models, data, reports), control plans, certificates.

The design management plan typically includes specific quality practices, assessment methodology, record-keeping, documentation requirements, resources, etc., and usually references the sequence of activities relevant to a particular design or design category. The design management plan references applicable codes, standards, regulations and specifications. and describe the interfaces with different groups or activities that provide, or result in, input to the design and development process. Each design activity is planned, and divided into phases, and tasks are assigned to competent and skilled design personnel equipped with adequate tools and resources. Design management plans are documented and updated as the design evolves. As required, at the commencement of a design package, the Design Manager is required to complete a Design Management Plan (DMP) which will include at a minimum:

1. Confirmation of the standards baseline used for the work being undertaken and an explanation of how compliance to this baseline will be demonstrated;
2. An organisation chart with defined responsibilities for all staff with direct involvement in the design or with a potential impact on safety;
3. Skills matrix to define the competence of individuals with ‘prepare’, ‘check’ and ‘approval’ duties;
4. Scope definition and interface identification including key issues and operational requirements;
5. Projected output, timelines, milestones, and defined deliverables;
6. Stated processes and procedures to ensure acceptable quality assurance will be demonstrated and records maintained (specifically the formal Assurance Gates);
7. Processes and procedures to be used to ensure compliance with the engineering safety management;
8. The design review process, both single (SDR) and multi-design consultant (IDR) reviews and stakeholder intervention, before the Assurance Gate Reviews at 20%, 60% & 100% design completion stages;
9. Explanation of how compliance with input requirements will be demonstrated.

5.4.2 Design and Development Inputs

5.4.3 Design Inputs

Inputs must be identified and assessed for adequacy, completeness, clarity, and absence of conflicts. Any identified issues must be resolved. Inputs may encompass functional and technical requirements, along with the following, if applicable:

1. Customer-specified requirements;
2. Requirements from external sources, including API product specifications;
3. Environmental and operational conditions;
4. Documentation of methodologies, assumptions, and formulas; e) Historical performance and other data from similar previous designs;
5. Legal requirements; and
6. Potential consequences of product failure, as required by legal mandates, industry standards, customer specifications, or deemed necessary by the organization.

Records of design inputs must be retained.

The organization must identify the Design Inputs and review them for adequacy, completeness, and lack of conflict. The functional and technical requirements of Design Inputs can be customer-specified, requirements provided from external sources, including API product specifications, environmental and operational conditions, methodology, assumptions, formulae documentations, historical performance and other information derived from previous similar designs, legal requirements and results from risk assessments. The design inputs must be recorded.

Define which design inputs are required to carry out the design and development process. The inputs should be determined according to the design and development activities. For example, which employees are required or what information is required for every step of the development process? When determining design input requirements, ensure the retention of documented information such as:

• Statutory and regulatory requirements e.g. legislation, regulation, directives;
• Standards or codes of practice e.g. policies, standards, specifications, rules and aids, protocols, guidance, industry codes
• Functional and performance requirements informed by customer requirements, operational and performance characteristics, usability, reliability, availability, maintainability, and safety (e.g. Human factors and RAMS);
• Knowledge exchange from others, similar proven designs, lessons learned, performance data, in-service data, customer feedback, external feedback, best practice, benchmarking;
• Design assumptions and associated risks;
• Methods of validation and verification;
• Adequacy of inputs e.g. clear, complete, unambiguous, and authorized;
• Conflicting inputs are resolved by communicating with interested parties/contract amendments.

Conceptual Design Statement (CDS)

The Conceptual Design Statement (CDS) includes a design statement that declares the inputs to be used in the design and the proposed design solution. A design statement illustrates the principles concepts and input data relevant to the design and allows relevant stakeholders to understand the thinking behind any chosen design solution. The Design Team will normally produce a Conceptual Design Statement that states the standards and requirements against which the design is to be developed, the processes to be applied and the level of independent checking to be carried out (if any) that is proportionate to the level of risk. The design activities are then carried out by the Design Team using the CDS as the basis. Design and development inputs are documented and controlled. Design and development inputs can be in any form, including data sheets, customer drawings and specifications, photographs, samples, references to standards, etc.

Design standards baseline

All designs are based on a list of approved design standards, referred to as the Standards Baseline. This list is owned and managed by the Engineering Manager. The Standards Baseline is made up of a combination of National and International Standards, National Engineering Specifications, and Approved Codes of Practice. The Standards Baseline should be reviewed monthly and any changes are controlled by the Engineering Manager. At the commencement of any given design package, the Design Team is required to specify the Standards Baseline that will be used in the design. The Engineering Manager should be responsible for checking that the correct design standards have been specified and for verifying that the design output complies with these standards and design requirements. Due to the continuous review and updating of standards, the baseline between different design instructions may vary so a strict configuration control is maintained and only agreed changes are used in the assurance process. Once a design package has been instructed, the baseline for that element of work becomes fixed and will not reflect any subsequent changes in standards.

Design assumptions

Assumptions will normally be statements to fill uncertainties in available information. They are generated by the Design Team to allow designs to continue in the early stages. The anticipation is that assumptions are temporary and are closed out either by obtaining data or updating documents to confirm or change the assumption. Assumptions have the potential to be incorrect and are therefore a source of risk, that requires management. Any associated risk is identified and raised through the Risk Register. The assumption management activity is coordinated by the Design Manager, with input from the Design Team. Assumptions regarding domain knowledge include facts about the application of the end product or service that allow requirements to be developed in a particular context. The assumptions are normally traceable to gaps or inconsistencies in the design inputs e.g. incomplete or conflicting functional requirements, inconsistencies between the applicable Standards, unclear scope of work, or demarcation issues. The Responsible Body; which might be another company, organisation, person, or team against which an assumption has been made or who are responsible for providing a feature or undertaking an action to resolve an assumption agreed by them. Qualifying criteria for design assumptions are based on the following:

• Assumptions on scope and allocation;
• The assumption regarding gap or conflict in the stated capabilities, systems or operational aspects;
• Conflict between standards;
• Assumptions due to missing design data;
• Assumptions regarding a design decision;
• Assumptions relating to interface issues.

Assumptions must not be raised on programme and cost-related matters. The requirements or the design statement will be verifiable against the raised assumption or the origin of the assumption. Assumptions are accepted by the Resolving Body; they may be turned into design requirements or project risks. The process for managing design assumptions is summarised as follows:

• Assumptions are managed using an Assumptions Register;
• The Design Team propose an assumption to fill an uncertainty;
• The Engineering Manager reviews the suitability of the assumption against the criteria;
• Once agreed with the Resolving Body, the Design Team updates the assumption register;
• Action owner closes out assumption by the agreed date, this could be done either by establishing additional data or confirming a decision;
• The Engineering Manager monitors that action owners are closing out assumptions and takes action to expedite if necessary;
• Any assumption remaining at the end of the design phase must be clearly recorded in the Assumptions Register and transferred to the Risk Register.

Assumptions are considered closed when they are successfully resolved i.e. accepted by the Resolving Body and the Resolving Body has taken an action that is documented in a resolving document. This resolving document must be properly reviewed, verified and issued before the closure of an assumption is accepted. The respective Gate Review Authority are the final authority to accept or reject the closure of an assumption. The confirmation of closure is noted in the Assumptions Register and a reference to the resolving document with the relevant clause is provided for verification purposes.

Design requirements

The design management process is geared towards meeting customer requirements, while providing a product cost, which enables organizations to have a satisfactory return on investment. The physical and performance requirements of a product used as a basis for product design and development; includes user requirements, regulatory requirements, and system requirements. The customer and user requirements are translated into design requirements and may either be hardware or software (according to intended use) and included in the design specifications and other design documents.

The requirements are reviewed for adequacy by a cross-functional, multidisciplinary team involving Design, Engineering, Sales, Manufacturing, Procurement, Sales and Quality to ensure the requirements are complete, unambiguous and not in conflict with each other. The Design Team notifies the Engineering Manager if the requirements are ambiguous or conflict with each other. The Design Team produces evidence of the capture of and compliance with the requirements. This evidence is presented in the Requirements Register. The Design Team should provide compliance matrices and verification reports to demonstrate how the designs meet the requirements, supported by the compliance rationale, evidence, models and analysis as required, whilst ensuring that:

• All requirements are traceable to the identifier, author, rationale, source, requirement owner, allocation and stakeholder;
• All requirements have been validated and approved by identified personnel;
• All requirements have been reviewed and agreed upon with the customer;
• Are requirements are recorded into the project applicable database;
• All allocated requirements are understood and accepted by all the recipients.

In order to progress their close-out and acceptance, compliance statements are prepared and allocated to each requirement, commensurate to the design stage e.g. Gate 1, 2, or 3. Links and references to supporting drawings and documents are provided as the design progresses.

Customer-supplied user requirements are transferred to the Requirements Review Checklist and additional requirements are addressed with the customer. The Marketing Manager and the Sales Manager should identify and document the markets’ need for new solutions in a requirement statement which serves as the input for design and development work. The requirement statement includes the following:

• What is required (features/functions, etc.);
• Why it is needed (customer demand);
• When it is needed;
• Assumptions needed to progress the design;
• Risk and opportunity, and hazard analysis;
• Requirements for performance, reliability, safety, statutory and regulatory, etc.;
• Pricing targets and design project milestones.

When a product is designed or modified to meet specific customer requirements, the Engineering Manager receives from Marketing Manager and the Sales Manager an outline design order with customer requirements and specifications. The Design Team translates the needs and expectations from the requirements and design statements to technical specifications for materials, products, services and processes.

Design interfaces

Where necessary, the Design Team should form working groups to develop interface control documents and record agreements for interfacing stakeholders in order to elicit their requirements and to provide feedback that may be important to your designs. Their emphasis should be on the identification and co-ordination of the important characteristics, parameters and configurations that need to be developed to deliver effective interface designs. The level of detail documented must be proportionate with the level of detail being developed in the design outputs.

1. Identify, specify and manage interfaces;
2. Assist in the resolution of interface issues relating to commercial or contractual issues;
3. Assist in the production of and agree on interface documents with interfacing parties;
4. Ensure that the process of interface management is fully supported during the development of detailed designs;
5. Review and monitor the development of interface identification.

Design documentation

The established document numbering system must be used by the Design Team. All documents produced to support the design and the design assurance process should be listed in the Master Design Document List, which is a list of all plans, processes and procedures to be used to control the safety, quality and efficiency of the design output.

All design documents must follow the ‘Prepare’, ‘Check’, and ‘Approve’ process, evidenced by the signatures of competent individuals. All design documents should be signed off in the three categories:

1. Prepared – by a competent person who produces the design document, checking their own work complies with codes and standards governing that work.
2. Checked – by a competent person able to undertake a formal detailed check/review of design methods, codes and standards used, deliverables, calculations, drawings and specifications produced by another member of the Design Team. This role is undertaken by a competent person of the same discipline, not the Preparer, but can be a member of the same team.
3. Approved – by a competent person of the same discipline, but not a member of the same team, able to undertake a review of the design output after detail checking has taken place to validate that the design is consistent with requirements, is fully integrated and satisfies interface requirements.

Design reference materials (e.g. standards, catalogues, etc.) should be available and maintained by the Engineering Manager. Only current issues and revisions of reference material must be used. All documents produced to support the design and the design assurance process must be listed in the Master Design Documents List.

5.4.4 Design Outputs

The documentation of outputs must enable verification against the requirements outlined in the design inputs. These outputs should:

• Meet the requirements specified in the design inputs.
• Provide information for purchasing, production, inspection, testing, and servicing, as applicable.
• Identify or reference design acceptance criteria (DAC).
• Include identification of, or reference to, products, components, and/or activities considered critical to the design.
• Incorporate the results of relevant calculations.
• Specify the characteristics of the product essential for its intended purpose and safe and proper function.

Records of design outputs must be retained. Identification of criticality of products, components, and/or activities may be managed separately from the design process.

The outputs of Design should meet the input requirements for design and development. It must provide appropriate information for purchasing, production, and servicing. It must identify or must design acceptance criteria (DAC). It must identify or refer to products and/or components which are critical to the design. It must include results of applicable calculations and must specify the characteristics of the product that are essential for its safe and proper use. The organization must document its Design outputs for verification against the design and development input requirements. The design output must be recorded. Identification of criticality of products and/or components can be maintained outside of the design and development process. The design and development output is the result of the design and development process. The output is a clear description of the product, containing detailed information for production. The organization’s design and development outputs reconcile with its design and development inputs by:

1. Ensuring outputs meet input requirements e.g. checklists, design review records, authorization to proceed, customer acceptance, and product certification;
2. Ensuring outputs are adequate for product and service provision e.g. standards, specifications, schemes, drawings, models, part lists, materials, methods, manufacturing instructions, technical packages, tooling, machine programs, preservation, handling, packaging, specialist training, user instructions, service manuals, repair schemes, and external provision;
3. Reference to monitoring and measuring equipment e.g. inspection equipment, gages, instruments, environment;
4. Acceptance criteria e.g. product/service specification, limits, tolerances, and quality acceptance standards;
5. Product/service characteristics e.g. key characteristics, customer critical features, interface features, inspections, service intervals, and operating characteristics;
6. Critical items such as identification, key characteristics, special handling, service intervals, component lifting, cyclic life, life management plans, source and method change, and traceability;
7. Outputs are approved prior to release e.g. scope of authorization, authorized persons, levels of authorization, method of authorization and documented information is retained.

Outputs of the detailed design are the final technical documents used for purchasing, production, installation, inspection and testing, and servicing. Design output includes production specifications as well as descriptive materials which define and characterize the finished design and include drawings and documents used to procure components, fabricate, test, inspect, install, maintain, and service the product. Design and development outputs are in the form of documented information that defines the product, including its characteristics that affect safety, fitness for use, performance, and reliability are provided for the manufacturing phase:

1. Schematics, assembly drawings and wiring diagrams.
2. Component and material specifications.
3. Production and process specifications.
4. Software design specifications.
5. Bills of materials.
6. User operation and maintenance instructions.
7. Results of risk analysis and transfer of residual risk.
8. Software source code and software machine code.
9. Results of verification and validation activities.
10. Quality assurance specifications and procedures.
11. Installation and servicing procedures.
12. Packaging and labeling specifications, including methods and processes.
13. Details of new or revised procedures, work instructions, or processes.
14. Applicable workmanship standards.
15. Inspection and test criteria.

Specifications and procedures for product packaging and labelling are also part of the design and development output. Support documentation (e.g. calculations, risk analysis, test results, verification and validation reports, etc.) is also part of the design and development output. The transfer of a design to production typically involves review and approval of specifications and procedures and, where applicable, the proving of the adequacy of the specification, methods and procedures through process validation including the testing of finished product under actual or simulated use conditions. The design transfer phase ensures that the design is correctly translated into production specifications, such as assembly drawings, component procurement specifications, workmanship standards, manufacturing instructions, and inspection and test specifications. They may also be:

1. Documentation (in electronic format as well as paper);
2. Training materials (e.g. manufacturing processes, assembly, and test and inspection methods);
3. Digital data files (e.g. computer-aided manufacturing (CAM) programming files);
4. Manufacturing jigs and other aids (e.g. moulds or templates).

The Engineering Manager should ensure that the design transfer process addresses the following basic elements:

1. Undertaking a qualitative assessment of the completeness and adequacy of the production specifications;
2. Ensuring that all documents and articles that constitute the production specifications are reviewed and approved;
3. Ensuring that only approved specifications are used for manufacture and production.

Prior to execution of a work transfer, analysis of any regulatory or contractual requirements are reviewed and flowed down through the supply chain to ensure compliance of any established requirements. Outputs may also include product preservation methods, identification, packaging, service requirements, etc. as appropriate.

5.4.5 Design Review

At appropriate stages, evaluations must be conducted to assess the suitability, adequacy, and effectiveness of the outcomes of design stages in meeting specified requirements, and to identify any issues and recommend required actions. These reviews must involve representatives from relevant functions associated with the design stages under review. Records of the review outcomes and any subsequent actions must be retained.

Periodically at suitable stages of Design, the organization must review its Design. The review is performed to identify any problems and take necessary actions. The organization must evaluate the suitability, adequacy, and effectiveness of the results of design stages to meet specified requirements. Representatives of concerned functions should be part of the review. The result of review and any necessary action should be recorded. Design reviews should be carried out after the initial concept stage and again after the detailed design stage and finally, before the design is released. The design review function is carried out at various stages of the design process in order to check that the design solution is in accordance with the original design inputs and objectives and includes identification of concerns, issues and potential problems with the design. Design review meetings should be held at pre-defined points during the development process, with reviews held on an as-needed basis, depending upon the complexity of the design. Participants of design review meetings are competent to evaluate the design stage and discipline under review to permit them to examine the design and its implications.

Assurance reviews: The Design Manager should ensure that design reviews are carried out by the Design Management Plan when the design has progressed by 20%, 60% and 100%. A cross-functional, multidisciplinary team (including at least one individual who does not have direct responsibility for the design stage under review) undertake a documented, comprehensive, systematic examination of the design to evaluate its adequacy, to determine the capability of the design to meet the requirements, and to identify problems, whilst ensuring that:

1. The input for the Design Reviews is captured from all stakeholders;
2. All open actions from previous Design Reviews are tracked through to closure;
3. All areas of concern are highlighted for further discussion and risk mitigation;
4. All design reviews are documented and shared with stakeholders promptly.

The following elements are considered during design reviews:

1. Customer needs and expectations versus technical specifications;
2. Ability to perform under expected conditions of use and environment;
3. Safety and potential liability during unintended use and misuse;
4. Safety and environmental considerations;
5. Compliance with applicable regulatory requirements, national, and international standards;
6. Comparison with similar designs for analysis of previous quality problems and possible recurrence;
7. Reliability, serviceability, and maintainability;
8. Product acceptance/rejection criteria, aesthetic specifications and acceptance criteria;
9. Ease of assembly, installation, and safety factors;
10. Packaging, handling, storage, shelf life, and disability;
11. Failure modes and effects analysis;
12. Ability to diagnose and correct problems;
13. Identification, warnings, labelling, traceability, and user instructions;
14. Manufacturability, including special processes;
15. Capability to inspect and test;
16. Materials and components specifications;
17. Review and use of standard parts.

The reviewers are responsible for raising any comments, while the Design Manager should be responsible for capturing comments using the Design Review Meeting Minutes. Conclusions drawn during design reviews are considered and implemented as appropriate. Not all identified concerns result in corrective actions, the Engineering Manager should decide whether the issue is relevant, or the issue is erroneous or immaterial. In most cases, however, resolution involves a design change, a change in requirements, or a combination of the two. Records of design review meetings are retained and identify those present at the meeting and the decisions reached.

Single-consultant Design Review (SDR): The Single-consultant Design Review (SDR) is a presentation of the design to relevant stakeholders. These reviews are carried out by the Design Manager when the design has progressed by 20%, 60% and 100%. The purpose of the review is to present evidence at each of these stages to confirm that the design is compliant with the standards and requirements defined in the Conceptual Design Statement. The reviewers are responsible for raising any comments, while the Design Manager should be responsible for capturing comments using the Design Review Meeting Minutes, and referencing the document upon which they are commenting along with their name. If a reviewer cannot attend a session it is their responsibility to ensure adequate cover or to issue their comments the Design Manager for inclusion. The minutes of SDR meetings are recorded. Meeting minutes include a detailed listing of all the documents that have provided the basis of the review. Issues raised may be addressed in the following design stage. Any outstanding issues are recorded in the Design Issues Log (or similar), presented at the Assurance Gate Review meeting as issues for the next design stage and subsequently confirmed as being closed out at the subsequent Gate.

Inter-consultant Design Review (IDR): The Inter-consultant Design Review (IDR) is a presentation of the design of a work package or packages to interfacing Design Teams. These are carried out by the Design Manager when the design has progressed by 20%, 60% and 100%. Its primary purpose is to seek evidence that all interfaces have been agreed and that the design integrates to deliver the requirements. At each IDR an Inter-consultant Design Review Certificate is produced to evidence that all interfacing Design Teams are satisfied with the design under consideration. It should be signed by accepted representatives of the interfacing Design Teams and contain a list of any actions required to close out any exceptions raised but not deemed a bar to acceptance. The reviewers are responsible for issuing any comments in writing using the Design Review Meeting Minutes, and referencing the document upon which they are commenting along with their name. If a reviewer cannot attend a session it is their responsibility to ensure adequate cover. The minutes of IDR meetings are recorded and include a detailed listing of all the documents that have provided the basis of the review. Issues raised may be addressed in the following design stage. Any outstanding issues are recorded in the Design Issues Log (or similar), presented at the Assurance Gate Review Meeting as issues for the next design stage and subsequently confirmed as being closed out at the subsequent Gate. Other instances of design reviews may be required when the Engineering Manager has identified significant design change that requires a review to revalidate the design.

Assurance gate reviews: The Assurance Gate Reviews 1 to 3 are the primary control mechanism that provides progressive assurance when evidence is reviewed at defined stages to confirm that the designs produced meet the design project’s objectives, requirements, obligations and that the risks associated with the engineering are identified and fully understood.

1. Gate 1 – (Initial concept (20% complete) The details will be outline only but will define the character, limit and form of manufacture, fabrication or construction.
2. Gate 2 – (Functional design (60% complete) At this stage the design has progressed to an intermediate position (progress check at 60% complete) This Gate is a check point at about the mid-point between Gate 1 and the final design. At the outset of a design project, the target deliverables at Gate 2 are clearly defined so that it provides an interim way point to confirm progress.
3. Gate 3 – (Detailed design ready for manufacture, fabrication or construction (100% complete) At this stage the design is complete and ready to be issued for manufacture, fabrication, or construction. Design details are finalised and fully integrated with other interfaces.

The purpose of the Assurance Gate Review process is to provide progressive assurance during the design stage that the objectives of the design intent can be achieved and that the design can progress successfully to the next stage. The next stage of the design process can only proceed when the Assurance Gate Review is successfully passed. If the evidence submitted at the Assurance Gate Review demonstrates that the design meets the objectives, it will be approved. If the Gate Review Panel decides that the submitted deliverables fall short of the requirements, the design will not pass through the Assurance Gate Review and is therefore prevented from proceeding to the next stage. The Gate Review Panel also known as the ‘Approval Authority’ has the responsibility to make the appropriate decision at each Assurance Gate Review. The Gate Review Panel is a multi-discipline committee formed of members from various departments and stakeholders throughout the organization. The Gate Review Panel members should be selected based on perceived risks, applicable regulatory or legal requirements, technical complexity, financial repercussions and criticality of the product. Department representation should include Quality, Manufacturing, Engineering, Sales, Planning, Purchasing, Business Development, Contract, Legal, or others as deemed necessary. Formal, documented design and development Assurance Gate Reviews should be held at appropriate stages of the design and development cycle and include representatives from all concerned functions and stakeholders. Each Assurance Gate Review focuses on assessing whether the design deliverables meet all the objectives and appropriate criteria. The minimum approval criteria used for determining whether the design meets the intent are set out below. In addition to these minimum requirements, the Engineering Manager may specify further criteria at the outset of each design stage. The Gate Review Panel is responsible for managing the Gates Review process thereby ensuring that:

1. The design progress and the design status have successfully reached a stage of development appropriate to the Gate being assessed;
2. Cost and programme issues have been agreed and align with budget constraints;
3. The assurance evidence presented to the panel is sufficient to support the Gate requirements;
4. The risks are either designed out, have appropriate mitigation or have been identified and agreed that they can proceed to the next stage;
5. All the necessary deliverables and other legal have been identified and complied with and the design is compliant with any including undertakings and assurances;
6. After the Gate Review Panel and the Gates Chair Person shall confer, taking full account of the views of the other Panel Members, and decide whether or not the design submission and presentation meets the Assurance Gate Review objectives and consequently can be given a pass or is prevented from passing the Gate.
7. If the Gates Chair Person decides that missing deliverables or evidence do not impact on the ability of the project to proceed, then a conditional pass may be given, subject to the remaining deliverables being completed within a specified time.
8. The conditions and timescales are conveyed to the Design Manager at the Review;
9. Where conditions are raised that are potentially of a significant risk, consideration shall be given to the inclusion of the conditions;
10. The Gate Review Panel’s findings and decisions are recorded, together with any supporting data.

The Design Review Meeting Minutes should capture the results of the Gate Review Panel’s review. It serves as a record of the review and summarises the findings. The key aspects of the report are recording the evidence presented to satisfy the approval criteria and using this to support the decision regarding pass or re-submission. It is the Design Manager’s responsibility to assemble and present to the Gate Review Panel sufficient evidence, see table of deliverables below, when the design has progressed to 20%, 60% and 100%, to enable the Gate Review Panel to discharge their duties. Key design deliverables that are associated with the Assurance Gate Review are provided to the Gate Review Panel at least 5 working days prior to the scheduled review date

5.4.6 Design Verification and Final Review

To confirm that the design outputs meet the design input requirements, design verification and a final review must be carried out and documented according to the organization’s procedure. Records of design verification, any required actions, and the final review must be preserved.

By planned arrangements the design and development verification and a final review must be conducted and documented to ensure that the design and development outputs meets the design and development input requirements. Design and development verification and the final review must be recorded. Design verification is confirmation by examination and provision of objective evidence that the specified input requirements have been fulfilled. Any approach which establishes conformance with a design input requirement is an acceptable means of verifying the design concerning that requirement. Complex designs require more and different types of verification activities. The nature of verification activities varies according to the type of design output. Design verification is carried out to check that the outputs from each design phase meet the stated requirements for the phase. Requirements traceability verification is undertaken to ensure that the design fulfils the design concept while expressing the necessary functional and technical requirements. This process was verified throughout the Assurance Gate Reviews. In most cases, verification activities are completed before each design review, and the verification results are submitted to the reviewers along with the other design deliverables to be reviewed. The results of the design verification, including identification of the design, method(s), date, and the individual performing the verification, shall be documented and retained.

5.4.7 Design Validation and Approval

The organization’s procedure must include conducting design validation to ensure that the resulting product can fulfil the specified requirements. Whenever feasible, validation must be concluded before product delivery. After validation, the finalized design must be approved by competent individuals other than those who developed the design. Records of design validation, approval, and any required actions must be retained.

Design and development validation shall be performed by planned arrangements to ensure that the resulting product is capable of meeting the specified requirements. Validation shall be completed before the delivery of the product, when possible. The completed design shall be approved after validation. A competent individual other than the person or persons who developed the design shall approve the final design. Records of the design and development validation, approval, and any necessary actions shall be maintained. Design and development validation shall be performed by planned arrangements to ensure that the resulting product is capable of meeting the specified requirements. Validation shall be completed before the delivery of the product, when possible. Design validation is similar to verification, except this time you should check the designed product under conditions of actual use. If you are designing dune buggies, you might take your creation for a spin on the beach. If you are making beverages, you might conduct a consumer taste test. Verification is a documentary review while validation is a real-world test. Perform design and development validation by ensuring the product meets the specified requirements. Maintain records of validation activities and approvals. Design validation follows successful verification, and ensures, by examination and provision of objective evidence, that each requirement for a particular use is fulfilled. The performance characteristics that are to be assessed are identified, and validation methods and acceptance criteria are established. At the commencement of the design project, the requirements received from the previous design phase form the initial baseline. During design reviews, the requirements are considered to ensure that the right requirements and any assumptions have been captured, to identify missing requirements and to ensure that the design intent will meet those requirements. The results of the design validation, including identification of the design, method, date, and the individual(s) performing the validation, should be documented and retained. The organization shall have records that the product designed will meet defined user needs before delivery of the product to the customer, as appropriate. Methods of validation could include simulation techniques, proto-type build and evaluation, comparison to similar proven designs, beta testing, field evaluations, etc. Irrespective of the methods used, the validation activity should be planned, and executed with records maintained as defined in the planning activity. Retain documented information to demonstrate that any test plans and test procedures have been observed, that their criteria have been met and that the design meets the specified requirements for all identified operational conditions e.g. reports, calculations, test results, data, and reviews.

5.4.8 Design Changes

Design changes must be identified and subjected to review, verification, and validation as necessary before being approved for implementation. The review of design changes must assess their impact on the product and its component parts at relevant stages of product realization, including already delivered products. Additionally, the review must evaluate whether customer notification is necessary if the changes adversely affect the specified performance capability of the product. All design changes, including modifications to design documents, must adhere to the organization’s procedure. Records of design changes, reviews, and any required actions must be documented and maintained.

Any changes for Design and Development must be identified, reviewed, verified, and validated, as appropriate, and approved before implementation. The review of design and development changes includes evaluation of the effect of the changes on products and/or their constituent parts already delivered. Design and development changes must have all the controls as with the original design and development. This includes changes in the design documents. The design and development changes, their review and any necessary action must be recorded. It is important to control design changes throughout the design and development process and it should be clear how these changes are handled and what affects they have on the product. The organization has retained documented information concerning:

• Design and development changes;
• The results of reviews;
• The authorization of changes;
• Actions taken to prevent adverse impacts.

The organization should begin identifying, reviewing and controlling of design changes including the implementation of a process to notify the customer when changes affect the customer requirement e.g. customer communication, notifications of change, requests for deviation, and contract amendments. The Engineering Manager in conjunction with the Design Manager is responsible for evaluating the risks and the impact of design changes against the criteria. The Engineering Manager logs all change requests in the Design Change Request Log, performs an evaluation and either approves or denies the request. Major changes are also evaluated by any affected stakeholders. All change requests serve as design and development inputs for design and development changes. Design documentation is updated to accurately reflect the revised design.

It is as important to control design changes throughout the design and development process and it should be clear how these changes are handled and what effects they have on the product. Ensure control over design and development changes, design changes must be:

• Identified.
• Recorded.
• Reviewed.
• Verified.
• Validated.
• Approved.

Configuration control can be managed via alteration requests, a notice of the change, amendments, deviations, waivers, concessions, part revision changes, part number changes, change categories, service bulletins, modification bulletins, airworthiness directives, engineering communication notice, and product change boards. Design and development changes (after the original verification and validation) have to be ‘verified and validated as appropriate’ (as well as reviewed) and to ‘include evaluation of the effect of changes on constituent parts and products already delivered’. If the organization chooses not to perform re-verification and re-validation on every design change, then the auditor should expect to see some very well-defined criteria as to when the activity needs to occur. Retain documented information that includes design change history, evaluation of change results, authorization of change and actions taken about subsequent activities that are impacted by the change.

5.5 Purchasing
5.5.1 Purchasing Control
5.5.1.1 Procedure

The organization must maintain a documented procedure for purchasing products, components, and/or activities necessary for product realization. This procedure should cover:

1. Identifying critical products, components, and/or activities.
2. Initial assessment and selection of suppliers.
3. Using identified risks to determine the initial assessment method of the supplier’s capability for critical purchases.
4. Determining the type and extent of control applied to the supply chain for critical products, components, or activities. Note: Additional requirements for outsourced activities are specified in section 5.5.1.7.
5. Establishing criteria, scope, frequency, and methods for re-evaluating suppliers.
6. Identifying approved suppliers and defining the scope of approval.
7. Identifying customer-specified suppliers and suppliers limited by proprietary and/or legal requirements when section 5.5.1.3 applies.

Procurement and the controls of materials, products and suppliers is one of the most critical elements of API Q1. The organization must maintain a documented procedure to ensure that purchased product or outsourced activities conform to specified requirements and must address:
a) the determination of the criticality of activities or products as they are applicable to conformance to product or customer specifications
b) Initial evaluation and selection of suppliers based on their ability to supply products or activities in accordance with the organization’s requirements
c) type and extent of control applied to the supplier based on the criticality of product or activity
d) criteria, scope, frequency, and methods for reassessment of suppliers
e) maintaining a list of approved suppliers and scope of approval, and
f) type and extent of control applied to outsourced activities

a) Determination of Criticality: The determination of the criticality of the activities or products as they are applicable to conformance to product or customer specifications. This is an important requirement to both ensure that all incoming raw materials, components and finished product(s) meet specification. It is also important factor for determining which suppliers may or may not be critical as well.
b) Initial Evaluation of Suppliers: Initial evaluation and selection of suppliers based on their ability to supply products or activities in accordance with the organization’s requirements
Some things to consider here include:
o Suppliers ability to meet the organizational requirements
o Suppliers ability to meet customer requirements
o The supplier’s actual capacity and capability of meeting organization requirements.
c) Applied Control: This mandates that organizations include in the procedures, the type and extent of control applied to the supplier and activities or products based on the of the activities or products. The term “criticality” is important. The criticality of the activities or products as well as the supplier’s risks, determines the type and extent of controls that the organization provides for the supplier, activities or products.
d) Reassessment of Suppliers: The procedure shall address:
o Criteria
o Scope
o Frequency
o For supplier reassessments
e) Approved Supplier Listing: The procedure shall address:
o List of approved suppliers
o Scope of approval
f) Control Over Outsourced Activities: The procedure shall address the type and extent of control to be applied to outsourced activities. The amount of control normally takes the suppliers performance into account. Some performance criteria include:

1. Quality of product and service
2. On-time delivery
3. Reporting & documentation
4. Budget
5. Risk(s)

Supplier approval
Approved suppliers must have satisfactorily demonstrated their ability to meet your business’s requirements, as well as customer and legal requirements, as determined and evidenced by the initial supplier evaluation process. Suppliers are often approved, or not approved, on the basis of financial standing, preferred cost, product expertise, past performance, technology, logistics, supply chain integrity, business risk, and any known significant environmental, or health and safety compliance issues. If the supplier is acceptable, they should be added to your approved supplier list. Signed approval must be given by an authorized representative, typically the Quality Manager or Contracts Manager have the authority sign off on supplier approvals. The approval status of each supplier must be clearly authorized on your approved supplier list.

5.5.1.2 Initial Supplier Evaluation—Critical Purchases

For critical products, components, or activities, the initial evaluation of suppliers who have not been previously approved must consider the scope of supply and be specific to each supplier. This evaluation must include:

1. Verifying the implementation of the supplier’s quality management system and its conformity to the organization’s specified quality system requirements for suppliers.
2. Verifying the type and extent of control applied by the supplier internally and throughout their supply chain to meet the organization’s requirements.
3. Assessing the supplier’s capability to meet the organization’s specified requirements. This can be done through one or more of the following methods based on identified risks:
   • Conducting an on-site assessment to verify that process controls perform relevant product realization processes and effectively achieve conformity to requirements.
   • Conducting a remote assessment to verify that relevant product realization processes are performed using process controls and effectively achieve conformity to requirements.
   • Performing inspection, testing, or verification of relevant characteristics of received products.

For suppliers of critical purchases with high-risk severity, identified by the organization for which an on-site assessment is not conducted, the evaluation of the supplier’s capability must include a remote assessment and inspection, testing, or verification. When conducting a remote assessment, it must include verification of objective evidence through real-time audio/visual observation of required activities and documentation using information and communication technology. Additionally, any additions to a supplier’s scope of approval or change from an approved site to a new site of supply must also undergo evaluation as per the requirements outlined in this section.

For purchases of critical products, components or activities, the criteria for the initial evaluation of suppliers by the organization shall be site-specific for each supplier. For purchases of critical products, components or activities, the criteria for the initial evaluation of suppliers by the organization shall be site-specific for each supplier and shall include verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization. Assessment of the supplier to ensure its capability to meet the organization’s purchasing requirements by performing an on-site evaluation of relevant activities, or performing first article inspection to ensure conformance to stated requirements, or identifying how the supplied product conforms to stated requirements when limited by proprietary, legal, and/or contractual arrangements.

A critical vendor is one that you rely on heavily to support the most important activities within your organization – oftentimes called ‘critical activities’. While critical activities will differ between organizations, examples of critical vendors might include those who:

Inspection Companies– Non-Destructive Testing, Magnetic Particle Inspection, thread inspection, etc. 3rd party inspection companies could be considered a critical supplier.
Calibration Companies – The organization requires certificates published from the 3rd party vendors. This makes calibration companies a critical supplier.
Material –Product and Raw Material Supplier– The Supplier for material would be considered a critical supplier to our needs since many of the products are supplied because if we would stop buying from them our operation would simply crumble
Trucking and delivery – These are suppliers are crucial to the end result as we depend on them to get it to the rigs, so they would definitely be considered critical.
O-rings, seals, and gasket suppliers – Anytime product requires O-rings, seals and gaskets they can be classified as critical.

Defining your critical vendors begins with being clear about your own critical activities. A good place to start is with your company’s business continuity/disaster recovery plan, which defines critical activities within your own operations. Knowing those activities will help you determine which vendors support those critical operational areas. Here are a few things you should do to get started to identify critical vendors:

• Inquire of your Procurement department if they maintain a listing of all vendor contracts.
• Review your user listings to critical systems. You should already perform periodic user access reviews, but doing so will give you an understanding of what vendors have access to your network or sensitive data.
• Once you have performed these tasks, you may be able to better categorize your critical vendors, according to the following classifications and how they rate within your own organization:
  • Vendor type
  • Regulatory requirements
  • Specific services provided
  • Business disruption factors
  • Data type and volume

5.5.1.3 Initial Supplier Evaluation – Critical Purchases – Customer Specified, Proprietary, and/or Legal Limited

For critical products, components, or activities where the supplier is specified by the customer or involves proprietary and/or legal requirements that restrict the application of Initial Supplier Evaluation, the initial evaluation process shall involve verifying the implementation of the supplier’s quality management system and its conformity to the quality system requirements specified by the organization and/or the customer’s requirements and identifying how the supplied product, component, or activity conforms to specified requirements. The scope of approval for customer-specified suppliers shall be restricted to the relevant customer contract in cases where an assessment has not been conducted.

In API Specification Q1, for critical products, components, or activities where the supplier is specified by the customer or involves proprietary and/or legal requirements that restrict the application of Initial Supplier Evaluation, the initial evaluation process involves several key steps:

1. Verification of Supplier’s Quality Management System (QMS): The organization must verify the implementation of the supplier’s quality management system. This includes assessing whether the supplier has established and effectively implemented processes, procedures, and controls to ensure product quality and conformity to requirements. The verification process may involve reviewing documentation, conducting audits, and evaluating the supplier’s QMS effectiveness.
2. Conformity to Quality System Requirements: The organization must verify that the supplier’s quality management system conforms to the quality system requirements specified by the organization and/or the customer’s requirements. This entails comparing the supplier’s QMS practices, procedures, and controls against the organization’s quality system requirements and any additional customer-specific requirements.
3. Identification of Product Conformity: The organization must identify how the supplied product, component, or activity conforms to specified requirements. This involves assessing the product’s characteristics, performance, and adherence to technical specifications, standards, and contractual agreements. The organization may use various methods such as inspection, testing, validation, and certification to verify product conformity.
4. Documentation and Record-Keeping: The results of the initial evaluation process, including verification of the supplier’s QMS, conformity to quality system requirements, and product conformity assessments, must be documented. The organization should maintain records of these evaluations, findings, and any corrective actions taken.
5. Communication with the Customer: If the supplier is specified by the customer or if customer-specific requirements apply, the organization must ensure that relevant information regarding the supplier’s QMS, quality system conformity, and product conformity is communicated to the customer as appropriate.
6. Continuous Monitoring and Improvement: Following the initial evaluation, the organization should establish mechanisms for ongoing monitoring and oversight of the supplier’s performance. This may include periodic audits, performance reviews, and communication channels to address any issues or deviations promptly. Additionally, the organization should continuously seek opportunities for improvement in supplier performance and product quality.

5.5.1.4 Initial Supplier Evaluation—Noncritical Purchases

For the procurement of noncritical products, components, or activities that influence product realization or the final product, the organization’s criteria for evaluating suppliers must either meet the requirements of Initial Supplier Evaluation—Critical Purchases or fulfil one or more of the following:

1. Verifying that the supplier’s quality management system aligns with the quality system requirements specified for suppliers by the organization.
2. Assessing the supplier’s ability to meet the organization’s purchasing requirements.
3. Evaluating the product or component upon delivery, or activity upon completion.

Even for purchase of noncritical products, components, or activities that impact product realization or the final product, the criteria for evaluation of suppliers by the organization must either meet the requirements of criteria of evaluation of critical suppliers or satisfy verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization or assessment of the supplier to meet the organization’s purchasing requirements or assessment of the product upon delivery or activity upon completion. A non-critical vendor is one that does not undergo the same level of examination as critical vendors. Non-critical vendors simply offer support to the operations that allow employees to do their jobs efficiently, effectively and in comfort. They do not, however, have any impact on the final product or service. These vendors may affect productivity but they do not affect the product or service provided itself. The main difference in treatment between a critical and non-critical vendor lies in the frequency between reviews and assessments. Critical vendors generally undergo reviews once a year while non-critical vendors only face reviews once every two-to-three years.

5.5.1.5 Supplier Reevaluation

For suppliers previously approved for products, components, or activities, the organization must determine the frequency of supplier reevaluation based on identified risk and supplier quality performance. For the reevaluation of suppliers providing critical products, components, or activities, the provisions of section 5.5.1.2 shall be followed. For the reevaluation of suppliers providing critical products, components, or activities specified by the customer or restricted by proprietary and/or legal requirements, the requirements outlined in section 5.5.1.3 shall be adhered to. For the reevaluation of suppliers providing non-critical products, components, or activities that affect product realization or the final product, the guidelines detailed in section 5.5.1.4 shall be followed.

For re-evaluation of all suppliers weather critical or noncritical, the requirements of 5.6.1.3 shall apply. The criteria for re-evaluation of suppliers by the organization must either meet the requirements of criteria of evaluation of critical suppliers or satisfy verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization or assessment of the supplier to meet the organization’s purchasing requirements or assessment of the product upon delivery or activity upon completion. A typical supplier evaluation and reevaluation might include:

• Gathering and analysis of data (such as technological and operational capabilities, logistics, quality, technical risks) about the supplier.
• An on-site assessment of the quality system or compliance review by your Audit staff.
• Completing and signing a quality agreement or contract.
• Businesses often assess the supplier’s facilities, quality system, and process controls to determine if there is potential impact on their own manufacturing or service provision processes.
• Assign risk levels on parts/materials, as appropriate:
  • Determine if there is a potential product or regulatory risk.
  • Confirm the capability of the supplier to supply or manufacture to requirements.

5.5.1.6 Records

Records of evaluation results, comprising objective evidence and any subsequent actions, must be retained. Additionally, records of approved suppliers, customer-specified suppliers, and suppliers bound by proprietary and/or legal requirements must be kept.

Records of the results of all evaluations and any necessary actions arising from the evaluations shall be maintained. All suppliers should be given an overall performance rating between 0-100%. Set the minimum performance threshold or benchmark to 95% for example. The resulting performance rating is an indication of a supplier’s performance ability and their ability to meet your requirements. Retain records of supplier evaluations and the related actions.

5.5.1.7 Outsourcing

When an organization decides to delegate a process or activity from its quality management system to an external supplier, it must ensure that the supplier meets the relevant requirements of the organization’s quality management system. If an organization opts to outsource a process or activity related to product realization, it must retain accountability for ensuring that the product meets specified requirements, which may include relevant API or other external specifications. Documentation of outsourced activities must be retained, including evidence of conformity.

When an organization choose to outsource any activity within the scope of its quality management system, the organization shall ensure that all applicable elements of its quality management system are satisfied and shall maintain responsibility for product conformance to specified requirements, including applicable API product specifications associated with product realization. Records of outsourced activities shall be maintained.

Monitoring Outsourcing performance
The performance of outsourced processes must be consistently monitored by the Quality Manager or Contracts Manager. Various ways include the review of measures, targets, KPIs, scorecards, dashboards, scored ratings, or survey results. The ongoing monitoring commonly uses some of the following criteria to rate performance:

• An assessment of the quality and quantity of products, services or materials provided.
• On-time delivery performance.
• responsiveness/communication.
• Total number of corrective actions.
• response time.
• Defective parts per million (PPM).
• Total cost.
• A review of receiving records, inspection records, or acceptance records.

Organizations should periodically communicate these results to their vendors as appropriate. On-site audits and process audits at the vendor’s premises are deemed necessary by the Quality Manager and the Purchasing, or Contracts Manager. Issues or conditions which might initiate a vendor’s audit include quality issues, engineering changes, process changes, plant location changes or the criticality of the part or service. When an audit is necessary, you should contact the vendor to schedule an on-site visit and confirm the agenda.

5.5.2 Purchasing Information

The organization must verify the adequacy of specified purchasing information before transmitting it to the supplier. Purchasing information provided to the supplier must be documented and clearly outline the product, component, or activity to be procured. This documentation should include, as appropriate:

1. Acceptance criteria;
2. Requirements for approving the supplier’s procedures, processes, and equipment;
3. Relevant technical data such as specifications, drawings, process requirements, inspection instructions, and traceability requirements;
4. Criteria for qualifying the supplier’s personnel;
5. Requirements related to the quality management system;
6. Conditions for approving product release; and
7. If either the organization or its customer intends to conduct verification at the supplier’s premises, the intended verification arrangements.

Applicable specifications may encompass or derive from customer requirements, API specifications, design output, and/or industry standards.

The organization must ensure before communicating with the supplier the adequacy of the purchasing information must be adequate and documented. Purchasing information must describe the product or activity to be purchased, including acceptance criteria, and where appropriate requirements for approval of supplier’s procedures, processes, equipment, applicable version of specifications, drawings, process requirements, inspection instructions, traceability, and other relevant technical data. It must also describe any supplier personnel’s qualifications and QMS requirements. Purchase orders for items that are essential to fulfil customer requirements and directly affect the quality of your products and services should only be raised by the Purchasing Manager, or the Accounts Department (at the request of the Purchasing Manager). Purchase orders may be raised by the use of the computerized purchasing system or soft-backed purchase order books. Purchase orders should contain:

• Supplier;
• Originator;
• Date;
• Purchase Order Number;
• Items required;
• Quantities;
• Required delivery date;
• Quoted prices where applicable or known;
• Any other information deemed critical for the supply of the material should also be noted.

Ensure that purchase orders or purchasing specifications include, where appropriate the requirements for the approval and acceptance of products, services, procedures, processes or equipment. Purchasing documentation should also define the requirements for approval of the supplier’s personnel, verification arrangements, or quality management system requirements as necessary. All purchase orders or purchasing specifications must be reviewed and approved before they are released to the supplier. Where appropriate, ensure the requirements for certification, inspection reports, statistical data, approval of samples, etc. are included in purchasing documents. Some purchasing documents may include an agreement obligating your suppliers to give notification of changes to their products or services. When notification is received, the Quality Manager and the Purchasing, or Contracts Manager should evaluate how, and whether the changes affect the quality of your completed products or services.

The organization must where appropriate, communicated not just the products or services they wish to receive but also any processes they want the external provider to undertake on their behalf. To ensure the adequacy of specified purchasing information before their communication to the supplier, the supplier is usually requested to quote on price and availability. All pertinent purchasing information, as determined by your organization and customer requirements; should be included in the request for a quote (RFQ). The purchase order should be created after the review and acceptance of a supplier’s quote and must contain the same content as the request for a quote. Describe the product to be purchased by:

• Defining product approval requirements, e.g.; certificate of conformity;
• Defining intended verification arrangements, e.g.; witness testing or certification;
• Defining personnel qualifications and quality, environmental, and safety requirements;
• Maintaining records.

Where activities are wholly outsourced, or subcontracted; your organization maintains responsibility for product conformance to all specified requirements. Purchasing information should include acceptance criteria, and where appropriate, state the requirements for the approval of supplier’s procedures, processes, and equipment. Applicable versions of specifications, drawings, process requirements, inspection instructions, traceability, relevant technical data, and requirements for qualification/competence of the supplier’s personnel, and quality management system must be specified and communicated.

5.5.3 Verification of Purchased Products, Components or Activities
5.5.3.1 General

The organization must uphold a documented procedure outlining the verification needed to ascertain whether purchased products, components, or activities adhere to specified purchase requirements.

The organization must establish a documented procedure for the verification or other activities necessary for ensuring that purchased products or activities meet specified purchase requirements. Where the organization or its customer intends to perform verification at the supplier‘s premises, the organization shall state the intended verification arrangements and method of product release in the purchasing information. The organization must ensure and provide evidence that purchased products and activities conform to specified requirements. The organization shall maintain records of verification activities.

The documented procedure must ensure that items, which are essential to fulfilling customer requirements and which directly affect the quality of products and services, are verified upon product receipt or service delivery to verify they conform to:

• QMS requirements;
• Competency of external personnel;
• Purchase orders;
• Purchasing specification;
• Purchasing agreements;
• Delivery notes;
• Release certificates;
• Certificates of conformity;
• Inspection and acceptance tests;
• Product specifications;
• National or international standards.
• Receiving inspection

On receipt of incoming materials, the receiving personnel must identify and inspect the items, goods and materials and match them against the delivery note. The delivery note is compared to the corresponding purchase order and any related documentation. This inspection should include but not be limited to:

• Confirmation of identification using purchase order number, drawing numbers, material markings etc.;
• Confirmation of adherence to delivery schedule;
• Confirmation of conformance to purchase order requirements;
• Confirmation of correct quantities;
• Visual examination for obvious defects;
• Measurement comparison to drawings where required;
• Specified certification/documentation as required.

For large numbers of identical items, visual and dimensional checks should be undertaken on a minimum of 5% of the total quantity. No material is released for further processing until receiving inspection has been completed and goods accepted. All accepted materials passing immediate inspection can be allocated a storage area. Any non-compliant goods must be placed in a separate area, and identified. Further investigation should determine whether the items, materials or goods are to be:

• Scrapped;
• Returned to Supplier;
• Reworked to a useable condition.

When inspecting materials that include specified certification or documentation should only be accepted when such certification and documentation has been viewed and approved by the Quality Manager or the Purchasing Manager.

5.5.3.2 Critical Purchases

For critical products, components, or activities, the organization’s verification procedure should cover:

1. Reviewing the required documentation provided by the supplier;
2. Ensuring that the correct versions were utilized when specifying specifications, drawings, process requirements, inspection instructions, traceability requirements, and other relevant technical data as outlined in section 5.5.2 item c;
3. Defining the inspection, testing, and/or verification requirements, including methods, frequency, and the responsible party. The organization should determine these aspects based on identified risks and supplier quality performance.

In API Specification Q1, the verification procedure for critical products, components, or activities involves several key steps to ensure that the organization’s requirements are met and that risks are appropriately managed. The organization should review all required documentation provided by the supplier. This documentation may include quality management system documentation, product specifications, drawings, process requirements, inspection instructions, traceability records, and other relevant technical data. The purpose of this review is to verify that the supplier has provided complete, accurate, and up-to-date documentation that meets the organization’s requirements. It’s essential to ensure that the correct versions of specifications, drawings, process requirements, inspection instructions, and other technical data are utilized. This verification helps prevent errors, discrepancies, or misunderstandings that could lead to nonconforming products or components. The organization should establish procedures for verifying the currency and accuracy of all technical documentation provided by the supplier. The organization must define the inspection, testing, and/or verification requirements for critical products, components, or activities. This includes specifying the methods, frequency, acceptance criteria, and responsible parties for conducting inspections, tests, and verifications. These requirements should be based on identified risks, supplier quality performance, regulatory requirements, and customer specifications. The organization should determine the inspection, testing, and verification requirements based on identified risks associated with the product, component, or activity. Higher-risk items may require more rigorous inspection and testing procedures, while lower-risk items may require less intensive verification. By applying a risk-based approach, the organization can allocate resources effectively and prioritize efforts where they are most needed to ensure product quality and conformity. The organization should also consider the supplier’s quality performance history when defining inspection, testing, and verification requirements. Suppliers with a demonstrated track record of high quality and reliability may warrant less intensive scrutiny, while suppliers with a history of quality issues may require more stringent oversight. Performance metrics such as on-time delivery, defect rates, and corrective action responsiveness can inform decisions about the level of verification required.

5.5.3.3 Noncritical Purchases

The organization’s documented procedure must verify noncritical products, components, or activities.

For non-critical products, components, or activities, the organization’s documented procedure for verification should still be robust and systematic, even if the level of scrutiny may be less intense compared to critical items. Similar to critical items, the organization should review the documentation provided by the supplier for noncritical products, components, or activities. This includes specifications, drawings, process requirements, inspection instructions, and any other relevant technical data. While the level of detail and scrutiny may be less than for critical items, ensuring that the documentation is complete and accurate is still important. Just as with critical items, it’s essential to verify that the correct versions of specifications, drawings, and other technical documents were utilized. This helps prevent errors and misunderstandings that could lead to non-conformities. The organization should define the inspection, testing, and verification requirements for noncritical products, components, or activities. While the level of scrutiny may be less rigorous compared to critical items, it’s still important to specify the methods, frequency, acceptance criteria, and responsible parties for conducting inspections, tests, and verifications. While noncritical items may not pose as significant risks as critical items, it’s still advisable to take a risk-based approach to determine the level of verification required. Consider factors such as the impact of nonconformities, the likelihood of occurrence, and the supplier’s quality performance history when defining verification requirements. Even for noncritical items, it’s important to consider the supplier’s quality performance history when determining verification requirements. While the level of scrutiny may be less intense compared to critical items, suppliers with a history of quality issues may still require additional oversight. The organization should maintain records of all verification activities conducted for noncritical products, components, or activities. This includes documentation of the review of supplier documentation, verification of correct versions, and any inspection, testing, or verification results. As with all quality management processes, the organization should continuously monitor and evaluate the effectiveness of its verification procedures for non-critical items. Seek feedback from stakeholders, track performance metrics, and make adjustments as necessary to improve efficiency and effectiveness. By implementing a documented procedure for verifying noncritical products, components, or activities, organizations can ensure consistency, reliability, and compliance with quality requirements, even for items that may not pose significant risks to product quality or safety.

5.5.3.4 Records

Documentation of verification activities and evidence demonstrating conformity to specified requirements must be retained.

Documentation of verification activities and evidence demonstrating conformity to specified requirements must be retained by the organization. These records serve as evidence of compliance with quality management system requirements and provide a documented history of product verification processes. The organization should maintain records documenting all verification activities conducted for products, components, or activities. This includes documentation of reviews of supplier documentation, verification of correct versions, inspection, testing, and any other verification activities performed to ensure conformity to specified requirements. Records should include evidence demonstrating conformity to specified requirements. This may include inspection reports, test results, certificates of compliance, supplier documentation, and any other relevant documentation that demonstrates that the product, component, or activity meets the specified requirements. The organization should establish a retention period for records of verification activities and evidence of conformity based on regulatory requirements, industry standards, and internal policies. Records should be retained for a minimum period of 10 years to demonstrate compliance with API Specification Q1 and to support future audits, assessments, or reviews. Ensure that records of verification activities and evidence of conformity are securely stored and readily accessible when needed. This may involve maintaining electronic or paper-based records in a centralized location or document management system that allows for easy retrieval and reference. Implement appropriate controls to ensure the security and integrity of records, protecting them from unauthorized access, alteration, or destruction. This may include password protection, encryption, backup procedures, and restricted access to sensitive information. Maintain an audit trail of verification activities and changes to records, documenting the date, time, and identity of individuals who performed or approved verification activities. This helps ensure accountability and transparency in the verification process. Periodically review and verify the accuracy and completeness of records of verification activities and evidence of conformity. This ensures that records are up-to-date, accurate, and reflective of the organization’s verification processes.

5.6 Control of Product Realization
5.6.1 General

The organization must uphold a documented procedure outlining controls related to product realization. This procedure should cover:

1. Establishing and applying manufacturing acceptance criteria (MAC);
2. Identifying and documenting critical processes involved in product realization;
3. Executing the quality plan, if applicable;
4. Ensuring compliance with design requirements and associated modifications, if applicable;
5. Utilizing and ensuring the availability of product realization equipment and TMMDE (unless excluded);
6. Following relevant work instructions;
7. Employing process control documents;
8. Maintaining identification and traceability requirements throughout the product realization process;
9. Executing monitoring and measurement activities.

The organization must establish a documented procedure that describes controls associated with the product realization. The procedure shall address the availability of information that describes the characteristics of the product, when applicable implementation of the product quality plan, when applicable ensuring design requirements and related changes are satisfied, when applicable, the availability and use of suitable production, testing, monitoring, and measurement equipment, when applicable the availability of work instructions, process control documents, implementation of monitoring and measurement activities, and implementation of product release including applicable delivery and post-delivery activities.

The procedure shall address the following the availability of information that describes the characteristics of the product. A product characteristic is an attribute or property of the product that describes the product’s ability to satisfy its purpose in a larger system. Examples of product characteristics are size, shape, weight, colour, quality, hardness, etc. The list of product characteristics depends on your product and how its functional design requirements have been defined. Some product characteristics are more significant than others in terms of reliability, quality and safety. Thus, it can be important to identify those that are most critical. The procedure shall address the following implementation of the product quality plan, when applicable. The procedure shall address ensuring design requirements and related changes are satisfied, when applicable. Changes to the Product Quality Plan design requirements and related changes may affect the application or other risk associated with the changes therefore a review of the Design and Development process is required to ensure associated with the changes related to product quality, delivery and meeting customer requirements are affected. The availability and use of suitable Production, Testing, Monitoring and Measurement Equipment. Manufacturing in the process must ensure that production equipment required for the manufacturing process is available, based on capacity and suitability for the application required as well as having properly calibrated TMME suitable for monitoring the manufacturing process to ensure the product meets the stated specifications. The availability of work instructions, when applicable. While not stated in the specification, processes especially critical processes should have work instructions describing critical steps and include what risks to Quality, Health & Safety that could affect product quality/delivery and where employee’s health and safety are at risk. This is linked to their competencies. The procedure shall address process control documents. Process control documents includes those documents demonstrating to the stated requirements (Customer, API, product standards/ codes etc.) and listed within the product quality plans, if applicable. These documents include routing, travelers, checklists, process sheets, or equivalent controls required by the company. The procedure shall address the implementation of monitoring and measurement activities. The procedure shall address the implementation of product release, including applicable delivery and post-delivery activities. Product release cannot proceed until the product meets the agreed-upon planned arrangement or is approved by a relevant authority and, where applicable, by the customer.

1. Establishing and Applying Manufacturing Acceptance Criteria (MAC): The organization should establish clear manufacturing acceptance criteria (MAC) that define the acceptable quality standards for products. These criteria should be based on customer requirements, regulatory standards, and internal quality objectives. The procedure should outline how MAC are established, communicated, and applied throughout the product realization process.
2. Identifying and Documenting Critical Processes: Critical processes involved in product realization should be identified and documented. This may include processes such as material procurement, production, assembly, testing, and packaging. The procedure should specify how critical processes are identified, documented, and controlled to ensure consistent product quality and conformity.
3. Executing the Quality Plan: If applicable, the organization should execute a quality plan that outlines the specific quality objectives, activities, and responsibilities for product realization. The procedure should describe how the quality plan is developed, implemented, and monitored to ensure that quality requirements are met throughout the product realization process.
4. Ensuring Compliance with Design Requirements: If applicable, the organization should ensure compliance with design requirements and any associated modifications during product realization. This may involve reviewing design specifications, drawings, and technical documentation to verify that manufacturing processes align with design intent. The procedure should outline how design requirements are communicated, controlled, and verified during product realization.
5. Utilizing Product Realization Equipment and TMMDE: Unless excluded, the organization should utilize and ensure the availability of product realization equipment and tools, machinery, measuring, and test equipment (TMMDE). The procedure should specify how equipment and TMMDE are selected, calibrated, maintained, and used to ensure accurate and reliable measurements and inspections.
6. Following Relevant Work Instructions: Employees should follow relevant work instructions, procedures, and standard operating practices during product realization. The procedure should outline how work instructions are developed, approved, communicated, and updated to ensure consistency and adherence to quality requirements.
7. Employing Process Control Documents: Process control documents should be employed to specify the methods, parameters, and controls required to maintain product quality and consistency. This may include control plans, standard operating procedures, and inspection plans. The procedure should describe how process control documents are developed, maintained, and implemented to control critical processes.
8. Maintaining Identification and Traceability Requirements: The organization should maintain identification and traceability requirements throughout the product realization process to ensure the ability to trace products back to their source and track their movements. This may involve assigning unique identifiers, labeling products, and maintaining records of material, components, and processes. The procedure should outline how identification and traceability requirements are implemented and verified.
9. Executing Monitoring and Measurement Activities: Monitoring and measurement activities should be executed to verify that product realization processes are performing as intended and meeting quality objectives. This may include in-process inspections, testing, and monitoring of key performance indicators. The procedure should specify how monitoring and measurement activities are planned, conducted, and recorded to ensure product quality and process effectiveness.

By establishing a documented procedure that covers these aspects of product realization controls, organizations can ensure consistent and reliable manufacturing processes, adherence to quality requirements, and continuous improvement in accordance with API Specification Q1 requirements.

5.6.2 Quality Plan

When stipulated by contract, the organization must create a quality plan delineating the processes of the quality management system, including product realization, and the resources allocated to a product. This plan should cover the following minimum aspects:

1. Description of the product or the quality plan’s scope;
2. Required processes and documentation, encompassing necessary inspections, tests, and record-keeping to ensure compliance with requirements;
3. Identification of outsourced activities and references to their management;
4. Identification of each procedure, specification, or document referenced or utilized in each activity;
5. Specification of the required hold points, witnessing, monitoring, and document review stages.

The quality plan, along with any modifications, must be documented and endorsed by the organization. Additionally, the quality plan and its revisions should be communicated to the customer. A quality plan may consist of one or more documents and may be known by various terms, such as product quality plan (PQP), inspection and test plan (ITP), manufacturing process specification (MPS), process control plan (PCP), or quality activity plan (QAP).

The organization must develop a quality plan [ can also be called as Product quality plan (PQP), inspection and test plan (ITP), manufacturing process specification (MPS), process control plan (PCP), and quality activity plan (QAP)] which specifies the processes of QMS including the product realization process and resources to be applied to products when required by contract. The product quality plan must description of the product to be manufactured, required processes and documentation, including required inspections, tests, and records, for conformance with requirements, identification and reference to control of outsourced activities, identification of each procedure, specification, or other document referenced or used in each activity and identification of the required hold, witness, monitor, and document review points. These product quality plans must ensure customer requirements are met and must be communicated to customer. The quality plans and any revisions must be approved by the organization and documented. A product quality plan may be comprised of one or several different documents. A quality plan often makes references to parts of the quality manual or to procedure documents. A Quality Plan (QP) is a tool that will allow you to effectively communicate what you expect from your suppliers, your in-house workforce, or external contractors. It covers all areas of the production process from first concepts to the finished product. A quality plan is a document that specifies quality standards, practices, resources, specifications, and the sequence of activities relevant to a particular product.  An example of this can be a manufacturing company that machines metal parts. Its quality plan consists of applicable procedures, applicable workmanship standards, the measurement tolerances acceptable, the description of the material standards, and so forth. These may all be separate documents. Work orders specify the machine setups and tolerances, operations to be performed, tests, inspections, handling, storing, packaging, and delivery steps to be followed. An operating-level quality plan translates the customer requirements into actions required to produce the desired outcome and couples this with applicable procedures, standards, practices, and protocols to specify precisely what is needed, who will do it, and how it will be done. Quality Plan shows the techniques and procedures for controlling the product. Quality Plan need to consider the goals of reliability and quality. Reliability goals are established based on the needs and expectations of end users. Quality goals should be based on metrics that are gained from company production or past experience. The Product Quality Plan may be as simplistic as a one-page document or as complex as a 5” binder document set. The complexity of an Quality Plan varies depending on the complexity of the product.

The Quality plan should cover the following:

• Description of the Product or Scope of the Quality Plan: The quality plan should provide a clear description of the product, service, or project to which it applies. This includes defining the scope of work, identifying deliverables, and specifying any special requirements or considerations relevant to quality management.
• Required Processes and Documentation: The quality plan should outline the required processes and documentation necessary to ensure conformance with requirements. This includes specifying the procedures, methods, inspections, tests, and records needed to verify that products or services meet quality standards. The plan should detail the sequence of activities, responsibilities, and acceptance criteria for each process.
• Identification of Outsourced Activities: If any activities are outsourced to external suppliers or contractors, the quality plan should identify these activities and reference their control. This includes specifying the criteria for selecting, evaluating, and monitoring outsourced suppliers, as well as outlining the responsibilities and expectations for ensuring quality in outsourced work.
• Identification of Referenced Documents: The quality plan should identify each procedure, specification, or other document referenced or used in each activity. This ensures that all relevant documents and standards are properly integrated into the quality management process and followed consistently throughout the project lifecycle.
• Identification of Hold, Witness, Monitor, and Document Review Points: The quality plan should identify the required hold points, witness points, monitor points, and document review points throughout the project or product lifecycle. Hold points indicate stages at which work must be stopped until certain conditions are met or approvals are obtained. Witness points require the presence of a designated individual to observe and verify specific activities. Monitor points involve ongoing surveillance or oversight of critical processes or activities. Document review points involve reviewing and approving documents, reports, or records to ensure accuracy, completeness, and compliance with requirements.

5.6.3 Process Control Documents

The organization is required to document process controls, which must encompass or make reference to Criteria for verifying compliance with relevant quality plans, API product specifications, customer requirements, and/or other pertinent product standards/codes; Instructions and criteria for processes, tests, inspections, and; When relevant, points designated for the customer’s inspection hold, witnessing, monitoring, and document review. Process controls may take the form of routings, travelers, checklists, process sheets, or similar controls, and may be electronic or hard copy.

Process controls are be documented in routing, travelers, checklists, process sheets, or equivalent controls as required by the organization including requirements for verifying conformance with applicable product quality plans, API product specifications, customer requirements, and/or other applicable product standards/codes. The process control documents also include or have reference to instructions and acceptance criteria for processes, tests, inspections, and required customer’s inspection hold or witness points. Process control is about monitoring and controlling all aspects of a manufacturer’s production and operation. It’s part of the larger supply chain management and it works in conjunction with other operation management functions such as inventory control and quality control. The purpose of production control is to balance the output of a facility to guarantee that the specifications of the products being produced are met. It does this by applying specific actions and making insightful decisions to predict, plan and schedule work. Some of the activities that are regulated in production control include labor, the availability of materials and any restrictions on capacity and cost. The end result of production control is to achieve the expected quality and demanded quantity while monitoring the production schedule to ensure that the production plan is being met. The production control process varies from industry to industry and even business to business. That said, there are some fundamental steps that are common in any production control process. They are as follows.

• Routing: The first step of any production control process is the definition of your operation, from beginning to end. This includes what raw materials you’ll need for production, other resources, such as labor and equipment, the needed quantity, quality expectations and where the production will take place. This process is to determine the most efficient and cost-effective step-by-step manufacturing process through scheduling.
• Traveller: It is a document that contains all of the details about the materials and processes that went into the production of a given item. When a manufacturer receives an order, they create a work order to begin the production process. In addition to the work order, a traveller is created and moves along with the product as it flows through the production facilities. The traveller contains information about what items are necessary for the given product, what tools will be needed, and what steps the product will need to go through to be assembled.
• Checklist for Manufacturing: A control checklist for manufacturing includes all the requirements for a product, both visual and physical. It is a beneficial tool to ensure all parties are on the same page about the demands for the parts, materials, and final product. It outlines the standards your suppliers and manufacturers should meet and describes the “ideal” product that your customer expects from you. You can think of a checklist as guidelines for all teams to follow when making and selling your products. It streamlines the cooperation process and helps eliminate any possible errors occurring along your entire manufacturing workflow.
• Process sheet: A process sheet is a document that provides all the steps for manufacturing products. Process sheets are also processed records, production documents, or shop orders. A process sheet consists of manufacturing instructions for a specific batch, lot, or run. It describes the operating parameters and settings for the equipment and facilities used and associated tooling or supplies. It contains part information, routing information, and operation detail information. A process sheet is a set of instructions that can be followed to achieve the desired goal.

5.7.1.5 Validation for Production & Servicing

5.6.4 Validation of Processes

The organization is obligated to validate processes in cases where the resulting output cannot be verified through subsequent monitoring or measurement, leading to the detection of deficiencies after product delivery or during its usage. Validation must demonstrate these processes’ capability to achieve planned outcomes. Process validation shall adhere to either of the following:

1. If a product specification specifies particular processes necessitating validation, only those specified processes shall require validation for the relevant product. (Note: The organization may, at its discretion, opt to validate additional processes beyond those outlined in a product specification.)
2. If there is no applicable product specification or the specification does not identify processes requiring validation, processes necessitating validation for the product, if applicable, shall include, at a minimum: nondestructive examination (NDE)/nondestructive test (NDT), welding, heat treating, and coating and plating (when deemed critical to product performance by the product specification or the organization).

The organization must maintain a documented procedure for process validation, detailing the review and approval methods. This procedure should cover required equipment; personnel qualification; specific methods, including defined operating parameters; identification of process acceptance criteria; record-keeping requirements; and revalidation criteria. In cases where the organization outsources a process requiring validation, it must retain evidence confirming compliance with the stipulations outlined in section 5.6.4.

This section reviews the validation of process for production and servicing. All those process of production and servicing has to be validated where the resulting output cannot be verified by subsequent monitoring or measurement, and as a consequence, deficiencies become apparent only after the product is in use or the servicing has been delivered. The organization shall maintain a documented procedure to address methods for review and approval of the processes including:

o Required equipment
o Qualification of personnel
o Use of specific methods
o Identification of acceptance criteria
o Requirements for records
o Re-validation

The organization shall validate those processes identified by the applicable product specification as requiring validation. If these processes are not identified, or there is no product specification involved, the processes requiring validation shall include, as a minimum, nondestructive examination, welding, and heat treating, if applicable to the product. Process validation is the act of controlling a process and actually performing the necessary tests to ensure that the process can, in fact, perform according to the requirements it is designed to meet. The monitoring and measuring of the characteristic of the been designed, implemented and executed in a way that enables fulfillment of the planned results. Each organization with the implemented quality management system need validate each of their production and delivery services processes where these processes operate without exhaustive monitoring or measurement. A process needs to be validated if you will not be able to check if the product or service is compliant with input requirements. An example might be a soldering process or welding process where you cannot check the strength of every weld during your regular production without damaging or destroying the parts. Not every process is required to undergo a validation so if you have a process where validation is not required you can still choose to validate the process. For instance, you may want to validate a process in order to reduce a complex or costly inspection of the product or service after the process, even if you could check that the outputs meet the input requirements. Which processes you validate is determined by you and your needs.

5.6.5 Identification and Traceability

The organization is responsible for establishing and preserving identification throughout product realization, encompassing relevant delivery and post-delivery activities. This entails acknowledging traceability requirements outlined by the organization, the customer, and/or pertinent product specifications. The organization must uphold a documented procedure for identification and traceability while the product remains within its control, covering the following:

1. Methods employed for identification.
2. Necessary information for traceability, if mandated.
3. Criteria for maintaining and/or reinstating identification and/or traceability.
4. Measures to rectify instances of lost identification and/or traceability.

Records documenting traceability must be retained. Please note that “product” may encompass components or raw materials.

The organization must establish a documented procedure for identification and traceability while the product is under control of the organization as required by the organization, the customer, and/or the applicable product specifications throughout the product realization process, including applicable delivery and post-delivery activities. The procedure shall include requirements for maintenance or replacement of identification and/or traceability marks. Identification and traceability must be recorded. Where traceability is a requirement, the organization should control and records the unique identity of the product throughout the production process to ensure that only products that have passed the required inspections and tests are utilized. The process for the identification and traceability of outputs, in terms of the monitoring and measurement requirements at all stages of production, to enable the demonstration of conformity to requirements, e.g. physical part marking, labeling, tags, bar codes, signage, visual indicators, part segregation, lay down areas, storage racks. There are several ways of identifying products to prevent them becoming mixed with other parts, components, or orders. The most obvious is using tags or stickers with a unique traceability identifier, such as a lot or batch number included on the product labels. The identification may be engraved in the product itself, or the product may simply be marked by a color. Establish and implement a procedure to identify the product through the design, development, manufacture and delivery stages. The established a traceability system should track components from raw material through inspection, test, and final release operations, including rework:

1. Establish the identity and status of products;
2. Maintain the identity and status of products;
3. Maintain records of serial or batch numbers.

5.6.6 Inspection/Test Status

The organization is required to uphold a documented procedure for maintaining the identification of inspection and/or test status throughout product realization, clearly indicating whether the product conforms or exhibits nonconformity.

The organization must establish a documented procedure for the identification of product inspection and/or test status throughout the product realization process that indicates the conformity or nonconformity of product with respect to inspections and/or tests performed. The organization shall ensure that only product that meets requirements or that is authorized under concession is released. Product inspection & test status are conducted for the product identification, and all the quality requirements managed in it. Product inspection and test status documentation is managed to recording information of the quality inspection and quality test that conducted, progress of the test and its status records are managed in the documents, the quality inspection and test status is maintained for the product identification. The documentation of the Product inspection & test status are maintained each process stages that required for the manufacturing, producing materials with quality as per customer requirements. The documents covered materials and its identification method that used to product realization with detailed information is managed in the quality inspection and test status. Management of the quality concern issues and its concern methods are also maintained in details. The stages of the product management are conducted incoming materials to final product and its concern information that used for the product identification. The documentation for inspection and test status is the part of the product identification, and the records are managed by quality manager, and quality manager is responsible for the managing records and its concern activities that help to determine actions for improvement for particular stages and its methods that handled during the process.

5.6.7 Externally Owned Property

The organization must uphold a documented procedure for managing externally owned property, including customer property, incorporated into the product while under the organization’s control. This property encompasses intellectual property and non-publicly available data. The procedure should cover identification, verification, safeguarding, preservation, maintenance, and reporting loss, damage, or unsuitability for use to the external owner. Records concerning the control and disposition of externally owned property must be retained.

The organization must a documented procedure for the identification, verification, safeguarding, preservation, maintenance, and control of Externally owned property, including intellectual property and data, while under control of the organization. The procedure includes requirements for reporting to the customer any loss, damage, or unsuitability for use of Externally owned property. The control and disposition of Externally owned property must be recorded.

This contains the requirement for organizations to have documented procedures for the identification, verification, safeguarding, preservation, maintenance, and control of Externally owned property property. Check that your organization communicates with its External provided including customers in regard to the handling and treatment of their property. You should also check that contingency plans and, where relevant, actions are undertaken when non-conformities occur with Externally provider property. Good sources of information often include the following examples:

• Goods returned by the customer;
• Warranty claims;
• Revised invoices;
• Credit notes;
• Articles in the media;
• Consumer websites;
• Direct observation of, or communication with, the customer.

If there are any products, materials, or tools on your organization’s premises that are owned by External provider, customer, all employees must exercise care with this property. This means they must ensure that the product is not lost or damaged. If External provided property is lost or damaged, this needs to be recorded and the External provider needs to be notified. Establish and implement a process to manage property supplied by External provider:

• Establish the identity and status of External provided supplied product;
• Maintaining records.

5.6.8 Preservation of Product

The organization must uphold a documented procedure outlining the approaches employed to maintain the integrity of the product and its component parts during product realization and delivery. This procedure should cover identification and traceability marking, storage procedures (including designated storage areas or stock rooms), periodic condition assessments as specified by the organization, transportation, handling, packaging, and protection. Records of assessment results must be retained.

The organization must establish a documented procedure for preservation of product and its constituent parts, It must describe the methods used to preservation throughout product realization and delivery to the intended destination in order to maintain conformity to requirements. It must include identification and traceability marks, transportation, handling, packaging, and protection as applicable. The preservation process must include packaging, storage and other product specific handling methods.

1. Identification and traceability– Ensure that products are properly identified and do not become mixed with other orders. You should expect to see that all products are clearly identified. This is relative to identification and traceability however for preservation of product it is a requirement and not ‘as applicable’;
2. Handling – This may include bulk handing using moving equipment or physical contact where handling may influence product conformity. You should verify that suitable handling methods are implemented throughout the processes.
3. Packaging – Ensure that labeling and marking of shipped products are sufficient to enable adequate identification and traceability back through your QMS. This should include ensuring that labeling and marking maintains its integrity and remains affixed throughout the shipping process. You should expect to see that methods have been established for packaging the product to preserve its integrity. Package products appropriately for shipping in order to preserve the product’s integrity throughout the shipping process;
4. Protection – Raw materials, in-process materials, inspected product, nonconforming product and product ready for shipping should also be identified with its status and protected from any unintended alteration. You should verify that appropriate measures are in place to protect product. This will vary depending on the product.

The procedure must also identify the requirements for storage and assessment of the and its constituent parts . There must be designated storage areas or stock rooms to prevent damage or deterioration of product before its use or delivery. To check for deterioration, the condition of product or constituent parts in stock has to be assessed at specified intervals . The interval will be appropriate to the products or constituent parts being assessed. The organization must use designated storage areas or stock rooms to prevent damage or deterioration of product, pending use or delivery. Appropriate methods for authorizing receipt to and dispatch from such areas shall be stipulated. The storage facilities, should not only be physical security but also the environmental conditions (e.g., temperature and humidity). In order to detect deterioration, the condition of product in stock shall be assessed at appropriate intervals. It may be appropriate to check periodically items in storage to detect possible deterioration. The methods for marking and labeling should give legible, durable information in accordance with the specifications. Consideration may need to be given to administrative procedures for expiration dates, and stock rotation and lot segregation.

5.6.9 Inspection, Testing, and Verification
5.6.9.1 General

The organization must maintain a documented procedure for inspecting, testing, and/or verifying the product to ensure that requirements have been met. This procedure should cover:

1. Methods and application of in-process inspection, testing, and/or verification.
2. Methods and application of final inspection, testing, and/or verification.
3. Creation and retention of records.

It’s important to note that in-process and final inspection may be combined into one or more activities, and certain product characteristics may necessitate final inspection/verification during product realization.

A product inspection is the process of examining your goods against a list of pre-set criteria to ensure they meet your quality standards. The process might include packaging and labeling checks, visual examination, functionality checks, and measurement taking.Product testing typically involves using advanced equipment in a laboratory setting to verify product safety, compliance, or performance. You might test your products to check for harmful chemicals, comply with regulations, or simulate repeated use.The key differences between inspection and testing in manufacturing are:

• Inspections typically take place at the factory where the goods are produced, while testing occurs in a specialized lab.
• Inspections typically use basic equipment that an inspector can carry with them, while testing involves advanced equipment.
• Inspections are typically focused on maintaining quality standards, while testing is focused on regulatory compliance and performance standards.

Types of inspection / verification:

• Quantity
• Description: size, weight, diameter, length
• 100% or sampling
• Visual inspection
• Gaging
• Dimensional inspection
• Nondestructive examination
• Hardness testing
• Positive material identification
• Document review (inspection reports, material test reports)

organizations must maintain a documented procedure for inspecting, testing, and/or verifying the product to ensure that requirements have been met. Here’s how the procedure should cover each aspect:

1. Methods and Application of In-Process Inspection, Testing, and/or Verification:
   • The procedure should detail the methods used for in-process inspection, testing, and/or verification during the manufacturing or assembly process.
   • It should specify the points in the production process where in-process inspections or tests are conducted, as well as the acceptance criteria for each inspection or test.
   • The procedure should outline how the results of in-process inspections or tests are documented, communicated, and used to make decisions about product acceptance or further processing.
2. Methods and Application of Final Inspection, Testing, and/or Verification:
   • The procedure should describe the methods used for final inspection, testing, and/or verification of the finished product before release or delivery.
   • It should specify the criteria and procedures for conducting final inspections or tests, including sampling plans, test methods, and acceptance criteria.
   • The procedure should outline how the results of final inspections or tests are documented, evaluated, and used to determine product acceptability and readiness for release.
3. Creation and Retention of Records:
   • The procedure should define the requirements for creating, maintaining, and retaining records of inspection, testing, and verification activities.
   • It should specify the information to be included in inspection, test, and verification records, such as the date and time of the activity, the identity of the inspector or tester, the results of the inspection or test, and any actions taken as a result of the findings.
   • The procedure should outline the retention period for inspection, test, and verification records, as well as the storage and retrieval requirements to ensure that records are maintained in a secure and accessible manner.

By covering these aspects in the documented procedure for inspecting, testing, and verifying the product, organizations can ensure consistency, accuracy, and reliability in their quality control processes, leading to the production of products that meet specified requirements and customer expectations by API Specification Q1 requirements.

5.6.9.2 In-process Inspection, Testing, and Verification

The organization must conduct inspections, tests, and/or verifications of products at predetermined stages as specified by the quality plan, process control documents, and/or documented procedures. Evidence demonstrating conformity with the acceptance criteria must be retained.

The organization must inspect/verify and test the product at planned stages as per the product quality plan, process control documents, and/or documented procedures. Evidence of conformity with the acceptance criteria must be maintained. In-process inspections seek to examine workflow to reduce cycle time and Work-in-Process (WIP), while increasing capacity. Resources are evaluated to ensure proper training. Environmental factors are taken into consideration and products are inspected directly on the shop floor. The inspections can be performed by both manufacturing and inspection personnel.

5.6.9.3 Final Inspection, Testing, and Verification

The organization must conduct final inspection, testing, and/or verification of the product by the quality plan, process control documents, and/or documented procedures to ascertain and document conformity of the completed product with the specified requirements. Unless conducted by an automated system, individuals other than those involved in or directly overseeing the product realization process shall carry out the final acceptance inspection at the scheduled stages of the product realization process.

The organization must perform all final inspections and testing as per the product quality plan and/or documented procedures to validate and document the conformity of the finished product to the specified requirements. Personnel who have not performed or directly supervised the production must conduct a final acceptance inspection.  For single-step manufacturing processes (e.g. threading), in-process and final inspection and testing may be the same. Final inspections take place when production is complete. The overall product is measured against engineering, customer requirements, and standards. Final inspections and device approvals play an integral role in the decision to move items to stock or shipment. An inspection report is run before final device approval to ensure there are no open items. A final inspection report will validate that all required operations are complete, all non-conformances have been resolved, and required traceability has been recorded.

Usually, the Quality Manager determines the scope of the inspection and testing. This will be thoroughly communicated to all personnel. This procedure usually includes

• Holding back products until all inspections have been finalized
• The work order is reviewed to ensure all first-part inspections, processes, and specified operations have been completed—the relevant supervisor signs off the sheet
• Check that all documents are traceable to each product and made available for inspection
• Do a visual inspection to verify all specified operations have been completed. This is also done to detect any visible damage or defects
• Goods are released for packaging and shipping after the final inspection has been completed

5.6.9.4 Records

Records documenting all necessary inspection, testing, verification, and final acceptance activities must be preserved.

Records documenting all necessary inspection, testing, verification, and final acceptance activities must be preserved by the organization. These records serve as evidence that products have been adequately inspected, tested, and verified to ensure they meet specified requirements before being released to customers or used in further processes. Inspection, testing, verification, and final acceptance records provide documented evidence that the organization has complied with its quality management system requirements and procedures. This documentation demonstrates that products have undergone appropriate evaluation and have met the necessary standards and criteria. Preserved records allow for traceability and accountability throughout the production and quality assurance processes. They enable the organization to track the history of each product, including who conducted inspections or tests, when they were performed, and what the results were. This traceability helps identify potential issues, track trends, and assign responsibility if problems arise.

5.6.10 Preventive Maintenance

The organization must uphold a documented procedure for conducting preventive maintenance on equipment utilized for product realization. This procedure should outline the equipment types subject to maintenance, the frequency of maintenance tasks, and the individuals responsible for carrying them out. Records detailing preventive maintenance activities must be retained. Preventive maintenance protocols can be devised based on various factors such as risk assessment, system reliability, usage patterns, historical data, industry best practices, applicable regulations, manufacturer recommendations, or other relevant criteria.

The organization must establish a documented procedure for preventive maintenance of equipment used in product realization. The procedure shall identify the type of equipment to be maintained, frequency and personnel responsible for preventive maintenance. Record for Preventive maintenance must be maintained. Preventive maintenance can be based on risk, system reliability, usage history, experience, industry-recommended practices, relevant codes and standards, original equipment manufacturer’s guidelines, or other applicable requirements.

Preventive maintenance consists of regular, scheduled maintenance activities that are performed on equipment to reduce the chance of failure and extend uptime. Preventive maintenance can be defined as the “systematic inspection, detection, correction, and prevention of incipient failures before they become actual or major failures.”

a) This specification requires that the type of equipment used in the process realization process be identified and maintained.

(b) Frequency Identifying the frequency of the preventive maintenance to be performed. This may include:

• Daily/weekly
• Monthly/Quarterly
• Semi-Annually
• Annually

(c) Identifying the responsible personnel to perform the preventive maintenance. This may include:

• Operator
• Maintenance Personnel
• Manufacture/ 3rd Party

5.7 Product Release

The organization must retain a documented procedure concerning the release of products to customers. Product release should not occur until all planned arrangements have been satisfactorily fulfilled. Only products that conform to requirements or have been authorized under concession shall be released by the organization. Records must be kept to facilitate the identification of the individual responsible for authorizing product release.

The organization must establish a documented procedure to ensure release of product to the customer shall not proceed until all the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer. Records to enable identification of the individual releasing the product must be maintained. The release of the product must not be completed until the planned requirements have been met. The release of a product may include, according to product planning and the verification stages; release to the next operation, release to an internal customer, or release to the final customer, etc. Planned arrangements can include design verification and design validation, which can involve modelling, simulations, experiments, trials, prototypes, functional testing, performance testing; inspections comprising, in-process, first article and final inspection; thorough examination through destructive and non-destructive testing; customer acceptance testing, product certification/qualification, third party qualification from a regulator, recognized society, or independent testing body etc. For product release, the planning requirements may be waived but must be approved by the relevant authority and by the customer as appropriate. Monitor and measure product characteristics to ensure they can demonstrate:

1. Product characteristics are continually met;
2. Evidence of conformity with product requirements.

Retain records to provide evidence that acceptance criteria have been met might include: e.g. certificate of conformity, release certificate, and regulatory certificate. Ensure traceability to the person(s) authorizing the release such as name, authorized signatories, user identification, stamp impression etc., including their authority status (release signatory, certifying staff, scope of authorization etc.).

5.8 Testing, Measuring, Monitoring, and Detection Equipment (TMMDE)

5.8.1 General

The organization must establish the testing, measuring, monitoring, and detection requirements necessary to demonstrate conformity to specified standards. This includes the necessary Test, Measurement, Monitoring, and Detection Equipment (TMMDE). TMMDE, whether owned and maintained by the organization, owned by employees, or obtained from external sources such as third-party vendors, proprietary sources, or customers, must be controlled. Calibration of TMMDE must occur at specified intervals, with documentation of the date of first use when the calibration interval is determined based on this date.

5.8.2 Procedure

The organization must uphold a documented procedure for controlling Test, Measurement, Monitoring, and Detection Equipment (TMMDE). This procedure must encompass specific equipment types and include:

1. Unique identification;
2. Calibration status;
3. Traceability to international or national measurement standards. If such standards are absent, the basis for calibration must be recorded;
4. Calibration method and acceptance criteria;
5. Calibration frequency and the commencement of calibration intervals;
6. Documentation of calibration measurements before and after adjustments, known respectively as ‘as-found’ and ‘as-left’ measurements. If no adjustments are made, ‘as-found’ and ‘as-left’ measurements are the same;
7. Measures to prevent unintended use of TMMDE identified as out-of-calibration, beyond calibration intervals, or out-of-service;
8. Assessment of the validity of previous measurements and actions to be taken on the TMMDE and product if TMMDE is found to be out of calibration, including maintaining records and evidence of customer notification if the suspect product has been shipped;
9. Utilization of third-party, proprietary, employee-owned, and customer-owned TMMDE;
10. Maintenance; and
11. Suitability for planned monitoring and measurement activities.

5.8.3 Equipment

TMMDE identified in 5.8.1 must adhere to the following:

• a) Undergo calibration;
• b) Have its calibration status identifiable by the user before and during use;
• c) Be safeguarded from adjustments or modifications that could invalidate the measurement result or calibration status;
• d) Be protected from damage and deterioration during handling, maintenance, and storage; and
• e) Be utilized under environmental conditions suitable for the calibrations, inspections, measurements, and tests being performed.

When utilized in testing, monitoring, measurement, or detection to meet specified requirements, the suitability of computer software to fulfil the intended application must be confirmed before initial use and reconfirmed as necessary.

5.8.4 TMMDE Equipment from Other Sources

When utilizing TMMDE that is third-party, proprietary, or customer-owned, the organization must ensure the equipment is calibrated before use. If constrained by customer, contract, or licensing agreement limitations, the requirements outlined in 5.8.2, Item c), 5.8.2, Item d), 5.8.2, Item e), 5.8.2, Item f), 5.8.2, Item j), and 5.8.2, Item k) shall not be applicable.

The organization must determine the testing, monitoring, and measurement required and the associated equipment needed to provide evidence of conformity to those requirements. The organization must establish a documented procedure for maintenance and calibration of the testing, measurement, and monitoring equipment and that the equipment is used as per the monitoring and measurement requirements. The procedure shall include unique identifier, calibration status, equipment traceability to international or national measurement standards. If no such standards exist, the basis used for calibration or verification must be recorded. It must also include frequency of calibration prior to use and also at specific intervals. The calibration or verification method, including adjustments and readjustments as necessary, the acceptance criteria and control of equipment identified as out-of-calibration in order to prevent unintended use should be included in the procedure. When the equipment is found to be out of calibration, an assessment of the validity of previous measurements must be undertaken. Actions to be taken on the equipment and product. If any suspect product has been shipped, there must be evidence of notification to the customer. Records must be maintained. Test, Measurement, Monitoring, and Detection Equipment (TMMDE) must be calibrated or verified, or both, against measurement standards. Verification against identified acceptance criteria is performed on nonadjustable equipment. TMMDE must have the calibration status identifiable by the user for the activities being performed at all times. It must be safeguarded from adjustments that would invalidate the measurement result or the calibration status. It must be protected from damage and deterioration during handling, maintenance, and storage. It must be used under environmental conditions that are suitable for the calibrations, inspections, measurements, and tests being carried out. When used in the testing, monitoring, or measurement of specified requirements, the ability of computer software to satisfy the intended application must be confirmed prior to initial use and reconfirmed as necessary. When the equipment is provided from either third-party, proprietary, employee- and customer-owned equipment, the organization must verify that the equipment is suitable and provide evidence of conformity to the requirements. The organization must maintain a registry of the required TMME which must include a unique identification, specific to each piece of equipment. Record of results calibration and verification must be maintained.

TMMDE are subject to the following controls:

• Devices are calibrated at intervals or before use, based on recognized standards;
• Devices are adjusted as necessary according to the manufacturer’s instructions;
• Devices are identified to enable calibration status to be determined;
• Devices are safeguarded from adjustment, which may invalidate results;
• Devices are protected from damage during handling, maintenance or storage;
• The validity of results from a non-confirming device is re-checked with a conforming device;
• Devices are calibrated by external providers certified to ISO 17025;
• Records of calibration and verification are maintained;
• Computer software which is used for monitoring/measuring is validated before initial use;
• Computer software used for monitoring and measuring is re-validated where necessary.

If measurement traceability is not required, verify that those monitoring and measuring resources used by your organization are suitable. You should ensure that record is maintained in order to demonstrate the suitability of monitoring and measuring equipment. While this is not required, all equipment requiring calibration must be identified and must be:

1. Calibrated or verified at specific intervals, or prior to being used. Equipment must be calibrated using measurement standards traceable to international or national measurement standards. Where there is no standard available for the device the basis for calibration or verification must be recorded. A Certification Auditor would expect to see that traceable standards are used and where applicable have not expired. Where calibration is completed by an outsourced process i.e. vendor, the records of traceability must be reviewed.
2. Adjusted or readjusted as necessary. There must be evidence that equipment found to be out of calibration are adjusted/re-adjusted by qualified personnel and the validity of the previous measuring results are accessed when equipment is found to be out of calibration and appropriate action is taken (may include recall of product). A process must be in place to provide traceability of each piece of equipment to the process/product that the equipment was used on. The calibration and verification results must be maintained as quality records.
3. Identified to show calibration status. Each piece of equipment must be identified in such a way that the user can determine that the device has current calibration, this may be accomplished by the equipment’s unique serial number traceable to the calibration record however, the calibration status label is a good practice. Other methods may be used however must identify the calibration status. Where the environment is not conducive to the use of stickers, the status may be identified by colour-coding, identification number with associated calibration record, and/or calibrated before every use.
4. Safeguarded from adjustment. A process must be in place to ensure that users outside the calibration process do not adjust equipment. Equipment may be verified before use however any adjustments made to equipment must meet all requirements of this section. Methods to safeguard may include; locking materials for setscrews, tamper-proof seals, limited entrance to calibration areas, and other methods.
5. Protected from damage during handling, maintenance and storage. The measuring equipment must be handled and stored in a manner to protect the equipment from damage.

5.9 Control of Nonconforming Product
5.9.1 Procedure
5.9.1.1 General

The organization must uphold a documented procedure that outlines controls, along with the corresponding responsibilities and authorities, for managing nonconforming products throughout product realization and post-delivery.

5.9.1.2 Nonconforming Product During Product Realization

The procedure for handling a nonconforming product discovered during product realization must encompass guidelines for product identification and control to avoid unintended use or delivery, addressing the identified nonconformity, implementing measures to prevent its initial intended use or delivery, and obtaining authorization for its use, release, or acceptance under concession from the appropriate authority and, if necessary, from the customer.

5.9.1.3 Nonconforming Product After Delivery

The procedure for handling a nonconforming product discovered during product realization must encompass guidelines for product identification and control to avoid unintended use or delivery, addressing the identified nonconformity, implementing measures to prevent its initial intended use or delivery, and obtaining authorization for its use, release, or acceptance under concession from the appropriate authority and, if necessary, from the customer.

5.9.2 Nonconforming Product

The organization shall manage nonconforming products by executing one or more of the following actions:

• a) Conducting repair or rework followed by subsequent inspection to ensure compliance with specified requirements;
• b) Re-grading for alternative applications;
• c) Releasing under concession;
• d) Rejecting or scrapping the product.

5.9.3 Release of Nonconforming Product Under Concession

Nonconforming products that do not meet manufacturing acceptance criteria (MAC) may be released under concession if authorized by the organization’s relevant authority, given that:

1. The products still meet the applicable design acceptance criteria (DAC) and customer criteria;
2. It is determined that the violated MAC is unnecessary to meet the applicable DAC and/or customer criteria; or
3. The DAC has been modified, and the affected products comply with the revised DAC and associated MAC requirements. If the DAC was previously agreed upon with the customer, any changes to the DAC must be authorized by the customer.

The organization is not permitted to release products that do not conform to DAC or contract requirements without authorization from the customer.

5.9.4 Customer Notification of Nonconforming Product

The organization is required to inform customers of any delivered product that does not meet the agreed design acceptance criteria (DAC) or contractual requirements. The organization must maintain records of such notifications.

5.9.5 Records

Records documenting nonconformities must be retained, encompassing details of the nonconformity, actions taken thereafter including any concessions secured, the reasoning behind approving product release under concession, and the pertinent authority involved.

The organization must establish a documented procedure to identify the controls including the responsibilities and authorities for nonconforming product. The procedure for nonconforming product identified during product realization must includes controls for product identification to prevent unintended use or delivery, address the detected nonconformity, take action to preclude its original intended use or delivery and authorizing its use, release, or acceptance under concession by relevant authority and, where applicable, by the customer. The procedure for nonconforming product identified after delivery must include identifying, documenting, and reporting nonconformances or product failure identified after delivery. It must ensure the analysis of product nonconformance or failure, provided the product or documented evidence supporting the nonconformity is available to facilitate the determination of the cause. It must take action appropriate to the effects, or potential effects, of the nonconformance when nonconforming product is detected after delivery. The organization shall address nonconforming product by repair or rework with subsequent inspection to meet specified requirements; and /or re-grade for alternative applications; release under concession and/or reject or scrap.

The evaluation and release under concession of nonconforming product that does not satisfy manufacturing acceptance criteria (MAC) can be permitted when the organization’s relevant authority and the customer (where applicable) have authorized the release provided that products continue to satisfy the applicable Design acceptance criteria (DAC) and/or customer criteria; or the violated MAC are categorized as unnecessary to satisfy the applicable DAC and/or customer criteria or the DAC are changed and the products satisfy the revised DAC and associated MAC requirements. The organization shall notify customers of product not conforming to DAC or contract requirements, that has been delivered. The organization shall maintain records of such notifications. The nature of nonconformities and any subsequent actions taken, including concessions obtained, must be recorded. The organization must keep records of each nonconformance or defect and how it was dealt with. Records of product nonconformity should be periodically reviewed to determine if a chronic problem exists with the production process. The product should then be subject to further inspection to verify that it is now correct. As for records, if you documented the nonconforming product there should normally be somewhere to verify that you successfully (or not) cured the problem and that it is now conforming. Re-verification simply means that you cannot assume that because someone tells you they have corrected the problem then it is ok. The clause is asking you to re-verify by whatever means you originally chose. If you used inspection as a method of verification then re-inspect in the same method. If not, use whatever method suits you (or your customer). Just make sure it is ok before it leaves. The re-verification after remedial work might involve testing as well as inspection. The reason is not just to verify that the defect has been removed, but also to assure that fresh defects have not been introduced by the rework. Records would be as appropriate for the re-inspection or re-testing performed. Re-verification is equivalent to re-inspection and records could include a signature of approval or a more formal test report. Whichever format is chosen, it must be defined in the nonconformity procedure. You may need to supply new evidence of conformance to your customer along with corrective action documentation if requested. The method that you use in either of these situations should be defined in your procedures, that way you relieve yourself and your auditor from guessing how you would address them. Where necessary, any product or process outputs that do not conform to specified requirements should be properly identified and controlled to prevent unintended use or delivery. Improvements are then implemented to ensure the nonconformance does not reoccur. Control defective products by:

• Defining how nonconforming products and processes are identified;
• Defining how nonconforming products and processes are dealt with;
• Removing or correcting nonconformities;
• Preventing the delivery or use of nonconforming products and processes;
• Verifying how nonconforming products and processes were corrected;
• Providing evidence that corrected products and processes now conform to requirements;
• Keeping records that catalogue nonconforming products and processes.

There may be instances where it is impossible to completely eliminate the cause of the nonconformity, so in these instances, the best you can do is to reduce the likelihood or the consequences of a similar problem happening again in order to reduce the risk to an acceptable level. Where applicable any corrective action taken and controls implemented to eliminate the cause of nonconformity should be applied to other similar processes and products.

Handling Nonconforming Products
Documented procedure should indicate the plan of action for controlling products. Nonconforming product is identified and separated from other conforming products. Nonconforming product must be reviewed and approved before release. Details of nonconformity must be documented. If nonconformity is identified after delivery, separate actions taken. Re-processed nonconforming products should be re-validated before release. When it comes to controlling and handling non conforming products , there is a specific procedure that must be carefully followed to ensure that the wrong product is not given out to consumers. First and foremost, the organization should already have a documented procedure that indicates the method they will use or plan of action that will be taken in order to control the products in question.

Upon the removal of the non conforming products , the organization will ensure that it does not get mixed up with the quality products that are on their way to be distributed to the masses. Once the product has been effectively identified and removed from the others, it must be properly reviewed and approved before it can be released. The release of a nonconforming product can be made under concession by an authorized person. Any release of this kind should be properly documented after it has been completed. The other details of the nonconformity must also be documented in detail. This should include the exact non-conforming characteristics that were identified, as well as the procedures that were followed in order to get rid of it and prevent it from happening in the future. From the documentation of the nonconforming product, all company personnel should be able to understand the nature of the event, why the product did not conform to the specified standards, and what was done to eliminate the issue. In the event that a nonconforming product is identified after it has already been distributed or delivered, there will be a separate set of actions that must be taken to solve the problem at hand. These actions will depend on the severity of the nonconformity, and will be determined by the discretion of the company leaders. When a nonconforming product has been identified and a plan of action has been established to solve the problem, it can either be permanently removed or possibly altered in order to fit the guidelines and be considered a qualifying product. When any nonconforming product is reprocessed, it must go through a revalidation process by someone of proper authority in order to be approved for release.

5.10 Management of Change (MOC)
5.10.1 General

The organization is required to uphold a documented procedure for Management of Change (MOC) to ensure the integrity of the quality management system amid changes. This MOC procedure shall cover:

1. a) Description and justification of the change;
2. b) Allocation and availability of resources, including personnel;
3. c) Assessment of potential risks associated with the change;
4. d) Review, approval, and execution of the change;
5. e) Notifications regarding the change;
6. f) Verification of the completion of MOC activities and assessment of their impact on the Quality Management System (QMS).

5.10.2 MOC Application

The organization must utilize Management of Change (MOC) for alterations that could adversely affect the product’s quality.

5.10.3 MOC Notification

The organization must inform pertinent internal staff about the change and its associated risks. If mandated by contract, the organization must also notify the customer of the change and its associated risks. Documentation of MOC notifications is required.

5.10.4 Records

Records of MOC activities must be maintained

Changes are intended to be beneficial but they need to be carried out when determined by your organization as relevant and achievable. In addition, consideration of newly introduced risks and opportunities should also be taken into account. To achieve the benefits associated with changes, your organization should consider all types of change that may occur. These changes may be generated, for example, in:

1. Processes and procedures;
2. Quality manual;
3. Documented information;
4. Infrastructure;
5. Tooling;
6. Process equipment;
7. Employee training;
8. Supplier evaluation;
9. Stakeholder management;
10. Interested party requirements.

Whenever quality management system changes are planned, Top management should ensure that all personnel are made aware of any changes which affect their process, and that subsequent monitoring is undertaken to ensure that QMS changes are effectively implemented. The organization must consider

• The purpose of the changes and their potential risk and opportunities.
• The integrity of the management system.
• The availability of resources.
• The allocation or reallocation of responsibilities and authorities

Decide on Disposition Option
This is the step where you decide what to do with the non-conforming products. There are several options that you can choose from:

1. Eliminate the non-conformance: By applying rework to the product , you can bring it back to fully meeting the requirements. The main difference between a rework and a repair is that the non-conformance is fully eliminated to be compliant with a rework, but it is only eliminated enough to make it usable with a repair. Finding a bracket with holes that were too small and drilling them bigger to meet a drawing would be an example of a rework.
2. Authorizing use: If there is a concession from the requirements and the product or service is useable, although not fully compliant, then you can accept to use the product or service as is. Sometimes a repair to the product will be required to change the product enough to make it usable, although it will not fully meet the requirements. If a bracket has holes out of position, you could make the holes into slots so that the part fits in place. This would be an example of a repair.
3. Preclude original use: This is when you decide to either scrap the product or to re-grade the product or service (such as product sold as seconds).
4. Correct per Disposition: This is simply doing the actions you decided to do . If you are accepting the product or service as is, then allow it to continue. If you are reworking or repairing something, have the steps carried out to do so as planned (and make sure it is re-verified afterwards). If you are using the unit to sell as a second, how do you identify it so that it ends up being used properly at the end of the process?
5. Corrective Action: Finally, after deciding how to fix the product , take a look at why the non-conformance happened, and try to find and fix the cause so that it doesn’t happen again. If there is an error in the instructions that caused the problem, get the instructions fixed. If a program bug caused a service error, fix the program. If you have found that a part of the machine is wearing out, implementing a preventive maintenance check on that machine could go a long way toward helping prevent similar problems in the future. If this is a recurring problem, then maybe switching the investigation over to the Corrective Action process would allow for greater improvements. Often, the Non-conforming Product process is the biggest input to the Corrective Action process.