API Specification Q1 Internal Audit checklist

Uncategorized 34 Minutes

API Specification Q1 Audit checklist

The following checklist can be used for both internal audits as well as Gap Analysis tools.

API Specification Q1 Internal Audit checklist
4.0 Quality Management System Requirements
4.1 Quality Management System
4.1.1General
1How does the organization plan, establish, document, implement, and maintain a quality management system at all times in accordance with the requirements of this specification for the product provided within the scope defined by the organization?
2How does the organization measure the effectiveness the quality management system by the requirements of API Specification Q1?
3How does the organization improve upon the quality management system by the requirements of API Specification Q1?
4.1.2 Quality Policy
1Has the organization established a Quality policy for its commitment to quality?
2How does the organization ensure that Quality policy is appropriate to the organization?
3Does the organization’s top management review the quality policy periodically?
4How does the organization ensures that Quality policy is appropriate to the organization?
5How does the organization ensure that Quality policy supports its strategic direction?
6How does the organization ensures that Quality policy is the basis for the development of quality objectives?
7How does the organization ensure that Quality policy is communicated, understood, implemented, and maintained within the organization?
8How does the policy include a commitment to comply with requirements and continually improve the effectiveness of the quality management system?
9How does oes the policy include a commitment to comply with requirements and continually improve the effectiveness of the quality management system?
4.1.3Quality Objectives
1Are the Quality objectives measurable?
2How does the management ensure that quality objectives meet product and customer requirements?
3How does the management ensure that quality objectives are established at relevant functions and levels within the organization?
4How does the Management Representative ensure the initiation of action(s) to minimize the likelihood of the occurrence of nonconformities?
5Are the Quality objectives measurable?
6Is the Quality objectives measurable?
7How does the management ensure the planning of the quality management system is carried out to meet the requirements of API Specification Q1?
4.1.4 Planning
4.1.4.1General
1How is the planning of the quality management system performed?
2How is the planning of the quality management system performed?
3How does the organization identify external and internal issues relevant to the organization’s long-term or overall objectives and goals?
4How does the organization determine relevant interested parties and their requirements for the quality management system?
5How does the organization determine the sequence and interaction between the processes of the quality management system?
6How does the organization determine and manage the criteria and methods needed for the effective operation and control of quality management system processes?
7How does the organization identify quality objectives, including actions, resources, responsibilities, and timeframe, and how results are monitored and evaluated?
8How does the organization address identified risks?
9How does the organization address identified opportunities for improvement?
10How does the organization identify key personnel?
4.1.4.2 Exclusions
1Has the organization claimed any exclusions to any sections of API Q1 specification Q1 and will the exclusions be limited to the following sections of this specification:
— 5.4, Design
— 5.6.4, Validation of Processes
— 5.6.7, Externally Owned Property
— 5.8, Testing, Measuring, Monitoring, and Detection Equipment (TMMDE)
2Where any exclusions are claimed, are the justifications documented?
3How does the organization ensure that Excluded activities do not affect the
organization’s ability, or responsibility, to provide products that satisfy customer and legal requirements?
4Has the organization ensured that there are no claims to exclusion of activities addressed by this specification, including outsourced activities, if an organization performs them?
4.1.5 Communication
4.1.5.1Internal
1How does the management ensure that appropriate communication processes are established within the organization?
2How does the organization establish processes to ensure that the results of analysis of data are communicated at relevant levels and functions within the organization?
3How does the organization establish processes to ensure that the results of analysis of data are communicated at relevant levels and functions within the organization?
4.1.5.2 External
1Has the organization established and implemented the process for communicating with external organizations, including customers?
2How does the communication process address the execution of inquiries, contracts, or order handling and amendments?
3How does the organization determine and understand the requirements throughout contract execution and product realization?
4How does the communication process address the provision of product information, including nonconformities?
5How does the communication process address feedback and customer complaints?
6How does the organization communicate quality plans and subsequent changes to those plans?
7How does the organization communicate changes and associated risks?
4.2 Management Responsibility
4.2.1 General
1How does the top management demonstrate leadership and commitment to the establishment, implementation, maintenance, and improvement of the quality management system?
2How does the top management ensure that quality objectives are established at relevant functions and levels within the organization?
3How does the top management provide the resources needed for the quality management system?
4How does the top management engage and support personnel in the implementation and maintenance of quality management systems?
5How does the top management assign responsibilities and authorities for ensuring the processes achieve intended outputs?
4.2.2 Responsibility and Authority
1 Are the responsibilities, authorities, and accountabilities of personnel within the scope of the Quality Management System defined, documented, and communicated throughout the organization?
4.2.3Management Representative
1Has the top management appointed and maintained a member of the organization’s management as a Management Representative?
2Has the top management ensured that the quality management system conforms to the requirements of this specification?
3How does the Management Representative ensure that processes needed for the quality management system are established, implemented, and maintained?
4How does the Management Representative report to top management on the performance of the quality management system and any need for improvement?
5How does the organization determine and allocate the resources needed to implement, maintain, and improve the effectiveness of the requirements of the quality management system?
6How does the organization determines and allocate the resources needed to implement, maintain, and improve the effectiveness of the requirements of the quality management system?
4.3 Organization Capability
4.3.1 Resources and Knowledge
4.3.1.1Resources
1How does the organization determine and allocate the resources needed to implement, maintain, and improve the effectiveness of the requirements of the quality management system?
4.3.1.2 Knowledge
1 How does the organization determine the knowledge needed to provide continued operation of its processes?
2How does the organization determine the knowledge needed to achieve ongoing conformity of products?
3How does the organization maintain this knowledge and make it available?
4.3.2 Human Resources
4.3.2.1Personnel Competence
1Does the organization ensure that its personnel whose responsibilities fall within the scope of the quality management system are competent?
2Is there a documented procedure addressing personnel competence that the organization shall maintain?
3Does the procedure include how required competencies are identified and documented?
4 Does the procedure include how required education, training, experience, or other actions to achieve competence are identified?
5Does the procedure include an evaluation of the effectiveness of actions taken to acquire competencies?
6Does the procedure include criteria and methods for assessing, maintaining and, re-assessing competencies?
7Does the procedure include personnel responsible for assessing competency?
8Are the records of personnel competence maintained?
4.3.2.2Training
1How does the organization develop and maintain a procedure for training?
2How does the organization identify the content and frequency of training required?
3How does the organization address the provision of quality management system training?
4How does the organization address the provision of job training including personnel awareness of the relevance and importance of their activities and how they contribute to the achievement of the organization’s quality objectives ?
5How does the organization provide customer-specified training and/or customer-provided training, when required?
6How does the organization evaluate of effectiveness of training?
7How does the organization identify the required training records?
8Does the organization maintain appropriate records of personal training?
4.3.3Work Environment
1How does the organization determine, provide, manage, and maintain the work environment needed to achieve conformity of the product?
2Does the work environment include
a) buildings, workspace, and associated utilities;
b) process equipment (both hardware and software) ;
c) supporting services (e.g. transport, communication, information systems); and
d) conditions under which work is performed such as physical, environmental, or other factors.
4.4 Documentation Requirements
4.4.1General
1Does the quality management system documentation include the scope of the quality management system that identifies the products covered, including justification for any exclusions?
2Does the quality management system documentation includes statements of quality policy and quality objectives?
3Does the quality management system documentation include the identification of legal and other applicable requirements to which the organization claims compliance that is needed to achieve product conformity?
4Does the quality management system documentation include identification of how the quality management system addresses each requirement of API Q1?
5Does the quality management system documentation include identification of processes that require validation?
6Does the quality management system documentation include documented procedures established for the quality management system?
7Does the quality management system documentation include documents and records to ensure the effective planning, operation, and control of its processes and compliance with specified requirements?
4.4.2Procedures
Are all procedures referenced within API Specification Q1 describing the organization’s method for performing an activity and documented, implemented, and maintained for continued suitability?
4.4.3 Control of Documents
1Does the organization maintain a documented procedure for the identification, distribution, and control of internal documents required by the quality management system and API Specification Q1, including revisions, translations, and updates?
2Does the procedure specify responsibilities for approval and re-approval?
3Does the procedure specify the review and approval for adequacy prior to issue and use?
4Does the procedure specify the review for continued suitability and revision(s) as necessary?
5Does the procedure specify the identification of changes and current revision status?
6Does the procedure specify the legibility and identification of documents?
7Does the procedure identify the controls needed to ensure that the documents required by the quality management system are available where the activity is being performed?
8How are obsolete documents removed from all points of issue or use, or otherwise identified to ensure against unintended use if they are retained for any purpose?
9How are Procedures, work instructions, and forms required by the quality management system controlled?
4.4.4Use of External Documents in Product Realization
1Does the organization maintain a documented procedure for the control of documents of external origin required for product realization and used by the organization, including API or other external specifications?
2Does the procedure address identification and documentation of required documents?
3Does the procedure address access and distribution of required documents, including relevant versions?
4Does the procedure address the integration of requirements into product realization and any other affected processes?
5Does the procedure address the process for identifying when changes to required documents have occurred, including addenda, errata, and updates?
6Does the procedure address the integration of applicable changes?
7Does the organization maintain a documented procedure to identify the controls and responsibilities needed for records?
4.5 Control of Records
1Are records, including those originating from outsourced activities, established and controlled to provide evidence of conformity to requirements and the organization’s quality management system?
2How does the organization address record identification, collection, legibility, correction, storage, protection from unintended alteration, damage, loss, retrieval, retention time, and disposition?
3How does the organization address record identification, collection, legibility, correction, storage, protection from unintended alteration, damage, or loss, retrieval, retention time, and disposition?
4Are the records retained for a minimum of ten years or as required by the customer, legal, and other applicable requirements, whichever is longer?
5.0 Product Realization
5.1Contract Review
5.1.1General
1Does the organization maintain a documented procedure for the review of requirements related to the provision of products?
2 Does the procedure address the determination of requirements, review of requirements; and changes to requirements?
5.1.2Determination of Requirements
1How does the organization determine the requirements specified by the customer?
2How does the organization determine the legal and other applicable requirements?
3How does the organization determine the requirements not stated by the customer but considered necessary by the organization for the provision of the product?
4Where the customer provides no documented statement of the requirements, is the customer requirements confirmed by the organization and records maintained?
5.1.3          Review of Requirements
1How does the organization review the requirements related to the provision of products?
2Is this review conducted before the organization‘s commitment to deliver the product to the customer?
3How does the organization ensure that requirements are identified and documented?
4How does the organization ensure that requirements differing from those previously identified are resolved?
5How does the organization ensure that the organization can meet the documented requirements?
6Where contract requirements are changed, how does the organization ensure that relevant documents are amended and that relevant personnel are made aware of the changed requirements?
7Are the records of the results of the review, including resulting actions, maintained?
5.2 Planning
1Has the organization identified and planned the processes and documents needed for product realization?
2How does the organization plan for required resources and work environment management?
4How does the organization plan for the product and customer-specified requirements?
5How does the organization plan for the legal and other applicable requirements?
6How does the organization plan for the contingency?
7How does the organization plan for the design requirements?
8How does the organization plan for the required verification, validation, monitoring, measurement, inspection, and test activities specific to the product and the criteria for acceptance?
9How does the organization plan for management of change (MOC)?
10How does the organization plan for the records needed to provide evidence that the product realization conforms to requirements?
11Is the output of planning documented?
12Is the output of planning updated as changes occur?
13Are the plans maintained in a structure suitable for the organization‘s method of operations?
5.3 Risk Management
5.3.1General
1Does the organization maintain a documented procedure to identify and control risks associated with product delivery and product quality?
2Does the procedure address risk identification and assessment techniques?
3Does the procedure address risk assessment tools and their application?
4Is the criteria to determine risk severity including potential consequences of product failure established?
5Does the procedure address risk mitigation actions?
6Does the procedure address the assessment of remaining risk?
7Does the organization maintain a documented procedure for identifying, verifying, safeguarding, preserving, maintaining, and controlling customer-supplied property, including intellectual property and data, while under the control of the organization?
5.3.2 Risk Assessment
5.3.2.1Product delivery
1Does Risk assessment associated with product delivery include facility/equipment availability including maintenance?
2Does Risk assessment associated with product delivery include supplier delivery performance and material availability/supply?
5.3.2.2Product Quality
1Does the Risk assessment associated with product quality include delivery of nonconforming products?
2Does the Risk assessment associated with product quality include the availability of competent personnel?
5.3.2.3Changes Impacting Product Quality
1If any changes can negatively impact the quality of the product, does the organisation perform a risk assessment associated with product quality?
2Is a risk assessment associated with product quality performed when there are changes in the organizational structure?
3Is a risk assessment associated with product quality performed when there are changes in key personnel?
4Is a risk assessment associated with product quality performed when there are changes in the supply chain of critical products, components, or activities?
5Is a risk assessment associated with product quality performed when there are changes to the management system scope or procedures?
6Is a risk assessment associated with product quality performed when there are changes to the organization’s capability to perform the process(es) required for product realization?
5.3.3 Contingency Planning
1Has the organization determined any contingency plan based on assessed risk?
2Does the contingency plan include actions required to reduce the effects of disruptive incidents?
3Does the contingency plan include the identification and assignment of responsibilities and authorities?
4Does the contingency plan include internal and external communication controls?
5Is the contingency plan documented, communicated to the relevant personnel, and updated as needed?
5.3.4 Records
Are the Records of risk assessment and management including actions taken maintained?
5.4Design
5.4.1General
1In case the organization is responsible for the design of products, have the requirements of 5.4 applied?
(The design requirements of 5.4 is not applied if the product is in production activities, servicing, storage, distribution, or logistics)
5.4.2Design Planning
1Does the organization maintain a documented procedure to plan and control the design process?
2Does the procedure identify the plans, including plan updates, used for design?
3Does the procedure identify the design stages?
4Does the procedure identify the resources, responsibilities, authorities, and their interfaces? 
5Does the procedure identify the review, verification, and validation activities necessary to complete each design stage?
6Does the procedure identify the requirements for a final review of the design?
7Does the procedure identify the review and approval requirements for design changes?
8When design activities are outsourced or performed at different locations within the organization, does the procedure identify the controls required to ensure that the designs meet the requirements of 5.4 Design?
9When design and development are outsourced, how does the organization ensure the supplier meets the requirements of 5.5.1.7 outsourcing?
5.4.3 Design Inputs
1How does the organization identify and review the Inputs for adequacy, completeness, lack of ambiguity and lack of conflict?
2How are any issues identified are addressed?
3Does the Inputs include functional and technical requirements?
4Do the Inputs include customer-specified requirements?
5Do the Inputs include requirements provided from external sources, including API product specifications?
6Do the Inputs include environmental and operational conditions?
7Do the Inputs include methodology, assumptions, and formulae documentation?
8Do the Inputs include historical performance and other information derived from previous similar designs?
9Do the Inputs include legal requirements?
10Do the Inputs include consequences of potential product failure when required by legal requirements, industry standards, customers, or deemed necessary by the organization?
11Are the records of design inputs maintained?
5.4.4Design Outputs
1How does the organization document its output to allow verification against the design input requirements?
2Does the output meet the input requirements for design?
3Does the output provide information for purchasing, production, inspection, testing and servicing as applicable?
4Does the output identify or refer to design acceptance criteria (DAC)?
5Does the output include identification of, or reference to, products and/or components deemed critical to the design?
6Does the output include the results of applicable calculations?
7Does the output specify the characteristics of the product that are essential for its safe and proper use?
8Are the Records of design outputs maintained?
5.4.5 Design Review
1Are Design Reviews performed at suitable stages?
2Are reviews performed to evaluate the suitability, adequacy, and effectiveness of the results of design and development stages to meet specified requirements?
3Are reviews performed to identify any problems and propose necessary actions?
4Do participants in such review(s) include representatives of functions concerned with the design stage(s) being reviewed?
5Are the records of the results of the review(s) and any necessary actions maintained?
5.4.6 Design Verification and Final Review
1To ensure that the design outputs have met the design input requirements, how does the organization ensure that design and development verification and a final review are conducted and documented as identified within the organization’s procedure?
2Are the records of design verification, any necessary actions and the final review maintained?
5.4.7 Design Validation and Approval
1Are Design and development validation performed in accordance with the organization’s procedure?
2How does the organization ensure that the Design validation of the resulting product is capable of meeting the specified requirements?
3When possible does the organization ensure that validation is completed prior to the delivery of the product?
4How does the organization ensure that the completed design is approved after validation?
5How does the organization ensure that Competent individual(s) other than the person or persons who developed the design approve the final design?
6Are records of the design and development validation, approval, and any necessary actions maintained?
5.4.8 Design Changes
1How are Design changes identified?
2How does the organization ensure that the changes are reviewed, verified, and validated, as appropriate, and approved before implementation?
3How does the organization ensure that the review of design changes includes an evaluation of the effect of the changes on the product and their constituent parts in affected stages of product realization, as well as the product already delivered?
4Does the review of design changes include an evaluation to determine if customer notification is required when design changes negatively affect the specified performance capability of the product?
5How does the organization ensure that the design and development changes, including changes to design documents, are in accordance with the organization’s procedure?
6Are the records of design and development changes, reviews of those changes, and any necessary actions maintained?
5.5 Purchasing
5.5.1Purchasing Control
5.5.1.1 Procedure
1Does the organization maintain a documented procedure for the purchase of products, components, and/or activities required for product realization?
2Does the procedure determine the critical products, components, and/or activities?
3Does the procedure address the initial evaluation and selection of suppliers?
4Does the procedure address the use of identified risk to determine the initial assessment method of the supplier’s capability for critical purchases?
5Does the procedure address the type and extent of control applied to the supply chain for critical products, components, or activities?
5Does the procedure address criteria, scope, frequency, and methods for re-evaluation of suppliers?
6Does the procedure address the identification of approved suppliers and the scope of approval?
7Does the procedure address identification of customer-specified suppliers and suppliers limited by proprietary, and/or legal requirements when 5.5.1.3 (Initial Supplier Evaluation – Critical Purchases – Customer Specified, Proprietary, and/or Legal
Limited) applies?
5.5.1.2 Initial Supplier Evaluation—Critical Purchases
1For the purchase of critical products, components or activities, does the initial evaluation of suppliers (not previously approved) address the scope of supply, and are site-specific for each supplier?
2Does the initial Supplier Evaluation for Critical Purchases include the verification of the supplier’s quality management system implementation and conformity to the quality system
requirements specified for suppliers by the organization?
3Does the initial Supplier Evaluation for Critical Purchases include verification of the type and extent of control applied by the supplier, internally and to their supply chain, to meet the organization’s requirements?
4Does the initial Supplier Evaluation for Critical Purchases include an assessment of the supplier’s capability to meet the organization’s specified requirements by one or more of
the following based on identified risk?
5Does the initial Supplier Evaluation for Critical Purchases include performing an on-site assessment to verify that relevant product realization processes are being
performed in accordance with process controls, and are effective in achieving conformity to requirements, performing an on-site evaluation of relevant activities?
6Does the initial Supplier Evaluation for Critical Purchases include performing a remote assessment to verify that relevant product realization processes are being performed in accordance with process controls and are effective in achieving conformity to
requirements?
6Does the initial Supplier Evaluation for Critical Purchases include performing inspection, testing, or verification of relevant characteristics of a received product?
7How does the organization ensure that the suppliers of critical purchases with high-risk severity identified by the organization for which an on-site assessment is not performed, the assessment of the supplier’s capability includes performing a remote assessment and performing inspection, testing, or verification?
8When remote assessment is performed, does it include verification of objective evidence through real-time audio/visual observation of required activities and documentation using information and communication technology?
9Does the evaluation of a supplier be performed in accordance with the requirements of this section for any additions to a supplier’s scope of approval or change from an approved site to a new site of supply?
5.5.1.3Initial Supplier Evaluation – Critical Purchases – Customer Specified, Proprietary, and/or Legal Limited
1For the purchase of critical products, components, or activities where the supplier is specified by the customer or involves proprietary and/or legal requirements does the initial evaluation include
a) verification of the supplier’s quality management system implementation and conformity to the quality system requirements specified for suppliers by the organization and/or the customer’s requirements; and
b) identifying how the supplied product, component or activity conforms to specified requirements.
2How does the organization ensure that the scope of approval for customer-specified suppliers shall be limited to the relevant customer contract when assessment per 5.5.1.2, Item c) has not been performed?
5.5.1.4 Initial Supplier Evaluation—Noncritical Purchases
1For the purchase of noncritical products, components, or activities that impact product realization or the final product, do the criteria for evaluation of suppliers by the organization meet the requirements as that of initial Supplier Evaluation for Critical Purchases or satisfy one of the following
a) verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization;
b) assessment of the supplier to meet the organization’s purchasing requirements;
c) assessment of the product upon delivery or activity upon completion
5.5.1.5Supplier Reevaluation
1For previously approved suppliers of products, components, or activities, has the organization determined the supplier reevaluation frequency based on identified risk and supplier quality performance?
2For the re-evaluation of suppliers of critical products, components or activities, have the requirements of 5.5.1.2 been applied?
3For the re-evaluation of suppliers of critical products, components or activities for customer-specified suppliers and suppliers limited by proprietary, and/or legal requirements, have the requirements of 5.5.1.3 been applied?
4For the re-evaluation of suppliers of noncritical products, components, or activities that impact product realization or the final product, have the requirements of 5.5.1.4 been applied?
5.5.1.6Records
1Are the Records of the results of all evaluations including objective evidence and any necessary actions arising from the evaluations maintained?
2Are the Records of identification of approved suppliers, customer-specified suppliers, and suppliers limited by proprietary, and/or legal requirements shall be maintained?
5.5.1.7 Outsourcing
1 How does the organization maintain responsibility for product conformance to specified requirements, including applicable API product specifications, associated with product realization?
2 How does the organization maintain responsibility for product conformance to specified requirements, including applicable API product specifications or other external specifications?
3Are the Records of outsourced activities maintained and include evidence of conformity?
5.5.2Purchasing Information
1How does the organization ensure the adequacy of specified purchasing information before their communication with the supplier?
2Are the Purchasing information provided to the supplier documented and describes the product or activity to be purchased, including acceptance criteria?
3Does the Purchasing information describe requirements for approval of the supplier’s procedures, processes, and equipment?
4Does the Purchasing information describe the applicable version of specifications, drawings, process requirements, inspection instructions, traceability, and other relevant technical data?
5Does the Purchasing information describe requirements for the qualification of supplier’s personnel?
6Does the Purchasing information describe requirements for the qualification of the supplier’s personnel?
7Does the Purchasing information describe the requirements for approval of product release?
8Does the Purchasing information describe if the organization or its customer intends to perform verification at the supplier’s premises, the intended verification arrangements?
5.5.3Verification of Purchased Products, Components or Activities
5.5.3.1General
1Does the organization maintain a documented procedure defining the verification for determining whether purchased products components or activities conform to specified purchase requirements?
5.5.3.2 Critical Purchases
1For critical products, components or activities, has the organization established the procedure for verification?
2Does the procedure address the review of the organization’s required documentation from the supplier?
3Does the procedure address the verification that the applicable versions are used when specifications, drawings, process requirements, inspection instructions, traceability requirements, and other relevant technical data are specified?
4Does the procedure address the inspection, testing and/or verification requirements including methods, frequency, and responsible party.?
5Does the organization determine the methods, frequency, and responsible party based on identified risk and supplier quality performance?
5.5.3.3 Noncritical Purchases
1In accordance with the organization’s documented procedure, does the organisation verify Non-critical products, components or activities?
5.3.3.4Records
1Are the Records of verification activities and evidence of conformity to specified requirements maintained?
5.6 Control of Product Realization
5.6.1 General
1Does the organization maintain a documented procedure that describes controls associated with the product realization?
2In the procedure, has the organization determined and implemented the manufacturing acceptance criteria (MAC)?
3Has the organization identified and documented of processes critical to product realization?
4Does the procedure address the implementation of the product quality plan, when applicable?
5Does the procedure address conformance of design requirements and related changes, when applicable?
6Does the procedure address the availability and use of product realization equipment and TMMDE, unless it has been excluded?
7Does the procedure address the use of applicable work instructions?
8Does the procedure address process control documents?
9Does the procedure address the implementation of monitoring and measurement activities?
10Does the procedure address implementation of product release including applicable delivery and post-delivery activities?
11Does the procedure address review and control of product realization changes, required approvals, and records?
5.6.2Quality Plans
1When required by contract, has the organization developed a quality plan that specifies the processes of the quality management system (including the product realization processes) and the resources to be applied to a product?
2Does the Quality plan address the product description or scope of the quality plan?
3Does the Quality plan address the required processes and documentation, including required inspections, tests, and records, for conformance with requirements?
4Does the Quality plan address the identification of outsourced activities and reference to control?
5Does the Quality plan address the identification of each procedure, specification, or other document referenced or used in each activity?
6Does the Quality plan address the identification of the required hold, witness, monitor, and document review points?
7Are the quality plans and any revisions to it are documented and approved by the organization?
8Are the quality plans and any revisions communicated to the customer?
5.6.3 Process Control Documents
1Has the organization documented process controls?
2Does the process control include or refer to requirements for verifying conformance with applicable quality plans, API product specifications, customer requirements, and/or other applicable product standards/codes;
3Does the process control include or refer to instructions and acceptance criteria for processes, tests, and inspections?
4Where applicable, Does the process control include or refer to the customer’s inspection hold, witness, monitor, and document review points?
5.6.4 Validation of Processes
1Does the organization validate processes when the resulting output cannot be verified by subsequent monitoring or measurement, and consequently, deficiencies become evident after the product has been delivered or are in use?
2Does validation demonstrate the ability of these processes to achieve planned results?
3Do only the processes specified in a product specification require validation for the applicable product?
4Does the organization validate the following process:
— nondestructive examination (NDE)/nondestructive test (NDT);
— welding;
— heat treating; and
— coating and plating (when identified by the product specification or by the organization as critical to product performance).
5Does the organization have a documented procedure for the validation of processes, including the methods used for review and approval?
6Does the procedure include the required equipment?
7Does the procedure include the qualification of personnel?
8Does the procedure include the use of specific methods, including identified operating parameters?
9Does the procedure include the identification of process acceptance criteria?
10Does the procedure include the requirements for records?
11Does the procedure include the revalidation?
12Does the organization need to maintain evidence that the requirements of 5.6.4 Validation of process have been satisfied if it outsources a process that requires validation?
5.6.5 Identification and Traceability
1Has the organization established and maintained identification throughout product realization, including applicable delivery and post-delivery activities?
2Has the organization identified the traceability requirements as specified by the organization, the customer, and/or the applicable product specifications?
3Has the organization maintained a documented procedure for identification and traceability while the product is under the control of the organization?
4Does the documented procedure address the methods of identification?
5Does the documented procedure address when required, information needed for traceability?
6Does the documented procedure address the requirements for maintenance and/or reapplication of identification and/ or traceability?
7Does the documented procedure address the actions required to address loss of identification and/or traceability?
8Are the Records of traceability maintained?
5.6.6Inspection/Test Status
1Does the organization have a documented procedure for identifying inspection and/or test status throughout product realization, indicating product conformity or nonconformity?
5.6.7 Externally Owned Property
1Does the organization maintain a documented procedure for controlling externally (including customer) owned property that is incorporated into the product while the property is under the organization’s control?
2Does the Externally owned property include intellectual property and data that are not publicly available?
3Does the procedure address identification, verification, safeguarding, preservation, maintenance; and reporting loss, damage, or unsuitability for use to the external owner?
4Are the Records for the control and disposition of externally owned property maintained?
5.6.8 Preservation of Product
1Does the organization maintain a documented procedure for describing the methods used to preserve the product and constituent parts throughout product realization and delivery?
2Does the procedure address identification and traceability marks?
3Does the procedure address storage, including the use of designated storage areas or stock rooms?
4Does the procedure address the assessment of conditions at intervals specified by the organization?
5Does the procedure address transportation;?
6Does the procedure address handling?
7Does the procedure address packaging?
8Does the procedure address Protection?
9Are the records of the results of assessments maintained?
5.6.9 Inspection, Testing, and Verification
5.6.9.1 General
1Does the organization maintain a documented procedure for inspection, testing and /or verification of the product to confirm that requirements have been met?
2Does the procedure address in-process inspection, testing, and/ or verification methods and their application?
3Does the procedure address final inspection, testing, and/or verification methods and their application?
4Are the records created and retention?
5.6.9.2 In-process Inspection, Testing, and Verification
1Does the organization inspect, test, and/or verify products at planned stages as required by the quality plan, process control documents and/or documented procedures?
2 Are the evidence of conformity with the acceptance criteria maintained?
5.6.9.3 Final Inspection, Testing, and Verification
1Does the organization perform final inspection, testing, and/or verification of the product in accordance with the quality plan, process control documents, and/or documented procedures to determine and document conformity of the finished product to the specified requirements?
2Unless performed by an automated system, do personnel other than those who performed or directly supervised the product realization perform final acceptance inspection at planned stages of the product realization process?
5.6.9.4 Records
1Are the Records of all required inspection, testing, verification, and final acceptance maintained?
5.6.10 Preventive Maintenance
1Does the organization maintain a documented procedure for preventive maintenance of equipment used for product realization?
2Does the procedure address the requirements for the type of equipment to be maintained,  frequency of Preventive Maintenance and  Responsible personnel?
3Are the Records of preventive maintenance maintained?
5.7 Product Release
1Has the organization maintained a documented procedure to address the release of products to the customer?
2How do the organization ensure that the release shall not proceed until the planned arrangements have been satisfactorily completed?
3How does the organization ensure that it releases products that conform to requirements or that are authorized under concession?
Are the records maintained to enable identification of the individual releasing the product?
5.8Testing, Measuring, Monitoring, and Detection Equipment (TMMDE)
5.8.1 General
1How does the organization determine the testing, measuring, monitoring, and detection requirements and the TMMDE needed to provide evidence of conformity to those requirements?
2Does the organization ensure that TMMDE owned and maintained by the organization, employee-owned equipment, and TMMDE from other sources (e.g. third-party, proprietary, and customer-owned) used to provide evidence of product conformity and/or monitor process parameters identified by the organization that impact product conformance are controlled.?
3Are TMMDE calibrated at specified intervals?
4When the specified interval is based on the date of first use, is the date of first use documented?
5.8.2Procedure
1Does the organization maintain a documented procedure for the control of TMMDE?
2Does the procedure include requirements for the specific equipment type?
3Does the procedure address unique identification?
4Does the procedure address calibration status?
5Does the procedure address traceability to international or national measurement standards?
6Where no such standards exist, is the basis used for calibration recorded?
7Does the procedure address the calibration method and acceptance criteria?
8Does the procedure address the frequency of calibration, and when the calibration interval begins?
9Does the procedure address documentation of the calibration measurements before adjustment and measurements after any adjustments during calibration?
10Does the procedure address actions taken to prevent unintended use of TMMDE identified as out-of-calibration, beyond calibration interval, or not in-service?
11Does the procedure address when the TMMDE is found to be out of calibration, an assessment of the validity of previous measurements and actions to be taken on the TMMDE and product, including maintaining records and evidence of notification to the customer if suspect product has been shipped?
12Does the procedure address the use of third-party, proprietary, employee-owned, and customer-owned TMMDE?
13Does the procedure address the maintenance?
14Does the procedure address suitability for the planned monitoring and measurement activities?
5.8.3 Equipment
1Are the TMMDE are calibrated?
2Are the TMMDE calibration status identifiable by the user prior to and during use?
3Have the TMMDE safeguarded from adjustments or modifications that would invalidate the measurement result or the calibration status?
4How are the TMMDE protected from damage and deterioration during handling, maintenance, and storage?
5How does the organization ensure that TMMDE is used under environmental conditions that are suitable for the calibrations, inspections, measurements, and tests performed?
6How does the organization ensure that when used in the testing, monitoring, measurement, or detection of specified requirements, the ability of computer software to satisfy the intended application are confirmed prior to initial use and reconfirmed, as necessary?
5.8.4 TMMDE Equipment from Other Sources
1When TMMDE is third-party, proprietary, or customer-owned, how does the organization confirm the equipment is in calibration prior to use? (When limited by customer, contract, or licensing agreement, the requirements of 5.8.2, Item c), 5.8.2, Item d), 5.8.2, Item e), 5.8.2, Item f), 5.8.2, Item j), and 5.8.2, Item k) shall not apply.)
5.8.5 Records
1Has the organization maintained a registry of the identified TMMDE that includes a unique identification, specific to each piece of equipment?
2Are the Results of calibration recorded and maintained?
3When calibration of the third-party, proprietary, and customer TMMDE to the requirements of 5.8 is limited by customer, contract, or licensing agreement, do the organization maintain records of the limitations imposed?
5.9Control of Nonconforming Product
5.9.1Procedure
5.9.1.1General
1Does the organization maintain a documented procedure addressing the controls and related responsibilities and authorities for nonconforming products during product realization and after delivery?
5.9.1.2 Nonconforming Product During Product Realization
2For addressing nonconforming products identified during product realization, does the procedure include product identification and controls to prevent unintended use or delivery?
3How does it address the detected nonconformity?
4How does it address taking action to preclude its original intended use or delivery?
5How does it address authorizing its use, release, or acceptance under concession by the relevant authority and, where applicable, by the customer?
5.9.1.3 Nonconforming Product After Delivery
1How does the procedure address identifying, documenting, and reporting nonconforming products?
2Does the procedure include the analysis of nonconforming product, provided the product or documented evidence supporting the nonconformity is available to facilitate the determination of the cause?
3How does the procedure address taking action appropriate to the effects, or potential effects, of the nonconformity?
4Does the procedure include authorizing its use or acceptance under concession by relevant authority and, when required, by the customer?
5.9.2 Nonconforming Product
Does the organization address nonconforming products by performing one or more of the following:
a) repair or rework with the subsequent inspection to meet specified requirements;
b) re-grade for alternative applications;
c) release under concession
d) reject or scrap
5.9.3 Release of Nonconforming Product Under Concession
1For the nonconforming product that does not satisfy manufacturing acceptance criteria (MAC), how does the organization ensure that its release under concession meets one of the following conditions:
a) products continue to satisfy the applicable Design Acceptance criteria (DAC) and/or customer criteria; or
b) the violated MAC are categorized as unnecessary to satisfy the applicable DAC and/or customer criteria; or
c) the DAC is changed and the products satisfy the revised DAC and associated MAC requirements. When the DAC was previously agreed with the customer, the DAC change shall be authorized by the customer.
2How does the organization ensure that the product not conforming to DAC or contract requirements is not released without customer authorization?
5.9.4 Customer Notification of Nonconforming Product
1How does the organization notify customers of a product not conforming to DAC or contract requirements, that has been delivered?
2Are records of such notification maintained?
5.9.5Records
1Are Records of nonconformities maintained?
2Does the Records of nonconformities include the description of the nonconformity, subsequent actions taken, including concessions obtained, the rationale to support the release of the product under concession, and relevant authority?
5.10 Management of Change (MOC)
5.10.1 General
1Do the organization maintain a documented procedure for MOC to maintain the integrity of the quality management system when changes occur?
2Does the MOC procedure address the description of, and the need for, the change?
3Does the MOC procedure address the availability and allocation of resources (including personnel)?
4Does the MOC procedure address potential risks that may arise from implementing the change?
5Does the MOC procedure address the review, approval, and implementation of the change?
6Does the MOC procedure address notifications?
7Does the MOC procedure address verification of the completion of MOC activities and impact on the QMS?
5.10.2MOC Application
1How does the organization use MOC for changes that may negatively impact the quality of the product?
5.10.3 MOC Notification
1Does the organization notify relevant internal personnel of the change and associated risk?
2When required by contract, does the organization notify the customer of the change and associated risk?
3Are the MOC Notifications documented?
5.10.4 Records
1Are the Records of MOC activities shall be maintained?
6.0 Quality Management System Monitoring, Measurement, Analysis, and Improvement
6.1 General
1Have the organization planned and implemented the monitoring, measurement, analysis, and improvement processes needed to ensure conformity of the quality management system to the requirements of API Q1 specification and to continually improve the effectiveness of the quality management system?
2Does the Quality management system monitoring, measurement, analysis, and improvement include the determination of applicable methods, including techniques for the analysis of data, and the extent of their use?
6.2 Monitoring, Measuring, and Improving
6.2.1 Customer Satisfaction
1Does the organization maintain a documented procedure to measure customer satisfaction?
2Does the procedure address the frequency and method of determining Customer satisfaction?
3Does the procedure address the key performance indicators of customer satisfaction?
4Are the records of the results of customer satisfaction  information maintained?
6.2.2 Internal Audit
6.2.2.1General
1Does the organization conduct internal audits to ascertain whether the quality management system is implemented, maintained, and adheres to the specifications outlined in API Q1 as well as the organization’s quality management system requirements?
2Does the organization maintain a documented procedure to define responsibilities for planning, conducting, and documenting internal audits?
3Has the organization identified the audit criteria, scope, frequency, and methods of the internal audit?
4Is the planning of audits conducted with consideration given to the outcomes of previous audits (both internal and external), the criticality of the audited process, and any modifications made to the quality management system?
5Does the organization ensure that all processes of the quality management system claiming conformity to the requirements of API Q1 specification are audited at least every 12 months?
6Is the time between audits of each part of the quality management system ensured not to exceed 12 months when the entire quality management system is not audited as one consolidated audit?
7Do audits for processes performed by the organization, which are identified as critical to product realization, involve observing the activity being conducted and assessing whether it complies with the specified requirements?
6.2.2.2 Performance of Internal Audit
1Are the Audits performed by competent personnel independent of those who performed or directly supervised the activity being audited to ensure objectivity and impartiality of the audit process?
2Are records of Internal audits maintained?
3Do the records provide objective evidence that the quality management system is implemented and maintained?
6.2.2.3Audit Review and Closure
1How does the organization identify response times for addressing detected nonconformities?
2 How does the management responsible for the area being audited ensure that necessary corrections and corrective actions are undertaken as per requirements for corrective action?
3Are the Records of internal audits maintained?
6.3 Analysis of Data
1Does the organization maintain a documented procedure for the identification, collection, and analysis of data to demonstrate the suitability and effectiveness of the quality management system?
2Does the analysis include data generated from monitoring and measurement, internal audits, audits by external parties, management reviews, and other relevant sources?
3Does the data analysis output provide information relating to customer satisfaction, nonconformity to product requirements during product realization, process performance, supplier performance and achiving quality objectives?
4Does it include the nonconformities and product failures identified after delivery or use, provided the product or documented evidence is available to facilitate the determination of the cause?
5Does the organization use data to evaluate where continual improvement of the effectiveness of the quality management system can be made?
6.4 Improvement
6.4.1General
1Does the organization continually improve the effectiveness of the quality management system by evaluating, selecting, and implementing opportunities for improvement through quality objectives, internal audit, data analysis, corrective action, and management review. ?
6.4.2 Corrective Action
1Does the organization maintain a documented procedure to handle nonconformities, including those arising from customer complaints, and to initiate corrective actions both internally and with suppliers?
2Are the Corrective actions appropriate to the effect(s) of the nonconformity encountered?
3Does the procedure address the criteria for determining when the corrective action process is initiated?
4Does the procedure address reviewing the nonconformity?
5Does the procedure address determining and implementing corrections?
6Does the procedure address identifying the root cause of the nonconformity and evaluating the need for corrective actions?
7Does the procedure address the implementing corrective action to reduce the likelihood that a nonconformity recurs?
8Does the procedure address identifying the timeframe and responsible person(s) for addressing corrections and corrective action?
9Does the procedure address the verification of the effectiveness of the corrections and corrective action taken?
10Does the procedure address the updating risks and opportunities determined during planning?
11Does the procedure address the MOC when the corrective actions require new or changed controls within the quality management system?
12Does the procedure address evaluating similar, potential nonconformities and implementing action to reduce the likelihood of occurrence, as appropriate?
13Are the Records of corrective action process activities maintained?
14Do the Records identify the activities performed to verify the effectiveness of the corrective actions taken?
6.5 Management Review
6.5.1General
1Is the organization‘s quality management system reviewed at least every 12 months(not later than the end of the same calendar month as the prior year review) by the organization’s management?
2Does the management review evaluate the quality management system’s continuing suitability, adequacy, and effectiveness?
3Do the reviews include assessing opportunities for improvement, adequacy of resources and the need for changes to the quality management system, including the quality policy and quality objectives?
6.5.2 Input Requirements
1Does the input to the management review include the status and effectiveness of actions resulting from previous management reviews?
2Does the input to management review include the results of audits and audits of the organization by external parties?
3Does the input to management review include changes that could affect the quality management system, including changes to legal and other applicable requirements(such as industry standards)?
4Does the input to management review include changes that could affect the quality management system, including changes in external and internal issues that are relevant to the quality management system?
5Does the input to the management review include an analysis of customer satisfaction?
6Does the input to the management review include relevant feedback from customers and other interested parties?
7Does the input to management review include process performance?
8Does the input to the management review include the results of the risk assessment and the effectiveness of actions taken to address risks?
7Does the input to management review include the status of corrective actions?
8Does the input to the management review include the analysis of supplier performance?
9Does the input to management review include a review of the analysis of product conformity, including nonconformities identified after delivery or use?
10Does the input to the management review include actual performance compared with quality objectives?
11Does the input to the management review include recommendations for improvement?
6.5.3 Output Requirements
1Does the output from the management review include a summary assessment of the effectiveness of the quality management system?
2Does the assessment include any required changes to the processes and any decisions and actions, required resources, and any improvement to products in meeting customer requirements?
3Do the Top management reviews and approves the output of management reviews?
4Has the organization applied the API Monogram to products developed, maintained, and operated at all times in a quality management system conforming to API Q1?
5Are the records of the management review maintained?
Use of API Monogram by Licensees
A.4 Quality Management System Requirements
1Has the organization applied the API Monogram to products developed, maintained, and operated at all times in a quality management system conforming to API Q1?
A.5 Control of the Application and Removal of the API Monogram
1Does the Licensee ensure that Products that do not conform to API-specified requirements shall not bear the API Monogram
2Has the Licensee developed and maintained an API Monogram marking procedure that documents the marking/monogramming requirements and any applicable API product specification(s) and/or standard(s)?
3Has the organization applied the API Monogram to products developed, maintained, and operated at all times a quality management system conforming to API Q1.
4Does the marking procedure define the method(s) used to apply the Monogram?
5Does the marking procedure identify the location on the product where the API Monogram is to be applied?
6Does the marking procedure require the application of the Licensee’s license number and date of manufacture of the product in conjunction with the use of the API Monogram?
7Does the marking procedure require that the date of manufacture, at a minimum, be two digits representing the month and two digits representing the year (e.g. 05-12 for May 2012) unless otherwise stipulated in the applicable API product specification(s) or standard(s)?
8Does the marking procedure require controls for the application of the additional API product specification(s) and/or standard(s) marking requirements, as applicable?
9Is the API Monogram removed by the Licensee’s API Monogram marking procedure if the product is subsequently found to be out of conformance with any of the requirements of the applicable API product specification(s) and/or standard(s) and API Monogram Program?
10Is the API monogram applied at the site for which the API Monogram license is issued?
11Is the API Monogram removed in accordance with the Licensee’s API Monogram marking procedure if the product is subsequently found to be out of conformance with any of the requirements of the applicable API product specification(s) and/or standard(s) and API Monogram Program?
A.6 Design Package Requirements
1Does the Licensee and/or applicant for licensing maintain a current design package for all of the applicable products that fall under the scope of each Monogram license?
2Does the design package information provide objective evidence that the product design meets the requirements of the applicable and most current API product specification(s)?
3Is the design package(s) made available during API audits of the facility?
A.7Manufacturing Capability
1Has facilities demonstrated the ability to manufacture equipment that conforms to API specifications and/or standards?
A.8 API Monogram Program: Nonconformance Reporting
1As a customer do you report to API all problems with API monogrammed products using the API Nonconformance Reporting System available at http://compositelist.api.org/ncr.asp.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a Reply