The organization’s policy for its commitment to quality shall be defined, documented, reviewed, and approved by top management. The quality policy shall: a) be appropriate to the organization and support its strategic direction, b) be the basis for the development of quality objectives, c) be communicated, understood, implemented, and maintained within the organization, d) be available to relevant interested parties, as specified by the organization, and e) include a commitment to conform to requirements and continually improve the effectiveness of the quality management system.
A quality policy is an essential element of the Quality Management System (QMS) according to API Specification Q1. This policy is crucial for several reasons, reflecting the organization’s commitment to quality and its operational and strategic objectives. Here are the main reasons why organizations should have a quality policy according to API Spec Q1:
Foundation for Quality Management Central Guideline: The quality policy serves as the central guideline for all activities within the QMS. It provides a clear direction and framework for establishing and reviewing quality objectives, ensuring that all efforts align with the policy’s principles. Strategic Alignment: It aligns the QMS with the strategic direction of the organization, ensuring that quality management is integrated into core business processes and decisions.
Commitment to Compliance and Continuous Improvement Regulatory Compliance: API Spec Q1 requires organizations to comply with specific quality standards tailored for the oil and gas industry. The quality policy demonstrates an organization’s commitment to meeting these standards and other regulatory requirements. Continuous Improvement: The policy underlines a commitment to continuous improvement. It is not just about maintaining quality standards but continuously enhancing the effectiveness of the QMS, leading to improved processes, products, and customer satisfaction.
Customer Satisfaction Meeting Customer Requirements: A central tenet of the quality policy is to meet or exceed customer requirements consistently. This focus helps in building customer trust and loyalty, which are critical in the competitive oil and gas industry. Enhanced Reputation: By adhering to a robust quality policy, organizations can enhance their reputation and credibility in the market, which is essential for sustaining long-term business relationships and expanding market opportunities.
Organizational Culture and Employee Engagement Quality Culture: The quality policy helps in fostering a culture of quality throughout the organization. When top management actively promotes this policy, it encourages employees at all levels to focus on quality in their daily work. Employee Morale and Engagement: Clearly articulated quality goals and values can enhance employee morale and engagement. Employees understand their role within the broader objectives of the organization, leading to increased productivity and job satisfaction.
Communication Tool Internal Communication: The quality policy acts as a vital communication tool within the organization, ensuring that everyone is on the same page regarding quality standards and expectations. External Communication: Externally, the quality policy can be communicated to customers, suppliers, and other stakeholders to assure them of the organization’s commitment to quality standards and excellence.
Basis for Quality Objectives and Planning Setting Objectives: The policy provides a basis for setting specific, measurable quality objectives at relevant functions and levels within the organization. Quality Planning: These objectives drive the planning process in the QMS, ensuring that resources and efforts are adequately directed toward critical areas for quality and performance enhancement.
Having a quality policy as mandated by API Spec Q1 is crucial not only for compliance but also for driving the organization towards excellence in quality management practices. It encapsulates the organization’s vision for quality, laying a foundational pathway for operational practices and strategic decisions that lead to sustained business success and growth in the demanding and regulated environments of the petroleum, oil, and gas industries.
The organization’s policy for its commitment to quality shall be defined, documented, reviewed, and approved by top management.
Ensuring that an organization’s policy for its commitment to quality is properly defined, documented, reviewed, and approved by top management is a critical aspect of a successful Quality Management System (QMS), especially in the context of API Specification Q1 for the petroleum, oil, and gas industry. Here are the steps and processes organizations should follow to ensure the quality policy meets these requirements:
Defining the Quality Policy Alignment with Organizational Goals: Ensure that the quality policy aligns with the broader goals and strategic direction of the organization. It should support the organization’s overall mission and be relevant to the context and scale of its operations. Inclusion of Commitments: The policy should include commitments to comply with applicable requirements and to continually improve the effectiveness of the QMS. It should be concise, easily understood, and applicable to all organizational activities.
Documentation Clear and Accessible: Document the quality policy in a manner that is clear and accessible to all stakeholders, including employees at all levels. This documentation acts as a formal declaration of the organization’s commitment to quality. Integration into QMS Documentation: Include the quality policy in the QMS documentation system, such as the quality manual or similar strategic documents, ensuring it is centrally available and can be referenced easily.
Review by Top Management Initial Approval: Before implementation, the quality policy should be reviewed and approved by top management to ensure it meets the strategic needs of the organization and reflects the commitments to quality and continuous improvement. Regular Reviews: Schedule regular reviews of the quality policy by top management as part of the management review process. This ensures the policy remains appropriate as the organization evolves and as external and internal factors change.
Communication Internal Communication: Communicate the quality policy to all employees through multiple channels such as onboarding training, regular meetings, internal communications, and posting in prominent locations within the workplace. Understanding and Engagement: Ensure that all personnel understand and are engaged with the quality policy. This may involve training sessions or discussions led by managers or the quality team to explain how the policy affects each employee’s work.
Making the Policy Available to Relevant Interested Parties External Communication: Make the quality policy available to relevant external parties, such as customers, suppliers, and other stakeholders, through the organization’s website, marketing materials, or upon request. This transparency builds trust and reinforces the organization’s commitment to quality.
Ensuring Continual Suitability Feedback and Performance Monitoring: Utilize feedback from employees, customers, audits, and process performance monitoring to assess whether the quality policy continues to be effective and suitable for the organization’s needs. Adaptation to Changes: Be prepared to make necessary changes to the quality policy when significant changes occur within the organization or in its external environment, including changes in market conditions, customer requirements, or regulatory updates.
By following these structured steps, an organization ensures that its commitment to quality is not only articulated in a meaningful and compliant way but is also embedded into the culture and operations of the organization. Top management’s involvement in approving and regularly reviewing the quality policy is crucial to its effectiveness and the overall success of the QMS. This active leadership role reinforces the importance of quality throughout the organization and helps to maintain a continual focus on meeting and exceeding the established quality standards.
The quality policy should be appropriate to the organization and support its strategic direction
The quality policy is a cornerstone of any Quality Management System (QMS), including those developed under standards like API Specification Q1 for the petroleum, oil, and gas industry. For the quality policy to be effective, it must be appropriately tailored to fit the specific characteristics and strategic direction of the organization. Here’s a closer look at how to ensure that the quality policy aligns with and supports an organization’s strategic direction:
1) Aligning with the Organization’s Nature and Scope Reflect Core Business Goals: The quality policy should echo the primary goals and objectives of the business. For an organization in the oil and gas industry, this might focus on operational excellence, safety, environmental stewardship, and reliability. Industry-Specific Considerations: The policy should also address specific quality issues relevant to the petroleum, oil, and gas sectors, such as adherence to environmental regulations, managing operational risks, and maintaining the integrity of supply chain operations. 2) Supporting the Strategic Direction Strategic Integration: The quality policy must integrate seamlessly with the strategic plans of the organization. It should support long-term goals, such as market expansion, technological advancements, or sustainability initiatives. Scalability and Flexibility: As strategic goals evolve, the quality policy should be adaptable enough to accommodate new directions or shifts in focus. It should not be so rigid that it becomes obsolete as the organization grows or shifts its strategy. 3) Development and Implementation Involvement of Leadership: Top management must take a leading role in developing and endorsing the quality policy. Their involvement ensures that the policy is aligned with the strategic vision and that it has the necessary authority and visibility. Stakeholder Input: Consider input from various stakeholders, including customers, employees, suppliers, and shareholders, to ensure that the policy reflects broader expectations and requirements. Communication: Effectively communicate the quality policy across all levels of the organization. Ensure that every employee understands how their actions contribute to the objectives outlined in the policy. Training and Resources: Provide training and resources to help employees implement the quality policy in their daily work processes. This might include specific training on quality standards, continuous improvement processes, and customer service excellence. 4) Review and Adaptation Regular Reviews: The quality policy should be reviewed regularly to ensure it remains relevant and effective in supporting the organization’s objectives and strategic direction. These reviews can coincide with management review meetings or strategic planning sessions. Metrics and Feedback: Use performance metrics and feedback mechanisms to assess how well the quality policy is supporting the strategic goals. Adjustments should be made based on this feedback to enhance alignment. Document Changes: Any changes to the quality policy following reviews should be well-documented and communicated throughout the organization. Updating the workforce on these changes is crucial for continued alignment and engagement.
The quality policy is not just a statement of intent but a functional and dynamic part of the organization’s strategic framework. It should guide quality initiatives that align with and support the organization’s long-term strategic goals. By ensuring the quality policy is appropriate to the organization and aligned with its strategic direction, companies can effectively drive continuous improvement, compliance, and competitiveness in their markets. This strategic alignment is essential for fostering a culture of quality that permeates every level of the organization and guides decision-making processes.
The quality policy should be the basis for the development of quality objectives
The quality policy of an organization should indeed serve as the fundamental basis for the development of specific quality objectives. This ensures that all quality initiatives are strategically aligned and contribute effectively to the organization’s overarching goals. Here’s how the quality policy can be effectively utilized to develop quality objectives within the framework of a Quality Management System (QMS), such as those outlined in API Specification Q1 for the petroleum, oil, and gas industry:
1.)Alignment of Quality Policy and Quality Objectives Direct Linkage: Quality objectives should be directly derived from the quality policy to ensure that they are fully aligned with the intentions and strategic direction outlined in the policy. This ensures that all efforts in quality management contribute towards the same end goals, enhancing the coherence and effectiveness of the QMS. Measurable Targets: The quality policy provides a broad direction and commitment, and the quality objectives translate this into specific, measurable targets that can be systematically pursued and evaluated. These objectives should be SMART (Specific, Measurable, Achievable, Relevant, Time-bound) to facilitate effective implementation and monitoring. 2) Development Process for Quality Objectives Break Down the Quality Policy: Analyze the quality policy to identify key themes and commitments, such as customer satisfaction, compliance with regulations, continuous improvement, and innovation. Each element of the policy can serve as a foundation for a corresponding quality objective. Engage Stakeholders: Involve various stakeholders, including management, employees, and customers, in the process of setting objectives. This engagement helps ensure that the objectives are realistic, achievable, and aligned with both internal expectations and external requirements. Departmental Objectives: Translate broad organizational quality objectives into specific departmental goals. This helps in cascading the overall quality policy down to actionable levels, where individual teams and departments understand their contributions to the quality goals. 3) Examples of Quality Objectives Derived from a Quality Policy If the Quality Policy emphasizes customer satisfaction, an objective might be to reduce customer complaints by a certain percentage annually or improve customer service response times. If the Quality Policy stresses compliance and safety, objectives could include achieving zero non-compliance incidents or enhancing safety training for employees, aiming for a reduction in workplace accidents. If the policy highlights continuous improvement, an objective might involve implementing specific numbers of process improvement projects per year or introducing innovative practices that reduce waste or enhance efficiency. 4) Monitoring and Review Performance Indicators: Establish clear performance indicators for each quality objective to monitor progress and effectiveness. These indicators should provide quantifiable data that can be analyzed regularly. Regular Reviews: Conduct regular reviews of both the quality objectives and the overarching quality policy. This ensures they remain suitable, adequate, and effective in light of changing internal and external circumstances. Feedback Mechanisms: Implement mechanisms to gather feedback on the attainment of quality objectives from employees, customers, and other stakeholders. Use this feedback to refine objectives and develop new goals as necessary.
The quality policy should act as the cornerstone for all quality-related activities in an organization. By ensuring that quality objectives are directly derived from and aligned with the quality policy, an organization can create a focused and effective QMS that not only meets the current requirements outlined in standards like API Spec Q1 but also drives continual improvement and sustainable success.
The quality policy should be communicated, understood, implemented, and maintained within the organization
Ensuring that the quality policy is communicated, understood, implemented, and maintained throughout an organization is crucial for the effective functioning of a Quality Management System (QMS). This approach not only enhances overall quality across the organization but also aligns every employee with the strategic quality goals, fostering a cohesive and proactive quality culture. Here are key steps organizations should take to achieve this:
Effective Communication Visibility: Display the quality policy prominently within all work locations. It can be posted in common areas such as break rooms, on company intranets, and in key operational areas to ensure employees see and can refer to it regularly. Orientation and Training: Include the quality policy in onboarding materials for new hires. Provide training sessions that explain the policy and its implications for daily work activities and organizational goals. Regular Discussions: Incorporate discussions of the quality policy into regular team meetings and management reviews to reinforce its importance and applicability.
Ensuring Understanding Simplify Language: Ensure the language used in the quality policy is clear and easily understandable for all employees, avoiding technical jargon that may be confusing to non-specialists. Training Sessions: Conduct training sessions that break down the quality policy into actionable parts specific to different departments or roles. This helps employees understand how they can contribute to the policy’s objectives. Feedback Mechanism: Establish a feedback mechanism where employees can ask questions or express concerns about the quality policy. This not only clarifies doubts but also encourages active engagement with the policy.
Implementation Integration into Daily Operations: Integrate the principles of the quality policy into standard operating procedures and daily work routines. This could include quality checks, compliance measures, and continuous improvement processes. Leadership Example: Leaders and managers should model behaviours that reflect the quality policy. This includes decision-making processes, how they manage projects, and how they interact with team members and stakeholders. Resources Allocation: Provide the necessary resources, such as training, tools, and time, to implement the quality policy effectively. Employees should have access to resources that enable them to uphold quality standards.
Maintenance and Continual Improvement Regular Reviews: Regularly review the quality policy to ensure it remains relevant and effective in meeting the organization’s needs and external requirements. This should be part of the management review process. Audit and Monitoring: Use internal audits and other monitoring techniques to check how well the quality policy is being implemented and maintained. Audits can identify areas where the policy may not be fully effective or understood. Continuous Training: Offer ongoing training and development opportunities related to quality management to keep all employees up-to-date with the latest practices and to reinforce the importance of the quality policy.
Recognition and Incentives Reward Compliance: Recognize and reward departments or individuals who excel in implementing the quality policy. This can motivate others to follow suit and reinforces the importance of quality within the corporate culture. Incentive Programs: Develop incentive programs that align with the achievement of quality objectives, making adherence to the quality policy part of the organizational rewards system.
A quality policy is not merely a statement of intent; it is a directive that influences every action and decision within the organization. By ensuring that it is communicated effectively, understood clearly, implemented thoroughly, and maintained diligently, an organization embeds quality into the fabric of its operations, leading to improved performance, enhanced customer satisfaction, and sustained business growth. These efforts are essential for meeting the standards of a robust QMS like those specified in API Specification Q1 and other industry-specific standards.
The quality policy should be available to relevant interested parties, as specified by the organization
Making the quality policy available to relevant interested parties is an important aspect of a robust Quality Management System (QMS). This transparency helps to reinforce the organization’s commitment to quality and ensures that all stakeholders understand the company’s quality goals and how they align with broader business objectives. Here are key steps and considerations for making the quality policy accessible to relevant interested parties, as outlined in standards like API Specification Q1:
Identifying Relevant Interested Parties Stakeholder Analysis: Start by identifying who the relevant interested parties are. This could include customers, suppliers, contractors, regulators, investors, and local communities. Understanding the needs and expectations of these different groups is crucial in determining how to effectively communicate the quality policy. Prioritize Communication: Depending on the nature of the business and its stakeholders, prioritize how and to whom the quality policy will be communicated, focusing on those who have a direct impact on or are directly impacted by the quality of the organization’s products and services.
Making the Quality Policy Accessible Public Platforms: Use the company’s website to publish the quality policy, ensuring it is easy to find and download. This is one of the most effective ways to reach a wide audience, including customers, potential clients, and other external parties. Customer Communications: Include a reference or link to the quality policy in communications with customers, such as on contracts, product documentation, and during bidding processes. Supplier and Partner Communications: Share the quality policy with suppliers and partners, especially during onboarding and contract negotiations, to ensure they are aware of your quality expectations. Investor Relations: Include the quality policy in annual reports and investor relations materials to communicate the organization’s commitment to quality to current and potential investors. Community Engagement: For local communities and other stakeholders, consider community newsletters, local meetings, or open house days where the quality policy and its implications for local engagement and environmental stewardship can be discussed.
Ensuring Understanding Tailored Communications: Adjust the communication of the quality policy based on the stakeholder group. For instance, what is shared with regulators may differ in form and detail compared to what is shared with local communities. Language and Accessibility: Ensure the policy is available in languages and formats accessible to all relevant stakeholders. This may include translations or adaptations for people with disabilities.
Feedback Mechanisms Soliciting Feedback: Establish mechanisms through which stakeholders can provide feedback on the quality policy. This can be via online forms, email addresses, or during stakeholder meetings. Address Concerns: Be responsive to feedback regarding the quality policy, addressing concerns and making adjustments as necessary to accommodate stakeholder needs and expectations.
Regular Updates and Reviews Policy Review: Regularly review the quality policy to ensure it remains relevant and effective. Stakeholder feedback and changes in the business environment or regulatory landscape should trigger reviews and potential updates. Communication of Changes: Notify all relevant interested parties of any significant changes to the quality policy through the established communication channels.
Making the quality policy available to relevant interested parties not only meets the requirements of standards like API Specification Q1 but also builds trust and strengthens relationships with all stakeholders. This transparency helps ensure that everyone involved or affected by the organization understands the commitment to quality and how they play a role in achieving quality objectives. Such clarity can significantly enhance collaborative efforts and contribute to the overall success and reputation of the organization in its industry.
The quality policy should include a commitment to conform to requirements and continually improve the effectiveness of the quality management system.
A well-crafted quality policy is essential for establishing the foundation of an organization’s Quality Management System (QMS). According to standards like API Specification Q1, which is particularly relevant to the petroleum, oil, and gas industries, the quality policy should explicitly state the organization’s commitment to two key aspects: conforming to specified requirements and continually improving the effectiveness of the QMS. Here’s a deeper insight into each of these commitments and how they can be effectively integrated into the quality policy:
1) Commitment to Conform to Requirements Understanding Requirements: The quality policy must reflect an understanding of all relevant requirements. These include customer requirements, statutory and regulatory requirements related to the product, and any additional standards the organization subscribes to, such as environmental or safety standards. Explicit Commitment: The policy should clearly state the organization’s commitment to meeting these requirements consistently. This demonstrates to all stakeholders, including customers and regulatory bodies, that the organization prioritizes compliance and quality in all aspects of its operations. Implementation: Effective mechanisms should be established within the QMS to ensure that these requirements are understood and met. This includes training employees, setting up robust process controls, and implementing effective monitoring and measurement systems. 2) Commitment to Continual Improvement Cultural Integration: Continual improvement should be integrated into the organizational culture. The quality policy should encourage a proactive approach to making ongoing enhancements to processes, products, and services. Regular Review and Improvement: The policy should support regular reviews of the QMS to assess its effectiveness and identify areas for improvement. This involves analyzing process performance, customer feedback, audit results, and other relevant data. Setting Objectives: The policy should guide the setting of measurable quality objectives at relevant functions and levels within the organization. These objectives should be aimed at specific areas of improvement and should be regularly reviewed and updated. Innovation Encouragement: Encourage innovation as a means to drive improvement. By fostering an environment where creative ideas are welcomed and tested, organizations can find more effective and efficient ways to meet customer needs and enhance product quality. 3) Implementing the Commitments in the Quality Policy Communication: Communicate the quality policy throughout the organization and ensure that all employees understand how their activities contribute to these commitments. Regular training sessions and team meetings can help reinforce the policy’s key points. Leadership Involvement: Leadership should actively demonstrate their commitment to the quality policy by being involved in QMS activities, such as participating in audits, reviewing the QMS performance, and leading by example. Resources: Allocate necessary resources for training, tools, and systems that help achieve these commitments. Ensuring that employees have what they need to meet quality standards and improve processes is crucial. Feedback Loops: Set up mechanisms to gather feedback from employees, customers, and other stakeholders. Use this feedback to make informed decisions about where improvements are needed and how best to achieve them.
The quality policy is more than just a document—it is a central doctrine that guides an organization’s approach to quality. By committing to meeting all relevant requirements and continually seeking ways to improve the QMS, the policy lays a strong foundation for achieving operational excellence and enhancing customer satisfaction. This commitment not only supports compliance with API Specification Q1 but also drives competitive advantage and sustainable business success.
Examples of Quality policy
Customer Focus and Compliance
“At [Company Name], we are committed to achieving and maintaining the highest levels of customer satisfaction and regulatory compliance. We strive to meet or exceed customer requirements and industry standards through a culture of continuous improvement, teamwork, and integrity. Our dedication is to deliver defect-free products on time, every time while ensuring the safety and reliability of our operations. We will continually improve the effectiveness of our quality management system to ensure compliance with API Specification Q1 and other applicable standards.”
Safety and Quality
“The cornerstone of [Company Name]’s policy is our commitment to the highest standards of safety and quality in the design, manufacture, and service of our products. We pledge to maintain a safe working environment, to prevent any adverse impact on the environment, and to continually improve our processes to meet the technical and safety criteria required by our clients and regulatory bodies. Compliance with API Spec Q1 and ongoing improvement of our quality management system is fundamental to our business strategy.”
Innovation and Efficiency
“[Company Name] is dedicated to leading the industry in innovation and efficiency. Our quality policy is to develop and provide innovative and effective solutions that not only meet but exceed our customers’ expectations. We commit to a process of continuous improvement, leveraging cutting-edge technologies and methodologies to enhance our quality management system, reduce waste, and increase efficiency. Our goal is to ensure robust compliance with API Spec Q1 and to drive industry standards forward.”
Integrity and Transparency
“At [Company Name], integrity and transparency guide our operations. We are committed to producing high-quality products while adhering strictly to ethical standards and compliance with all regulatory requirements, including API Spec Q1. We vow to maintain openness in our quality management processes, engage stakeholders directly, and foster a culture where every employee is empowered to uphold our high standards. Continuous improvement of our QMS and maintaining an unyielding integrity are at the heart of our mission to serve our customers with excellence.”
Employee Development and Engagement
“[Company Name] believes that the quality of our products and services begins with the quality of our people. Our policy is to continuously invest in our employees’ development and engage them actively in our quality management efforts. We are committed to fostering a collaborative environment where every team member is involved in achieving the goals outlined in API Spec Q1. By empowering our employees, we enhance our company’s ability to meet customer needs with excellence and integrity, ensuring ongoing improvement and compliance in all we do.”
Examples of Quality Objectives Derived from a Quality Policy
Quality Policy Focused on Customer Satisfaction
Quality Policy: “We commit to exceeding customer expectations through continuous improvement and responsive service.”
Quality Objective: Improve customer satisfaction score by 15% by the end of the fiscal year through enhanced service delivery and product customization.
Quality Policy Emphasizing Safety and Compliance
Quality Policy: “Safety and compliance with industry standards are paramount in every aspect of our operations.”
Quality Objective: Achieve zero non-compliance incidents and reduce safety incidents by 20% in the next 12 months through rigorous training and upgraded safety protocols.
Quality Policy Centered on Product Quality
Quality Policy: “Our goal is to deliver high-quality, defect-free products by adhering to the highest standards of manufacturing excellence.”
Quality Objective: Reduce product defect rates by 10% annually through improved quality control measures and enhanced manufacturing processes.
Quality Policy Targeting Operational Efficiency
Quality Policy: “We strive for operational excellence and efficiency in all our processes.”
Quality Objective: Increase production efficiency by 25% within the next two years by implementing lean manufacturing techniques and optimizing workflow.
Quality Policy Focused on Employee Engagement and Training
Quality Policy: “We believe in empowering our employees through continuous training and development to uphold our quality standards.”
Quality Objective: Ensure 100% of employees receive specialized training in quality management and control techniques by Q3 next year, aiming to increase overall employee involvement in quality initiatives by 40%.
Quality Policy with a Focus on Innovation
Quality Policy: “Innovation is at the core of our strategy to lead and redefine industry standards.”
Quality Objective: Launch three new innovative products by the end of next year, each meeting stringent quality benchmarks, thereby contributing to a 15% growth in market share.
Quality Policy: “Commitment to environmental sustainability is integral to our business ethics and practices.”
Quality Objective: Reduce waste generated from manufacturing processes by 30% and increase recycling efforts by 50% over the next 18 months.
Quality Policy Centered on Supply Chain Reliability
Quality Policy: “We ensure the reliability and integrity of our supply chain to enhance product quality and customer trust.”
Quality Objective: Improve supplier delivery on-time rates to 95% and enhance material quality acceptance rate to 98% within one year through stricter supplier quality management practices.
The organization shall plan, establish, document, implement, and maintain at all times a quality management system in accordance with the requirements of this specification for product provided within the scope defined by the organization. The organization shall measure and improve the effectiveness of the quality management system.
Section 4.1.1 of API Specification Q1 outlines the foundational requirements for establishing a quality management system (QMS) within an organization involved in the petroleum, oil, and gas industries. This section is pivotal as it sets the stage for the comprehensive framework that organizations must adopt to ensure quality management and compliance with the standard. Below are the detailed requirements specified in section 4.1.1:
Organizations are required to define, document, and implement a QMS that is appropriate to the scope of their operations. The QMS should be tailored to ensure the quality of products and services and to meet or exceed customer expectations alongside complying with legal and regulatory requirements.
The QMS must be structured in such a way that it not only ensures the effective implementation of necessary processes but also supports the continual improvement and effectiveness of these processes.
The QMS should be suitable for the organization, must reflect the complexities of the organization’s processes and interactions, and should be continually improved upon to ensure ongoing suitability and effectiveness.
The QMS must ensure that the products and services conform to specified requirements established by customers and regulatory bodies.
Although not explicitly detailed in every rendition of API Q1, integrating a risk-based approach to the QMS processes is essential to anticipate and address potential risks and opportunities, aligning with more recent perspectives on quality management systems.
This section essentially ensures that an organization’s QMS is comprehensively defined and documented. The emphasis is on a system that is not only compliant with specified standards but also effective in meeting customer and regulatory requirements, with mechanisms for continual assessment and improvement. The criteria laid out in Section 4.1.1 are crucial because they form the basis for all further specifications and requirements in API Spec Q1. This section ensures that organizations have a solid foundation upon which to build more specific procedures and controls related to product quality, safety, and reliability in the oil and gas industry.
The organization shall plan, establish, document, implement, and maintain at all times a quality management system in accordance with the requirements of this specification for product provided within the scope defined by the organization.
Planning a Quality Management System in accordance with the requirements of API specification Q1 for products provided within the scope defined by the organization.
Planning a Quality Management System (QMS) in accordance with API Specification Q1 involves a structured approach tailored to ensure the products and services provided meet the quality standards required in the oil and gas industry. This process involves several key steps, from defining the scope of the QMS to ensuring that it is adequately resourced and capable of achieving its intended outcomes. Here’s how an organization can plan a QMS in line with API Spec Q1:
Identify Products and Services: Clearly delineate which products and services are included within the QMS and outline the operations related to their design, development, production, delivery, and servicing.
Consider Regulatory Requirements: Understand and integrate all applicable statutory, regulatory, and customer requirements that are relevant to the products and services being offered.
Internal and External Context: Evaluate both the internal and external factors that can impact the effectiveness of the QMS. This includes market conditions, customer requirements, technological advances, and competitive realities.
Risk and Opportunity Assessment: Analyze risks and opportunities associated with product quality and compliance. This step is crucial for anticipating potential challenges and planning mitigative actions.
Quality Objectives: Set clear, measurable quality objectives that align with the business strategy. These should be designed to meet customer and regulatory requirements and to drive continuous improvement.
Quality Policy: Formulate a quality policy that reflects the organization’s commitment to quality and its objectives. This policy should be communicated across the organization and understood by all employees.
Identify Key Processes: Identify and map out all key processes needed to achieve quality objectives, including procurement, production, quality control, and customer service.
Process Interactions: Understand how these processes interact and impact each other. A well-defined process interaction map can help in visualizing and managing process flows.
Human Resources: Determine the competencies required for staff involved in key quality-related roles and plan for training, development, and recruitment accordingly.
Infrastructure and Environment: Assess the infrastructure and work environment needed to achieve conformity to product requirements and plan improvements if necessary.
Technology and Information Systems: Evaluate the need for technological upgrades or new information systems that can enhance quality and process efficiency.
Document Control Systems: Plan for a robust document control system that ensures all necessary documents are up-to-date, accessible, and secure.
Record Keeping: Define procedures for maintaining records that demonstrate the QMS meets quality requirements and regulatory compliance.
Performance Indicators: Develop key performance indicators to monitor process effectiveness and product quality.
Audit and Review: Plan for regular internal and external audits to assess the QMS’s effectiveness and compliance with API Spec Q1. Also, include periodic management reviews to ensure continual improvement.
Integration into Business Practices: Integrate quality management processes into the broader business practices to ensure that quality is maintained as a core business focus.
By following these steps, an organization can plan a robust and effective Quality Management System that not only complies with API Specification Q1 but also enhances overall operational efficiency and product quality. This strategic approach ensures that the QMS is not merely a compliance exercise but a vital component of the organization’s success in the competitive oil and gas industry.
Establishing a Quality Management System in accordance with the requirements of API specification Q1 for products provided within the scope defined by the organization.
Establishing a Quality Management System (QMS) in accordance with API Specification Q1 involves a methodical approach to ensure that the products and services provided by an organization in the oil and gas industry meet strict quality standards and customer requirements. Here is a comprehensive guide on how to establish a QMS based on API Spec Q1:
Identify Products and Services: Clearly define which products and services are covered by the QMS. Include aspects such as design, manufacturing, procurement, testing, and delivery.
Establish Boundaries: Determine the physical and organizational boundaries of the QMS, specifying which departments and processes are included.
Management Commitment: Secure commitment from top management for developing, implementing, and continuously improving the QMS. This involves the allocation of necessary resources and leadership support.
Quality Policy: Draft and implement a quality policy that reflects the organization’s commitment to quality and meets the requirements of API Spec Q1. The policy should be communicated to and understood by all employees.
Quality Manual: Create a quality manual outlining the QMS’s structure and compliance with API Spec Q1. It should detail the scope of the QMS, policies, process interactions, and document control procedures.
Documented Procedures and Work Instructions: Develop documented procedures required by API Spec Q1, which typically include handling non-conformances, corrective actions, and risk assessment methodologies. Ensure all documentation supports the operational needs and compliance requirements.
Risk Identification: Identify risks associated with each process and product conformity. Use tools such as SWOT analysis, Failure Mode and Effects Analysis (FMEA), or other industry-specific methodologies.
Risk Management: Develop strategies to mitigate identified risks, including preventive controls, to ensure product quality and compliance.
Process Mapping: Outline and map all critical processes that affect product quality. Define how these processes interact and establish clear input and output requirements.
Control Plans: Develop control plans for critical processes that detail monitoring, verification, and process controls. This ensures each process is capable of achieving its intended results.
Human Resources: Define roles, responsibilities, and competencies for personnel involved in the QMS. Implement training programs to enhance skills and awareness of quality standards.
Infrastructure and Work Environment: Ensure the work environment supports product requirements. This includes facilities, equipment, and support services necessary for the QMS.
Employee Engagement: Foster a quality culture where all employees are engaged and motivated to achieve quality objectives. Promote open communication and feedback on process improvement.
Continuous Training: Regularly conduct training and competency evaluations to ensure employees are proficient in quality management practices and understand their role within the QMS.
Performance Indicators: Set up key performance indicators (KPIs) to track the effectiveness of each QMS process. Monitor these indicators to identify areas for improvement.
Audits and Reviews: Schedule regular internal audits to assess compliance with API Spec Q1 and the effectiveness of the QMS. Use audit results to drive management reviews and continuous improvement efforts.
Management Review: Conduct periodic management reviews of the QMS to ensure its continuing suitability, adequacy, and effectiveness. Address any changes in external and internal issues that affect the QMS.
Continuous Improvement: Implement continuous improvement mechanisms based on performance data, audit outcomes, corrective actions, and management reviews.
Establishing a QMS as per API Spec Q1 requires thorough planning, dedicated resources, and ongoing commitment from all levels of the organization. It is a dynamic system that evolves with the organization and its operational environment, striving always to enhance customer satisfaction and comply with industry regulations.
Documenting a Quality Management System in accordance with the requirements of API specification Q1 for products provided within the scope defined by the organization.
Documenting a Quality Management System (QMS) according to API Specification Q1 is a critical component for organizations in the oil and gas industry, ensuring that all aspects of the QMS are clearly defined, controlled, and executed consistently. Effective documentation not only supports compliance and operational efficiency but also facilitates communication, training, and continuous improvement. Here’s a step-by-step guide on how to document a QMS in accordance with API Spec Q1:
Develop a Quality Manual Scope of the QMS: Clearly define the scope of the QMS, outlining the products and processes it covers. Exclusions: Justify any exclusion from the QMS requirements and explain how these exclusions do not affect the organization’s ability or responsibility to ensure the quality of its products. Documented Procedures and Process Interactions: Describe the sequence and interaction between the processes of the QMS.
Document Control Procedures Control of Documents: Establish procedures for approving, reviewing, updating, and retracting documents. Ensure all changes and revisions are logged and traceable. Documents must be readily available to those who need access and protected from unintended use. Control of Records: Define how records are identified, stored, protected, retrieved, retained, and disposed of. Ensure records provide evidence of conformity to requirements and the effective operation of the QMS.
Create Documented Procedures Critical Procedures: Depending on the nature of the business, typical procedures documented might include handling of customer requirements, design and development, procurement, production, non-conformance, corrective actions, risk assessment and management, and internal audits. Work Instructions: For each critical process, especially in areas like manufacturing or testing, develop detailed work instructions that describe how specific tasks should be performed to meet quality standards.
Define Quality Objectives and Policies Quality Policy: Document a quality policy that reflects the organization’s commitment to quality and its objectives. The policy should be communicated and accessible to all employees. Quality Objectives: Establish specific, measurable quality objectives at relevant functions and levels. Document how these objectives contribute to achieving the quality policy.
Process Documentation Process Maps and Flowcharts: Use visual tools like flowcharts and diagrams to document process flows. These tools help in understanding process inputs, outputs, controls, and interactions. Risk Management Documentation: Document how risks are identified, evaluated, and controlled. This includes methodologies, tools, and data used in risk assessments.
Operational Documentation Specifications and Standards: Document all technical specifications and standards that apply to the products and services, detailing how these are incorporated into design and production processes. Change Management: Document procedures for managing changes in processes, products, or the QMS itself, ensuring that all changes are controlled and verified.
Training Records Employee Competence: Document procedures for assessing, maintaining, and improving employee competence. Keep records of training sessions, skills assessments, and qualifications relevant to employees’ roles.
Audit and Review Documentation Internal Audits: Document procedures for conducting, reporting, and following up on internal audits. This should include audit frequency, methods, responsibilities, and information on how audit results are used for improvement. Management Reviews: Document procedures for management reviews, including scheduling, agenda, review inputs, expected outcomes, and follow-up actions.
Performance Monitoring and Improvement Documentation Performance Data: Document how performance data is collected, analyzed, and used for decision-making. Include details on key performance indicators, data analysis techniques, and reporting formats.
Effective documentation ensures that every aspect of the QMS is transparent, traceable, and transferable. It is a foundational component that supports consistent implementation of quality practices and enhances the organization’s ability to achieve and maintain compliance with API Spec Q1.
Implementing a Quality Management System in accordance with the requirements of API specification Q1 for products provided within the scope defined by the organization.
Implementing a Quality Management System (QMS) by API Specification Q1 involves several critical steps to ensure that the system not only complies with the standard but also effectively enhances product quality and organizational efficiency. Here is a detailed guide on how to implement a QMS as per API Spec Q1, tailored for organizations in the petroleum, oil, and gas industries:
1. Management Commitment and Leadership
Secure Commitment: Begin by securing a strong commitment from top management. This involves management defining and promoting the organization’s quality policy, ensuring it aligns with the business objectives and committing necessary resources for the QMS implementation.
Leadership Engagement: Ensure leaders at all levels are engaged and take accountability for their role within the QMS, fostering a culture that promotes meeting customer requirements and continuous improvement.
2. Define Organizational Roles, Responsibilities, and Authorities
Clear Definitions: Clearly define roles, responsibilities, and authorities for personnel involved in managing, performing, and verifying work that affects quality performance.
Communication: Establish effective internal communication processes to ensure QMS processes are understood, implemented, and maintained across all levels of the organization.
3. Develop and Document the QMS
Documentation: As per API Spec Q1, document all core processes of the QMS including scope of the system, procedures, and interactions between processes. This documentation should include the quality manual, process maps, work instructions, and procedures for addressing non-conformances and corrective actions.
Control of Documents: Implement a process for document control that ensures all necessary documents are appropriately approved, communicated, and regularly reviewed.
4. Process Design and Implementation
Identify Processes: Identify and outline all key processes that impact the quality of products and services. This includes design, purchasing, manufacturing, inspection, and testing processes.
Process Management: For each process, establish detailed instructions and criteria, assign responsibilities, and determine necessary resources. Define how these processes interact with each other.
5. Resource Management
Provide Resources: Allocate suitable resources, including human resources, infrastructure, and work environment, needed to maintain the integrity of the QMS and achieve product conformity.
Employee Competence: Ensure all personnel are competent based on education, training, skills, and experience. Provide training and keep records of competence.
6. Product Realization and Planning
Customer Requirements: Clearly define and understand customer requirements and product specifications. This includes establishing criteria for acceptance and delivery.
Design and Development: Plan and control design and development stages, if applicable, ensuring validation, verification, and monitoring of design changes.
7. Risk Assessment and Management
Risk Analysis: Conduct risk assessments for each critical process to identify potential risks to quality and compliance. Implement appropriate measures to manage and mitigate these risks.
Continual Risk Evaluation: Regularly review risk management strategies and effectiveness in the context of changes in processes, technologies, or market conditions.
8. Monitoring and Measurement
Inspection and Testing: Implement monitoring and measuring activities required for the verification of compliance with specified requirements, including raw materials, in-process materials, and final products.
Data Analysis: Analyze data obtained from monitoring activities to identify opportunities for improvement.
9. Internal Audit and Management Review
Conduct Audits: Schedule and conduct internal audits to assess the effectiveness of the QMS and compliance with API Spec Q1.
Management Review: Regularly review the performance of the QMS by top management to ensure its continuing suitability, adequacy, and effectiveness. Address potential changes and improvements.
10. Continual Improvement
Improvement Initiatives: Use the outcomes of data analysis, internal audits, corrective actions, and management reviews to drive continual improvement of the QMS. Implement changes necessary to meet customer requirements and enhance overall performance.
11. Handling Non-Conformities and Corrective Actions
Non-Conformance Processes: Develop procedures to identify, document, and handle non-conformities, including implementing corrective actions to prevent recurrence.
By following these steps and adhering to the principles and requirements of API Spec Q1, organizations can ensure their QMS is robust, compliant, and effective in delivering high-quality products and services in the petroleum, oil, and gas industries. This systematic approach helps not only in maintaining product quality and safety but also in fostering a culture of continuous improvement and customer satisfaction.
Maintaining a Quality Management System in accordance with the requirements of API specification Q1 for products provided within the scope defined by the organization.
Maintaining a Quality Management System (QMS) in accordance with API Specification Q1 requires ongoing effort to ensure the system remains effective and continues to improve over time. This involves regular monitoring, evaluation, and updating of the QMS to address changes in technology, business environment, customer requirements, and regulatory standards. Here’s how an organization can maintain a QMS as per API Spec Q1:
1. Management Commitment
Continued Support: Secure continued commitment from top management for the maintenance and improvement of the QMS. Management should regularly review the QMS to ensure its alignment with the strategic goals of the organization and compliance with API Spec Q1.
Provide Resources: Ensure that sufficient resources are allocated for the operation, monitoring, and improvement of the QMS. This includes staffing, training, tools, and financial resources.
2. Regular Monitoring and Measurement
Performance Indicators: Utilize key performance indicators (KPIs) to assess the effectiveness and efficiency of QMS processes. These should include metrics related to product quality, customer satisfaction, process performance, and compliance.
Process Audits: Conduct regular internal audits to check the conformity of processes to the established QMS requirements. Audits also help in identifying areas for improvement.
3. Management Review
Scheduled Reviews: Organize periodic management reviews of the QMS to assess its continuing suitability, adequacy, effectiveness, and alignment with the strategic objectives of the organization.
Review Inputs: Include the status of actions from previous management reviews, changes in external and internal issues that affect the QMS, and feedback from customers.
Review Outputs: Decisions and actions related to improvements in the QMS, resource needs, and opportunities to change the QMS, including adjustments to quality objectives.
4. Employee Training and Competence
Ongoing Training: Regularly evaluate and update training programs to ensure that all employees understand their role in the QMS and are competent to perform their duties. This is crucial for maintaining the integrity of the QMS.
Skill Updates: As technologies and methods evolve, update the required skills and competencies accordingly. Provide training and cross-training to fill any gaps.
5. Document Control
Document Updates: Ensure that all QMS documentation is periodically reviewed and updated to reflect current practices and compliance requirements. This includes the quality manual, process documentation, and standard operating procedures.
Control of Records: Maintain comprehensive records to demonstrate conformity to requirements and the effective operation of the QMS. Ensure that records are readily available for analysis and review.
6. Risk Management
Continuous Risk Assessment: Continuously identify and assess risks associated with processes and quality objectives. Update risk mitigation measures based on findings from performance data and audits.
Proactive Measures: Implement proactive measures to address potential risks before they impact the QMS or product quality.
7. Corrective and Preventive Actions
Nonconformity Handling: Implement and maintain procedures for dealing with nonconformities, including investigation, actions to prevent recurrence, and evaluation of the effectiveness of those actions.
Improvement Actions: Use data from audits, nonconformities, and management reviews to drive continual improvement initiatives across the organization.
8. Customer Feedback
Feedback System: Maintain a robust system for gathering and analyzing customer feedback. Use this information to improve product quality and customer service.
Customer Satisfaction: Regularly assess customer satisfaction to identify areas where the QMS can be enhanced to better meet customer needs and expectations.
9. Continuous Improvement
Improvement Projects: Initiate continuous improvement projects to enhance the effectiveness of the QMS and increase efficiency across processes. Use lessons learned to foster a culture of improvement.
By following these steps, an organization can maintain a robust QMS that not only complies with API Specification Q1 but also drives continual improvement and sustained customer satisfaction. Regular evaluation, coupled with a proactive approach to addressing potential issues, ensures that the QMS remains effective and relevant to the organization’s needs and objectives.
The organization shall measure and improve the effectiveness of the quality management system.
Measuring and improving the effectiveness of a Quality Management System (QMS) are crucial aspects of maintaining compliance with standards such as API Specification Q1 and ensuring the organization continually meets customer and regulatory requirements. Here are the key strategies and methods that organizations should implement to measure and enhance their QMS effectively:
Define Measurable Objectives Quality Objectives: Establish clear, measurable objectives at relevant functions and levels throughout the organization. These objectives should align with the quality policy and be designed to enhance customer satisfaction and product quality. Specific Metrics: Develop specific metrics that reflect performance relative to those objectives. These might include product defect rates, customer satisfaction scores, on-time delivery rates, or internal audit results.
Regular Monitoring and Measuring Process Performance: Regularly monitor and measure the performance of various processes within the QMS. This could involve checking the efficiency of production processes, the accuracy of product testing, and the effectiveness of service delivery. Product Quality: Use quality control tools and techniques, such as statistical process control, to monitor and ensure product quality continuously. This data helps in identifying trends and potential areas of improvement.
Internal Audits Scheduled Audits: Conduct regular internal audits to assess the QMS against the set quality objectives and compliance with API Spec Q1. These audits help identify inconsistencies, areas of non-conformance, and opportunities for improvement. Audit Results: Utilize audit findings to initiate corrective actions and refine QMS processes. This proactive approach helps in maintaining compliance and enhancing system effectiveness.
Management Review Regular Reviews: Hold management reviews at planned intervals to ensure the continuing suitability, adequacy, and effectiveness of the QMS. Review Inputs: Include data on process performance, outcomes of audits, customer feedback, the performance of external providers, the status of preventive and corrective actions, follow-up actions from previous management reviews, changes that could affect the QMS, and recommendations for improvement. Actionable Outcomes: Decisions and actions coming out of these reviews should focus on resource needs, changes to policies or objectives, and improvement strategies.
Customer Feedback and Satisfaction Feedback Collection: Implement a system for collecting and analyzing customer feedback. This could include surveys, customer service logs, and direct customer communications. Customer Satisfaction: Analyze feedback to gauge customer satisfaction levels and identify areas needing improvement. Responsive actions should aim to address any issues raised by customers.
Corrective and Preventive Actions Systematic Approach: Establish a systematic approach to handling nonconformities, including investigating the root causes, implementing corrective actions to prevent recurrence, and monitoring the effectiveness of those actions. Preventive Measures: Analyze data and trends to identify potential issues before they occur and take preventive measures to mitigate risks.
Continuous Improvement Improvement Initiatives: Encourage a culture of continuous improvement within the organization. Use tools like Six Sigma, lean methodologies, or Kaizen to enhance process efficiency and effectiveness. Innovation and Updates: Stay abreast of technological advancements or changes in industry standards that could improve the QMS. Implement these changes where applicable to maintain competitive advantage and compliance.
Training and Development Ongoing Training: Provide ongoing training and development to ensure employees are competent and knowledgeable about QMS requirements and improvements. Skill Enhancement: Regularly assess and enhance the skills of employees to keep pace with changes in technology, processes, and standards.
Implementing these practices ensures that the QMS remains effective, compliant, and aligned with business goals. Through regular assessment and adaptation, organizations can achieve higher levels of product quality and customer satisfaction, thereby maintaining their competitive edge in the market.
This is the official quality management system manual of XXX. It describes the approach, structured to comply with the ISO 29001:2020 Quality management system (QMS). This system applies to all activities and operations performed at XXX. Through this Quality management system XXX,
Demonstrates the ability to provide consistently products and services that meet customer and applicable statutory and regulatory requirements
Aims to enhance customer satisfaction through the effective application of system, including processes for improvement of the system and assurance of conformity to customer and applicable statutory and regulatory requirements
To have a systematic approach to environmental management that will provide information to build success over the long term and create options for contributing to sustainable development, the organization and interested parties.
2. NORMATIVE REFERENCES
Documents related to this integrated management system manual include:
ISO 29001:2022, Petroleum, petrochemical and natural gas industries — Sector-specific quality management systems — Requirements for product and service supply organizations
Annex 001 of QMS manual Quality policy statement
Annex 002 of QMS manual Process interaction chart
Annex 003 of QMS manual Organization chart,
Annex 004 of QMS manual QMS Objectives (A, B and C)
Annex 005 of QMS manual Scope document
3 TERMS AND DEFINITIONS
Quality management system: a set of interrelated and coordinated activities to direct and control an organization with respect to quality. The advantages of conducting an quality management system approach are:
Providing a framework for continual improvement to increase the probability of enhancing customer satisfaction and the satisfaction of other interested parties.
Ensuring that the service level provided by the company satisfies customers’ stated and implied needs.
The implementation of such system will lead to minimizing non-conformity level and eliminating their causes.
Increasing the potential for improvement of the organization.
Note: A Management system is a set of interrelated elements used to establish policy and objectives and to achieve those objectives. A management system includes organizational structure, planning activities (including for example, risk assessment and the setting of objectives) responsibilities, practices procedures, processes and resources.
Integrated management system manual: a document specifying the quality, health, safety and environmental management system of an organization. The integrated management system manual is an overall controlling document that contains full reference to all supporting operational procedures that describe the routine functioning of each department within QBC.
QHSE policy: the overall intentions, objectives, and directions of an organization related to quality, health, safety and environmental management system.
Quality plan: specification of the procedures and associated resources to be applied when and by whom to a specific object.
Resources: all needed requirements that enable the organization to fulfil all the client’s requirements. Resources could be one of 4 M’s: Material, Manpower, Machines, and Money.
Procedure: documentary instructions to the operation of the related integrated management system of the standards and defining responsibilities and activities for the operations.
Internal Audit: Systematic, interdependent and documented process for obtaining audit evidence and evaluating it objectively to determine the extent to which the environmental management system audit criteria set by the Organization are fulfilled
Infrastructure: Organization (system) of facilities, equipment and services needed for the operation of an organization
Incident: Work related event(s) in which an injury or ill health ( regardless of severity ) or fatality occurred or could have occurred
Improvement: Activity to enhance performance
Non Conformity: Non fulfilment of requirement
Performances: Measurable results of an organization’s management of Risk (in terms of all applied standards)
Risk : Effect of uncertainty
Validation: Conformation, through the provision of objectives that the requirements for the specific intended use or application have been fulfilled
4.0 CONTEXT OF THE ORGANIZATION
4.1 Understanding the organization and its context
XXX reviews and analyses the key aspects of itself and its stakeholders to determine the strategic direction of the organization. Internal and external issues that make impact on the XXX’s core business process and its stakeholder’s interest are taken into consideration, monitored and implemented. Changes in the market, technologies, laws, regulations, economy, government policies competitors, cultural and social responsibilities, are also being taken into consideration while carrying out business operation, by:
Understanding our core products and services, and scope of management system
Maintaining a Register for the internal and external issues determined by XXX which is reviewed annually.
Identifying “interested parties” (stakeholders) who receive our (Products or Services), or who may be impacted by them, or those parties who may otherwise have a significant interest in our organization’s business. These interested parties are identified during the management system risk assessment process
Note: Outsourcing of activities are strictly controlled and ensured that the requirements of the product and QA/QC requirements of the XXX are maintained throughout the product manufacturing lifecycle.
Ref: Risk assessment (PR 002)
4.2 Understanding the needs and expectations of the interested parties
Understanding needs and expectations of the interested parties are of key concern to XXX and have ensured through regular meeting with relevant section managers to clearly understand who they are and how they can affect the organizational ability to consistently perform. For this XXX,
Maintains a register for determining who are the relevant interested parties and are monitored in regular frequency (annex to the risk assessment procedure)
Regularly updates the needs and expectations of the interested parties so that they are clearly understood and met
Where applicable to be added as legal and other requirements the respective process owners shall inform the management and update it.
This information is then used by the top management (General Manager) to determine the XXX’s strategic direction. This is defined in records of management review, and periodically updated as conditions and situations change.
Ref: Risk assessment (PR 002)
4.3 Determining the scope of the QMS
Based on an analysis of the above issues of concern, interests of stakeholders, and in consideration of its products and services, XXX has determined the scope of the management system. The QMS is structured to provide a robust, comprehensive, and a continuously improving management system in a manner that ensures customer satisfaction, an improved Quality performance. For determining the scope the organization, has considered
the external and internal issues
the requirements relevant to the interested parties
the products and services of the organization,
the works related activities performed
organizational functions and physical boundaries
the compliance obligations
Its authority and ability to exercise control and influence
All the requirements given in the standards ISO 29001:2022 are applicable to the scope of XXX and same is advised to the interested parties as determine in 4.2 when requested by them.
4.4 Quality management system and its processes
The QMS has been established in line with the ISO 29001:2020 standard to implement, maintain and continually improve the effectiveness of the system as well as the business processes of XXX. For effective implementation the following has been:
Identified and determined:
Process flow and their sequence, major processes through process flow which are identified in document master list;
All the key processes, its applications and its interactions through process interaction chart (Annex 002);
Aspects which have significant impact on the environment, achievable programs for continual improvement;
Assessed risks which have been rated as extremely high and control measures and supporting action plans as and when required.
Management system risk identification, determination of risk treatment and opportunities for improvement for all critical management system activities within the organization
Processes and documented information required to meet the requirement of interested parties.
Defined:
Operational criteria;
Policy statement, objectives and targets for quality processes;
Measuring and monitoring of aspects from various activities/process which have significant impact on the risk control activities, management system risk assessment and risk treatment, through various clauses of this manual, established procedures, work instructions and job descriptions;
Details of activities of the company through procedures, work instruction, process flows and various clauses of this manual;
Method of control through established documents which are listed in document master list (QMSF002);
Method for periodically reviewing and evaluating the quality management system, as well as to identify the opportunities for improvement;
Outsource processes and their controls which affect the product conformity are identified through purchasing procedure (Controls applied to externally provided services PR-008).
All the above mentioned processes are established, documented, implemented, monitored and analyzed for the performance to achieve the planned results and continual improvement of these processes as per analysis of data and management review as detailed later in this manual. The system is applicable to all the activities, product, processes and services of XXX. For adapting to changing circumstances, XXX shall be periodically reviewing and evaluating its management system in order to identify the opportunities for improvement and their implementation.
5.0 LEADERSHIP
5.1 Leadership and commitment
5.1.1 General
The XXX’s top management which includes the General Manager is committed to the implementation and development of the documented QMS and to continually improve the effectiveness of the system by:
Taking accountability for the effectiveness of the Quality management system, including prevention of work-related injury and ill health, as well as the provision of safe and health workplaces and activities.
Ensuring that the Quality policy statements and objectives are established for the QMS is compactable with the context of the organization and strategic direction of the organization.
Ensuring that the integration of the QMS requirements into the business processes
Promoting risk based thinking and process based approach
Communicating to the company the importance of meeting the customers as well as statutory and regulatory requirements.
Establishing and communicating the company policy to all employees in the company and explaining that satisfying the requirements of the Quality management system will lead to effective implementation of the company policy.
Ensuring that all necessary resources whether human, financial, equipment, or material are available for efficiently conducting Quality management system tasks.
Providing the proper training for newly hired employees as well as the available employees in order to be able to perform all job requirements and duties each in his position.
Assuring that, where necessary, personnel have the authority to identify and record quality problems requiring resolution and analysis, or improve the applied systems and procedures after communicating them to the related department head and the management representative.
Ensuring that there is active participation of workers in QMS system and removing any barriers or obstacles to participation.
Initiating, recommending, and providing solutions to prevent the occurrence of non-conformance.
Ensuring that the QMS achieves its intended results.
Engaging, directing and supporting persons to contribute to the effectiveness of the QMS.
Promoting and ensuring continual improvement in all the processes.
Promoting and leading a positive culture with regards to the Quality management system.
Protecting workers from reprisals when reporting risks and opportunities.
Supporting all the relevant process owners and managers in their roles to demonstrate leadership and to achieve the indented result of the QMS.
5.1.2 Customer focus
XXX ensures that all the customer requirements are determined and fulfilled to meet their expectations and thereby achieving customer satisfaction. The management system is established and maintained keeping in view the further enhancement of the same by:
Determining requirements stated and implied by customer
Identifying, establishing, maintaining and updating the legal and statutory requirements those which are applicable to the activities, products or services provided.
Ensuring that the customers are aware of the requirements related delivery and post-delivery activities
Identifying the environmental aspects of its activities, which have significant impact on the environment, and informing the customer, employees and interested parties them about the significance, where required.
Implementation of necessary control measures to ensure that customers have a risk free product or service.
Providing information related to products and services through company profile.
Ensuring that the risks and opportunities that can affect the conformity of products and services are and the ability to enhance customer satisfaction are determined and addressed
Ensuring that the focus on enhancing customer satisfaction is maintained.
5.1 Policy
5.2.1 Establishing the QUALITY policy
In XXX, the QUALITY policy has been made in line with the requirements of ISO 29001:2020. The QUALITY policy statement has been defined and published and can be found with the General Manager endorsement in the QMS manual. The top management shall establish, maintain and implement the policy based on the discussion and agreement with the process owners in considerations of the interested parties. The strategy to achieve the company policy is through the implementation and maintenance of very well established objectives, which provides a framework for implementing the Quality management system described in this manual, compliance to applicable legal and other requirements and the associated procedures. The policy statement shall be reviewed (and revised as needed) during management review to ensure the continuing suitability to the established QMS and the changing needs of the customer.
5.2.2 Communicating the QUALITY policy
Employees at all levels of the organization are expected to understand and fulfil the requirements of this policy in all of their works, related efforts and decisions. The top management shall ensure that the commitment to workers participation and consultations are documented and demonstrated. The QUALITY policy is considered as a major part of the Quality management system; accordingly it shall be reviewed for continuous suitability and its support in the strategic direction of the company. The top management have ensured that the policy is
Available and maintained as documented information
Communicated, understood and applied within the organization through effective communication, training and supervision
Available for relevant interested parties as applicable through brochures, manuals, websites, etc.
QUALITY policy statement is also included in the induction training of the new employees as well as in the QMS training, contractor’s training and process trainings conducted periodically
Ref: QUALITY policy statement (Annex 001)
5.3 Organizational roles, responsibilities and authorities
The organizational chart (in Annex 03) provides the positions of all that manage, perform and verify works affecting quality. All relevant roles are well defined in each procedure. The responsibilities, accountability and the authorities of all relevant affecting QMS, facilities and processes are defined through the
Employment offer
Contract agreement (Recruitment phase)
Organization chart,
Job descriptions
Induction training, On job training
Internal memos/tool box meetings
Trainings – refreshment and development
The top management ensures that all the assigned roles have their responsibilities and authorities defined and communicated effectively. The steps taken shall ensure that the requirements of the established Quality management system are well understood by the process owners and employees to confirm to the ISO 29001:2020 standard as well as the desired outputs from the team. The top management shall ensure that the performance of the Quality management system and opportunities for improvement are identified and communicated to them by the process owners. The process owners shall ensure that the objectives and performance indicators of the intended outputs are reported to the Top Management. The job descriptions of the individual are communicated through training (induction/on job), regular meetings, notice boards and work instruction. Apart from the defined responsibilities, accountabilities and authorities, respective process linkages and the interrelation of the all the organizational processes are defined in process interaction chart (Annex 02).
6.0 PLANNING
6.1 Actions to address risks and opportunities
XXX shall ensure that the risk assessment is done for the critical processes, products and services within the Quality management system. While performing the risk assessment and opportunity identification, XXX shall ensure that
The relevant internal and external issues related to the products and services are considered
The needs and expectations of the external interested parties which affects the products and services are incorporated
The techniques, tools and their application for identification and assessment of risks and opportunities, and prevention and mitigation of risks are determined;
The sources of risk and opportunity, areas of impacts, events and their causes, and their potential consequences are determined.
The potential risk and opportunity by determining consequences and their likelihood are analysed ;
The risk and opportunity and develop controls for them are evaluated;
Appropriate risk treatments and opportunity realization plans are applied.
The details of the methodologies used for identification of risks and opportunities are documented in the procedure for management system Risk assessment (PR 002). Formal risk management may not be utilized in all instances; instead, the level of risk assessment, analysis, treatment and record keeping will be performed to the level deemed appropriate for each circumstance or application. XXX considers risks and opportunities when taking actions within the management system, as well as when implementing or improving the management system; likewise, these are considered relative to products and services.
Ref: Risk Assessment (PR 002).
6.2 Objectives and planning to achieve them
Objectives (Annex 04) shall be in line with the stated quality policy, measurable and monitored. The General Manager in co-ordination with the respective section manager(s) reviews and recommends, where needed, to process owners to revise the objectives in the management review meeting to ensure that the objectives are relevant to the conformity of products and services provided to the customers and serves to enhance customer satisfaction. The top management worked on establishing objectives that are extracted from XXX’s company policy. The management made sure that the objectives are:
Consistent with the QUALITY policy statement
Established after taking into account the applicable legal and other requirements
SMART: Specific, Measurable, Achievable, Realistic and Timely.
Established risks including the commitments to the prevention of injury and ill health, legal and other requirement, technological options, financial, operations and business and the views of interested parties
Established at relevant functions and levels within the organization for achieving conformity to products and service requirements and to enhancement of customer satisfaction and are monitored through objective measurement charts.
Planning taking into account, the applicable requirements, results of the risks and opportunities, results of consultation with workers and QUALITY representative
These objectives shall be reviewed continuously through the management review meetings and internal audits as described in the management review procedure for suitability and updating.
While planning for achieving the objectives are met, the process owners shall determine;
What will be done
What resources will be required
Who will be responsible
When it will be completed
How the results will be evaluated
Ref: Functional quality objectives (Appendix 04),
6.3 Planning of changes
When the organization determines the need for changing the Quality management system, the changes shall be carried out in a planned manner. When there are changes required in the existing service requirements, management ensures through management review that the suitability & integrity of the management system is maintained during the planning and the implementation to the smooth transition of the system. When changes are required existing objectives, the Management Representative shall ensure through review the purpose and potential consequences of the change and its suitability and integrity with the existing QMS. In case of need for availability of resources or need for the allocation or reallocation of responsibilities and authorities for the changes in the objectives, it shall be duly addressed prior to formalizing the objectives. Management programs, identified risk control measures and Action Plans are amended, if required. If necessary, planning is also carried out through review meetings. Any risk and opportunities arising out of the changes are managed as per the procedure of Risk assessment.
Regarding management of change (MOC) the organization shall identify the risks associated with changes in the organization, Quality management system, or its activities, prior to the introduction of the changes. The organization also ensures that the results of these assessments are considered for determining the appropriate controls. Documented Information for the management of changes are maintained. The relevant process owners along with the Management Representative shall plan to take actions to address its changes to the management system processes.
The Management Representative along with the process owners shall review and determine how to integrate and implement the relevant actions into the Quality management system and shall evaluate the effectiveness of these actions and shall consider
The purpose of the changes and its potential consequences
The integrity of the QMS
Availability of resources
Allocation of re-allocation of responsibilities and authorities
The requirements for quality requirements are met by the establishment and implementation of Quality management system which allows effective planning prior to the changes in the system.
The Quality management system has been assembled and documented in a format to suit this method of operation.
XXX will give timely consideration to conduct revision of the Quality management system through management review meetings, and interactions with the process owners.
While planning its actions XXX shall ensure the best practices, technological options, financial, operational and business requirements are met.
Ref: Management of change (PR 021)
7.0 SUPPORT
7.1 Resources
7.1.1 General
XXX’s Top management has assured the availability of resources needed for the effective implementation and the maintenance of the QMS and enhance the effectiveness of the system by providing resources on time. The General Manager shall consider the capabilities of, and constraints on, existing internal resources and what it needs from the external providers. By providing resources on time, the management ensures that there is:
Continual improvement in the QMS.
Enhances customer satisfaction by meeting and exceeding the requirements of the customer
7.1.2 People
XXX’s Top management has ensured that there are adequate personals available for the services provided and to enhance the quality performance of the Quality management system. Personnel performing work affecting service are competent on the basis of appropriate education, training, skills and experience. The top management ensures this through proper recruitment of the most appropriate personnel for the required jobs. Competence requirements are determined through job descriptions. Where additional training is required to enhance the competence of personnel, this is handled in accordance with Procedure for Training(PR 007).
The Admin/HR Representative ensures that the process of requirement of competent people is being arranged for the respective department either through recruitment or through outsourced activities.
Ref: Training (PR 007)
7.1.3 Infrastructure
The infrastructure facilities required to achieve planned results (as per the scope of service) are identified and maintained as per procedure for Maintenance (PR 022), this includes,
All equipment required for provision of services (is identified and made available).
Risk based Maintenance activities are carried out which includes preventive and predictive maintenance, reliability centred maintenance, mean time between failures, system, design and process failure mode and effects analysis, failure mode and criticality effects analysis, process control plans and others that are in context of the organization and its risks.
Software and hardware (information systems) (used are controlled and maintained to ensure the availability of licensed and updated versions as required).
Equipment and supporting services (are identified and maintained as per the established preventive maintenance system).
Preservation – (Incoming materials and finished products are maintained as per the required conditions by providing adequate storage and protection).
The availability of the process equipment and supporting services such as communication and transport are reviewed by top management during the management review meeting and internal meetings, for the capability to meet to the requirements of customers (both internal and external) and interested parties. XXX ensures the availability of latest versions of software that may be needed for carrying out the activities as required. Arrangements are made with the relevant suppliers for updates.
Ref: Maintenance (PR 022)
7.1.4 Environment for the operation of processes
The present work environment is determined to be suitable for the range and scopes of services carried out. The process owners ensure that the environment for operational process are defined and complied to.
The respective managers along with the QA/QC representative reviews the suitability of the work environment needed to achieve the conformity of the product requirements and to enhance the organization in achieving the quality requirements on a regular basis.
A work environment suitable for achieving conformance to product requirements are maintained. Data from the QMS system is also evaluated to determine if the work environment is sufficient for achieving conformance to the requirements, or if corrective action related to the work environment is to be taken. The present work environment is determined to be suitable to the range and scopes of the service carried out by XXX:
Work instructions are available for all general safety rules.
Safety rules and protective equipment – To create awareness, respective safety instructions are displayed and provided with the necessary protective equipment.
Other welfare facilities are also provided to the employees like drinking water facility, transport from the accommodation to the work place, free accommodation facilities and food.
Proper housekeeping is maintained taking safety into consideration.
Dust free atmosphere for critical processes
Maintaining the environment by planting trees and promoting greenery in the camp areas. Providing adequate breaks for staff to ensure that they are not over stressed
Motivating employees through performance appraisal, incentives, and real involvement of employees.
Note: The term “environment for the operations of processes” relates to those conditions under which work is performed including physical, environmental and other factors (such as Social, Psychological, physical)
Top management reviews the suitability of the work environment needed to achieve the conformity of the product requirements and to enhance the organization in achieving the QUALITY policy, objectives, targets and system performance etc. through management review meeting.
7.1.5 Monitoring and measuring resources
7.1.5.1 General
XXX’s Top management considers providing resources as one of its top priorities in having an effective Quality management system, so when it comes to monitoring and measuring resources, the management ensures that it provides those resources which will give valid and reliable results for its products and services. The management shall ensure that these resources are suitable for the specific type of monitoring and measurement activities of XXX and are maintained by the authorized person for continuing fitness for their purpose.
Ref: Measurement and Monitoring (PR 025)
7.5.5.2 Measurement traceability
All inspection, measuring, and test equipment used for demonstrating the conformity of the product is controlled and maintained on a regular basis. A list of measuring equipment shall be established to define accuracy needed and frequency of calibration. Such measuring and test equipment is subject to either external calibration by independent bodies or in house by qualified personnel (where applicable). Results of calibration, indicating calibration status, shall be recorded and maintained. Calibration data or results will be afforded to customer on request. Calibration certificates shall provide traceability to national or international standards. Defective equipment shall be taken out of service for repair or disposal. If defective equipment was used to verify product acceptance the effect upon product quality shall be re-assessed. If calibration is carried out in-house, it will be done under suitable environmental conditions by qualified personnel. Master instruments traceability will be to the international or national standards. All master instruments will be maintained, protected from damage or loss to sustain accuracy needed. The calibration and control of monitoring and measuring devices is explained in the calibration procedure
Ref: Calibration procedures (PR018)
7.1.6 Organizational knowledge
XXX’s top management values the knowledge and skills of the employees that it has recruited and shall strive towards maintaining them within the organizations for growth and effectiveness of the processes. XXX’s top management shall determine knowledge necessary to perform process/operations to meet customer expectations and subsequently, plan the methods to achieve the identified knowledge goals by means of training, learning on the job etc.
XXX shall exchange in-house and maintain this knowledge through internal knowledge sharing sessions which ensure dedicated exchange of knowledge and sharing of lessons learned from projects and specific external training programmes.
The respective process owners and top management shall evaluate knowledge and identify opportunities for improvement in line with changes in the market or in technology and analyzing the extent to which they influence the knowledge that XXX requires.
7.2 Competence
Competence requirements are determined through job descriptions. Where additional training is required to enhance the competence of personnel, this is handled in accordance with Training procedure (PR 007).
The HR department ensures that the process of recruitment of competent people is being arranged for the respective process either through recruitment. It is the responsibility of the respective manager to ensure that all personnel carrying out activities are made aware of the relevance and importance of their activities and how they contribute to the achievement of the objectives and the importance of conformance to XXX’s QUALITY policy, Quality procedures. Company objectives are deployed at the functional levels and all relevant personnel made aware of their roles.
In terms of QMS, the management shall ensure that actions taken to ensure competence, shall take into account
The Risk and Opportunity assessed by the organization
Preventive and control measures resulting from the risk assessment process
Assigned roles and responsibilities
Individual capabilities, including experience, language skills and literacy
The relevant updating of competencies made necessary to the context of the work changes
The evaluation of the competence or workers according to the determined necessary competence
Ref: Training procedures (PR 007)
7.3 Awareness
XXX’s top management understands and maintains that it is the responsibility of the respective manager to ensure that all personnel carrying out activities are
Made aware of the QUALITY Policy statement, relevant objectives, customer & regulatory requirements, risk mitigation and conformity assessment requirements.
how they contribute to the achievement of the Quality management system and the benefits of the enhanced performance
the implications of not conforming with the Quality management system, including consequences, actual or potential to their work activities
Information and lessons learned concerning Quality issues
Awareness sessions shall be carried out through the established training procedure and the by the procedure for communication, participation and consultation.
Ref: Training procedures (PR 007)
7.4 Information and communication
The internal communication among XXX’s staff is ensured by the well-established reporting system, which is covered by the application of the ISO 29001:2020 Quality management system. Records and information flow are available through two kinds of media: soft copies through the active networks and through hard copies. The process sequence, linkage/interrelation, interactions, method of operation and control and process criteria of monitoring and measurement are carried out as stated in general requirement and are communicated across all levels of the organization through the QMS. As a part of this QMS, effective communication is established throughout organization via:
Internal memo
Intranet
Verbal instructions
Display of quality policy statements and objectives
Circulars
Monitoring and measurement reports
Method for receiving, documenting and response to relevant communication from external interested parties of has been defined in the procedure for communication, participation and consultation (PR 012).
XXX’s top management has decided to communicate externally about its significant environmental aspects to interested parties if they ask or enquire about it. It will be the responsibility of the management representative on how to give a report to the interested parties on any Quality matters. Change of decision to communicate would be discussed during MRM and method for the same will be finalized.
A clear method of communication internal and external has been identified and defined in procedure for communication(PR012). Method for internal communication among the various levels and functions of XXX has been defined in the same procedure. With respect to information to external or interested parties, XXX shall ensure that they
Define the intent to be achieved by informing and communicating and shall evaluate whether the objectives have been met
Take into account diversity aspects, where they exist, when considering its information and communication needs
Ref: Communication (PR 012).
7.5 Documented information
XXX has established a documented procedure to maintain control of all documents and data relating to the requirements of ISO 29001:2020 standard. This also includes, if applicable, documents of external origin determined by XXX to be necessary for the planning and operation of the quality management system, such as standards and/or customer supplied documents.
The documented procedure covers the following issues:
The management representative is responsible for the issuance, amendment and recall of the entire documented Quality management system.
Amendments to the documented system may arise at any time as a result of but not limited to the following:
Changes to the Quality management system standard,
Internal and external audits.
Changes in technical standards.
System reviews.
Requests for amendments from Concerns.
Business expansion, development and improvement.
Amendments to the Quality management system might be requested by any employee and are forwarded to the management representative using the appropriate document as stated in the documents control procedure (PR 001)
The management representative shall review and approve any amended/new document for adequacy prior to issue.
To ensure that documents remain legible and readily identifiable, the management representative holds a copy of the current version of the Quality management system documents as a master reference in the system master file.
The document controller is responsible for issuing all manuals and maintaining a log of all issues. The Quality management system, which includes all approved documents, is distributed to all locations/departments where operations essential to the effective functioning of the QMS management system are performed.
Quality manual, procedures, and support documentation are issued as “controlled” documents.
When a change to the documented system has been agreed, the management representative advise all the internal document holders of the new revisions by changing the revision in the documentation master list and distributes this new version to all the holders.
All obsolete and/or invalid documents shall be taken from the holders and disposed.
The document controller retains copies of the superseded documents for a stated period of time.
Documents of external origin determined by XXX to be necessary for the planning and operation of the Quality management system shall be identified and their distribution shall be controlled.
Practices employed by XXX to integrate into its operating process any external specification requirements, including addenda, errata, and updates, used in the design or manufacture of a product or service,
XXX has established documented procedures for records control (PR 001) whereby the records are retained for defined periods, identified, filed/stored, maintained, and are always accessible and retrievable. Records may be in hard copies, electronic copies or other media formats. Where information is stored in a computer system, appropriate methods are taken to preserve data including data back-up copies.
The documented procedure includes controls for:
Records identification: this is covered in the documentation procedure (PR 001) where each record has a unique identification number and revision number.
Records storage and protection: all records shall remain legible by using appropriate storage methods to guarantee that they are readily retrievable. They are stored in a manner that prevents loss, damage, or deterioration.
Retention and disposition of records: retention period is stated for each record after which records are disposed. The retention period is specified according to the importance and the need of the document for a specific period of time.
Retained records demonstrate conformance to the ISO 29001:2020 and requirements and provide evidence of the effective operation of the Quality management system. Also, these records are considered as the basic input for the analysis of data used for measuring and improving the applied activities and processes.
Ref: Documented information procedure (PR 001)
8.0 OPERATION
8.1 Operational planning and control
8.1.1 General
Planning and realization of service is an on-going process. The controls needed to achieve service conformity are established and maintained through various process flow diagrams or procedures. Procedures and process flows diagrams for the key processes are documented. During planning the following are determined:
The requirements of the customer’s scope and product characteristics
The need to establish criteria for processes and acceptance of the products and services
The needs of resources to achieve conformity to the product and service.
Required verification, validation, monitoring, inspection and test activities specific to the requirement and the criteria for service acceptance. (Calibration of key equipment, validation, inspection and test activities as per quality plan/requirement)
Implementation of controls for the criteria
Records needed to provide evidence that the realization process (planning, review, production, delivery, etc) and resulting outputs meets contractual and product requirements.
The output of this planning process is the product itself and the records to prove its acceptance/service requirements by the customer shall be maintained.
Where required the respective section managers shall control planned changes and review the consequences of unintended changes taking action to mitigate any adverse effects as necessary. The outsourced processes shall be controlled and records maintained for conformity. Where there is a requirement by the client for Quality / Service plan or Inspection and test plan, the QA/QC representative and the respective section manager shall prepare a quality plan or Inspection and test plan and submit for approval.
Changes to operational processes are done in accordance with the procedure for Management of change(PR 021).
Contingency plans are established as a risk treatment in accordance with the Procedure for Contingency plan (PR 023).
Ref: Management of change (PR 021),Contingency plan (PR 023).
8.2 Requirements for products and services
8.2.1 Customer communication
For the effective implementation to meet the requirements of customer, appropriate channels of communication are established in relation to product information, enquiries, contracts, order handling, amendments, contract information, enquiries, and feedback including customer complaints etc.
The various modes of communication used are:
E- mail through Internet
Fax/Letters
Telephone
Displays
Personal meetings with clients
Brochures
Visits of clients to facilities
The complaints received from the customers are reported in Customer Complaint Register where required. Customer communication records are also retained throughout the project, or until the project is declined. The method for handling complaints is identified in the procedure for communication, participation and consultation (PR-012).
Ref: Communication, participation and consultation (PR 012).
8.2.2 Determining the requirements for products and services
The requirements related to the services (stated/implied) as below, but not limited to:
Customer/Market needs
Cost involved
Statutory & regulatory requirements
Reference to the international standard
Organizational codes of Practice
Organizational policies & Objectives
Organizational capability
Relevant similar past experience in new product/service launching
Source of purchase
Mode of transportation
Present storage, handling & delivery methods,
Present over heads
Storage reliability
Suppliers reliability
Product/Service reliability
Competitors Product/Service
Competency of personnel
Inspection requirements
Anticipated market requirements
Inventory cost
Identification & Traceability
Product specifications
Stages of inspection and requirement
Reports of qualification tests
Transport requirement
Post-delivery activities
8.2.3 Review of the requirements for product and services
XXX shall review the requirements related to the contract and service prior to the commitment to supply to the client by reviewing the requirements from the client. The review is carried out by the respective section manager(s) and the relevant engineers who determines if the service can be provided or not. In case of tenders the “Estimation department” ensures that all the requirements are adequately reviewed.
Requirements related to the client are also identified clearly at the tendering process itself. The scope of work and the project deliverables clearly indicates the needs of the client. The specifications and instructions that accompany the tender documents are clear in identifying the requirements of the client related to the contract.
Clarifications and further information is received through the pre-tender meetings, or discussions and meetings with the client, visits to the site or proposed site areas, etc. Document and records which are controlled during the contract period are as follows:
Tender documents
Authorisation for pricing
Order transfer note
Progress report
Supplier quotation
Quotation to customer
Job card
QA/QC documents
Estimation sheets
Order receipt
Customer and contract document
Intermediate completion of services
Customer product / data sheet
Contract review comments and communicate the same
The review requirements of the products are done as per the following table
S. No
Requirement
Responsibility
1
Market feasibility
G.M. / Section Manager
2
Statutory and regulatory requirements
G.M./PRO
3
Raw material quality
QC Manager
4
Design mix
QC Manager
5
Equipment & Maintenance
G.M./Section Manager
6
Road signage
Section manager
The Procedure for contract Review (PR 024) is maintained which describes the process in details.
Ref: Contract Review (PR 024)
8.2.4 Changes to requirements for products and services
In situations where the client is not providing any documented statement of their requirement, the standard specification of the product is confirmed before making final commitment. Where contract requirements are changed, it is ensured that the relevant documentation is amended and relevant personnel are made aware of the changed requirements. Records of review are maintained by the sections.
When changes are required existing QMS, the management representative shall ensure through review the purpose and potential consequences of the change and its suitability and integrity with the existing management system. In case of need for availability of resources or need for the allocation or reallocation of responsibilities and authorities for the changes in the Objectives, it shall be duly addressed prior to formalizing the objectives. Management programs, identified risk control measures and action plans are amended, if required. If necessary, planning is also carried out through management review meetings. Regarding management of change (MOC) the organization shall identify the Risks associated with changes in the organization, Quality management system, or its activities, prior to the introduction of the changes. The organization also ensures that the results of these assessments are considered for determining the appropriate controls. These activities are further defined in the procedure Management of Change (PR 021)
Ref: Management of change (PR 021)
8.3 Design and development of products and services
8.3.1 General
XXX shall determine all the requirements of design of the products and services to fulfil products requirements and meet the entire satisfaction of customer. Required processes have been established and carried out the design and development as per the design and development procedure (PR 017). Although, the development shall not be restricted to this procedures because development and research always looks for better improvement of products in order to exceed the customer satisfaction.
8.3.2 Design and development planning
XXX prepare the plan and control the design for the development of products and services. The design engineer verifies the customer requirements prepare the effective plan for the proper designing. The design and development stages are clearly defined. The design and development stages are reviewed, verified and validated to ensure the requirements of the products have been meet with the requirements. The design engineer shall be responsible for the planning of design processes. The process owner shall review, verify and approval the design and development stages. Any risk and opportunities arising out of the design and development are managed as per the procedure of Risk assessment (PR 002).
These activities are further defined in the procedure Contract Review (PR 024)
Ref: Contract Review (PR 024)
8.3.3 Design and development inputs
The inputs of design and development of the products requirements are determined by the design engineer. The inputs are maintained as per the documentation requirements including the functional and performance requirements, environment and safety condition and output of the risk and Opportunity Process. Also XXX determines the information of previous design of delivered products and takes as a feedback to develop forthcoming products in the better way.
8.3.4 Design and development controls
Design and development review:
While designing the products and services, at suitable stages systematic reviews of design and development are performed in accordance with planned arrangements. Reviews status and comments are clearly marked and documented to give feedback and proposal to take necessary actions to meet the products requirements.
Design and development verification
Design verifications are carried out according to the plans and records of the verifications are maintained. It has been ensured that design and development outputs have met the design and development input requirements.
Design and development validation
The production engineer shall do validation of design and development as per the planned arrangements to ensure that resulting products are qualified and capable of meeting the requirements for the specified application and intended use. Validation is done prior to final use or delivers to customer. As necessary the customer also can validate the design and development.
8.3.5 Design and development outputs
The output of design and development is verified against the design and development input and approved prior to release. The output of design and development shall meet the input requirements. Instructions for the productions, information required for the purchasing of materials required for the products, as well as storage and handling information are also provided. Design outputs are in a format that will furnish all information required for the end user.
8.3.6 Design and development changes
The products and services designed and developed on the basis requirements and ready for the intended use. If the changes are required by the client, clear information for the required changes is received, and design engineer reviews and verifies the changes. Prior to implementation the changes are reviewed, verified, validated and approved. The changes records are documented and will be part of the contractual documents. Where required, design and development stages are detailed in the project quality plans and procedures issued by XXX. Various forms are design for the entire design and development process to keep as quality records.
Ref: Design and development procedure (PR 017).
8.4 Control of externally provided products and services
8.4.1 General
XXX has established a system to demonstrate its commitment and method through following section on its commitment and method for purchasing process, purchasing information and verification of purchased products.
8.4.2 Type and extend of control
Purchasing documents clearly and completely describe ordered products, including quality requirements. Purchasing documents are reviewed and approved prior to release. Purchased products are verified before they are used or delivered to end users. Details of purchasing process are documented in the procedure for control of externally provided services (PR 008). All new suppliers are evaluated with regard to their quality and process capability. All potential suppliers are evaluated based on the criteria of Quality and process as documented in the (PR 008). Supplier evaluation & re-evaluation is done in order to introduce them in the approved supplier list. The General Manager and the Management Representative establish the criteria for selection of suppliers, and purchasing staffs conduct supplier evaluation.
All potential suppliers are evaluated at least once in a year based on the criteria of Quality and process are documented in the procedure for Purchasing (PR 008) and once approved records are maintained in Approved supplier list.
XXX extend the control over supplier and outsourced processes and to the purchased products through the procedure for control of externally provided services (PR 008). The type and extent of controls will depend on the risk and opportunity associated with the product or service purchase. Quality performance of suppliers are monitored. Suppliers showing inadequate performance may be asked to implement corrective actions, and be downgraded or discontinued. In case there are identified risks of goods, equipment and services purchased, the controls are identified and if required communicated to the supplier or sub-contractor. Purchased products are inspected by requestor or the relevant managers. This includes verification of product identity and quantity, visual inspection and, where applicable, verification that all requested certificates and quality records are available. Record of the inspection are maintained.
Review also ensures that the purchased product meets the specified requirements. When deviations are identified, the supplier is contacted to discuss the corrective action. Where specialized services are required and have to be outsourced, the suppliers of such services are also identified, selected and approved in a manner similar to that mentioned above. Same controls are established for such activities.
Ref: Control of externally provided services procedure (PR 008).
8.4.3 Information for external providers
Purchasing documents are prepared by the purchasing in charge. The documents clearly and completely describe ordered products, including precise product identification and quality requirements. The General Manager or his appointed deputy reviews and approves all purchasing documents prior to release. Purchasing documents may be in the form of fax, e-mail, or other documented communication sent to the supplier, these clearly specify the requirements, specifications, terms and conditions. The document also includes the requirements for approval of product, procedures to follow (if applicable), requirements for qualification of personnel (where applicable) and Quality management system requirements. The documents are reviewed for adequacy of specified requirements and approved before sending to the supplier. The requirements to be followed by the suppliers/contractors are communicated by purchasing section at the time of signing the contract or along with purchase orders.
The procurement in charge shall ensure that procurement process have adequately defined and applied criteria for the selection of contractors. The procurement in charge shall ensure that outsourced functions and processes are controlled. The procurement in charge shall ensure that its outsourcing arrangements are consistent with legal requirements and other requirements and with achieving the intended outcomes of the Quality management system. The type and degree of control to be applied to these functions and processes shall be defined within the Quality management system as per the nature of work outsourced.
Ref: Control of externally provided services procedure (PR 008).
8.5 Production and service provision
8.5.1 Control of production and service provision
XXX establish control procedures covering all areas of company like general working areas, project sites, contract/project management, manufacturing, installation etc. to make sure its activities are carried out under controlled conditions. Controlled conditions include the following (where applicable):
The availability of information that describes the characteristics of the products and services offered,
The availability of work instructions as necessary,
The availability of information that describes the characteristics of the project through timing plan and method statement,
The use of suitable equipment identified through resource planning,
The availability and use of monitoring and measuring equipment,
The implementation of monitoring and measurement, and
The implementation of product release, delivery, and post-delivery activities.
To ensure this, XXX have developed method statements/Work instructions as per relevant national and international standards to be followed by the clients or the projects. A standard method statement contains the details on how to ensure quality of the products, Quality services, resource requirements, safety for the safe working conditions, measurement and control of process in line with the requirements of the customer. The method of statement of works is prepared and submitted to the client, consultant or contractors for their approval prior to execute the production/projects.
However, these can be modified and customized in accordance with project specification. XXX can function as prime, joint venture, or subcontractor, according to clients’ preferences. The final customization is approved by the process owners and relevant engineers prior to sending out to the client for approval. XXX also has own production facility to manufacture. These are produced as per standard specifications and project requirements. The products are designed as per the standards , special needs of clients are determined & are built as per specifications of products.
QA/QC requirements
The project manager has the full authority to run the project according to the plan drawn up with the General Manager. Working procedures are laid down taking into consideration of the customer’s requirement and quality aspects. Coordination, follow up and checking is duties assigned to the site staff, and are assured by regular meetings at suitable intervals.
Plant & equipment maintenance:
Plants are regularly maintained as per manufacturer’s maintenance schedule and manual. Maintenance is done by the respective sections. Moving vehicles, equipment, machines & etc. are maintained by mechanical engineering workshop regularly as well as the respective foreman in the department. Other hardware and software are regularly checked & maintained by IT department. Section heads are responsible to ensure the adequacy of all plant and equipment under their possession. The equipment are listed and included in the service/maintenance schedule as per type of equipment and its requirements. Outsource requirements for the maintenance (for specialized equipment) are requested and done as per purchasing procedures and as defined in the 8.4 in this manual.
Measuring and monitoring equipment:
Requirements for measuring and monitoring equipment are determined by Production and Quality Assurance. This is in accordance with process control and product verification programs defined in product realization planning (refer to Section 8.1 of this manual).
Validation of processes for production & service provision:
Processes where the resulting output cannot be verified by subsequent measurement or monitoring are designated as special processes. The relevant section heads are tasked with the responsibility of handling special processes and to ensure that the process is controlled and validated prior to delivery to the client. Special processes are validated and controlled by applicable methods, equipment and personnel qualification, and work instructions and process procedures. The use of specific methods and procedures are resorted to as applicable. Special process records are established and maintained as appropriate. Depending on the control measures implemented, these records may include process qualification and validation reports, equipment qualification and maintenance records, inspections and tests, operator qualification and training records, and so forth. If there is need for revalidation, that is also considered and handled accordingly.
Welding is considered as a special process and where required validation and revalidation is done for these special processes and works done. Welding procedures is prepared as per relevant standards. Only qualified welders are allowed to do the special welding jobs. Their practical experiences and skills are considered to assign the job to them. Monitoring or inspection of welding activities is done by competent engineer designated by Section Head. Where required third party inspection and certificates for the same will be maintained. The consumables storage, weld repair will be carried out as per the work instructions approved for the specific projects. XXX utilizes some “special processes” where the result of the process cannot be verified by subsequent monitoring or measurement. The special processes in use and the methods of validation of each are defined in Procedure for Validation of process (PR 026)
Ref: Validation of process (PR 026)
8.5.2 Identification and traceability
Purchased products are identified with its names and unique number used as necessary. The identification is the same as, or is cross-referenced with, the designations used in drawings, specifications, bills of materials, Products list, Purchase orders, etc. Purchased products are identified by marking, labelling, or tagging the products or their packaging, or by identification of the area where the products are held or per-codes (as per our new program). During all stages of production, products are usually identified by work orders and other documents that accompany them through the production cycle. Parts and components may also be identified by labels or tags, or the containers in which they are held. Final products are identified by their name, which is labelled by tags on the products. Projects are identified by their project numbers. When required by contracts, laws and regulations, or voluntary standards traceability is implemented to the extent specified. Traceability may also be implemented for internal reasons, to facilitate corrective action. As required, traceability may apply to materials, components, parts, production processes, environmental conditions, inspection and testing, and personnel responsible for processing and verification of products. The scope of traceability is documented in product manufacturing specifications or the production work order. The documented procedure Identification & traceability (PR 027) defines these methods in detail.
Ref: Identification & traceability (PR 027)
8.5.3 Property belonging to customers or external providers
Materials, tools, moulds & etc. provided by customer for the processing of products are received and inspected, in the event such products fail to meet the inspection criteria, or are not suitable for any other reason, the same shall be reported to customer and records shall be maintained. Storage, handling, and preservation of customer’s materials follow the same procedures that apply to purchase products. Customer’s software, documents, and other intellectual property are protected to the same extend as would internal documents of similar content, unless there are contractual requirements for special measure to protect customer’s intellectual property. When specified in a contract, special handling instructions from customers will take precedent over the company’s standard procedures. Customers are contacted in the event of loss, damage, deterioration, or unsuitability of their products by the relevant engineers. Customer’s vehicles and personnel entering to our yard to collect products and services are managed. Traffic flow is controlled by flagmen. All the loading activities are done under surveillance of safety personnel in order to avoid any damages or loss to the customer’s vehicles and personnel. This activity is defined in greater detail in the Procedure Customers or External Providers property (PR 028)
Ref: Customer or External Providers property (PR 028)
8.5.4 Preservation
Preservation of product by XXX describes in the relevant procedures, the conformity of its product at every stage from receipt of raw materials to delivery to its intended destination. It includes the identification, handling, storage and protection of both the products and the constituents of the products in order to maintain the conformity requirements. The section heads are responsible for product handling and preservation, and that products are adequately protected during production and storage. Where required, storage, and holding areas are controlled by the section that brings in new stock or uses the area. Only products that are properly identified and that have passed required inspections are authorized to enter and leave the store area. Products with limited shelf life are identified with expiration dates. These perishable products are also rotated in the storeroom to ensure that the oldest product is used first. The documented procedure Preservation of products (PR 029) defines the methods for preservation of product.
Ref: Preservation of products (PR 029)
8.5.5 Post-delivery activities
XXX shall ensure that all the post-delivery activities associated with the products and services. In determining the extent of post-delivery activities that are required, the organization shall consider
Statutory and regulatory requirements
The potential undesired consequences associated with its products services
The nature, use and intended lifetime of its products and services
Customer requirements and feedbacks.
For road construction, projects completion and warrantee certificates is given upon completion of the works as per contract requirements. Such warrantee is subject to the defect on the workmanship and materials supplied by XXX to be rectified immediately. All other warrantees are subject to the contracts terms and conditions.
8.5.6 Control of changes
XXX shall review and control changes for production or service provision, to the extent necessary to ensure continuing conformity with requirements. All the documented information’s regarding the changes and results of changes shall be retained by XXX, which shall also contain the details of the person(s) authoring the change and any necessary actions arising from the review. In case any change impacts the product or services, XXX shall notify the customer about the changes either through email or by calling telephonically. Corrective action shall be taken as per the procedure for Corrective Action (PR 006). Assessment of Risk and Opportunity shall be done as per Procedure Risk Assessment (PR 002). Processes are monitored and controlled through variety of approaches, activities and techniques. The system is designed to control:
Information, material and human input into the process;
Technology, tools and equipment used;
Process environment and performance; and
Process output.
Organization structure
Key or essential personnel
Critical providers
Design
Management system
Process change management is defined in the Procedure Management of change. Documents are changed in accordance with procedure Control of documented information.
Ref: Risk Assessment (PR 002); Corrective Action (PR 006) Management of change (PR 021); Control of documented information (PR 001).
8.6 Release of products and services
The release of the products and services shall be as per the planned arrangements and by a competent authority as per procedure of Product Release (PR 030). Where there is a release otherwise it shall be approved by the respective departmental authority or as applicable by the customer requirements.
No
Requirement
Releasing authority
1
Incoming Raw Material
QC / Requester
2
During Production Stages
QC / Process Owner
3
Finished products – Production
QC
4
Finished products – Site
QC/Engineer
5
Project Handover
Project Manager
Documented information (Records) related to the stages of the production process and communications related to the acceptance of the product/service by clients will be maintained. Evidence of conformity to product requirements with acceptance criteria will be maintained with the traceability to the person(s) authorizing the release.
All products are released for delivery only after all specified activities have been satisfactorily completed. Regular tests are carried out to ensure the consistency of quality; Lab verifications, plant trails are done in witness of authorities (MOE or consultant) and conformity of the product are obtained. The designs are certified by Ministry of Environment. Documents are changed in accordance with procedure Control of documented information. All products are released after the approval of the client.
Final site inspection is done by the Consultant and the client. If any deviations found during inspection are corrected on the spot or redone as per consultant or client recommendation. A guarantee period of 400 days or else specified in the contract for the materials and workmanship defect and rectification on immediate basis is defined in all road construction projects. Any rectification requested by client within guarantee period has been verified and carried out on immediate basis.
Ref: Release of Product (PR 030)
8.7 Control of non-conforming outputs
XXX have taken special care to ensure that the outputs which do not conform to the planned arrangement or as per the requirements are identified and controlled to prevent unintended use or delivery. The following methods shall be adopted when dealing with non-conforming outputs can be:
correction
segregation, containment, return or suspension of provision of products and services
informing the customer
obtaining the authorization for acceptance under concession
Non-conforming materials are identified and segregated from conforming materials to prevent unintended use or confusion and mixing with conforming materials. A system is established for identifying, controlling, handling and taking proper action on detected non-conformity. These methods are defined through the procedure for control of non-conforming outputs (PR 005).
Ref: Control of non-conforming output procedure (PR 005).
9 PERFORMANCE EVALUATION
9.1 Monitoring, measurement analysis and evaluation
9.1.1 General
The Integration of the whole measuring and improvement system will cover the required improvement processes needed to demonstrate conformity to product requirements, to ensure conformity of the Quality management system and to continually improve the effectiveness of the Quality management system.
Major processes include:
Sales, production and service
Inspection and testing
Purchasing
Control of non-conforming outputs
Internal auditing
Customer satisfaction
Corrective actions
Data analysis
Legal requirements and compliance
Objective achievement
Operational effectiveness
Performance
The effectiveness of the QMS, including the policy and objectives, is monitored by conducting internal audits, and operational reviews, and is measured by customer satisfaction and key performance indicators. The results from the monitoring and measurement shall be analysed and evaluated by the top management.
9.1.2 Customer satisfaction
Customer satisfaction is measured by collecting and analysing direct customer feedback, and by measuring secondary indicators of customer satisfaction. Customer satisfaction data is used by the top management to identify opportunities and priorities for improvement. The procedure of measuring Customer satisfaction has been established as per Procedure for Customer Satisfaction (PR 031). The process owners/department managers is responsible for developing suitable indicators of customer satisfaction, and for defining methods for collecting and analysing the pertinent information in their areas. Information and data pertaining to customer satisfaction are collected from several sources such as but not limited to:
On-going feedback from customers,
Surveys using customer satisfaction survey form at the completion of each project and orders,
Analysis of trends of customer satisfaction/complaints/safety reports issued by client,
Awards and recognitions,
Repeat customer rates, and market share,
Lost business analysis.
Results of customer satisfaction surveys and the perception of the customers is analysed by the management representative and presented during the management review meetings.
Ref: Customer Satisfaction (PR 031)
9.1.3 Analysis and evaluation
XXX collects, complies and analyses information and data required for evaluating the suitability and effectiveness of the management system and for identifying opportunities for continual improvement. Data and information available in records are compiled and analysed periodically to determine trends in the performance and effectiveness of the management system and to identify opportunities for improvement. The Management Representative is responsible for coordinating these activities and for reporting conclusions and trends to the top management. This is usually done within the framework of management reviews of the QMS. Following categories of information and data are recorded, compiled and analysed:
Quality performance and records of communication from employees.
Conformance to product/service requirements (Objectives)
Status of non-conforming products and areas of re-occurrence.
Action against non-conformances (including audits)
Characteristics and trend of processes and products
Supplier performance recorded in supplier re-Evaluation and evaluated for trends by purchasing dept.
Customer satisfaction levels – recorded in customer satisfaction survey form
Customer complaints –evaluated for trends.
Effectiveness of training – recorded in training record.
Effectiveness of Quality management system – recorded in audit observation sheet and evaluated for trends.
Analysis of shall be conducted as per the Procedure for Analysis of Data (PR 032)
Ref: Analysis of Data (PR 032)
9.2 Internal audit
9.2.1 Planning and scheduling
Management representative establishes an internal audit plan ensuring that every activity and area is audited at least once a year. Selected activities are audited more frequently, depending on their importance, risk and opportunities associated with the process, result performance evaluation of process, results of past audits and quality performance history. The audit criteria, scope, frequency and methods are defined in an internal audit plan which also lists the audit criteria, auditor, auditee, date, and time.
9.2.2 Audit team and preparation for audit
Only suitably trained and qualified personnel independent of the audited activities are assigned to conduct internal audits. A list of trained internal auditors is maintained by the Management Representative in list of trained internal auditors form. Also Management Representative can identify third part auditor to conduct internal audit as necessary. The qualified auditors from different sections may audit different section. Auditors prepare for audits by reviewing applicable standards and procedures, analyzing quality records, and establishing questionnaires and checklists.
Conducting the audit
Auditors seek objective evidence indicating whether the audited activities comply with the requirements of the documented QMS system, and whether the QMS system is effective. The evidence is collected by observing activities, interviewing personnel, and examining records. Findings are recorded on an audit observation sheet. Negative findings are reported as non-conformities and documented using non-compliance report form. Also the third party’s audit report also can be used to monitor and follow up for corrective actions. Audits are conducted in a way that minimizes disruption of the audited activities.
Corrective action and follow up
When nonconforming conditions are identified, the process owner for the affected area or process is requested to propose and implement a corrective action. Implementation and effectiveness of the action are verified by a follow-up audit. The non-compliance report form is used for monitoring and recording the implementation of the corrective actions. Non-compliance reports are closed out by the Management Representative after evaluating effectiveness of action taken. Where a non-compliance is raised against the activities of the Management Representative, only the General Manager is authorized to close out these reports.
Reporting
When the auditing cycle is completed, all nonconformity reports established during the cycle are compiled and analysed, and are presented at the management review meeting by the Management Representative. Internal audits aQMS to verify conformance of the planned arrangements to the requirements of the standards and to that of the Quality management system established.
Ref: Internal audit procedure (PR 004).
9.3 Management review
9.3.1 General
XXX reviews established QMS to ensure its suitability, adequacy and effectiveness which includes assessment for opportunities for improvement and the need for changes to the QMS as per the procedure for management review (PR 003).
Management review meeting is conducted at least once a year. The review committee consists of the following members and is chaired by the General Manager.
General manager (GM)
Assistant manager
Management representative (MR)
Document controller (DC)
All section heads/ managers
HSE
Any other special invitee
Method, duration, responsibility, authority, review input/output for the management review is defined through the procedure (PR003) for management review.
9.3.2 Management review inputs
Inputs for the period of review to management review meeting related to the process performance are prepared by the process owners & QUALITY representatives and the system related performances are provided by the management representative.
9.3.3 Management review outputs
The output of the meeting includes the decisions and actions related to the improvement of the effectiveness of the QMS. The minutes, after approval by the General Manager, is circulated to attendees and management representative for further review and discussion and following up the implementing the actions decided in the meeting. The outputs of the management review meeting shall include decisions and actions related to
Opportunities for improvement
Any need for changes to the QMS
Resource needs
The management representative shall maintain the documented information of the results of the review meeting.
Ref: Management review procedure (PR 003).
10 IMPROVEMENT
10.1 General
XXX has deployed continual improvement principle throughout the entire organization. The improvement effort is driven by goals defined in the policy and objectives. Improvement shall include:
Improving products and services to meet requirements as well as to address the future needs and expectations
Correcting, preventing or reducing undesired effects
Improving the performance and effectiveness of the Quality management system
Improvement opportunities are identified by analysing quality performance data and information. Improvement projects are defined and implemented through the system of corrective actions, and management review actions. Causes of identified non-conformities are investigated and, where appropriate, corrective actions are implemented to ensure that non-conformities do not recur. Corrective actions taken are recorded and are followed up to ensure that they have been properly implemented and that they are effective.
10.2 Non conformity and corrective action
Nonconforming products/ services are identified, documented, evaluated, and prevented from being used or delivered to the customer. Repaired or reworked products are re-inspected. Appropriate actions are taken when product nonconformity is identified after delivery. When appropriate, corrective actions are implemented to prevent recurrence of identified nonconformities.
Identification and documentation
XXX identifies and documents all product/ service nonconformities, regardless of how insignificant they seem to be or how easily they can be repaired or reworked. Product nonconformity records are invaluable for tracking performance and trends, and for identifying areas where corrective actions should be implemented.
During purchasing of materials or services or sub-contracting parts of the service, non-conforming products are segregated and reported to the supplier or sub-contractor for corrective actions.
Nonconforming products/ services are documented using a non-compliance report form. It describes the nonconformity, documents the disposition decision, and records close-out of follow-up activities (re-inspection, concessions, corrective actions, etc.). It is a company policy not to deliver nonconforming products/ services to clients and the responsibility for this rests with the Section heads.
Therefore no segregation/ tagging methods are required. Adherence to specifications including delivery times is of prime importance.
Nonconformity review and disposition:
Review of non-conforming products/ services are carried out with the sole intention of re-working and correcting the non-conformity, after which it is delivered to the customer. Under no circumstances, non-conforming products/ services are delivered intentionally to the customers.
Re-verification of repaired or reworked product:
Reworked products are re-inspected and their conformity with the requirements of the customer confirmed prior to delivery. This may also involve interaction with the client and obtaining their acceptance of the product/ service prior to delivery.
All such actions related to control of nonconforming products/ services are recorded in the relevant project files.
If product nonconformity is detected internally after delivery or use has started, customers are informed and instructed what to do with the product. In situations when the nonconformity may create a safety or other hazard, the product may be recalled. Only the General Manager or his appointed deputy is authorized to make recall decisions. Details of the process are available in control of non-conforming outputs (PR 005)
The need for corrective action is determined on the basis of identified actual non-conformities. Corrective action requests are typically triggered by such events as a failed inspection, customer complaint and/or product return, non-conforming delivery from a supplier, or a system audit finding.
The need for corrective action is determined on the basis of identified actual non-conformities. Corrective action requests are typically triggered by such events as a failed inspection, customer complaint, deviation from work instruction/legal requirements/regulations, non-conforming delivery from a supplier, or a system audit finding. XXX has established a procedure for handling corrective actions as below, details of which are available in (PR 006):
Requirement for corrective actions are documented in a noncompliance report form where the nature of the non-compliance is recorded. The process owner identifies the proposed corrective action and sets reasonable time frames for implementation. After the due date, the management representative reviews the action taken and evaluates the effectiveness of the corrective action. The purpose of the corrective action is to:
Review the nonconformities including the customer complaints
Determining the root causes of the non-conformity
Taking action to eliminate the root cause of the problem to ensure that the non-conformity does not recur
Determining and implementing the action needed
Record the result of the actions taken
Reviewing and recording the effectiveness of the action taken
The management representative maintains records of all the corrective actions initiated analyses and reports trends periodically and during management review meetings.
Ref: Control of non-conforming procedure (PR 005), Corrective actions procedure (PR 006).
10.3 Continual improvement
XXX top management ensures the improvement in effective implementation and performance of the Quality management system by systematically reviewing and updating the QUALITY policy, quality objectives, analysing audit results and other data from monitoring and measurement relevant to quality, environment and safety performance, corrective action and the management review. System performance is evaluated by respective section managers and reported in the management reviews of the QMS. Where the performance falls short of a defined objective, the management review identifies specific improvement actions to reach the objective. When an objective is reached, the management review may set a new, higher objective in this area and specify new improvement actions for reaching it.
In addition to management reviews, process owners identify improvement opportunities continually, based on the feedback from their operations and other activities. Employees are also encouraged to come forward with ideas for improving products, processes, systems, productivity, and working environment. These improvement opportunities are evaluated and prioritized by the engineers and section managers and where appropriate they are implemented. Where additional plans and resources are required, these are discussed in the management reviews and approved sought from the management. Changes arising out of the Continual improvement shall be managed as per the Procedure Management of change (PR 021). The section managers shall collate the continual improvement done in there are and present in the continual improvement plan format as per the procedure for continual improvement (PR016)
API Q1 Specification for QualityManagementSystemRequirements forOrganizationsProviding Products for the Petroleum and Natural Gas Industry
The American Petroleum Institute (API) developed API Spec Q1 10th Edition specifically for Organizations Providing Products for the Petroleum and Natural Gas Industry. It’s one of the most prestigious company-based certifications that your organization can obtain to demonstrate its commitment to a sound quality management system. Furthermore, it allows your organization to meet the global demands of an increasingly competitive environment. For starters, ISO 9001:2015 is the basis for most (if not all) of the industry-specific quality management standards. It’s a flexible international standard that outlines the framework and guiding principles for quality management. Achieving ISO certification allows manufacturers to improve the quality of products or services while simultaneously lowering the cost of quality. On the other hand, API Spec Q1 10th Edition structurally deviates from the standard ISO 9001 series, but the results of a compliant quality management system are still the same. API Spec Q1 builds upon the classic structure of the ISO 9001 series by addressing risk and other QMS elements, but takes a different approach to quality management by bringing risk assessment and risk management into the fold. Additionally, there are some other key differences between ISO 9001 and API Q1, including:
Formalizing employee competency and training
Reinforcing risk assessment and risk management throughout the standard
Contingency planning
Controlling the supply chain
Preventative maintenance
Validation of designs
Change management
API Monogram Licensing Program Requirements Part 1 – General Requirements
The information contained herein details the applicable requirements for Organizations seeking approval to use the API Monogram Mark.
To obtain and retain an API Monogram license, an Organization must have a documented and functioning quality management system in place that meets both the requirements of API Spec Q1® (Quality Programs for the Petroleum, Petrochemical and Natural Gas Industry), and at least one of the applicable API Product Specifications.
Issuance of the license(s) is dependent upon a successful evaluation of the Organization’s quality manual, API Spec Q1 Conformity Matrix and satisfactorily passing an on-site audit of the Organization’s facility and processes by API through its designated auditors. Site audits are required to verify demonstrated capability of the Organization to meet program requirements. Associated audit expenses will be paid by the facility.
Review the requirements stated in API Spec Q1 and the applicable API Product Specification(s) for which your Organization is seeking a license. If your Organization feels that its manufacturing processes meet all the stated quality requirements to obtain an API Monogram License for one or more product specifications, please complete and submit the following:
API Certification Programs Application If your Organization is seeking one or more API Monogram licenses and/or registrations, this form must be completed and signed.
API Monogram License Agreement For each API Product Specification for which you are requesting licensing, a separate License Agreement must be completed and signed. NOTE: The applicant is not allowed to use the API Monogram until all steps in the process have been completed (including satisfactorily passing an on-site audit), the applicant has paid the applicable fees, the applicant has agreed to comply with all terms and conditions of the agreement, and signed the License Agreement.
Licensing Information Form: For each API Product Specification for which you are requesting licensing, a separate Licensing Information Form must be completed. Please submit the appropriate forms as applicable to the Product Specification(s).
Do not submit a Licensing Information Form(s) without a completed API Monogram License Agreement(s) (see Part 4 – API Monogram License Agreement), your API Certification Programs Application, your Quality Manual, API Spec Q1 Conformity Matrix and License Fee. For instructions on where to send your submission, see Part 6 – Fee Schedule.
Introductions
API Q1 has been created to deal with quality management systems for organizations in the petroleum and natural gas sector. It lays out the essential requirements for organizations claiming compliance with API Q1. It can be used by organizations providing products for use in this industry. API Q1 defines “product” as the output intended for customers. Earlier versions only applied to organizations making physical products, providing services for physical products, or involved in manufacturing processes. The aim of API Q1’s requirements is to reduce the chance of errors. While API Q1 might include some aspects of other management systems, it doesn’t cover all their specific requirements. It can be used alongside other industry guidelines. Both internal and external parties, including certification bodies, can use API Q1 to check if an organization meets customer, legal, and its own requirements. API Q1 encourages integrating a process approach when developing, implementing, and improving the effectiveness of a quality management system. This ensures continuous control over requirements and facilitates the overlap of processes. To function effectively, an organization must manage various connected activities. Any activity that turns inputs into outputs can be seen as a process. These process activities involve identifying needs, providing resources, realizing products, sequencing activities, monitoring effectiveness, and making necessary changes or corrections. API Spec Q1 10th Edition addresses the following types of organizations in the petroleum and natural gas industry.
manufacturing
engineering/design
physical product realization activity providers such as those performing:
welding
heat treating
coating/plating
machining
inspection
testing
servicing
physical product-related activity providers such as those performing:
distribution
logistics
software development
The verbal forms used to express the provisions in this document are as follows.
Shall: As used in a standard, “shall” denotes a minimum requirement to conform to the standard. Should: As used in a standard, “should” denotes a recommendation or that which is advised but not required to conform to the standard. May: As used in a standard, “may” denotes a course of action permissible within the limits of a standard. Can: As used in a standard, “can” denotes a statement of possibility or capability
Goal of API QI
The aim is to establish the essential criteria for creating a quality management system that encourages dependability and allows for ongoing enhancements. The focus is on preventing errors, reducing differences, and avoiding inefficiencies. This specification does not aim to suggest that all quality management systems should have the same structure or documentation.
Structure of API Q1: 10th Edition
1.Scope
This section review section 1, scope, of the API Q1 10th edition specification. This specification established the minimum quality management system requirements for organizations that provide products for use in the petroleum and natural gas industry..
2.0 Normative references
The text makes reference to API Q1, and some or all of its content serves as requirements for API Q1. For dated references, only the tenth edition mentioned is applicable. For undated references, the most recent edition (including any addenda) is applicable.
ISO1 9000:2015, Quality management systems—Fundamentals and vocabulary
3.0 Terms, Definition and Abbreviations
3.1 Terms and Definition
For the purpose of API Q1: 10th Edition, the terms and definitions given in ISO 9000 and the following shall apply:
3.1.1 acceptance criteria: Specified limits of acceptability applied to process or product characteristics.
3.1.2 acceptance inspection: Demonstration through monitoring or measurement that the product conforms to specified requirements.
3.1.3 calibration: Process of comparison to a standard of known accuracy, comparison of results against TMMDE (testing, measuring, monitoring, and detection equipment) acceptance criteria, and, if applicable, making needed adjustment.
NOTE Calibration of non-adjustable equipment can be referred to as verification.
3.1.4 compliance: Act of satisfying (verb) or the status of having satisfied (noun) legal requirements.
3.1.5 critical: Deemed by the organization, product specification, or customer to be of significant importance and requiring specific action.
3.1.6 delivery: Point in time at which the agreed transfer of ownership takes place.
3.1.7 design acceptance criteria (DAC): Requirements applied to characteristics or combinations of those characteristics, of materials, products, or components to achieve conformity to the specified design requirements and/or required design performance. NOTE 1 DAC can be equal to MAC. NOTE 2 Required design performance is often stated in technical specifications.
3.1.8 design validation: Process of proving a design by testing to demonstrate that the product conforms to design requirements and performs as intended. NOTE Design validation can include one or more of the following (this is not an all-inclusive list): a) prototype tests, b) functional and/or operational tests, c) tests specified by industry standards and/or regulatory requirements, d) field performance tests and reviews.
3.1.9 design verification: Process of examining design outputs to determine conformity with specified requirements. NOTE Design verification activities can include one or more of the following (this is not an all-inclusive list): a) confirming the accuracy of design results through the performance of alternative calculations, b) review of design output documents resulting from design activities, c) comparing new designs to similar proven designs.
3.1.10 key performance indicator (KPI): Quantifiable measure that an organization uses to gauge or compare performance.
3.1.11 legal requirement: Statutory or regulatory requirements.
3.1.12 management [noun]: A person or group of persons with authority and responsibility for the conduct and control of all or part of an organization. NOTE For some organizations, top management (see ISO 9000) and management are the same.
3.1.13 manufacturing acceptance criteria (MAC): Requirements applied to characteristics or combinations of those characteristics, of materials, products, or components to achieve conformity to DAC and other product manufacturing requirements. NOTE 1 MAC can be equal to DAC. NOTE 2 For services, product realization can be substituted for product manufacturing.
3.1.14 outsource [outsourced activity]: Function or process that is performed by an external supplier on behalf of the organization.
3.1.15 preventive maintenance: Systematic servicing of equipment, machines and/or facilities for the purpose of maintaining a satisfactory operating condition.
3.1.16 procedure: Organization’s documented method for performing an activity under controlled conditions to achieve conformity to specified requirements. NOTE 1 This definition was previously identified as a “control feature” in earlier editions of this specification. NOTE 2 A procedure can be in many forms, e.g. work instructions, flow diagrams and manuals.
3.1.17 product: Output of an organization intended to be provided to a customer. NOTE As used in this document, the term ‘product’ can include, but is not limited to, hardware, software, production activities, or product related activities such as: servicing, storage, distribution, and logistics.
3.1.18 product realization: Set of interrelated or interacting activities (processes) necessary to provide product.
3.1.19 remote assessment: Assessment conducted by person(s) not physically present at the location being assessed.
3.1.20 risk: A situation or circumstance that has both a probability of occurring and a potentially negative consequence.
3.1.21 servicing: Maintenance, adjustment, and/or repair performed on a product after delivery and/or on-site installation.
3.1.22 supply chain: Suppliers and associated sub-supplier(s) required for product realization.
3.2 Abbreviations
For the purposes of this specification, the following abbreviations shall apply.
DAC: design acceptance criteria ITP: inspection test plan KPI: key performance indicator MAC: manufacturing acceptance criteria MOC: management of change MPS: manufacturing process specification PCP: process control plan QAP: quality activity plan QMS: quality management system QP: quality plan TMMDE: testing, measuring, monitoring, and detection equipment
4 Quality Management System Requirements
4.1 Quality Management System
4.1.1 General
The organization must always plan, set up, record, put into action, and keep up a quality management system in line with this specification’s demands for the product within the organization’s defined scope. Additionally, the organization needs to assess and enhance the effectiveness of this quality management system.
4.1.2 Quality Policy
The organization’s commitment to quality must be clearly outlined, documented, reviewed, and endorsed by top management. The quality policy should:
Align with the organization’s goals and guide its strategic path,
Serve as a foundation for setting quality objectives,
Be effectively communicated, understood, put into practice, and upheld within the organization,
Be accessible to relevant stakeholders as determined by the organization, and
Include a pledge to meet requirements and consistently enhance the efficiency of the quality management system.
4.1.3 Quality Objectives
Quality objectives, including those necessary to fulfill product and customer needs, must be set at appropriate functions and levels within the organization by management, with approval from top management. These objectives should be measurable, communicated, and aligned with the quality policy.
4.1.4 Planning the Quality Management System
4.1.4.1 General
The planning of the quality management system must be conducted. While planning, the organization must specify the scope of the quality management system, including the products covered and any limitations or exclusions. The organization must recognize external and internal factors relevant to the organization’s long-term objectives and goals. Identify relevant stakeholders and their requirements for the quality management system. The organization must establish the sequence and interaction between the processes of the quality management system. The organization must determine and oversee the criteria and methods necessary for the efficient operation and control of quality management system processes. The organization must set quality objectives, detailing actions, resources, responsibilities, timeframes, and methods for monitoring and evaluation. It must address identified risks. It addresses opportunities for improvement. It must identify key personnel involved in the quality management system.
4.1.4.2 Exclusions
If an organization carries out activities covered by API Q1, whether internally or through outsourcing, it cannot claim exclusion of those activities. Excluding certain activities should not impact the organization’s capability or obligation to deliver products that meet customer and legal standards. If any exclusions are made, the reasoning behind them must be documented. When an organization performs activities addressed by this specification, no claims to exclusion of those activities are permitted. When exclusions are permitted, they are limited to the following sections:
API Q1 Clauses
Sections
5.4
Design
5.6.4
Validation of Processes
5.6.7
Externally Owned Property
5.8
Testing, Measuring, Monitoring, and Detection Equipment (TMMDE)
4.1.5 Communication
4.1.5.1 Internal
The organization must set up internal communication processes. These processes should involve communicating, at appropriate levels and functions within the organization the significance of meeting customer, legal, and other relevant requirements; and the outcomes of data analysis.
4.1.5.2 External Communications
The organization must create and put into action a procedure for communicating with external entities, including customers. This process should cover:
Handling inquiries, contracts, or order processing, and any modifications;
Understanding and meeting requirements during contract execution and product creation;
Providing product details, including any non-conformities;
Addressing feedback and customer complaints;
Sharing quality plans and any subsequent adjustments; and
Communicating changes and associated risks.
4.2 Management Responsibility
4.2.1 General
Top management must show leadership and dedication to setting up, implementing, maintaining, and enhancing the quality management system by endorsing the creation of quality objectives at relevant functions and levels within the organization. Top management must allocate necessary resources for the quality management system. These resources can encompass human resources, specialized skills, organizational infrastructure, financial assets, and technology. Top management must involving and backing personnel in implementing and sustaining the quality management system and designating responsibilities and authorities to ensure that processes achieve intended outcomes.
4.2.2 Responsibility and Authority
The duties, powers, and responsibilities of personnel within the organization’s quality management system must be clearly outlined, documented, and communicated across the organization.
4.2.3 Management Representative
Top management must appoint and retain a member of the organization’s management who, regardless of other duties, holds responsibility and authority that involves guaranteeing compliance of the quality management system with the requirements of this specification. Establishing, implementing, and maintaining processes necessary for the quality management system. Providing reports to top management regarding the performance of the quality management system and any areas requiring improvement. Initiating actions to rectify nonconformities. Ensuring the promotion of awareness of customer requirements throughout the organization.
4.3 Organization Capability
4.3.1 Resources and Knowledge
4.3.1.1 Resources
The organization must identify and allocate the necessary resources to implement, maintain, and enhance the effectiveness of the quality management system.
4.3.1.2 Knowledge
The organization must identify the expertise required to sustain the operation of its processes and ensure the consistent conformity of its products. This knowledge should be preserved and accessible as per the organization’s discretion.
Note: Knowledge may be gained through experience, study, training, lessons learned, best practices, or other means.
4.3.2 Human Resources
4.3.2.1 Personnel Competence
Personnel involved in the organization’s quality management system responsibilities must be competent. The organization should uphold a documented procedure concerning personnel competence. This procedure should cover:
Identifying and documenting required competencies.
Identifying necessary education, training, experience, or other actions to attain competence.
Evaluating the effectiveness of measures taken to acquire competencies.
Establishing criteria and methods for assessing, maintaining, and re-assessing competencies.
Designating personnel responsible for assessing competency.
Records of personnel competence must be retained.
4.3.2.2 Training
The organization must establish and uphold a training procedure. The organization must identifying the content and frequency of necessary training. The organization must provide training on the quality management system. It must provide job-specific training, including raising awareness among personnel about the significance of their tasks and their contribution to achieving the organization’s quality objectives. It must offer customer-specified or customer-provided training when necessary. It must assess the effectiveness of the training. It must document the required training records. Records of personnel training must be retained.
4.3.3 Work Environment
The organization must identify, furnish, oversee, and sustain the work environment necessary to ensure product conformity. This work environment encompasses:
Facilities, workspaces, and related utilities;
Process equipment, including both hardware and software;
Ancillary services (e.g., transportation, communication, information systems); and
Work conditions, covering physical, environmental, or other influencing factors.
4.4 Documentation Requirements
4.4.1 General
The documentation of the quality management system should consist of:
An outline of the quality management system’s scope, defining the products covered and providing reasons for any exclusions;
Declarations of the quality policy and quality objectives;
Listing legal and other relevant requirements that the organization must adhere to in order to ensure product conformity;
Explanation of how the quality management system fulfills each requirement outlined in this specification;
Identification of processes requiring validation; and
Procedures, documents, and records necessary for planning, executing, and controlling processes, as well as for meeting specified requirements.
Note: Traditionally, some of this documentation has been incorporated into a quality manual, but it can take various formats and may be presented as either a single document or multiple documents.
4.4.2 Procedures
Every procedure mandated by this specification must outline the organization’s approach to conducting an activity. These procedures must be documented, put into action, and upheld to ensure ongoing appropriateness.
Note: One procedure can encompass the requirements for one or more documented procedures. Likewise, multiple procedures can fulfill any requirement for a documented procedure.
4.4.3 Control of Internal Documents
The organization must maintain a documented procedure for managing internal documents required by the quality management system and this specification, including revisions, translations, and updates. This procedure must cover:
Responsibilities for approval and re-approval;
Review and approval for adequacy before issuance and use;
Periodic reviews for ongoing suitability and necessary revisions;
Identification of changes and current revision status;
Ensuring legibility and proper identification of documents;
Availability of documents at locations where activities are carried out.
Obsolete documents must be removed from all points of distribution or use, or appropriately marked to prevent unintended usage if retained for any purpose. Procedures, work instructions, and forms mandated by the quality management system must be controlled.
4.4.4 Control and Use of External Documents
The organization must uphold a documented procedure for managing documents from external sources necessary for product realization and use, including API or other external specifications. This procedure should cover:
Identifying and documenting the necessary external documents;
Managing access to and distribution of required documents, including relevant versions;
Incorporating requirements from external documents into product realization and any affected processes;
Establishing a process for identifying changes to required documents, such as addenda, errata, and updates;
Assessing the impact of changes;
Incorporating relevant changes.
Note: Normative references specified within API product or other external specifications, essential during product realization, may also be regarded as external documents.
4.5 Control of Records
Records, including those originating from outsourced activities, must be established and managed to demonstrate conformity to requirements and the organization’s quality management system. The organization must maintain a documented procedure outlining the controls and responsibilities for managing records. This procedure should cover:
Identifying records;
Collecting records;
Ensuring legibility of records;
Correcting records when necessary;
Storing records securely;
Safeguarding records from unintended alteration, damage, or loss;
Retrieving records as needed;
Determining retention periods;
Disposing of records when appropriate.
Records must be retained for a minimum of ten years or as required by customer, legal, and other relevant requirements, whichever is longer.
5 Product Realization
5.1 Contract Review 5.1.1 General
The organization must uphold a documented procedure for reviewing requirements related to product provision. This procedure should cover determining requirements, reviewing requirements, and making changes to requirements.
5.1.2 Determination of Requirements
The organization must identify requirements outlined by the customer, legal regulations, and any other applicable criteria, as well as requirements not explicitly mentioned by the customer but deemed necessary by the organization for providing the product. In cases where the customer hasn’t provided documented requirements, the organization must confirm these requirements and keep records of the confirmation process.
5.1.3 Review of Requirements
The organization must assess the requirements regarding product provision. This assessment must occur before the organization commits to delivering the product to the customer. It should confirm that requirements are identified and documented, resolve any discrepancies from previously identified requirements, and ensure the organization can meet the documented requirements. If contract requirements change, the organization must update relevant documents and inform relevant personnel of the changes. Records of the review outcomes, including any resulting actions, must be kept.
5.2 Planning
The organization must identify and strategize the processes and documents necessary for product realization. During planning, the organization should address the following:
Management of required resources and work environment.
Product and customer-specified requirements.
Legal and other applicable requirements.
Design specifications.
Contingency planning.
Specific verification, validation, monitoring, measurement, inspection, and testing activities for the product, along with acceptance criteria.
Management of change (MOC).
Records needed to demonstrate that product realization aligns with requirements.
The outcome of this planning must be documented and regularly updated to reflect changes. These plans should be organized in a structure suitable for the organization’s operational.
5.3 Risk Management 5.3.1 General
The organization must maintain a documented procedure for identifying and managing risks related to product delivery and quality. The procedure should cover:
Techniques for identifying and assessing risks.
The use of risk assessment tools and their application.
Criteria for determining the severity of risks, including potential consequences of product failure.
Actions for mitigating risks.
Assessing the remaining risks.
Contingency planning, including when a contingency plan is necessary based on the assessment of remaining risks.
Risk assessment may involve evaluating severity, probability of occurrence, and detectability. It can also be linked to corrective action.
5.3.2 Risk Assessment 5.3.2.1 Product Delivery
Risk assessment related to product delivery must consider factors such as facility and equipment availability, including maintenance, as well as supplier delivery performance and material availability/supply.
5.3.2.2 Product Quality
Risk assessment concerning product quality must encompass factors such as the delivery of nonconforming products and the availability of competent personnel.
5.3.2.3 Changes Impacting Product Quality
If any of the listed alterations have the potential to adversely affect product quality, a risk assessment concerning product quality must be conducted:
Changes in the organizational structure;
Changes in key personnel;
Alterations in the supply chain of critical products, components, or activities;
Modifications to the management system scope or procedures; and
Adjustments to the organization’s capacity to execute the processes needed for product realization.
Note: Changes may originate internally or externally.
5.3.3 Contingency Planning
If the organization deems it necessary to have a contingency plan due to assessed risks, the plan must, at a minimum, outline actions needed to mitigate the impact of disruptive incidents, assign responsibilities and authorities, and establish controls for internal and external communication. These contingency plans must be documented, communicated to relevant personnel, and revised as necessary.
5.3.4 Records
Records documenting risk assessment and management, including the actions implemented, must be retained.
5.4 Design 5.4.1 General
If the organization is accountable for product design, it must adhere to the requirements outlined in section 5.4. However, these design requirements do not apply if the product is involved in production activities, servicing, storage, distribution, or logistics.
Note: In previous editions, the term “design” was denoted as “design and development.”
5.4.2 Design Planning
The organization must uphold a documented procedure for planning and overseeing the design process. This procedure should cover:
a) Planning, including updates to the plan(s), used for design. b) Various stages of the design process. c) Allocation of resources, responsibilities, authorities, and their interactions. d) Review, verification, and validation activities required for each design stage. e) Requirements for a final review of the design. f) Criteria and approval process for design changes.
When design activities are outsourced or carried out at different locations within the organization, the procedure should outline controls to ensure compliance with design requirements. If design activities are outsourced, the organization remains accountable for design and must ensure that the supplier meets outsourcing requirements.
Note: Design review, verification, and validation serve distinct purposes but can be conducted and recorded separately or in any combination, as appropriate for the product and the organization.
5.4.3 Design Inputs
Inputs must be identified and assessed for adequacy, completeness, clarity, and absence of conflicts. Any identified issues must be resolved. Inputs may encompass functional and technical requirements, along with the following, if applicable:
Customer-specified requirements;
Requirements from external sources, including API product specifications;
Environmental and operational conditions;
Documentation of methodologies, assumptions, and formulas; e) Historical performance and other data from similar previous designs;
Legal requirements; and
Potential consequences of product failure, as required by legal mandates, industry standards, customer specifications, or deemed necessary by the organization.
Records of design inputs must be retained.
5.4.4 Design Outputs
The documentation of outputs must enable verification against the requirements outlined in the design inputs. These outputs should:
Meet the requirements specified in the design inputs.
Provide information for purchasing, production, inspection, testing, and servicing, as applicable.
Identify or reference design acceptance criteria (DAC).
Include identification of, or reference to, products, components, and/or activities considered critical to the design.
Incorporate the results of relevant calculations.
Specify the characteristics of the product essential for its intended purpose and safe and proper function.
Records of design outputs must be retained.
Note: Identification of criticality of products, components, and/or activities may be managed separately from the design process.
5.4.5 Design Review
At appropriate stages, evaluations must be conducted to assess the suitability, adequacy, and effectiveness of the outcomes of design stages in meeting specified requirements, and to identify any issues and recommend required actions. These reviews must involve representatives from relevant functions associated with the design stages under review. Records of the review outcomes and any subsequent actions must be retained.
5.4.6 Design Verification and Final Review
To confirm that the design outputs meet the design input requirements, design verification and a final review must be carried out and documented according to the organization’s procedure. Records of design verification, any required actions, and the final review must be preserved.
5.4.7 Design Validation and Approval
The organization’s procedure must include conducting design validation to ensure that the resulting product can fulfill the specified requirements. Whenever feasible, validation must be concluded before product delivery. After validation, the finalized design must be approved by competent individuals other than those who developed the design. Records of design validation, approval, and any required actions must be retained.
5.4.8 Design Changes
Design changes must be identified and subjected to review, verification, and validation as necessary before being approved for implementation. The review of design changes must assess their impact on the product and its component parts at relevant stages of product realization, including already delivered products. Additionally, the review must evaluate whether customer notification is necessary if the changes adversely affect the specified performance capability of the product. All design changes, including modifications to design documents, must adhere to the organization’s procedure. Records of design changes, reviews, and any required actions must be documented and maintained.
5.5 Purchasing 5.5.1 Purchasing Control 5.5.1.1 Procedure
The organization must maintain a documented procedure for purchasing products, components, and/or activities necessary for product realization. This procedure should cover:
Using identified risks to determine the initial assessment method of the supplier’s capability for critical purchases.
Determining the type and extent of control applied to the supply chain for critical products, components, or activities. Note: Additional requirements for outsourced activities are specified in section 5.5.1.7.
Establishing criteria, scope, frequency, and methods for re-evaluating suppliers.
Identifying approved suppliers and defining the scope of approval.
Identifying customer-specified suppliers and suppliers limited by proprietary and/or legal requirements when section 5.5.1.3 applies.
For critical products, components, or activities, the initial evaluation of suppliers who have not been previously approved must consider the scope of supply and be specific to each supplier. This evaluation must include:
Verifying the implementation of the supplier’s quality management system and its conformity to the organization’s specified quality system requirements for suppliers.
Verifying the type and extent of control applied by the supplier internally and throughout their supply chain to meet the organization’s requirements.
Assessing the supplier’s capability to meet the organization’s specified requirements. This can be done through one or more of the following methods based on identified risks:
Conducting an on-site assessment to verify that relevant product realization processes are performed by process controls and effectively achieve conformity to requirements.
Conducting a remote assessment to verify that relevant product realization processes are performed using process controls and effectively achieve conformity to requirements.
Performing inspection, testing, or verification of relevant characteristics of received products.
For suppliers of critical purchases with high-risk severity, identified by the organization for which an on-site assessment is not conducted, the evaluation of the supplier’s capability must include a remote assessment and inspection, testing, or verification. When conducting a remote assessment, it must include verification of objective evidence through real-time audio/visual observation of required activities and documentation using information and communication technology. Additionally, any additions to a supplier’s scope of approval or change from an approved site to a new site of supply must also undergo evaluation as per the requirements outlined in this section.
For critical products, components, or activities where the supplier is specified by the customer or involves proprietary and/or legal requirements that restrict the application of Initial Supplier Evaluation, the initial evaluation process shall involve verifying the implementation of the supplier’s quality management system and its conformity to the quality system requirements specified by the organization and/or the customer’s requirements and identifying how the supplied product, component, or activity conforms to specified requirements. The scope of approval for customer-specified suppliers shall be restricted to the relevant customer contract in cases where an assessment has not been conducted.
For the procurement of noncritical products, components, or activities that influence product realization or the final product, the organization’s criteria for evaluating suppliers must either meet the requirements of Initial Supplier Evaluation—Critical Purchases or fulfill one or more of the following:
Verifying that the supplier’s quality management system aligns with the quality system requirements specified for suppliers by the organization.
Assessing the supplier’s ability to meet the organization’s purchasing requirements.
Evaluating the product or component upon delivery, or activity upon completion.
5.5.1.5 Supplier Reevaluation
For suppliers previously approved for products, components, or activities, the organization must determine the frequency of supplier reevaluation based on identified risk and supplier quality performance. For the reevaluation of suppliers providing critical products, components, or activities, the provisions of section 5.5.1.2 shall be followed. For the reevaluation of suppliers providing critical products, components, or activities specified by the customer or restricted by proprietary and/or legal requirements, the requirements outlined in section 5.5.1.3 shall be adhered to. For the reevaluation of suppliers providing non-critical products, components, or activities that affect product realization or the final product, the guidelines detailed in section 5.5.1.4 shall be followed.
5.5.1.6 Records
Records of evaluation results, comprising objective evidence and any subsequent actions, must be retained. Additionally, records of approved suppliers, customer-specified suppliers, and suppliers bound by proprietary and/or legal requirements must be kept.
5.5.1.7 Outsourcing
When an organization decides to delegate a process or activity from its quality management system to an external supplier, it must ensure that the supplier meets the relevant requirements of the organization’s quality management system. If an organization opts to outsource a process or activity related to product realization, it must retain accountability for ensuring that the product meets specified requirements, which may include relevant API or other external specifications. Documentation of outsourced activities must be retained, including evidence of conformity.
5.5.2 Purchasing Information
The organization must verify the adequacy of specified purchasing information before transmitting it to the supplier. Purchasing information provided to the supplier must be documented and clearly outline the product, component, or activity to be procured. This documentation should include, as appropriate:
a) Acceptance criteria;
b) Requirements for approving the supplier’s procedures, processes, and equipment;
c) Relevant technical data such as specifications, drawings, process requirements, inspection instructions, and traceability requirements;
d) Criteria for qualifying the supplier’s personnel;
e) Requirements related to the quality management system;
f) Conditions for approving product release; and
g) If either the organization or its customer intends to conduct verification at the supplier’s premises, the intended verification arrangements.
Note: Applicable specifications may encompass or derive from customer requirements, API specifications, design output, and/or industry standards.
5.5.3 Verification of Purchased Products, Components or Activities 5.5.3.1 General
The organization must uphold a documented procedure outlining the verification needed to ascertain whether purchased products, components, or activities adhere to specified purchase requirements.
5.5.3.2 Critical Purchases
For critical products, components, or activities, the organization’s verification procedure should cover:
Reviewing the required documentation provided by the supplier;
Ensuring that the correct versions were utilized when specifying specifications, drawings, process requirements, inspection instructions, traceability requirements, and other relevant technical data as outlined in section 5.5.2 item c;
Defining the inspection, testing, and/or verification requirements, including methods, frequency, and the responsible party. The organization should determine these aspects based on identified risks and supplier quality performance.
5.5.3.3 Noncritical Purchases
The organization’s documented procedure must verify noncritical products, components, or activities.
5.5.3.4 Records
Documentation of verification activities and evidence demonstrating conformity to specified requirements must be retained.
5.6 Control of Product Realization 5.6.1 General
The organization must uphold a documented procedure outlining controls related to product realization. This procedure should cover:
Establishing and applying manufacturing acceptance criteria (MAC);
Identifying and documenting critical processes involved in product realization;
Executing the quality plan, if applicable;
Ensuring compliance with design requirements and associated modifications, if applicable;
Utilizing and ensuring the availability of product realization equipment and TMMDE (unless excluded);
Following relevant work instructions;
Employing process control documents;
Maintaining identification and traceability requirements throughout the product realization process;
Executing monitoring and measurement activities.
5.6.2 Quality Plan
When stipulated by contract, the organization must create a quality plan delineating the processes of the quality management system, including product realization, and the resources allocated to a product. This plan should cover the following minimum aspects:
Description of the product or the quality plan’s scope;
Required processes and documentation, encompassing necessary inspections, tests, and record-keeping to ensure compliance with requirements;
Identification of outsourced activities and references to their management;
Identification of each procedure, specification, or document referenced or utilized in each activity;
Specification of the required hold points, witnessing, monitoring, and document review stages.
The quality plan, along with any modifications, must be documented and endorsed by the organization. Additionally, the quality plan and its revisions should be communicated to the customer.
Note: A quality plan may consist of one or more documents and may be known by various terms, such as product quality plan (PQP), inspection and test plan (ITP), manufacturing process specification (MPS), process control plan (PCP), or quality activity plan (QAP).
5.6.3 Process Control Documents
The organization is required to document process controls, which must encompass or make reference to Criteria for verifying compliance with relevant quality plans, API product specifications, customer requirements, and/or other pertinent product standards/codes; Instructions and criteria for processes, tests, inspections, and; When relevant, points designated for the customer’s inspection hold, witnessing, monitoring, and document review.
Note: Process controls may take the form of routings, travelers, checklists, process sheets, or similar controls, and may be electronic or hard copy.
5.6.4 Validation of Processes
The organization is obligated to validate processes in cases where the resulting output cannot be verified through subsequent monitoring or measurement, leading to the detection of deficiencies after product delivery or during its usage. Validation must demonstrate these processes’ capability to achieve planned outcomes. Process validation shall adhere to either of the following:
If a product specification specifies particular processes necessitating validation, only those specified processes shall require validation for the relevant product. (Note: The organization may, at its discretion, opt to validate additional processes beyond those outlined in a product specification.)
If there is no applicable product specification or the specification does not identify processes requiring validation, processes necessitating validation for the product, if applicable, shall include, at a minimum: nondestructive examination (NDE)/nondestructive test (NDT), welding, heat treating, and coating and plating (when deemed critical to product performance by the product specification or the organization).
The organization must maintain a documented procedure for process validation, detailing the review and approval methods. This procedure should cover required equipment; personnel qualification; specific methods, including defined operating parameters; identification of process acceptance criteria; record-keeping requirements; and revalidation criteria. In cases where the organization outsources a process requiring validation, it must retain evidence confirming compliance with the stipulations outlined in section 5.6.4.
5.6.5 Identification and Traceability
The organization is responsible for establishing and preserving identification throughout product realization, encompassing relevant delivery and post-delivery activities. This entails acknowledging traceability requirements outlined by the organization, the customer, and/or pertinent product specifications. The organization must uphold a documented procedure for identification and traceability while the product remains within its control, covering the following:
Methods employed for identification.
Necessary information for traceability, if mandated.
Criteria for maintaining and/or reinstating identification and/or traceability.
Measures to rectify instances of lost identification and/or traceability.
Records documenting traceability must be retained. Please note that “product” may encompass components or raw materials.
5.6.6 Inspection/Test Status
The organization is required to uphold a documented procedure for maintaining the identification of inspection and/or test status throughout product realization, clearly indicating whether the product conforms or exhibits nonconformity.
5.6.7 Externally Owned Property
The organization must uphold a documented procedure for managing externally owned property, including customer property, incorporated into the product while under the organization’s control. This property encompasses intellectual property and non-publicly available data. The procedure should cover identification, verification, safeguarding, preservation, maintenance, and reporting loss, damage, or unsuitability for use to the external owner. Records concerning the control and disposition of externally owned property must be retained.
5.6.8 Preservation of Product
The organization must uphold a documented procedure outlining the approaches employed to maintain the integrity of the product and its component parts during product realization and delivery. This procedure should cover identification and traceability marking, storage procedures (including designated storage areas or stock rooms), periodic condition assessments as specified by the organization, transportation, handling, packaging, and protection. Records of assessment results must be retained.
5.6.9 Inspection, Testing, and Verification 5.6.9.1 General
The organization must maintain a documented procedure for inspecting, testing, and/or verifying the product to ensure that requirements have been met. This procedure should cover:
Methods and application of in-process inspection, testing, and/or verification.
Methods and application of final inspection, testing, and/or verification.
Creation and retention of records.
It’s important to note that in-process and final inspection may be combined into one or more activities, and certain product characteristics may necessitate final inspection/verification during product realization.
5.6.9.2 In-process Inspection, Testing, and Verification
The organization must conduct inspections, tests, and/or verifications of products at predetermined stages as specified by the quality plan, process control documents, and/or documented procedures. Evidence demonstrating conformity with the acceptance criteria must be retained.
5.6.9.3 Final Inspection, Testing, and Verification
The organization must conduct final inspection, testing, and/or verification of the product in accordance with the quality plan, process control documents, and/or documented procedures to ascertain and document conformity of the completed product with the specified requirements. Unless conducted by an automated system, individuals other than those involved in or directly overseeing the product realization process shall carry out final acceptance inspection at scheduled stages of the product realization process.
5.6.9.4 Records
Records documenting all necessary inspection, testing, verification, and final acceptance activities must be preserved.
5.6.10 Preventive Maintenance
The organization must uphold a documented procedure for conducting preventive maintenance on equipment utilized for product realization. This procedure should outline the equipment types subject to maintenance, the frequency of maintenance tasks, and the individuals responsible for carrying them out. Records detailing preventive maintenance activities must be retained.
Note: Preventive maintenance protocols can be devised based on various factors such as risk assessment, system reliability, usage patterns, historical data, industry best practices, applicable regulations, manufacturer recommendations, or other relevant criteria.
5.7 Product Release
The organization must retain a documented procedure concerning the release of products to customers. Product release should not occur until all planned arrangements have been satisfactorily fulfilled. Only products that conform to requirements or have been authorized under concession shall be released by the organization. Records must be kept to facilitate the identification of the individual responsible for authorizing product release.
5.8 Testing, Measuring, Monitoring, and Detection Equipment (TMMDE)
5.8.1 General
The organization must establish the testing, measuring, monitoring, and detection requirements necessary to demonstrate conformity to specified standards. This includes the necessary Test, Measurement, Monitoring, and Detection Equipment (TMMDE). TMMDE, whether owned and maintained by the organization, owned by employees, or obtained from external sources such as third-party vendors, proprietary sources, or customers, must be controlled. Calibration of TMMDE must occur at specified intervals, with documentation of the date of first use when the calibration interval is determined based on this date.
5.8.2 Procedure
The organization must uphold a documented procedure for controlling Test, Measurement, Monitoring, and Detection Equipment (TMMDE). This procedure must encompass specific equipment types and include:
Unique identification;
Calibration status;
Traceability to international or national measurement standards. If such standards are absent, the basis for calibration must be recorded;
Calibration method and acceptance criteria;
Calibration frequency and the commencement of calibration intervals;
Documentation of calibration measurements before and after adjustments, known respectively as ‘as-found’ and ‘as-left’ measurements. If no adjustments are made, ‘as-found’ and ‘as-left’ measurements are the same;
Measures to prevent unintended use of TMMDE identified as out-of-calibration, beyond calibration intervals, or out-of-service;
Assessment of the validity of previous measurements and actions to be taken on the TMMDE and product if TMMDE is found to be out of calibration, including maintaining records and evidence of customer notification if suspect product has been shipped;
Utilization of third-party, proprietary, employee-owned, and customer-owned TMMDE;
Maintenance; and
Suitability for planned monitoring and measurement activities.
5.8.3 Equipment
TMMDE identified in 5.8.1 must adhere to the following:
a) Undergo calibration;
b) Have its calibration status identifiable by the user before and during use;
c) Be safeguarded from adjustments or modifications that could invalidate the measurement result or calibration status;
d) Be protected from damage and deterioration during handling, maintenance, and storage; and
e) Be utilized under environmental conditions suitable for the calibrations, inspections, measurements, and tests being performed.
When utilized in testing, monitoring, measurement, or detection to meet specified requirements, the suitability of computer software to fulfill the intended application must be confirmed before initial use and reconfirmed as necessary.
5.8.4 TMMDE Equipment from Other Sources
When utilizing TMMDE that is third-party, proprietary, or customer-owned, the organization must ensure the equipment is calibrated before use. If constrained by customer, contract, or licensing agreement limitations, the requirements outlined in 5.8.2, Item c), 5.8.2, Item d), 5.8.2, Item e), 5.8.2, Item f), 5.8.2, Item j), and 5.8.2, Item k) shall not be applicable.
5.8.5 Records
The organization is required to uphold a registry documenting the TMMDE outlined in 5.8.1, with each piece of equipment assigned a unique identification. Furthermore, the results of calibration as per 5.8.2 must be documented and retained. In cases where calibration of third-party, proprietary, and customer-owned TMMDE is constrained by customer, contractual, or licensing agreements, the organization must uphold records detailing the imposed limitations.
5.9 Control of Nonconforming Product 5.9.1 Procedure 5.9.1.1 General
The organization must uphold a documented procedure that outlines controls, along with the corresponding responsibilities and authorities, for managing nonconforming products throughout product realization and post-delivery.
5.9.1.2 Nonconforming Product During Product Realization
The procedure for handling a nonconforming product discovered during product realization must encompass guidelines for product identification and control to avoid unintended use or delivery, addressing the identified nonconformity, implementing measures to prevent its initial intended use or delivery, and obtaining authorization for its use, release, or acceptance under concession from the appropriate authority and, if necessary, from the customer.
5.9.1.3 Nonconforming Product After Delivery
The procedure for handling a nonconforming product discovered during product realization must encompass guidelines for product identification and control to avoid unintended use or delivery, addressing the identified nonconformity, implementing measures to prevent its initial intended use or delivery, and obtaining authorization for its use, release, or acceptance under concession from the appropriate authority and, if necessary, from the customer.
5.9.2 Nonconforming Product
The organization shall manage nonconforming products by executing one or more of the following actions:
a) Conducting repair or rework followed by subsequent inspection to ensure compliance with specified requirements;
b) Re-grading for alternative applications;
c) Releasing under concession; and/or
d) Rejecting or scrapping the product.
5.9.3 Release of Nonconforming Product Under Concession
Nonconforming products that do not meet manufacturing acceptance criteria (MAC) may be released under concession if authorized by the organization’s relevant authority, given that:
a) The products still meet the applicable design acceptance criteria (DAC) and customer criteria;
b) It is determined that the violated MAC is unnecessary to meet the applicable DAC and/or customer criteria; or
c) The DAC has been modified, and the affected products comply with the revised DAC and associated MAC requirements. If the DAC was previously agreed upon with the customer, any changes to the DAC must be authorized by the customer.
The organization is not permitted to release products that do not conform to DAC or contract requirements without authorization from the customer.
5.9.4 Customer Notification of Nonconforming Product
The organization is required to inform customers of any delivered product that does not meet the agreed design acceptance criteria (DAC) or contractual requirements. Records of such notifications must be maintained by the organization.
5.9.5 Records
Records documenting nonconformities must be retained, encompassing details of the nonconformity, actions taken thereafter including any concessions secured, the reasoning behind approving product release under concession, and the pertinent authority involved.
5.10 Management of Change (MOC) 5.10.1 General
The organization is required to uphold a documented procedure for Management of Change (MOC) to ensure the integrity of the quality management system amid changes. This MOC procedure shall cover:
a) Description and justification of the change;
b) Allocation and availability of resources, including personnel;
c) Assessment of potential risks associated with the change;
d) Review, approval, and execution of the change;
e) Notifications regarding the change;
f) Verification of the completion of MOC activities and assessment of their impact on the Quality Management System (QMS).
5.10.2 MOC Application
The organization must utilize Management of Change (MOC) for alterations that could adversely affect the product’s quality.
5.10.3 MOC Notification
The organization must inform pertinent internal staff about the change and its associated risks. If mandated by contract, the organization must also notify the customer of the change and its associated risks. Documentation of MOC notifications is required.
5.10.4 Records
Records of MOC activities must be maintained
6 Quality Management System Monitoring, Measurement, Analysis, and Improvement
6.1 General
The organization is responsible for planning and executing the processes for monitoring, measuring, analyzing, and improving the quality management system to ensure compliance with the requirements of this specification and to enhance the system’s effectiveness over time. This includes identifying appropriate methods, including data analysis techniques, and determining their utilization extent.
6.2 Monitoring, Measuring, and Improving 6.2.1 Customer Satisfaction
The organization must have a documented procedure for monitoring customer satisfaction, detailing the frequency and methods for assessing it, along with key performance indicators. Records of customer satisfaction data must be retained.
6.2.2 Internal Audit 6.2.2.1 General
The organization must conduct internal audits to assess the implementation, maintenance, and conformity of the quality management system to both this specification and the organization’s internal quality management system requirements. A documented procedure outlining responsibilities for planning, conducting, and documenting internal audits must be maintained. This procedure should identify audit criteria, scope, frequency, and methods, considering previous audit results, process criticality, and changes to the quality management system. All processes within the quality management system must undergo audits at least once every 12 months, with audits staggered throughout the year if necessary. Critical processes related to product realization must be audited to ensure compliance with requirements, including observation of activities and evaluation of conformity.
6.2.2.2 Performance of Internal Audit
Competent personnel, separate from those involved in or directly overseeing the audited activity, must conduct audits to ensure objectivity and impartiality. Audit records should offer objective evidence of the implementation and maintenance of the quality management system. Note: product specification requirements may be integrated into various quality management system processes and may be audited alongside one or more of these processes.
6.2.2.3 Audit Review and Closure
The organization must define timeframes for responding to identified nonconformities. Management accountable for the audited area must ensure that any required corrections and corrective actions adhere to the specifications outlined in section 6.4.2. Internal audit records must be retained.
6.3 Analysis of Data
The output of data analysis should furnish insights, including trends, regarding:
a) Customer satisfaction.
b) Non conformity to product requirements during product realization.
c) Instances of nonconformities and product failures detected post-delivery or post-use, provided there is accessible product documentation or evidence to facilitate root cause determination.
d) Process performance.
e) Supplier performance.
f) Attainment of quality objectives.
The organization must utilize data to assess areas where continual enhancement of the quality management system’s effectiveness is possible.
6.4 Improvement 6.4.1 General
The organization is required to enhance the effectiveness of the quality management system continuously. This is achieved by assessing, selecting, and implementing improvement opportunities utilizing quality objectives, internal audits, data analysis, corrective actions, and management review.
6.4.2 Corrective Action
The organization must uphold a documented procedure to manage nonconformities, including those arising from customer complaints, and to implement corrective actions both internally and with suppliers. Corrective actions should correspond to the impact of the encountered nonconformity, which can pertain to both quality management system processes and trends in nonconforming products.
The procedure should cover:
Criteria for initiating the corrective action process;
Reviewing the nonconformity;
Determining and implementing corrections;
Identifying the root cause of the nonconformity and assessing the need for corrective actions;
Implementing corrective action to minimize the likelihood of recurrence;
Defining the timeframe and responsible parties for addressing corrections and corrective action;
Verifying the effectiveness of the corrections and corrective action taken;
Updating risks and opportunities identified during planning;
Management of Change (MOC) when corrective actions necessitate new or modified controls within the quality management system; and
Assessing similar potential nonconformities and implementing preventive actions as appropriate.
Records of corrective action process activities should be maintained, including activities conducted to confirm the effectiveness of the corrective actions taken.
6.5 Management Review 6.5.1 General
The organization’s management must conduct a review of the quality management system at least once every 12 months (by the end of the same calendar month as the previous year’s review) to assess its ongoing suitability, adequacy, and effectiveness. This review should encompass evaluations of opportunities for improvement, sufficiency of resources, and the necessity for adjustments to the quality management system, including the quality policy and objectives.
6.5.2 Input Requirements
The minimum inputs required for management review shall encompass:
a) Evaluation of the status and effectiveness of measures taken based on prior management reviews;
b) Findings from internal audits and audits conducted by external parties.
c) Identification of potential changes that may impact the quality management system, encompassing alterations to legal and other relevant requirements (e.g., industry standards), as well as shifts in internal and external factors pertinent to the quality management system.
d) Assessment of customer satisfaction.
e) Consideration of feedback received from customers and other concerned parties.
f) Evaluation of process performance.
g) Review of risk assessment outcomes and the effectiveness of risk mitigation measures. h) Status update on corrective actions.
i) Analysis of supplier performance.
j) Examination of product conformity analysis, including post-delivery or post-use nonconformities;
k) Comparison of actual performance with quality objectives; and
l) Proposals for improvement.
6.5.3 Output Requirements
The outcomes of the management review must comprise:
A concise evaluation of the quality management system’s effectiveness,
Any necessary modifications to processes,
Determinations and ensuing actions,
Essential resource allocations, and
Enhancements aimed at better meeting customer needs.
Senior management is responsible for reviewing and endorsing the results of management reviews. Documentation of management reviews is mandatory, and records of such reviews must be retained.
Annex A Use of API Monogram by Licensees
A.1 Scope
The API Monogram® serves as a registered certification mark, owned by API and sanctioned for licensing by the API Board of Directors. Under the API Monogram Program, API grants product manufacturers the authorization to affix the API Monogram to products meeting product specifications and manufactured under a quality management system in compliance with API Q1 requirements. API maintains a comprehensive, searchable record of all Monogram Licensees on the API Composite List website.
Application of the API Monogram and license number on products signifies a representation and guarantee by the Licensee to API and purchasers that, as of the indicated date, the products were manufactured under a quality management system adhering to API Q1 requirements and fully comply with the relevant standard(s) or product specification(s). API Monogram Program licenses are granted following an on-site audit confirming that an organization has implemented and consistently upheld a quality management system meeting API Q1 requirements, and that resultant products meet the specifications of the applicable API product specification(s) and/or standard(s). While any manufacturer may assert that its products meet API product requirements without featuring the Monogram, only those licensed by API can affix the API Monogram to their products.
In conjunction with the stipulations of the API Monogram license agreement, this annex outlines the prerequisites for organizations seeking voluntary API licensing to furnish API-monogrammed products meeting the criteria of the applicable API product specification(s) and/or standard(s), along with API Monogram Program requirements.
A.2 Normative References
API Q1, Specification for Quality Management System Requirements for Manufacturing Organizations for the Petroleum and Natural Gas Industry
A.3 Terms and Definitions
The following terms and definitions apply.
A.3.1 API monogrammable product: Product that has been manufactured by an API Licensee utilizing a fully implemented API Q1 compliant quality management system and that meets all the API-specified requirements of the applicable API product specification(s) and/or standard(s).
A.3.2 API product specification: Prescribed set of rules, conditions, or requirements attributed to a specified product that address the definition of terms; classification of components; delineation of procedures; specified dimensions; manufacturing criteria; material requirements, performance testing, design of activities; and the measurement of quality and quantity with respect to materials; products, processes, services, and/or practices.
A.3.3 API-specified requirements: Requirements, including performance and Licensee-specified requirements, set forth in API Q1 and the applicable API product specification(s) and/or standard(s).
NOTE Licensee-specified requirements include those activities necessary to satisfy API-specified requirements.
A.3.4 design package: Records and documents required to provide evidence that the applicable product has been designed in accordance with API Q1 and the requirements of the applicable product specification(s) and/or standard(s).
A.3.5 Licensee: Organization that has successfully completed the application and audit process and has been issued a license by API.
A.4 Quality Management System Requirements
Any organization affixing the API Monogram to products must establish, uphold, and consistently operate a quality management system in accordance with API Q1.
A.5 Control of the Application and Removal of the API Monogram
Each Licensee is responsible for regulating the application and removal of the API Monogram according to the following guidelines:
Products that do not meet API-specified requirements should not display the API Monogram.
Each Licensee must establish and uphold an API Monogram marking procedure outlining the monogramming specifications outlined in this annex and any relevant API product specification(s) and/or standard(s). This procedure should:
designate the authority responsible for applying and removing the API Monogram;
specify the method(s) for applying the Monogram;
indicate the location on the product where the API Monogram should be placed;
mandate the inclusion of the Licensee’s license number and the product’s date of manufacture alongside the API Monogram;
stipulate that the date of manufacture must include at least two digits for the month and two digits for the year (e.g., 05-12 for May 2012), unless specified otherwise in the applicable API product specification(s) or standard(s); and
include controls for applying any additional API product specification(s) and/or standard(s) marking requirements, as applicable.
Only an API Licensee is authorized to affix the API Monogram and its corresponding license number to API monogrammable products.
The API Monogram license is site-specific, and therefore the API Monogram should only be applied at the licensed facility’s designated location.
The API Monogram may be applied at any appropriate stage during production, but it must be removed according to the Licensee’s API Monogram marking procedure if the product is later found to be non-conforming with any requirements outlined in the applicable API product specification(s) and/or standard(s) and API Monogram Program.
For specific manufacturing processes or product types, alternative API Monogram marking procedures may be acceptable. Detailed requirements for alternative API Monogram marking can be found in the API Policy, API Monogram Program Alternative Marking of Products License Agreement, accessible on the API Monogram Program website.
A.6 Design Package Requirements
Every Licensee or applicant seeking licensing must uphold an updated design package for all relevant products covered by each Monogram license. The design package should offer tangible proof that the product design aligns with the requirements outlined in the relevant and latest API product specification(s). These design package(s) should be accessible during API audits conducted at the facility. In certain cases, the exclusion of design activities is permissible under the Monogram Program, as elaborated in Advisory #6, which can be found on the API Monogram Program website.
A.7 Manufacturing Capability
The API Monogram Program is structured to recognize facilities that have proven their capacity to produce equipment in accordance with API specifications and/or standards. API reserves the right to decline initial licensing or suspend existing licenses depending on the manufacturing capabilities of a facility. If API deems it necessary to conduct further evaluation, additional audits (at the organization’s cost) may be carried out on any subcontractors to verify their adherence to the requirements outlined in the relevant API product specification(s) and/or standard(s).
A.8 API Monogram Program: Nonconformance Reporting
API requests information regarding products that do not meet API-specified requirements, as well as instances of field failures or malfunctions attributed to specification deficiencies or nonconformities with API-specified requirements. Customers are encouraged to notify API of any issues encountered with API monogrammed products. Nonconformances can be reported using the API Nonconformance Reporting System accessible at http://compositelist.api.org/ncr.asp.
Records of the results of evaluations including objective evidence and any necessary actions arising from the evaluations shall be maintained. Records of identification of approved suppliers, customer specified suppliers, and suppliers limited by proprietary, and/or legal requirements shall be maintained.
API Q1 (American Petroleum Institute Quality Management System Requirements for Manufacturing Organizations for the Petroleum and Natural Gas Industry) outlines requirements for organizations in the petroleum and natural gas industry. Purchase control records are documents used to ensure that purchased products or services meet the organization’s requirements. These records typically include:
Purchase Orders: Formal documents specifying the details of what is being purchased, including quantity, specifications, delivery date, and price.
Supplier Evaluation Records: Documentation of how suppliers are evaluated and selected, including criteria such as quality, delivery performance, price, and financial stability.
Supplier Contracts or Agreements: Legal documents outlining the terms and conditions of the relationship between the organization and its suppliers.
Inspection and Test Records: Records of inspections and tests performed on purchased products or services to ensure they meet specified requirements.
Non-Conformance Reports (NCRs): Reports documenting any deviations from specified requirements found during the inspection or testing of purchased products or services.
Supplier Certificates or Certifications: Documentation proving that suppliers meet certain standards or certifications required by the organization.
Records of Material Certifications: Documents certifying the quality and properties of materials used in purchased products.
These records are crucial for demonstrating compliance with API Q1 requirements and ensuring the quality and integrity of purchased products or services in the petroleum and natural gas industry.
Records of the results of evaluations including objective evidence and any necessary actions arising from the evaluations shall be maintained.
In accordance with API Q1 requirements, records of evaluations should include objective evidence and any necessary actions arising from those evaluations. Here’s a breakdown of what these records typically entail:
Evaluation Criteria: Clearly defined criteria used for evaluating suppliers or purchased products/services. These criteria may include quality, delivery performance, price, technical capabilities, and compliance with relevant standards or regulations.
Objective Evidence: Documentation or data that supports the evaluation process and demonstrates the validity of the assessment. This evidence may include inspection reports, test results, audit findings, customer feedback, performance metrics, and any other relevant information.
Evaluation Results: Recorded outcomes of the evaluations, indicating whether suppliers or purchased products/services meet the established criteria and requirements. This could include ratings, scores, pass/fail determinations, or other forms of assessment results.
Necessary Actions: Any actions or decisions resulting from the evaluations, such as approving a supplier, placing corrective actions on non-conforming products/services, updating procurement procedures, or reassessing supplier relationships.
Records of Communication: Documentation of any communication or correspondence related to the evaluations, including emails, meeting minutes, or other forms of communication that may have influenced the evaluation process or outcome.
Follow-up Actions: Documentation of any follow-up actions taken to address identified issues or deficiencies, such as implementing corrective actions, conducting re-evaluations, or making changes to supplier agreements.
Retention of Records: Ensuring that records of evaluations and associated actions are properly maintained and retained for the required period as per organizational procedures and regulatory requirements.
By maintaining comprehensive records of evaluations, organizations can demonstrate accountability, transparency, and compliance with API Q1 requirements, while also facilitating continuous improvement in their procurement processes.
Records of identification of approved suppliers, customer specified suppliers, and suppliers limited by proprietary, and/or legal requirements shall be maintained.
Maintaining records of approved suppliers, customer-specified suppliers, and suppliers limited by proprietary or legal requirements is crucial for compliance and effective supply chain management. Here’s what these records typically include:
Approved Suppliers List (ASL): A documented list of suppliers that have been evaluated, approved, and deemed suitable for providing products or services to the organization. This list may include details such as supplier name, contact information, approved product or service categories, approval dates, and any special conditions or restrictions.
Customer-Specified Suppliers: Records of suppliers designated by specific customers for supplying products or services to their projects or contracts. These records should include information on the customer’s requirements, approved suppliers, and any special agreements or contracts governing the relationship.
Suppliers Limited by Proprietary or Legal Requirements: Documentation of suppliers that are restricted or limited by proprietary information, intellectual property rights, or legal/regulatory obligations. This could include suppliers with exclusive rights to certain technologies or materials, suppliers subject to export control regulations, or suppliers restricted due to confidentiality agreements.
Documentation of Approval Processes: Records of the processes used to evaluate and approve suppliers, including criteria for approval, evaluation methods, review procedures, and decision-making criteria. This documentation ensures transparency and consistency in supplier approval processes.
Records of Supplier Audits or Assessments: Documentation of audits, assessments, or evaluations conducted to verify suppliers’ compliance with quality, regulatory, or contractual requirements. This may include audit reports, assessment findings, corrective action plans, and evidence of follow-up actions taken.
Supplier Contracts or Agreements: Copies of contracts, agreements, or purchase orders with approved suppliers, outlining the terms and conditions of the relationship, including pricing, delivery schedules, quality requirements, warranties, and liabilities.
Retention of Records: Ensuring that records of approved suppliers, customer-specified suppliers, and suppliers limited by proprietary or legal requirements are properly maintained and retained for the required period as per organizational procedures and regulatory requirements.
Example of Purchase Control Documents
By maintaining these records, organizations can ensure that they work with reliable and compliant suppliers, mitigate risks associated with the supply chain, and meet the requirements of API Q1 and other relevant standards or regulations.
1.0 Purchase Order
PurchaseOrder
Purchase Order/Req No:
Ref No:
Material Req No:
Date:
VendorDetails:
FAXNo:
DeliveryTerms:
PaymentTerms:
ItemNo.
Description
Grade/Brand
StockStatus
CostNo.
Unit
QTY
UnitPrice
Total
1
–
2
–
3
–
4
–
5
–
6
–
7
–
8
–
9
–
10
–
General Terms of Supply : Refer general terms and conditions of purchase .Other specific requirements : Applicable / Not Applicable , (If applicable See PO Annex-1)
Iss.No./Date: xx/xx.xx.xxxx Rev.No/Rev.Date:xx/xx.xx.xxxx APPROVED VENDOR LIST
5. Master Procurement Register
TotalAverage =
PO .NO
PO Date
MR . NO
MRDate
Supplier
Item
Job
Curr
Amount
Payment Type
PO Expecteddelivery inDays(a)
Actualdeliverydate(b)
Diffb/wPO Date& Act Date( C)
Diff(d = a-c)
Diff in %(e = a/d)
100% asexpecteddelivery
ActualDelta%
AveragePerformace%
6. Supplier Registration form
Please fill in this questionnaire in order to register. Information given in this questionnaire will be handled confidentially. Please attach all other documents requested in the questionnaire.
a.NAME OF COMPANY: ……………………………………………………………….
MAILING ADDRESS: …………………………………………………………………
..………………………………………………………………………………………….
COUNTRY: …………………………………………………………………………………
CONTACT PERSON(S): ……………………………………………………………..
TELEPHONE: ………………………………………………………….…………………
FAX: ………………………….E-mail: …………………………….………………….
WEBSITE: …………………………………………………………………….….
b. TYPE OF ORGANISATION (Please check)
Individual Partnership Non-Profit Organization
Private Limited Liability Company Public Limited Liability Company
……………………………….………………………………………………………….
Year Established:……….…….
Please attach copy of registration certificate
c. TYPE OF BUSINESS (Please check)
Manufacturing Construction Trading Consultancy
Service Provider (e.g. transport, warehousing, quality control, etc.)
……………………………………………………………………………………………
Please describe your company’s major business activity: ………………………….
…………………………………………………………………………………………….
……………………………………………………………………………………………………..
……………………………………………………………………………………………………..
Please indicate the main commodities/services your company offers:…………
……………………………………………………………………………………………
……………………………………………………………………………………………
…………………………………………………………………………………………….
d. SIZE OF BUSINESS (Please provide a copy of your latest audited financial statements)
No. of Employees: ……………..……….. No. of Branches: ……….………….
No. of International Offices: …………………………………………………….…
Location of Factories: ……………… No. of Warehouses: ……………………….
e.AFFILIATED/HOLDING/SUBSIDIARY COMPANIES
Name
Address
Nature of Affiliation
Please attach an organisation chart
f. PERSONS AUTHORISED TO SIGN BIDS, OFFERS AND CONTRACTS
Name
Position
Telephone / Fax
g. BANKING INFORMATION
Name: ………………………………………………………………………………………..
Address:………………………………………………………………………………….……
Account Number: ………………………………. SWIFT Code: ……………………….
IBAN: …………………………………………………….
h. NAMES OF OFFICERS, OWNERS OR PARTNERS
Owner(s):
Chief Executive Officer:
Chief Financial Officer:
i. QUALITY ASSURANCE (Please attach any certificates or documents which denote quality assurance)
Name and Title:…………………………………………………………………
Signature:………………………..……………. Date: …………………………
7.0 Vendor Appraisal Form – Critical Suppliers
Questionnaire for Vendor Evaluation of Supplier/Service Provider/Manufacturers. Please fill in bold letters only. Enclosures may be used wherever the space is inadequate.
I. GENERAL :
Registered Name of the Organization
Category of Industry
Whether sole Proprietorship or Partnership or Limited Company etc.
List of main products/ Services/ manufactured with details of specification, range and sizes and products offered. (Add pages if required)
Enclose your Product Catalogue
Is there any Foreign Collaboration?
Technical Collaboration
Financial Collaboration
Names of few large and prominent customers and the items and values of the supplies made in the last three years.
State details if your products are also exported
II. PERSONNEL EMPLOYED CURRENTLY :
Management
Design
Production
Quality Control
Marketing
Total
III. PRODUCTION FACILITIES :
Details of Plant and Machinery and Equipment available at your works :
Sr. No.
Description of Plant & Machinery
Size / Capacity
No. of Machines
Date of Installation
Make / Brand
See attached brochure
V. QUALITY ASSURANCE:
Is there a Quality Manual
Is there Inwards Goods Inspection? If yes, state details of instruments and equipment’s a available
If in – house facility is not available state the alternative provided
VI. QUALITY CONTROL:
VI. DETAILS OF PRODUCT UNDER AUDIT :
VI.1. Description of product (s) :
VI.2. Names of Consultants and Users who have approved you.
VI.3. Have your products been tested by independent testing agencies? If yes, state details / attach certificates / test results.
VI.4. Have you been certified for ISO 9001 or are you in process of initiating the same: Yes
VII. PRODUCTION INFORMATION OF THE PART / ITEM CONCERNED :
VII.1. Flow chart of the process with inspection points.
VII.2. How is traceability maintained in the production line?
VII.3. Which documents/standards are used for production and product assurance inspection stages?
VII.4. How is the rejected parts identified? What procedure is followed to ensure rejected parts are not used / shipped?
VII.5. Does the manufacturer take periodic samples of finished product for analysis?
VII.6. How is parts stored on completion of production?
VII.7. How is stored parts identified? Is there specific storage conditions?
VII. 8. What final documents are provided with the supply? Like MTCs, User Manual etc
VII. INSPECTION SYSTEMS USED BY THE MANUFACTURER :
VII.1 CONTROL OF SUPPLIERS
VII.1.1. How do you evaluate / qualify / assess / register your suppliers?
VII.1.2. How is Purchase Orders on outside suppliers controlled to ensure incorporation of all authorized technical and quality clauses.
VII.2. CONTROL OF RAW MATERIALS :
VII.2.1. Are Specifications / Drawings used for all raw materials?
VII.2.1. Are Certificates supplied with delivered raw materials?
VII.2.3. How can raw material is traced to certificate supplied?
VII.2.4. Are periodic Chemical, Physical tests performed to check conformance to requirements? How often are these tests performed?
VII.2.5. How do you identify / isolate raw materials which may have exceeded their shelf life.
VIII. Are the organization or its customer intends to perform verification at the supplier premises?
REMARKS AND COMMENTS :(FOR OFFICE USE ONLY) __________________________________________________________________________________ ________________________________________________________________________________ __________________________________________________________________________________
For Trading/ Manufacturer/Local Supplier Co,
Signature & Date :
Name :
Designation :
8. Supplier Audit Checklist
RECORDNO:
ASSESSMENTDATE:
SUPPLIER NO: NAME OF SUB-CONTRACTOR/SUPPLIER: ADDRESS:
RESPONSIBILITY FOR QHSE SYSTEM:NAME: DESIGNATION: C : Comply,NC: Not Comply,NA: Not Applicable
S.NO.
DESCRIPTION
STATUS
C / NC/ NA
1
Availability of documented Quality manual
2
System and practice of tender review / contract review
3
System for controlling of customer supplied product
4
System for product identification and traceability
5
Documented Quality plan
6
Availability of inspection & test records
7
System and practice of in-process inspection & testing
8
Availability of sufficient inspection & test equipments
9
Availability of trained Quality Control personnels
10
Availability of Qualified Welders / Fitters
11
Designated storage area
12
Storage and handling system
13
System for control of nonconformance and corrective action
14
Capability to read and understand the technical specification
15
Knowledge in understanding of International Codes, Stds and HSE requirements
16
Usage of PPE and relevant safety equipment
17
First aid, fire fighting, DDC / other relevant trainings
18
Periodic audit / performance review of QHSE management system
19
Basic HSE and operational control
20
Tool box talk / other safety meetings
Report by assessing officials
Auditor
SupplierRepresentative
M.R
Name, Sign & Date
Name, Sign & Date
Name, Sign & Date
Iss.No./Date: xx / xx.xx.xxxx Rev.No/Rev.Date:xx / xx.xx.xxxx
9. Audit Evaluation Schedule
#
SupplierID
SupplierName
Category
LastEvaluation
EvaluationResults/ Grade
NextDue
ActualDateofEvaluation
Start
End
PreparedBy
Reviewed By
ApprovedBy
Name, Sign & Date
Name, Sign & Date
Name, Sign & Date
Iss.No./Rev. No : xx/xx Date: xx/xx/xxxx
10. Technical Delivery Conditions
SL No
Description
Requirements
1
Material Type
2
Manufacturing Process Requirements
3
Specifications
4
Standards / Internationally Acceptable
5
Delivery Conditions
6
Acceptable Tolerances in Size / Quantity
7
Special Characteristics requirements
8
Value added requirements – Material & Services
9
Product analysis
10
Testing / Inspections
11
Certifications
12
Packing/ Packing Instructions
13
Special Requirements NOTE
11. EVALUATION : SUPPLIER’S CONTROL ON THEIR SUPPLY CHAIN
12 SUPPLIER EVALUATION / RE-EVALUATION ASSESSMENT RECORD
a. Supplier evaluation / re-evaluation criteria
SL No
Assessment/ extent of control
Control implied / Feedback
1
Supplier QMS confirms to Quality System requirement . QMS of the supplier Supplier Audit Verifying the QMS requirements with suppliers
2
Type and extent of controls applied by the supplier in their SC
3
First off inspection in case of manufacturing (QC/TPI)
4
Ability to meet (Proprietary, Legal, Contractual) requirements
5
Third Party Inspection – Auditing by TPI Agency (Stage Inspection)
6
Assessment of product/service upon receipt or completion
b) Risk Assessment
#
CONCERN
% ASSOCIATED RISK
% IMPACT ON PRODUCT
1
Limitation (Proprietary, Legal, or other)
Limitations for the specific product range
30
5
Laboratory cannot meet the manufacturers accuracy
70
80
Laboratory cannot provide repair/rectification service
30
5
2
Product / Service Quality
Non-conformities on the product / service
80
70
Non availability of the master equipment
50
10
Correction in the documentation
20
10
Not meeting the specified requirements
80
80
3
Cost on rejection
Supplied non-conforming product / service
70
70
13. Request for Quote
Date : Fax No. :
Attn :
To:
Subject : Request for Quote
Our Ref No. : MR #
Dear Sir,
Kindly send us the best and lowest prices for the items as per below as early as
possible.
Sl. No.
Description
Unit
Qty.
General Terms and Condition of
Purchase:
(1) The items should be exactly as per our requirement. Any deviation should be informed while quoting. (2) Price-Ex-our stores. (3) Local Supplier to Quote within one working day. (4) Batch/Material Test Certificate is a must where ever applicable.
With regards,
Procurement In Charge
14.Material Receiving Inspection Report
Location of supplier:
W.O / J.O No.:
Date:
MRIR No.:
Supplier Code
Supplier Name & Address
Supplier DO Ref.#
PO Ref.#
MATERIALS DETAILS
Sl. No
Part / ItemNumber
Part / Item Description
Quantity
Details to be Verified / Inspected
Results of Verification / inspection
Remarks
As perPO
As perSupplier DO
Accep.
Rej.
Received & Verified By (Store Keeper)
Inspected By (QA/QC Engineer)
Approved By (Machine Shop Manager)
(Name, Sign & Date)
(Name, Sign & Date)
(Name, Sign & Date)
The accepted items are credited to Stores and rejected items are sent back to supplier
1 Upon receiving on any equipment, this form must be filled in with SRV#. 2 Security Guard must must record in all details and provide a copy of this form to the Account and concerned every Sunday of the week Prepared By:
Upon releasing any job, this form must be filled in with P.O/Invoice#. Security Guard must must record in all details and provide a copy of this form to the Account and concerned every Sunday of the week Prepared By:
To define the methodology followed by XXX for the regular change, updating, maintenance and control of External documents. The documented procedure includes:
Standards, Directive, and Customer Specifications.
External specification requirements, including addenda, errata, and updates are used in the design or manufacture of the product.
Integration of these requirements into the product realization and other affected processes.
2.0 SCOPE
This procedure is applicable to all the following systems and standards
API Spec Q1, 9th edition/ ISO 29001: 2020
API Spec ….
API Spec ……
API Spec ……
API Spec …..
API Spec ……
3.0 INPUTS
Drawings, Specifications
Purchase Orders
Customer Standards
International Standard
Document request form
4.0 RESPONSIBILITY:
Management Representative / Quality Systems Manager
All concerned process heads
5.0 RESOURCES:
Competent Manpower, Computers, Printer & Internet connection, Stationery, International standards & specifications, XXX Procedures
6.0 TERMS AND DEFINITIONS
Document: Information (meaningful data) and supporting medium
Procedure: XXX’s documented method for performing an activity under controlled conditions to achieve conformity to specified requirements.
NOTE this definition was previously identified as a “control feature” in earlier editions of this specification.
Specifications: Document stating requirements
7.0 PROCEDURE
7.1 External Origin Standard
A Master list of External Origin Documents is maintained which is essential for the planning and operation of the Quality Management System. The master list of external origin document is identified, controlled and updated as and when changes are made to the standard.
API product or other external specification requirements including addenda, errata & advisory details (revisions and updates) are updated and maintained by checking www.api.org website monthly wise
MR keeps tab on the versions of standards mentioned in master list of External origin standards on respective websites once in 6 months and updated if necessary.
Regarding revision of legal standards, once in three month, it is checked with authorized like PCB, Inspectorate of Factories etc. and updated
Based on the Updation of External standards, the Technical Procedures are updated
All standards are collected by MR and review with Engineer – Design & Development, Operations, Quality Control in monthly basis
System related changes in Standards is identified and done by MR
Technical changes like design & development, Quality are identified by related Personnel (Engineer) and inform to MR
If any changes required from management side and those will be discussed in the Management Review Meeting and MR takes responsibility of it.
7.2 DOCUMENT CONTROL
External Document are following,
Drawings
Specifications
Purchase Orders
Customer Standards
Issue control of external documents lies with the QA/QC Engineer.
Machine shop Manager/Operations Engineer shall ensure the latest editions of the drawings/specifications/other documents are available prior to the commencement of the work.
If the copies of the Customer/OEM/Internal drawings are lost or damaged by the user departments, the department head makes a request to the QA/QC Engineer for issue of fresh copy of the drawings.
Once the product realization process completed relevant documents shall be handed-over to the QA/QC Engineer.
Copies of the external documents shall be disposed after use in controlled conditions and appropriate records shall be maintained.
8.0 OUTPUTS
Master List of External Origin Standards
9.0 Key performance indicator
All external origin documents available as per requirements & controlled.
The organization is responsible for planning and executing the processes for monitoring, measuring, analyzing, and improving the quality management system to ensure compliance with the requirements of this specification and to enhance the system’s effectiveness over time. This includes identifying appropriate methods, including data analysis techniques, and determining their utilization extent.
The organization must plan and implement the monitoring process, measurement process, analytical process, and improvement process to conform to the requirements of API Q1 and to continually improve the effectiveness of the quality management system. The process must include applicable methods, including techniques for the analysis of data, and the extent of their use. The organization must analyse the results of monitoring and measurement and confirm that the organization has considered what, how and when to measure and that the outcomes from decisions result are ensuring appropriate process control. It must monitor the performance and effectiveness of the organization’s quality management system. It must develop a process (method, techniques, format, etc.) to identify, collect and analyze various data and information from both internal and external sources, including:
Monitoring and measuring results;
Process performance results;
Meeting objectives;
Internal audit findings;
Customer surveys and feedback;
2nd or 3rd party audit results;
Competitor and benchmarking information;
Product test results;
Supplier performance information.
This ‘input’ (information and data) should reflect upon the adequacy, suitability and effectiveness of the quality management system and its processes. The ‘output’ (the result of the analysis) must provide information (understanding, insight, awareness, confidence, knowledge of, etc.). The analysis output must provide insight to:
Customer satisfaction and perception
Product conformance.
Process performance
Product and process characteristics
Trends in products and processes
Opportunities for preventive action
Suppliers and subcontractors.
Other potential or useful options might include:
Need for corrective action
Opportunity for improvement
Competition.
It is important to document and retain as evidence the results of the evaluation of the performance of the quality management system. Monitoring and measuring QMS operations and activities will establish a mechanism to ensure that your organization is meeting its policies, objectives and targets. To meet this requirement, your organization must perform six steps:
Identify the activities that can have significant impacts and risks
Determine key characteristics of the activity to be monitored
Select the best way to measure the key characteristics
Record data on performance, controls and conformance with objectives and targets
Determine the frequency with which to measure the key characteristics
Establish management review and reporting.
Establish the monitoring and tracking criteria for each activity that has a significant impact or risk and review the action plan.
6.2 Monitoring, Measuring, and Improving
6.2.1 Customer Satisfaction
The organization must have a documented procedure for monitoring customer satisfaction, detailing the frequency and methods for assessing it, along with key performance indicators. Records of customer satisfaction data must be retained.
The organization must establish a documented procedure to measure customer satisfaction. The procedure shall address the frequency of measurement, obtaining customer feedback, key performance indicators (KPIs), and other information that the organization uses to determine whether the organization has satisfied customers in meeting identified requirements. The result customer satisfaction information must be recorded. Customer satisfaction should be monitored to determine to which degree their expectations and needs are being fulfilled. The methods for obtaining this information need to be determined by the QMS. Methods of measuring and monitoring the way customers perceive your company can be done through;
Physical customer feedback through meetings
Customer surveys
Warranty/Guarantee claims
Compliments/Complaints
Dealer reports
Producing high levels of customer satisfaction is an essential metric tool for gathering real-time information to improve the QMS system and product. Each customer will be different and present different needs and the organization will have to use additional measures and controls to measure and analyze the data.
Defining Customer Satisfaction Indicators: The procedure for customer satisfaction should have customer satisfaction indicators. This process should also include;
The frequency of data collection
The method of data collection
A summarization
A review of the data
An evaluation of the data
Actions on how to improve
The required timeline for the remedy
Whose responsibility it is and
The follow-up with the customer
To continuously improve customer satisfaction, customer feedback and trends must be constant. This will be the baseline to use for both internal and external customers.
6.2.2 Internal Audit
6.2.2 Internal Audit 6.2.2.1 General
The organization must conduct internal audits to assess the implementation, maintenance, and conformity of the quality management system to both this specification and the organization’s internal quality management system requirements. A documented procedure outlining responsibilities for planning, conducting, and documenting internal audits must be maintained. This procedure should identify audit criteria, scope, frequency, and methods, considering previous audit results, process criticality, and changes to the quality management system. All processes within the quality management system must undergo audits at least once every 12 months, with audits staggered throughout the year if necessary. Critical processes related to product realization must be audited to ensure compliance with requirements, including observation of activities and evaluation of conformity.
6.2.2.2 Performance of Internal Audit
Competent personnel, separate from those involved in or directly overseeing the audited activity, must conduct audits to ensure objectivity and impartiality. Audit records should offer objective evidence of the implementation and maintenance of the quality management system. Note: product specification requirements may be integrated into various quality management system processes and may be audited alongside one or more of these processes.
6.2.2.3 Audit Review and Closure
The organization must define timeframes for responding to identified nonconformities. Management accountable for the audited area must ensure that any required corrections and corrective actions adhere to the specifications outlined in section 6.4.2. Internal audit records must be retained.
Internal Audits are conducted to verify that the Organization’s QMS is effectively implemented and maintained and conforms to the requirements of the API Q1. The organization must establish a documented procedure for Internal audit. It must define the responsibilities for planning, conducting, and documenting internal audits. The results of previous audits and the criticality of the process being audited must be considered while planning for internal audits. While planning for the internal audit the organization must identify the audit criteria, scope, frequency, and methods of Internal audit. The procedure must ensure that all processes of the quality management system claiming conformity to the API Q1 requirements are audited at least once. every 12 months. All Outsourced activities that impact the quality of the product and that are performed at the organization’s facility must be part of the internal audit. All processes of the Organization’s QMS must be audited to claim conformance to the API Q1 requirements. Records of the audits provide objective evidence that the QMS is implemented and maintained. Independent, Competent personnel who do not perform or directly supervise the process being audited shall conduct the Audit. This is to ensure objectivity and impartiality of the audit process. Product specification requirements can be embedded throughout the quality management system processes and audited in conjunction with one or more quality management system processes. For the non-conformities identified during the internal audit, the responsible management must ensure necessary correction and corrective action. The organization must identify response times to address detected non-conformities. Records related to internal audits must be maintained. The results of internal audits and the status of corrective actions are to be reported in the management review.
Organizations should establish an internal audit plan to cover all requirements of the standards. In addition, consideration should be given to the status and importance of the processes that comprise the audit and the results of previous audits. Objective evidence should demonstrate information concerning the effective implementation of the audit plan, as well as a sample of audit results. The internal audit process should include the following activities:
The development of a program of internal audits which can be revised depending on the results of previous audits and the results of performance monitoring.
The identification, selection and training of internal auditors.
The analysis and evaluation of the results of internal audits.
The identification of the need for corrective or improvement measures.
The verification of the completion and effectiveness of these measures.
The documentation pertaining to the execution and results of audits.
The communication of the results of audits to the top management.
The internal audit process is part of the continual improvement feedback loop to evaluate and improve the effectiveness of the management system. It also highlights where processes and procedures are not addressing risks adequately and where changes are needed to improve efficiency or effectiveness. The audit process also serves as a method of compliance monitoring.
Planning for internal audit
During the early stages of implementing this standard, the internal audit often focuses on ensuring that any compliance issues or non-conformities are discovered and rectified before the assessment. However, once the organization is registered, the internal audit must evolve. The focus of the internal audit planning should be re-directed, away from compliance with standards, to an audit strategy that bases the audit frequency upon process performance data, feedback from customers, etc., to ensure that you are focusing on the risks and issues that should be on Top management’s radar. When planning the Internal audit organization should ensure that customer feedback, organizational changes and risks and opportunities are brought into consideration. Process importance as the degree of direct impact that process performance has on customer satisfaction should be considered i.e. could the process provide the customer with a defective product? One should consider process status in terms of maturity and stability; a more established, proven process will be audited less frequently than a newly implemented or recently modified process. Conversely; processes which are not performing to the planned arrangements should be audited more frequently. Support processes should be given a lower ranking than the manufacturing/service provision processes. In addition, the results of previous audits should be considered too. Processes that have been audited recently that have shown effectiveness and improvement should be audited less frequently. When applying risk-based thinking to select internal audits and their frequency, consider the following:
Processes that are critical to product and service quality;
Complex processes that require close monitoring and control to ensure conformity;
Balance across operational and non-operational processes;
Processes that utilize qualified personnel;
Activities or processes that occur across multiple locations;
Processes impacted by human factors;
Introduction of new or changed processes;
Changes affecting the organization;
Statutory and regulatory issues;
Process performance, e.g. process conformity/non-conformity, escapes to the customer, complaints, previous internal/external audit results, identified risk.
When planning your internal audit one should ensure that customer feedback, organizational changes, and risks and opportunities have been brought into consideration. Internal audits that are based on risk and customer feedback will help your organization to embark upon new methods of compliance in which risk-based thinking and continual improvement are the drivers, rather than compliance.
Determining the frequency of internal audits Deciding the frequency of internal audits will depend on the perceived need for the audit and the size and complexity of your organization. The frequency of internal audits should depend on the criticality of each process and the perceived need to audit it, but all processes should be formally audited at least once during a 12-month audit cycle. Critical processes that directly affect process and product conformity and customer satisfaction should be audited more frequently, e.g. monthly, quarterly, or more regularly as required. When determining internal audit frequency, you should consider the following:
The level of risk associated with the activity, policy or procedure; The priority of the specific element of the management system; The results of previous audits; and The significance of problems identified in the areas to be audited.
The basic requirement of the quality management system is that it is audited at least once per year. If any issues are found during audits, then additional audits can be undertaken to help get that part of the system working effectively again as soon as possible. Some audits are likely to be conducted every month to cover all manufacturing processes over the year. Unscheduled audits may be conducted at any time based upon:
The frequency of internal audits should be reviewed and, where appropriate, adjusted based on the occurrence of process changes, internal and external nonconformities, and/or customer complaints. The effectiveness of the audit should be reviewed as a part of management review.
The internal audit checklist is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the requirements. The checklist stands as a reference point before, during and after the audit, and will provide the following benefits:
Ensures the audit is conducted systematically;
Promotes audit planning;
Ensures a consistent audit approach;
Actively supports your organization’s audit process;
Provides a repository for notes collected during the audit process;
Ensures uniformity in the performance of different auditors;
Provides reference to objective evidence.
Before a new audit is started in a particular area, it is important to check the status of any outstanding issues since the last audit (if any) was performed in the area. If there are outstanding issues, then they may be carried forward into the current audit, and the previous audit could then be closed off. The system audits are best undertaken using an internal audit checklist. This type of audit focuses on the quality management system as a whole and compares the planning activities and broad system requirements to ensure that each clause or requirement has been implemented. A good summary report is the final output of the audit and deserves an appropriate amount of attention and effort. The audit report is the detail of what was found during the audit. It presents an overall summary of the audit findings, as well as any positive aspects noted during the audit. The audit report must also identify nonconformities identified during the audit and their associated corrective actions. The Internal Auditor should be responsible for finalizing the audit report, which should include:
The area and element/procedure/process audited;
Audit team composition, audit scope, persons interviewed;
Executive summary;
Observations and key findings (identified nonconformities);
Recommendations;
Opportunities for improvement, which are areas that may become nonconforming in the future;
Graphical representation of findings.
On completion of the audit, a closing meeting should be scheduled between the audit team and the organization or department being audited, to present the results of the audit and discuss any subsequent steps required to complete the audit. Observations may also be recorded for future consideration. The audit report needs to be signed by the lead auditor and the manager of the relevant department, and distributed as required to relevant persons. The findings and conclusions should be formally documented as part of the summary report. Too often, the audit report only recites back facts and data the managers already know. The value is in identifying issues and opportunities they do not know! This summary should be reviewed first with the lead auditor, then the Process Owner and Management Team. Make final revisions and file the audit report and all supporting audit materials and notes. The audit summary and the corrective action forms should be attached to the audit report, which now becomes the audit record. Only the summary report and corrective actions need be given to the Process Owner and a copy of the audit report should be given to Top management.
6.3 Analysis of Data
The output of data analysis should furnish insights, including trends, regarding:
a) Customer satisfaction.
b) Nonconformity to product requirements during product realization.
c) Instances of nonconformities and product failures detected post-delivery or post-use, provided there is accessible product documentation or evidence to facilitate root cause determination.
d) Process performance.
e) Supplier performance.
f) Attainment of quality objectives.
The organization must utilize data to assess areas where continual enhancement of the quality management system’s effectiveness is possible.
The organization must establish a documented procedure for the identification, collection, and analysis of data to demonstrate the suitability and effectiveness of the quality management system. The analysis includes data generated from monitoring and measurement, internal audits, management reviews, and other relevant sources. The data analysis output provides information relating to customer satisfaction, quality objectives, supplier performance and conformity to product requirements. The nonconformities and product failures identified after delivery or use provided the product or documented evidence is available to facilitate the determination of the cause. The characteristics and trends of processes and products including opportunities for preventive action. The organization must use data to evaluate where continual improvement of the effectiveness of the quality management system can be made.
Analysis of Data must include:
Levels of Customer satisfaction
Level of Supplier Performance
The results of product and process monitoring
Rates of non-conformances
Trends and opportunities for corrective and preventive action
Where the analysis shows unacceptable performance then those items should become Quality objectives and where appropriate, become subject to preventive or corrective action.
The purpose of analyzing data is to:
Assess organizational performance against established plans and stated quality objectives
Identify areas for improvement
Help determine the cause of problems
Guide for determining the most appropriate corrective or preventive action to take
Data collected for analysis includes:
Results from customer surveys
Results from employee surveys
Customer, supplier and employee feedback
Results from internal audits
Results from process monitoring and measurements
Results from product monitoring and measurements
Non-conformance reports
Warranty claims and returned products
How do I analyze data?
Effective data analysis is an essential part of any quality management system:
Use statistical techniques where appropriate (e.g. Statistical Process Control)
Data should be analyzed by designated, competent personnel
Use data feedback for continuous product and process improvement
Should I document our analysis of the data process?
It is not a mandatory requirement to document your analysis of the data process. However, you should always look to adequately define and control any operational processes that generate information on the performance of your quality management system. Therefore, the implementation of an analysis of data procedure will be appropriate for the majority of businesses. Develop and implement a procedure that defines the roles and responsibilities for analyzing quality management system data to drive continual improvement and to facilitate a factual approach to decision-making:
Data collection
Data analysis
Information output
Reporting
Looking for help documenting the process?
The effectiveness of the analysis of the data process is often determined by looking for evidence that the organization has sufficiently utilized data from the outputs of its activities and has used that data to drive continual improvement and enhance customer satisfaction.
6.4 Improvement
6.4.1 General
The organization is required to enhance the effectiveness of the quality management system continuously. This is achieved by assessing, selecting, and implementing improvement opportunities utilizing quality objectives, internal audits, data analysis, corrective actions, and management review.
The organization is expected to revise the quality system documentation and processes as the quality management system matures or when a new process is implemented. The organization must identify improvement opportunities and management system underperformance using the data output from its processes, such as data analysis and evaluation, internal auditing, management review, and the use of appropriate tools and methodologies to support and validate findings. The organization must implement the identified opportunities for improvement in a controlled manner. The organization should ensure that it has implemented a process, with appropriate methods, techniques, and formats for identifying areas of underperformance or opportunities for improvement. The organization should select the appropriate tools and techniques to investigate the causes thereby establishing and implementing a process for continual improvement. The impetus for continual improvement must come from the use of (as a minimum):
Policies;
Risks and opportunities;
Objectives;
Aspect and impacts
Hazards and safety risks;
Analysis and evaluation of data;
Audit results;
Management review;
Non-conformity and corrective action.
Processes can always be made more efficient and effective, even when they are producing conforming products. A continual improvement programme aims to increase the odds of satisfying customers by identifying areas that need improvement. It requires the organization to plan improvement systems and to take into account many other activities that can be used in the improvement process. You will be required to ensure that you continually improve the degree to which your products and services meet customer requirements and to measure the effectiveness of your processes. To this end, the continual improvement principle implies that you should adopt the attitude that improvement is always possible and your organization should develop the skills and tools necessary to drive improvement.
6.4.2 Corrective Action
The organization must uphold a documented procedure to manage nonconformities, including those arising from customer complaints, and to implement corrective actions both internally and with suppliers. Corrective actions should correspond to the impact of the encountered nonconformity, which can pertain to both quality management system processes and trends in nonconforming products.
The procedure should cover:
Criteria for initiating the corrective action process;
Reviewing the nonconformity;
Determining and implementing corrections;
Identifying the root cause of the nonconformity and assessing the need for corrective actions;
Implementing corrective action to minimize the likelihood of recurrence;
Defining the timeframe and responsible parties for addressing corrections and corrective action;
Verifying the effectiveness of the corrections and corrective action taken;
Updating risks and opportunities identified during planning;
Management of Change (MOC) when corrective actions necessitate new or modified controls within the quality management system; and
Assessing similar potential nonconformities and implementing preventive actions as appropriate.
Records of corrective action process activities should be maintained, including activities conducted to confirm the effectiveness of the corrective actions taken.
The organization must establish a documented procedure to correct non-conformities and to take corrective actions appropriate to the effect of nonconformity to eliminate the causes of non-conformities to minimize the likelihood of its recurrence. Corrective action is to apply both internally and within the supply chain to both quality management system processes and nonconforming product trends. The procedure must identify requirements for reviewing a process nonconformity including customer complaints, determining and implementing corrections, identifying the root cause of the nonconformity and evaluating the need for corrective actions, implementing corrective action to reduce the likelihood that a nonconformity recurs, identifying the time frame and responsible persons for addressing corrections and corrective action, verification of the effectiveness of the corrections and corrective action taken and Management Of Change when the corrective actions require new or changed controls within the quality management system. Records of the activities for control of a nonconforming process shall be maintained. Records shall identify the activities performed to verify the effectiveness of the corrective actions taken.
Definition of correction Correction (also referred to as immediate correction) is the action taken to eliminate a detected nonconformity or defect (adapted from ISO 9000). A correction can be made in conjunction with undertaking corrective action. For a product nonconformity, correction might include reworking the part, accepting the nonconformance through the concession process, replacing the product, or scrapping the product.
Definition of corrective action Action implemented to address the root cause and contributing cause of the undesirable condition, situation, nonconformity, or failure; action taken to prevent recurrence. As part of the corrective action process, you must identify all the causes (root cause and contributing causes) that have or may have generated an undesirable condition, situation, nonconformity, or failure.
The decision to apply or not apply the corrective action process should be made by the appropriate level of management within the company, based on the level of risk. Many factors that can trigger the corrective action process, examples include:
A safety impact that affects the product or personnel;
Product performance and/or reliability issues;
High impact on production and/or maintenance operations;
Repetitive problems to one part of the activity/process, or similar problems across many activities/processes;
Difficulty in detecting the nonconformity;
By customer request;
Significant quality or management system issues;
Complex problems that cannot be solved without the assistance of others are not located where the problem occurred.
The analysis of nonconformities should not look for someone to blame, or a department that is ‘more responsible than another’, but rather for understanding and improving the organizational weaknesses that made them possible. Where internal audits identify that organization’s policy, objectives, standards and other requirements as outlined within their management system are either not implemented, or are improperly implemented, a nonconformance report should be raised and entered into the nonconformity log as appropriate. This should require an agreed response from the relevant Line Manager prior to closure. The root-cause must address the nonconformity and the corrective action must address the root-cause. Any nonconformities and subsequent actions to prevent their reoccurrence and the effectiveness of the corrective action(s), should be duly documented and retained.
Step 1. Identify the Problem Once a problem has been identified through inspection, customer complaints, or audit results, it should be captured using non-conformity reports (NCRs) or corrective action reports (CARs) in order to identify who is affected by the problem and what the impact is. Considering the following:
What are the operations, products, materials, defects, malfunctions that may characterise the problem? What is it about?
Who is concerned with the problem? Who is reporting the problem? Who is rectifying the problem? Who is the problem affecting?
Where are all the places where the event takes place; shop floor, services, machine, process step?
Where is it seen? Where does it originate?
When does the event appear (time, date, when does it start, how long does it last, how often)
When is the problem reported defective? When is the problem repaired?
Has it occurred before? If yes, what is the history?
How do we know there’s a problem (how is it detected)?
How does the event appear, how does it stop?
How frequently is the problem experienced?
How is the effect of the problem being measured (costs, delays, scrap rate, customer complaints, return rate, concessions, reliability rate, etc)?
How is the problem currently addressed? How is it corrected?
This step helps to fully describe a situation, precisely analyse all its elements and gain a common understanding of them, allowing the definition of an action plan. Ensure that all team members agree about the definition of the issue and resulting impact. The problem description should describe the problems in terms of what, where, when, and how big. On a flip chart, presentation board, or even paper; write out a description of what you know about the problem. Try to document the problem and describe it as completely as possible. The description should contain facts; such as observations and documentary evidence and not assumptions. All information must be gathered before identifying the root-cause can begin. Make sure both of the above factors are true before you move to the next step. Consider any new information that the team may have gathered since completing the initial problem description. Describe the problem by identifying what is wrong and detail the problem in quantifiable terms. Define, verify and implement the interim containment action to isolate the effects of the problem from any internal/external customer until Permanent Corrective Actions (PCA) are implemented.
Step 2. Establish a Response Team Identify representatives from functions that may have an influence on the corrective action process, including the identification of the root causes. Remember to assign responsibilities and objectives to the team members. Remember, those performing the job, such as operators, inspectors, drivers, etc., are the best people to help identify the real causes, don’t leave them out of the team! The size and composition of the team should depend on the complexity and the impact of the problem. The composition of the team is not fixed forever and may evolve depending on the analysis results and the required actions. New team members should join the team if analysis shows they are identified as being in the scope, some others will leave if their area is definitely identified as out of the scope. However, consideration should be made that expending the size of the core team over 6 to 8 members generally results in less efficiency. When more members or special skills are required, sub teams should be considered. Don’t forget, root-cause analysis must not be used for assigning blame or transferring responsibility. In summary, you should establish an investigation team with:
Process and/or product knowledge;
Allocated time and resources;
Authority to solve the problem and implement corrective actions;
Skill in the required technical disciplines;
A designated Team Leader.
Brainstorming sessions should be used to identify potential causes to investigate each potential cause. Coordinate parallel activities with different team members to help expedite the process of verification. Once you have reviewed the problem description, you can undertake a comparative analysis. A comparative analysis will help you identify relevant changes in a change-induced situation. Then you can reduce the number of possibilities that you must consider to determine root-cause. To complete a comparative analysis:
Ask yourself; what is unique, peculiar, different, or unusual about the symptoms?
Consider features such as people, processes, materials, machines and the environment;
List all facts without prejudice as to the possible cause;
Consider each difference you listed, and look for changes, ask yourself what has changed to give rise to this difference?
Keep in mind that each difference may not have a corresponding change;
List the changes next to the difference;
Look at the dates each change occurred;
Eliminate some changes if they occurred after the problem started;
Consider categories of people, machines, processes or measurements.
If the problem is change-induced, the root-cause must be the result of a change relative to one or more of the identified changes. It is important to remember that you have not yet moved from the ‘observations’ phase of the process. Any information you develop during the comparative analysis must be fact based, not opinion-based and must be true only for the symptom’s information. Do not rule out any facts that might be valid answers. If it is a fact and it answers the question, write it down. Your organization should first contain the problem by taking immediate corrective action (ICA) and then evaluating the need for initiating the formal problem-solving process. Where necessary, provide an emergency response action to protect the customer from the problem, protect the customer operations and the organisation (to stop the problem getting worse) and verify that problem does not degrade until the root-causes are known. An interim containment action is kept in place until a verified permanent corrective action can be implemented. In some cases, the interim containment action may be the same as or similar to the emergency response action. An interim containment action provides more opportunity for investigation. Conduct trial runs whenever possible. However, in some situations, your verification may simply be a matter of common sense. For example, if an interim containment action involves stopping the shipment of all products, you can be sure that customers will stop experiencing the problem. An interim containment action can be any action that protects the customer from the problem. However, before you implement an interim containment action, you need to verify that the interim containment action will work. To verify the interim containment action:
Prove before implementation it protects the customer from the problem;
Provide a before-and-after comparison;
Prove that the interim containment action will not introduce any new problems.
Methods of verification may include:
A test to determine the desired performance level;
A demonstration that changes eliminated the issue without creating a new problem;
A comparison between the interim containment action and similar proven actions;
A review to evaluate whether the interim containment action was effective;
Assurance that the interim containment action did not introduce a new problem.
Any interim containment action you implement must protect the customer from the problem without the introduction any new problems. Also, a single interim containment action may not be enough. You may need to implement more than one interim containment action to fully protect the customer.
Step 3. Identify the Root-Cause(s) Root-cause analysis (RCA) is a class of problem-solving methods aimed at identifying the root-causes of problems or events. The practice of root-cause analysis is predicated on the belief that the problems are best solved by attempting to correct or eliminate root-causes, as opposed to merely addressing the immediately obvious symptom. Listed below are various root-cause analysis techniques, we recommend you use the 5-Whys (1st Why, 2nd Why, 3rd Why, 4th Why, and 5th Why – and the root-cause) technique to problem solving but you are free to undertake any of the following depending on the complexity of the problem:
3-Ws (what, where, when);
8D Eight Dimensions;
Failure Mode and Effects Analysis (FMEA & DFEMA);
Fish-bone Analysis;
Pareto Analysis;
Fault-tree Analysis;
Cause Mapping – draws out, visually, the multiple chains of interconnecting causes;
Barrier analysis – a technique often used in process industries;
Change analysis – an investigation technique often used for problems or accidents.
The 5-Whys technique offers some real benefits to organizations with varying degrees of management system maturity:
Simplicity. It is easy to use and requires no advanced mathematics or tools that allow you to dig deep and find underlying issues rather than using quick-fix solutions;
Effectiveness. It helps to separate the symptoms from the causes and identifies the root-cause of a problem using evidence-based analysis;
Comprehensiveness. It aids in determining the relationships between various problem causes and allows you to proactively eliminate problems for good;
Flexibility. It works well alone and when combined with other quality improvement and troubleshooting techniques such as the ones listed above;
Engaging. By building a culture that embraces progress, by its very nature, it fosters and produces teamwork within and outside of the organization, encourages the reporting of issues without fear or judgment;
Inexpensive. It is a guided, team-focused exercise that seeks to improve and adapt processes to ensure long-term success. There are no additional costs.
Launching a formal root-cause analysis and the problem-solving process should always be considered when an issue; such as undesirable conditions, defects and failures is detected. The decision not to apply the process must be made based on objective evidence of the absence of risks!
Step 4. Implement Corrective Action When all root and contributing causes have been identified and their effects understood, implement all selected corrective actions. Verify that the planned actions were taken as scheduled and assess their effectiveness in permanently preventing the undesirable condition, situation, non-conformity or failure from recurring. Steps for corrective action (CA) implementation:
Implement the corrective action (CA);
Implement controls;
Evaluate the corrective action (CA) for the escape point;
Remove the immediate containment action ;
Perform validation;
Confirm with the customer that the symptom has been eliminated.
To ensure the most effective corrective actions to address the most likely, or critical root causes are taken in consideration of operational and business constraints such as costs, lead time, difficulty of implementation, and resources. Select solutions that optimise value and effectiveness for all stake-holders! Implement the solutions that have been selected, verify that all actions have been completed to schedule and that they have prevented the undesirable condition, situation, non-conformity or failure from recurring. Plan and implement selected permanent corrective actions. Remove the interim containment action and monitor the long-term results.
Step 5. Monitor Effectiveness Establish a review process to ensure corrective actions are completed according to plan and that they continue to be effective over time by confirming you have done what you have planned. Try adjusting the type and number or frequency of additional checks and audits to check that the actions remain effective. When the same problem has been identified or is suspected to occur on the same or similar products, processes or data, the same corrective actions must be implemented and their effectiveness verified for all these additional products, processes or data. The owner of each corrective action, the team leader and all team members should verify the effectiveness of the actions taken to date, and when relevant, the customer. Examples of verification methods include:
Additional process monitoring until it is demonstrated that the process is stable and capable of consistently meeting requirements (recording and analysis of process parameters and/or product characteristics, SPC, etc.);
Additional internal audits to specifically verify the effectiveness of the corrective actions;
Associated metrics show significant improvement resulting from the corrective actions.
Examples of supporting evidence might include updated procedures, work instructions, control plans, etc. to show any changes were defined. Additionally, evidence of effective implementation of the changes is also required such as SPC data, inspection records, training records, audit records, etc.
If the corrective actions are effective, evaluate which containment actions may be eliminated (e.g. stop over inspection and overproduction, return to normal transportation means, etc.) without adversely affecting the product and process output. Record evidence of actions completed and associated results (what works and what does not). To document analysis results and changes to make the corrective action permanent, capture and share learning with all the stakeholders to prevent similar undesirable conditions, situations, non-conformity or failures occurring on other products, production lines, factories or suppliers. Identify all that can be shared from the experience that can be transferred across business units, production lines, factories or suppliers. Ensure that you get agreement from appropriate levels of management and other process owners and functions (internally and externally) to launch actions and verify they are implemented and effective. Keep lessons learned register which includes a summary of content and results of analyses, flow charts, databases, performance data, main actions and decisions, location where detailed data can be retrieved, difficulties encountered when managing the issue, etc. When the decision is made to implement actions in other business areas, such as; production lines, factories or suppliers, which are not under direct control of the response team, implementation and the verification of effectiveness is not necessarily the responsibility of the team. Escalation to top management or transfer to another function (procurement, engineering, etc.) may be required to ensure proper leverage and action follow-up.
6.5 Management Review 6.5.1 General
The organization’s management must conduct a review of the quality management system at least once every 12 months (by the end of the same calendar month as the previous year’s review) to assess its ongoing suitability, adequacy, and effectiveness. This review should encompass evaluations of opportunities for improvement, sufficiency of resources, and the necessity for adjustments to the quality management system, including the quality policy and objectives.
6.5.2 Input Requirements
The minimum inputs required for management review shall encompass:
a) Evaluation of the status and effectiveness of measures taken based on prior management reviews;
b) Findings from internal audits and audits conducted by external parties.
c) Identification of potential changes that may impact the quality management system, encompassing alterations to legal and other relevant requirements (e.g., industry standards), as well as shifts in internal and external factors pertinent to the quality management system.
d) Assessment of customer satisfaction.
e) Consideration of feedback received from customers and other concerned parties.
f) Evaluation of process performance.
g) Review of risk assessment outcomes and the effectiveness of risk mitigation measures. h) Status update on corrective actions.
i) Analysis of supplier performance.
j) Examination of product conformity analysis, including post-delivery or post-use nonconformities;
k) Comparison of actual performance with quality objectives; and
l) Proposals for improvement.
6.5.3 Output Requirements
The outcomes of the management review must comprise:
A concise evaluation of the quality management system’s effectiveness,
Any necessary modifications to processes,
Determinations and ensuing actions,
Essential resource allocations, and
Enhancements aimed at better meeting customer needs.
Senior management is responsible for reviewing and endorsing the results of management reviews. Documentation of management reviews is mandatory, and records of such reviews must be retained.
The organization‘s quality management system shall be reviewed at least every 12 months by the organization’s management to evaluate the quality management system’s continuing suitability, adequacy, and effectiveness. This review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives. The input to management review shall include, as a minimum: – effectiveness of actions resulting from previous management reviews – results of audits – changes that could affect the quality management system, including changes to legal and other applicable requirements – analysis of customer satisfaction, including customer feedback – process performance – results of risk assessment – status of corrective and preventive actions – analysis of supplier performance – review of the analysis of product conformity, including nonconformities identified after delivery or use recommendations for improvement
The output from the management review shall include a summary assessment of the effectiveness of the quality management system. The assessment shall include any required changes (see 5.11) to the processes and any decisions and actions, required resources, and improvement to products in meeting customer requirements. Top management shall review and approve the output of management reviews. Management reviews shall be documented and records of these reviews shall be maintained,
The management review must address the possible need for changes to policy, objectives, targets, and other elements of the management system. Here’s what management systems standards are really all about: defining a policy and creating a plan with relevant objectives. You then implement the system according to the plan and begin auditing, monitoring and measuring performance against the plan and reacting to your findings. As such; management review meetings provide useful insight into the operation of the management system and its processes to enable Top management to respond to issues and to recommend improvements.
It is important that a member of Top management chairs the management review meetings. It is imperative that everyone involved with the management review process fully understand and appreciate the management review requirements. Other attendees at management review meetings should include functional management, line management, process owners, process champions, lead process users, and action owners within the scope of the quality management system, as appropriate, and the internal auditor(s) should also attend. The management review process must ensure that the necessary information is collected ahead of time to allow management to effectively carry out an evaluation prior to the meeting. Note taking and action recording is often undertaken by the Management Representative who will forward minutes of the management review meeting to those on the distribution list and to those with actions.
Critical management review agenda items, such as; process performance, customer feedback and monitoring and measuring results should be reviewed monthly, while less critical agenda items, such as reviewing the quality policy and objectives should be undertaken less frequently, perhaps every quarter. This approach minimizes the length of each management review meeting, covers all of the required management review inputs over the duration of the management review programme, and allows for the analysis of trends in data while the information is contemporary. Annual management reviews are insufficient in frequency to be able react to any issues effectively. Performance metrics should be monitored with varying frequencies, some hourly, some daily, some weekly and some monthly. Management cannot wait for six months to respond, if they do, it will be too late. Top management might conduct weekly meetings in which they review metrics and objectives to determine if any corrective action is required. The process owner is then responsible for reporting close out progress in the meeting a week later. Every time management convenes to review and react to performance, it is considered as a management review. Some companies have multiple review levels, whereby, each review may require multiple subjects and rely upon multiple metrics as inputs. Sometimes subjects are reviewed at more than one level, e.g. production numbers might be reviewed by the Production teams during daily production meetings and then by senior management, possibly weekly.
The organization must always plan, set up, record, put into action, and keep up a quality management system in line with this specification’s demands for the product within the organization’s defined scope. Additionally, the organization needs to assess and enhance the effectiveness of this quality management system.
The Process-Based Management System Model supports all of the other API and ISO management system standards and specifications. The model starts with an understanding of the Organization’s Customer Requirement, this is an INPUT to the organization’s Product Realization is where the product/service takes place producing an OUTPUT (Product/Service) to Customer satisfaction. Product Realization must be constantly measured, analyzed and when needed, improved to ensure customer requirements and satisfaction are maintained. The results of the analysis go to Top management, which is responsible for acting upon the results and properly allocating resources to the organization to ensure that Products and services will continue to keep up with Customer requirements.
4.1.2 Quality Policy
The organization’s commitment to quality must be clearly outlined, documented, reviewed, and endorsed by top management. The quality policy should align with the organization’s goals and guide its strategic path. It must serve as a foundation for setting quality objectives. It must be effectively communicated, understood, put into practice, and upheld within the organization. It must be accessible to relevant stakeholders as determined by the organization, and include a pledge to meet requirements and consistently enhance the efficiency of the quality management system.
The quality policy must be appropriate to its purpose and there is a commitment to continually improving the quality management system, and the quality objectives are consistent with the quality policy. The policy does not have to include objectives but should create a framework for establishing them. The policy should be stated in such a way that it aims toward continual improvement. It should be reviewed and possibly revised to meet higher aspirations. Develop and implement a policy that is consistent with the company’s codes of conduct and business practices. The policy should be signed by senior management and committed to:
Preventing process loss or quality impacts;
Complying with obligations and legal requirements;
Promoting continual improvement;
Adopting best practices;
Creation of measurable and achievable targets for performance improvement;
Providing resources to achieve targets;
Communicating and consulting with all stakeholders regarding the QMS;
Meeting customer requirements.
Tell everyone about it.
Make sure it is written.
Making sure people know it and understand it.
Give it to people who have an interest in your business (e.g. clients/suppliers/manufacturers/staff).
Publishing it on your website.
The Examples include written Quality policy, company induction, basic training, and toolbox talks.
4.1.3 Quality Objectives
Quality objectives, including those necessary to fulfil product and customer needs, must be set at appropriate functions and levels within the organization by management, with approval from top management. These objectives should be measurable, communicated, and aligned with the quality policy.
No quality plan can be completed without having measurable quality objectives. An objective should include a description of who is responsible, what is the target, and when is it planned to be achieved. Progress must be monitored. Also, requires objectives to be set for relevant processes. Ensure that whatever objectives you implement are SMART
Specific
Measurable
Achievable
Realistic
Time-bound
Some key rules are as follows:
Make sure they comply with the law and industry standards.
Make sure they conform with the products and services to make them better.
Monitor your objectives periodically to check what you are doing.
Tell the staff what they are and what you expect of them.
Updated when the management changes something.
Keep records of this. This should be included in the customer SLA and planning should be in place to ensure you can resource this response rate. An example could be Understanding the total number of planned maintenance, and the number of reactive maintenance to ensure you calculate the appropriate levels of resources. Organizations need to clearly understand how these will be realized. For example, if you aim to provide national coverage, how will this be achieved? What resources will you allocate, recruiting staff to cover the nation, training your staff etc.
4.1.4 Planning the Quality Management System
4.1.4.1 General
The planning of the quality management system must be conducted. While planning, the organization must specify the scope of the quality management system, including the products covered and any limitations or exclusions. The organization must recognize external and internal factors relevant to the organization’s long-term objectives and goals. Identify relevant stakeholders and their requirements for the quality management system. The organization must establish the sequence and interaction between the processes of the quality management system. The organization must determine and oversee the criteria and methods necessary for the efficient operation and control of quality management system processes. The organization must set quality objectives, detailing actions, resources, responsibilities, timeframes, and methods for monitoring and evaluation. It must address identified risks. It addresses opportunities for improvement. It must identify key personnel involved in the quality management system.
To meet the requirements for the delivery of products and services, the organization needs to plan, implement, and control its processes. The first step is to determine the requirements for products and services, meaning what features the product or service will have. Then, the organization needs to define how processes will be performed and what criteria the product or service needs to meet to be accepted for release. Finally, the organization needs to determine the resources needed for the processes and the records needed to demonstrate that the processes were carried out as planned. Once they have done their planning for what they are going to sell, they then must plan the details of how this can be done operationally. The organization may need to :
Set up supplier accounts/trade accounts.
Purchase stock.
Ensure staff have the correct skills and understand the process.
Purchase tools and vehicles.
Make sure you have enough staff.
Issue clear instructions, drawings, procedures risk assessments to enable them to do the job.
The organization needs to show clear control of the process. They will be expected to check that delivery is as expected and when there are deviations that this is managed and negative impacts controlled. The same control should be applied to subcontractors.
4.1.4.2 Exclusions
If an organization carries out activities covered by API Q1, whether internally or through outsourcing, it cannot claim the exclusion of those activities. Excluding certain activities should not impact the organization’s capability or obligation to deliver products that meet customer and legal standards. If any exclusions are made, the reasoning behind them must be documented. When an organization performs activities addressed by this specification, no claims to exclusion of those activities are permitted. When exclusions are permitted, they are limited to the following sections:
API Q1 Clauses
Sections
5.4
Design
5.6.4
Validation of Processes
5.6.7
Externally Owned Property
5.8
Testing, Measuring, Monitoring, and Detection Equipment (TMMDE)
4.1.5 Communication
4.1.5.1 Internal
The organization must set up internal communication processes. These processes should involve communicating, at appropriate levels and functions within the organization the significance of meeting customer, legal, and other relevant requirements; and the outcomes of data analysis.
4.1.5.2 External Communications
The organization must create and put into action a procedure for communicating with external entities, including customers. This process should cover:
Handling inquiries, contracts, or order processing, and any modifications;
Understanding and meeting requirements during contract execution and product creation;
Providing product details, including any non-conformities;
Addressing feedback and customer complaints;
Sharing quality plans and any subsequent adjustments; and
Communicating changes and associated risks.
This clause includes both internal and external communication about the QMS. Processes for internal and external communication need to be established within the QMS. The key elements of Communication that an organization must establish are
what needs to be communicated.
when it needs to be communicated?
how it should be done?
who needs to receive the communication? and
who will communicate?
It should be noted here that any communication outputs should be consistent with related information and content generated by the QMS for the sake of consistency. This is a straightforward clause and is simply about effectively communicating to all those within the organization and those affected by it. Internal communications can include briefings to staff on:
new policies;
new or amended objectives;
new or amended strategies;
new clients;
new or amended technology;
new products;
issues with suppliers;
anything that will have an impact on them.
Designate a person responsible for updates may be the department head.
To understand the requirements and other external organizations throughout contract execution and product realization, the organization must determine and implement a process for communicating with the customers and other external organizations. The communication process must address the execution of inquiries, contracts, or order handling and amendments, feedback and customer complaints. The organization must also provide product information, including product nonconformities identified after delivery to the customer. When it’s required by contract, the organization must provide information required by product quality plans and subsequent changes to those plans. An organization may choose to communicate with other interested parties, but the requirements under 4.1.5.2 were targeted and mandated to occur between the manufacturer and the operator (customer). It was also intended to go from manufacture to affected suppliers. External communication is to manage risk that occurs throughout the execution of the contract. Many will do this upfront, but this occurs during tendering, contract review, and execution.
4.2 Management Responsibility
4.2.1 General
Top management must show leadership and dedication to setting up, implementing, maintaining, and enhancing the quality management system by endorsing the creation of quality objectives at relevant functions and levels within the organization. Top management must allocate the necessary resources for the quality management system. These resources can encompass human resources, specialized skills, organizational infrastructure, financial assets, and technology. Top management must involve and back personnel in implementing and sustaining the quality management system and designating responsibilities and authorities to ensure that processes achieve intended outcomes.
This section focuses more on the roles and responsibilities of management and top management. This section focuses more on the roles and responsibilities of management and top management Top management must ensure essential resources are available necessary for establishing, implementing, maintaining, and improving the quality management system. Resources can include human resources and specialized skills, organizational infrastructure, financial resources, and technology. The responsibility of management within the organization is to provide evidence of its commitment to the development and implementation of the quality management system. Management continually improves its effectiveness by ensuring that quality objectives are established including key performance indicators for use in data analysis. The management must conduct management reviews.
Responsibilities of Top Management in API Q1 standard
Approval of Quality policy
Review of Quality policy
Approval of Quality objectives
Availability of Resources
Appointment of Management Representative
taking reports from the Management representative on the performance of the quality management system
Review and approve the output of Management Review
Responsibilities of Management in API Q1 standard
Establishment of quality objectives at relevant functions and levels
criteria and methods needed for the operation and control of all quality management system processes are determined, managed, and effective
planning of the quality management system is carried out to meet the requirements of this specification.
ensure that appropriate communication processes are established
the effectiveness of the quality management system is communicated
provide evidence of its commitment to the development and implementation of the quality management system
Review of the Organization’s Quality Management System
4.2.2 Responsibility and Authority
The duties, powers, and responsibilities of personnel within the organization’s quality management system must be clearly outlined, documented, and communicated across the organization.
Responsibilities, authorities, and accountabilities of personnel within the scope of this document shall be defined, documented, and communicated throughout the organization. The organization must ensure that responsibilities are allocated across the organization to maintain the management system to make sure what is supposed to happen is happening. While allocating Roles, Responsibilities, and authorities, the organization must remember the customer at all times the outcome of the business processes, and how they can be improved. Remembering to update the system as and when you change how you work or the intended process is amended. The organization must define job roles before recruitment, allocate job descriptions to personnel, and link this to the processes within the business. For eg, A sales administrator might be expected to have 12 months of experience in writing quotations. When they join there would be a period of training and reinforcing this through a written job description. The output would be a more senior colleague reviewing quotes, confirming they are correct, and ensuring that the customer is being quoted for what they asked for. If a form or process is amended along the way advise the sales administrator and ensure the new versions are applied.
4.2.3 Management Representative
Top management must appoint and retain a member of the organization’s management who, regardless of other duties, holds responsibility and authority that involves guaranteeing compliance of the quality management system with the requirements of this specification. Establishing, implementing, and maintaining processes necessary for the quality management system. Providing reports to top management regarding the performance of the quality management system and any areas requiring improvement. Initiating actions to rectify nonconformities. Ensuring the promotion of awareness of customer requirements throughout the organization.
Management Representatives must be appointed by the Top management. Management Representative must be a member of the organization’s management. The Top management must always maintain the Management Representative. Irrespective of the other responsibilities the Management Representative may have, He/She shall also have the responsibility and authority to ensure that processes needed for the quality management system are established, implemented, and maintained. Report to top management on the performance of the quality management system.Report for any need for improvements. Ensuring of initiation of action(s) to minimize the likelihood of the occurrence of nonconformities and ensuring the promotion of awareness of customer requirements throughout the organization. The management representative ensures that the QMS processes are established, implemented, and maintained. This may involve review and planning of internal audits, discussion with process owners, or even review of the processes in person to ensure they are properly maintained. If this were not the responsibility of the management representative, then it would be a responsibility distributed among the process owners, and when this happens no one has the responsibility at all. By having a focal point for the overall processes, the management representative can not only ensure that each process is functioning, but that the interaction of the processes is maintained. By doing this, the interactions can then start to be optimized, because it is not always the case that optimization in one process is the best thing for the overall system.
The management representative has a second responsibility to report to top management on how well, or poorly, the QMS is performing. Identifying any needs for improvement to top management is also part of this responsibility. As has already been said, top management needs to be fully supportive of the Quality Management System implementation if it is going to provide true benefit to the company. For this to function, there needs to be a point of focus for top management to use when reviewing the resource needs of the QMS, and how best to support the improvement needed. Being the voice of the QMS for top management can be the critical factor in a QMS providing a return on investment for the company, or not.
The management rep will gather this sort of information from the monitoring and measurement activities in the organization, as well as the results of the internal audits, and when the company uses a management review meeting, this is the sort of information that is presented.
The last responsibility is to ensure that people are aware of customer requirements throughout the organization. Since one of the main thrusts of an ISO 9001 Quality Management System is customer satisfaction, all employees must understand what the customer needs, and how they can affect how well the company satisfies these needs. Customer focus is one of the main Seven Quality Management Principles behind ISO 9001 requirements, and as such needs to have an advocate in the company. By being the “voice of the customer” in the organization, the quality management representative can make great strides in how satisfied customers are. If the company implemented a quality management system to improve customer satisfaction, it only makes sense that someone is responsible for promoting the customer needs in the company, and the management rep is the leader of this initiative.
The quality management representative becomes the one name that the Auditing organization (like API) can call, or the customer can contact with complaints. It is often these optional responsibilities that are seen as the main role of the management rep, but in fact, these could be done by one of many other people without affecting the effectiveness and success of the QMS.
4.3 Organization Capability
4.3.1 Resources and Knowledge
4.3.1.1 Resources
The organization must identify and allocate the necessary resources to implement, maintain, and enhance the effectiveness of the quality management system.
The organization shall determine and provide the resources needed to implement, maintain, and improve the effectiveness of the requirements of the quality management system. The organization must have the resources it needs to ensure the effective operation of the QMS. Resources may include raw materials, infrastructure, finance, personnel, and IT, all of which can be either internally or externally provided. The organization must have a clear understanding of:
what an organization has in-house and whether this is sufficient/fit for purpose to achieve its goals and objectives.
what additional support might be needed externally?
For example, Specialist skills are better outsourced due to the size of the organization (e.g. security screening, health, and safety advice).
4.3.1.2 Knowledge
The organization must identify the expertise required to sustain the operation of its processes and ensure the consistent conformity of its products. This knowledge should be preserved and accessible at the organization’s discretion. Knowledge may be gained through experience, study, training, lessons learned, best practices, or other means.
To identify the expertise required to sustain operations and ensure consistent product conformity while preserving and making knowledge accessible, the organization must identify critical areas of expertise required for sustaining operations and ensuring product conformity. Document this knowledge systematically, including key processes, procedures, best practices, and lessons learned. Map out the expertise needed across various roles and functions within the organization. This involves identifying specific skills, qualifications, experience levels, and certifications required for each role involved in sustaining operations and ensuring product conformity. Establish a knowledge management system to store, organize, and make knowledge accessible within the organization. This system could include a combination of databases, intranet portals, wikis, document repositories, and collaboration tools. Implement access controls and permissions within the knowledge management system to ensure that sensitive information is protected and accessible only to authorized personnel as per the organization’s discretion. This may involve role-based access control mechanisms. Encourage continuous learning and development among employees to acquire and enhance the required expertise. Provide training programs, workshops, seminars, and access to educational resources to support ongoing skill development. Facilitate knowledge transfer mechanisms such as mentorship programs, cross-functional training sessions, job rotations, and communities of practice. These initiatives help disseminate expertise among employees and ensure continuity in operations. Regularly update and review the documented knowledge to ensure its relevance and accuracy. Encourage employees to contribute their insights, experiences, and lessons learned to enrich the knowledge base. Identify potential risks associated with knowledge loss or expertise gaps and develop contingency plans to mitigate these risks. This may involve succession planning, knowledge retention strategies, and cross-training initiatives. Establish feedback mechanisms to gather input from employees regarding the effectiveness of knowledge management processes and identify areas for improvement. Ensure that knowledge management practices comply with relevant regulations, standards, and quality assurance requirements. Regular audits and assessments can help verify adherence to these standards. By implementing these strategies, the organization can effectively identify, preserve, and make accessible the expertise required to sustain operations and ensure consistent product conformity while safeguarding sensitive information as per its discretion.
4.3.2 Human Resources
4.3.2.1 Personnel Competence
Personnel involved in the organization’s quality management system responsibilities must be competent. The organization should uphold a documented procedure concerning personnel competence. This procedure should cover:
Identifying and documenting required competencies.
Identifying necessary education, training, experience, or other actions to attain competence.
Evaluating the effectiveness of measures taken to acquire competencies.
Establishing criteria and methods for assessing, maintaining, and re-assessing competencies.
Designating personnel responsible for assessing competency.
Records of personnel competence must be retained.
In the Four Levels of Learning In adult learning, there are four stages of learning to reach mastery. Three of the four have been incorporated into the term competent in API Spec Q1, 10th edition. The organization shall establish a documented procedure for determining the competency of its employees and other personnel. The procedure must also identify training requirements or other actions to achieve the necessary competency of these employees and other personnel. The procedure must also determine and document the effectiveness of the training or other actions taken toward the achievement of required competency. Personnel shall be competent based on the appropriate education, training, skills, and experience needed to meet product and customer requirements. Evidence of the determination of competence of personnel shall be recorded and maintained.
The organization needs to determine the necessary competence of its employees and ensure those employees are competent based on appropriate education, training, and experience. The organization must have a process for determining the necessary competence and achieving it through training or other means. Determining competence is a necessity in any organization. Working out on the skills your team has the skills they don’t yet have and the skills they will need to achieve the company’s objectives. For example to achieve the objective of “Increase in sales”, you need to improve the competency of your sales team by training them.
4.3.2.2 Training
The organization must establish and uphold a training procedure. The organization must identify the content and frequency of necessary training. The organization must provide training on the quality management system. It must provide job-specific training, including raising awareness among personnel about the significance of their tasks and their contribution to achieving the organization’s quality objectives. It must offer customer-specified or customer-provided training when necessary. It must assess the effectiveness of the training. It must document the required training records. Records of personnel training must be retained.
The organization must provide quality management system training and job training. They must also ensure that customer-specified training and/or customer-provided training, when required, is included in the training program. They must ensure that the frequency and content of training are identified. They must ensure that their personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of quality objectives and maintain appropriate records of education, training, skills, and experience. The content of awareness training may include items covered in induction training, specific training, toolbox talks or any other quality, environmental, or health and safety issues that affect several employees in the workplace. You should seek evidence to confirm that this requirement has been applied by your organization to ensure that the people who need to be made aware now include all the people who work on your organization’s behalf that affect the conformity of your organization’s management system or products. You ensure that these people are aware of:
The quality policies;
Relevant quality objectives;
Their contribution to the effectiveness of the management system;
Benefits of improved performance;
The implications of not conforming to management system requirements.
This also is to take into account all legal and other requirements that it subscribes to or is required to comply with. Not having an understanding of these “legal and other applicable requirements” not only puts employees at risk, but it has a potential negative impact on organizational processes and the environment,
Awareness training
The awareness training does not need to follow the format of long classroom sessions. Training techniques can include short training segments supplemented with videos and hands-on demonstrations that address key elements of the management system. Other methods to promote and reinforce awareness training sessions include communication via electronic bulletin boards, posters, newsletters and informational meetings. The requirements for general awareness training apply to all employees including those whose work may cause impacts on customer/product or service requirements. Awareness training is intended to provide an overview of the organization’s policy, objectives and targets, and overall management system. Your organization must ‘establish and maintain procedures to make its employees and members at each relevant function and level aware of’:
The importance of conformance with the policy and the management system procedures and requirements;
The actual and the potentially significant impacts and risks of the activities, products, and/or services;
The benefits of improved personal performance;
The employees’ roles and responsibilities in achieving conformance with policies and procedures;
The employees’ roles and responsibilities towards emergency preparedness and response;
The potential consequences of departure from specified operating procedures.
The awareness training materials may also include additional elements that address:
The organization’s objectives and targets;
The employees’ actions to minimize/eliminate impacts and risks and how they can contribute;
The importance of compliance with operational and regulatory requirements;
The overall improvement of the management system performance and the potential financial return;
The importance to interested parties.
Induction training
General awareness training should be undertaken by task demands. All recruits (workers, contractors and temporary staff) must receive induction briefings and periodic Quality management system awareness training appropriate to the duration of their responsibilities to ensure they are aware of the importance of ethical behaviour e.g. codes of conduct, internal management, working relationships, fair treatment, confidential reporting mechanisms, protecting anonymity, no-blame-culture, awareness campaigns, notice boards, posters, training programs including:
Core values and policies;
Company overview;
History of the company;
The people and structure;
Contract of employment;
Induction pack;
Health, safety and environmental briefing.
The induction record should be completed, signed by each participant and sent to the Human Resources Manager.
4.3.3 Work Environment
The organization must identify, furnish, oversee, and sustain the work environment necessary to ensure product conformity. This work environment encompasses Facilities, workspaces, and related utilities; Process equipment, including both hardware and software; Ancillary services (e.g., transportation, communication, information systems); and Work conditions, covering physical, environmental, or other influencing factors.
The organization must determine, provide, manage, and maintain the work environment needed to achieve conformity applicable to the manufacture of the product. Work environment includes buildings, workspace, and associated utilities, process equipment and its maintenance (both hardware and software), supporting services (e.g. transport, communication, information systems); and conditions under which work is performed such as physical, environmental, or other factors. The environment for the operation of processes clause ensures that the organization determines, provides, and maintains an environment necessary for the operation of its processes and to achieve conformity. The term environment refers to the work environment and is used to describe the set of conditions in which employees perform their work and under which products and services are produced. Conditions can include physical, social, psychological, and environmental factors (such as temperature, lighting, recognition schemes, social and occupational stress, ergonomics, etc). It can also relate to conditions on how work is done (complex, repetitive, creative, interactive, team, etc.) in work processes and procedures. The environment that you work in may include the following:
Equality Opportunities, whistle-blowing, the anti-bullying policy.
Violence at work, counselling support, lone working.
The manufacturer (organization) is responsible for identifying and knowing the different types of servicing and SRP that they will produce or support. They are also responsible for ensuring that the work environment needed to meet those requirements has been provided, is managed, and maintained to ensure conformity requirements are met. This includes the organization’s facilities, workspace, utilities, process equipment, and physical and environmental conditions where servicing and SRP are produced. The work environment includes the organization’s facilities, mobile work environments, and the well sites where services and SRP are utilized. Besides understanding what is considered the work environment, the organization also needs to understand the servicing and product conformity requirements.
4.4 Documentation Requirements
4.4.1 General
The documentation of the quality management system should consist of:
An outline of the quality management system’s scope, defining the products covered and providing reasons for any exclusions;
Declarations of the quality policy and quality objectives;
Listing legal and other relevant requirements that the organization must adhere to to ensure product conformity;
Explanation of how the quality management system fulfils each requirement outlined in this specification;
Identification of processes requiring validation; and
Procedures, documents, and records necessary for planning, executing, and controlling processes, as well as for meeting specified requirements.
Traditionally, some of this documentation has been incorporated into a quality manual, but it can take various formats and may be presented as either a single document or multiple documents.
The quality management system documentation must include statements of Quality policy, statements of Quality objectives and. documented procedures. It must also include documents and records required for effective planning, operation, and control of its processes and compliance with specified requirements. Legal and other applicable requirements needed for product conformity must also be identified. The quality manual describes the quality management system by the stated quality policy and objectives, while the procedures describe the processes and activities required to implement the quality management system. Organizations can address the requirements of the standards by preparing a management system manual and by implementing procedures to control processes. The quality manual, the policies, processes and procedures are all about what the organization has decided is important to ensure they can provide the services and products that continually meet customer requirements, deliver satisfaction and for the business to meet its targets and objectives. The quality manual provides the scope of the management system. Also, the manual contains an overview of management’s and employee responsibilities as well as conformity statements applicable to the Q1 causes that are contained and supported by your management system. The management system processes and procedures provide detailed requirements for each of your key processes with the intent to specify who does what, when, where, how the process, action, or task is performed, and what documentation is used to verify that all required the quality-related activities have been executed as required.
4.4.2 Procedures
Every procedure mandated by this specification must outline the organization’s approach to conducting an activity. These procedures must be documented, put into action, and upheld to ensure ongoing appropriateness. One procedure can encompass the requirements for one or more documented procedures. Likewise, multiple procedures can fulfil any requirement for a documented procedure.
All procedures mentioned in the API Q1 standard must be established, documented, implemented, and maintained for continued suitability. One or more procedures can be contained in a single document or the requirement of a documented procedure can be contained in one or more documents.
The organization must maintain a documented procedure for managing internal documents required by the quality management system and this specification, including revisions, translations, and updates. This procedure must cover:
Responsibilities for approval and re-approval;
Review and approval for adequacy before issuance and use;
Periodic reviews for ongoing suitability and necessary revisions;
Identification of changes and current revision status;
Ensuring legibility and proper identification of documents;
Availability of documents at locations where activities are carried out.
Obsolete documents must be removed from all points of distribution or use, or appropriately marked to prevent unintended usage if retained for any purpose. Procedures, work instructions, and forms mandated by the quality management system must be controlled.
The organization must establish a documented procedure for the identification, distribution, and control of its documents or those of external origin. The procedure shall specify responsibilities for approval and re-approval of the documents. It must identify the controls needed to ensure that the documents are reviewed and approved for adequacy before issue and use. It must identify changes and revision status. Document must remain legible and readily identifiable, and are available where the activity is being performed. Documents of external origin must be controlled to ensure that the relevant versions are used and maintained. The organization must ensure against unintended use of obsolete documents and remove them from all points of issue or use, or otherwise identified if they are retained for any purpose. All Procedures, work instructions, and forms must be controlled. The organization must control the documents required by its QMS. A suitable process must be implemented to define the controls needed to; approve, review, update, identify changes, identify revision status and provide access. The procedure should define the scope, purpose, method and responsibilities required to implement these parameters. To comply with the document requirements, all personnel must understand what types of information should be controlled and more importantly, how this control should be exercised. To get the most out of your procedure it must communicated to ensure that staff and other users of the documentation information understand what they must do to manage that information effectively and efficiently. Demonstrate the organization’s arrangements for controlling documents required by API Q1 and your organization’s own requirements, including
Availability e.g. document accessibility (hard copy, electronic media), readily available at the point of use;
Suitability e.g. format, media suitable to the environment, ease of understanding, language, interpretation;
Physical security (master documents, server rooms, libraries) IT security (User ID, password, servers, download, back up, encryption, ‘read-only’, ‘read/write’), protection from corruption and unintended alterations.
Demonstrate the organization’s arrangements for document retention e.g. organization/legal/contractual retention periods, storage, preservation, back up, retention of knowledge, disposal, obsolescence e.g. withdrawal, replacement, legacy archive and suitable identification (‘for information only’, ‘not to be used after….’, ‘uncontrolled copy’, ‘for reference purposes only’, etc.
Ensure your organization protects electronic data, e.g. security policy, system access profiles, password rules, storage and backup policy including protection from loss, unauthorized changes, unintended alteration, corruption, and physical damage. Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the document.
4.4.4 Control and Use of External Documents
The organization must uphold a documented procedure for managing documents from external sources necessary for product realization and use, including API or other external specifications. This procedure should cover:
Identifying and documenting the necessary external documents;
Managing access to and distribution of required documents, including relevant versions;
Incorporating requirements from external documents into product realization and any affected processes;
Establishing a process for identifying changes to required documents, such as addenda, errata, and updates;
Assessing the impact of changes;
Incorporating relevant changes.
Normative references specified within API products or other external specifications, essential during product realization, may also be regarded as external documents.
The organization must establish a documented procedure for the integration of the requirements coming from external specifications such as API products including addenda, errata, and updates into the product realization process and any other affected processes when such requirements are used in the design or manufacture of the product. External documents are the documents relevant to the quality management system (QMS) and issued by an external entity. Examples of those issuers can be customers, suppliers, legislators, regulators, standardization bodies, or business partners. Documents of external origin relevant to the QMS can be, for example, Product Specifications, Logistics Specifications, Material Safety Data Sheets, Legislation, Permits, Standards, Platform Rules, or Work Instructions. Organizations must determine what relevant documents of external origin are used in the design and manufacture of the products. The organization must ensure that external document is still updated. If the document was changed, what are the implications on the specification of the product? Do the changes in the document imply changes in the manufacturing process? The procedure must include:
what are the relevant documents of external origin
who is responsible for checking, with what frequency,
who is going to do what when there are changes or new documents;
get new versions or new document
update register
distribute new versions or new document
check if it is applicable
plan changes
implement changes
confirm that changes were implemented
4.5 Control of Records
Records, including those originating from outsourced activities, must be established and managed to demonstrate conformity to requirements and the organization’s quality management system. The organization must maintain a documented procedure outlining the controls and responsibilities for managing records. This procedure should cover:
Identifying records;
Collecting records;
Ensuring legibility of records;
Correcting records when necessary;
Storing records securely;
Safeguarding records from unintended alteration, damage, or loss;
Retrieving records as needed;
Determining retention periods;
Disposing of records when appropriate.
Records must be retained for a minimum of ten years or as required by customer, legal, and other relevant requirements, whichever is longer.
The organization must establish a documented procedure for control of Records. The procedure must identify the controls and responsibilities needed for the identification, collection, storage, protection, retrieval, retention time, and disposition of records. Records should remain legible, identifiable, and retrievable. The retention of records should be based on customer, legal, and other applicable requirements or 5 years whichever is more. The records including those of outsourced processes must be e established and controlled to provide evidence of conformity to requirements and the organization’s quality management system.
Records Required by API Q1 standard
records of education, training, skills, and experience
records to ensure the effective planning, operation, and control of its processes and compliance with specified requirements
record of customer requirements, when the customer provides no documented statement of requirements
Records of contract review including resulting actions
records needed to provide evidence that the product realization processes meet requirements (for eg inspection record)
Records of risk assessment and management including actions taken
Contingency plan
Records of design inputs
Records of design outputs
Records of design review
Records of design and development verification and the final review
Records of the design and development validation, approval, and any necessary actions
Records of design and development changes,
Records of supplier evaluation
Records of outsourced activities
Records of verification of Purchased Products or Activities
Records of product realization plan
records of review/verification, validation, monitoring, measurement, inspection, and test activities, including criteria for product acceptance
Records of validation of Processes for Production and Servicing
Records of identification and traceability
Records for the control and disposition of customer-supplied property
Records of the results of assessments of products kept in storage
Records of required inspection and testing
Records of preventive maintenance
Records of assessment of the validity of previous measurements and actions to be taken on the equipment and product, when the equipment is found to be out of calibration.
Records of the results of calibration and verification
Records shall be maintained to enable identification of the individual releasing the product
Records of notification to customers of products not conforming to DAC or contract requirements
Records of the nature of nonconformities of non-conforming products and any subsequent actions taken
Understanding ISO 29001:2022 Quality Management System.
ISO/TS 29001, as an international standard, is the result of the collaboration between ISO and the international oil and gas industry, which is primarily focused on the oil and gas supply chain. It specifies the Quality Management Systems requirements for the layout, establishment, production, and implementation of products and services for the petroleum, petrochemical and natural gas industries.. This standard is a supplement to ISO 9001:2015. The supplementary requirements and guidance to ISO 9001:2015 have been developed to manage supply chain risks and opportunities associated with the petroleum, petrochemical and natural gas industries and to provide a framework for aligning requirements with complementary standards employed within the industries. Since 29001 is also based on ISO 9001, which contains requirements on error prevention, reduction of variation and waste management from the service provider. These requirements have been written separately in order to ensure clarity and perceptibility. ISO 29001 is suitable for all companies within the oil and gas industry as it was developed to ensure quality and improvement within this particular sector. ISO 29001 provides the basis for continuous improvement by emphasizing the prevention of errors and reducing deviations and wastes in the supply chain and service providers. This standard, along with the specific requirements of the customer, defines the basic requirements of the quality management system for those who have accepted this certificate. The Oil and gas industry is one of the critical industries that need to follow heavy regulations and scrutiny. Even a single failure could mean disaster for the environment in addition to the harms and impacts on the other connected sectors of the industry. The industry needs a quality management system with an emphasis on compliance that can provide them comprehensive insights into processes and product quality to identify the scope of improvements going forward. ISO 29001 meets the specific needs of the oil & gas industry by developing a quality management system that, with a view to continuous improvement, seeks several benefits, including:
preventing and/or managing operational risks
business continuity in the face of adverse situations (e.g. accident/downtime of sections of a plant or service disruptions)
reducing costs
improving staff safety and environmental protection
reducing product waste and inefficient use of the supply chain.
All ISO management system standards are subject to a regular review under the rules by which they are written. Following a substantial user survey the committee decided that a review was appropriate and created the following objectives to maintain its relevance in today’s marketplace:
Integrate with other management systems
Provide an integrated approach to organizational management
Provide a consistent foundation for the next 10 years
Reflect the increasingly complex environments in which organizations’ operate
Ensure the new standard reflects the needs of all potential user groups
Enhance an organization’s ability to satisfy its customers
The structure is based on the mandate that Annex SL from the ISO Directives is applied to management system standards. The clause structure in ISO 9001:2015 is being aligned with other management system standards. The structure is to provide a presentation of requirements. It is not a model for the document for documenting the organization’s policies, objectives, and processes. There is no requirement for the structure of an organization’s quality management system documentation to mirror that of this International Standard.
Structure of ISO 29001:2020
Since ISO 29001:2020 is based on ISO 9001:2015 it has the same structure as that of ISO 9001:2015. ISO 29001:2022 like ISO 9001:2020 is based on Annex SL – the high-level structure. This is a common framework for all ISO management systems. This helps to keep consistency, align different management system standards, offer matching sub-clauses against the top-level structure, and apply common language across all standards. It becomes easier for organizations to incorporate their QMS into core business processes and get more involvement from senior management. The Plan-Do-Check-Act (PDCA) cycle can be applied to all processes and to the quality management system as a whole. SO 29001:2020, based on Annex SL, has 10 sections four of which also approximate to “PLAN, DO, CHECK, ACT.” All management system standards will have this common structure. Here is the structure:
Clause 1.Scope
This section describes the scope of the management system standard and will be unique to the individual standard. Clause 1 details the scope of the standard
Clause 2. Normative References
This section references other relevant standards, which are indispensable for the application of the document and will also be unique.ISO 9000, Quality Management System – Fundamental, and vocabulary is referenced and provides valuable guidance.
Clause 3. Terms and Definitions
Section three contains definitions, and while some of these are common terms related to Annex SL, other definitions will be unique to the management system standard. All the terms and definitions are contained in ISO 9000:2015 – Quality Management – Fundamentals and vocabulary.
Some additional Terms not available on ISO 9001:2015 but included in ISO 29001:2020 are
3.1 quality specification level (QSL) level defining the extent of control activities, typically including testing, inspection, verification and validation, undertaken by the provider to demonstrate conformance with requirements based on the determination of operational risk and/or obligations
3.2 Competence
3.2.1 competence catalogue hierarchical structured list of the competences required to perform a task
3.2.2 competence profile skills and behaviour, each specified at a level of proficiency, required to perform a role or activity in line with the associated risk or opportunity
3.2.3 proficiency level level of ability and behaviour attributes within a specific skill
3.3 inspection and test plan tabular presentation of a quality plan, typically used for process or product applications, to define the specific sequence of operational activities, instructions, acceptance criteria, information to be maintained and retained, and associated provider, customer and independent conformity assessment activities
Clause 4: Context of the Organization
4.1 Understanding the organization and its context.
This requirement requires a greater union between the QMS and wider business planning activities. it requires organizations to ascertain, monitor, and review both internal and external issues that are relevant to its purpose and strategic direction, and have the ability to impact the QMS and its intended results. The organization should determine external and internal issues for the organization relevant to its purpose, strategic planning, and which affect the organization’s ability to achieve its objectives. The Organization should monitor and review the information about external and internal issues. Management Review required the monitoring of external and internal issues. The organization must consider issues related to values, cultural knowledge, and performance of the organization for the understanding of internal issues. The organization must consider issues related to arising from legal, technological, competitive, market, cultural, social, and economic environments, whether international, national, regional, or local for the understanding of external context. The internal context may include, but is not limited to:
Product and service offerings
Governance, organizational structure, roles, and accountability.
Regulatory requirements
Policies and goals, and the strategies that are in place to achieve them.
Assets like facilities, property, equipment, and technology
Capabilities understood in terms of resources and knowledge like capital, time, people, processes, systems, and technologies.
Information systems, information flows, and decision-making processes (both formal and informal).
Relationships of the staff/volunteers/members and the perceptions and values of their internal stakeholders including suppliers and partners.
Organization’s culture.
Standards, guidelines, and models adopted by the organization and
Form and extent of the organization’s contractual relationships.
The external context’s micro-environment consists of the organization’s immediate operations and how they affect its performance and decision-making. Some of the micro-environmental context factors
Customers – Organizations must attract and retain customers by offering products services that meet their needs along with providing excellent customer service
Employees/Members/Volunteers – There must be the availability of people with the motivation to remain as contributing members of the organization and develop the skills necessary to provide a competitive edge
Suppliers – Suppliers provide organizations with the resources they need to carry out their activities. If a supplier provides bad service, this affects the way the organization operates. Close supplier relationships are an effective way to remain competitive and secure the resources needed
Investors – All organizations require investment to grow. They may borrow the money from a bank or have people invest in their work. Relationships with investors need to be managed carefully as problems can detrimentally affect the long term success of the organization
Media – Positive media attention can bring success to the organization by maintaining its reputational strength. Managing the media (including the presence in social media) is a challenge.
Competitors – Members of the organization need to have a sense of belonging. Can the organization offer benefits that are better than those offered by the competitors? Is there a strong value proposition? Competitor analysis and monitoring are crucial if an organization is to maintain or improve its position in the competitive landscape of the community. The organization must always be aware of its competitor’s activities. The landscape can change quickly.
To be read along with clause 4.1 of ISO 9001 Please click hear for clause 4.1 of ISO 9001. The organization must have records as an evidence of its understanding of its context, The records must identify external and internal issues. There must be records of monitoring and review of these external and internal issues.The record must identify if the issues have positive or negative factors or their condition for consideration. The record must also identify how the external issues are arising , whether it is arising from legal, technological, competitive, market, cultural, social and economic environments, whether international, national, regional or local. The record must also identify how the internal issues are arising , whether it is related to values, culture, knowledge and performance of the organization.
Rationale for this supplement as per ISO : Organizational context constantly evolves and informs the ongoing development of objectives, strategies and the quality management system. It is considered essential that organizations retain documented information of their understanding of the organization and its context as input to their planning and performance evaluation processes and as objective evidence for internal and interested party conformity assessment activities.
4.2 Understanding the needs and expectations of interested parties.
A broadening of scope beyond just customers. Requires the organization to determine “the relevant requirements” of “relevant interested parties” e.g. a person or organization that can affect, be affected by, or perceive themselves to be affected by a decision or activity.
The organization shall determine relevant interested parties and the requirements of relevant interested parties. Interested parties include Customers, Partners, Persons in the organization, External providers. Relevant interested parties to be considered are those that potentially could impact the organization’s ability to provide products and services that meet requirements. Monitor and review information related to interested parties and relevant requirements. Management Review requires the monitoring of relevant interested parties.
To be read along with clause 4.2 of ISO 9001 Please click hear for clause 4.2 of ISO 9001.The organization must have records as an evidence that it understood the needs and expectation of interested parties. There must be records of the interested parties relevant to QMS, their requirements relevant to QMS. The record must also include monitor and review of these interested parties and their relevant requirements.
Rationale for this supplement as per ISO: The needs and expectations of stakeholders (interested parties) constantly change either through changes in organizational context and objectives or changing social, customer or regulatory expectations and obligations. It is considered essential that organizations retain documented information of their understanding of stakeholder expectations and obligations as input to their planning and performance evaluation processes and as objective evidence for internal and stakeholder conformity assessment activities. NOTE Normally, ‘stakeholder’ is the preferred term in the petroleum, petrochemical and natural gas industries instead of ‘interested party’.
4.3 Determining the scope of the QMS.
The scope statement must state the products and services covered. The organization must establish the scope of the quality management system by determining the boundaries and applicability of the quality management system. While determining the scope the organization must consider the internal and external issues determined in 4.1., the requirements of relevant interested parties in 4.2. and the products and services of the organization.
Requirements that can be applied by the organization shall be applied. Requirements that cannot be applied cannot affect the organization’s ability to provide products and services that meet requirements. The organization must maintain scope as documented information stating the Products and services covered by the QMS and any Justification where a requirement cannot be applied. Any interested party which is not relevant to the quality management system need not be considered and similarly, any requirement of the interested party need not be considered. Determining what is relevant or not relevant is dependent on whether or not it has an impact on the organization’s ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements or the organization’s aim to enhance customer satisfaction. The organization can decide to determine additional needs and expectations that will meet its quality objectives. However, it is at the organization’s discretion whether or not to accept additional requirements to satisfy interested parties beyond what is required by this Standard.
Applicability
The focus is on the application and not just the exclusions. There are no limits to which clauses where the application can be determined. Justification will be required as documented information to ensure that limited application does not affect the organization’s ability to provide for the provision of products and services. The application of requirements may vary. Where a requirement can be applied within the scope of its quality management system, the organization cannot decide that it is not applicable. Where a requirement cannot be applied (for example where the relevant process is not carried out) the organization can determine that the requirement is not applicable. However, this non-applicability cannot be allowed to result in failure to achieve conformity of products and services or to meet the organization’s aim to enhance customer satisfaction. A manufacturing organization that does not have any monitoring and measuring resources could determine requirements in 7.1.5 do not apply. Organizations that build from a customer-provided design could determine requirements for design in 8.3 do not apply. Organizations could not determine that requirements such as competence are not applicable since this directly affects the ability to provide a product that meets requirements.
Rationale for this supplement as per ISO : Requirement formalizes the principle that when required by regulatory obligation or contractual condition organizations shall inform stakeholders when requirements in this document and as such the organization’s quality management system is not considered within the scope of activities.
4.4 Quality Management System and its processes.
This specifies the number of factors to be considered when planning the processes that make up the QMS. The standard requires the organization to establish a process-based management system. This is required to be maintained and continually improved. The clause sets out high-level requirements for the design of such a process-based management system. These processes are integral and also there are support processes that underpin the operation of the entire QMS.
Rationale for this supplement as per ISO : Requirement formalizes the principles that organizations shall clearly define the scope boundaries and exclusions of the quality management system and its processes and the associated extent of maintained and retained documented information
5. Leadership
5.1 Leadership and commitment.
Greater emphasis is placed on the role of top management. Requires top management to “demonstrate leadership and commitment”, and suggests that a more hands-on approach is expected. ISO 29001:2020 requires top management to be much more “hands-on” with respect to their QMS. Where the word “ensuring” is used in sub-clause 5.1.1, top management may still assign this task to others for completion. Where the words “promoting”, “taking”, “engaging” or “supporting” appear, these activities cannot be delegated and must be undertaken by top management themselves. Top management must:
have accountability for the effectiveness of their organization’s quality management system;
ensure that their organization’s quality policy and quality objectives are consistent with the organization’s overall strategic direction and the context in which the organization is operating;
work alongside their people in the organization in order to ensure that the quality objectives are achieved;
ensure that the quality policy is communicated, understood and applied across the organization;
make sure that the quality management system is achieving the results that are intended;
lead people to contribute to the effective operation of the system;
drive continual improvement and innovation and develop leadership in their managers.
The top management is required to ensure that:
the requirements set out in ISO 29001:2020 are met;
QMS processes are delivering their intended outcomes;
reporting on the operation of the QMS and identifying any opportunities for improvement is taking place;
a customer focus is promoted throughout the organization;
whenever changes to the QMS are planned and implemented, the integrity of the system is maintained.
Customer focus
The top management should ensure that the organization should have knowledge of the law and is aware of the customer’s expectations and is delivering. Knowing what can go wrong with what you are selling and providing and what opportunities you also have when you deliver this; opens doors, for example, to other work streams; They should be making sure that the customer is happy. Understanding customer specifications/ needs. Ensure you know exactly what the customer wants and documenting this from the initial inquiry to commissioning paperwork.
Policy requirements are enhanced. A requirement is introduced that the quality policy is appropriate to the context of the organization and that it is applied throughout the organization. Write the policy to include:
making sure it reflects your business size, ethos and what you are trying to achieve;
how you will decide what you are going to achieve and how you will check this;
committing to doing it the right way (e.g. in line with standards and best practice);
committing to try to continually improve.
Tell everyone about it.
Making sure it is written.
Making sure people know it and understand it.
Giving it to people who have an interest in your business (e.g. clients/suppliers/manufacturers/staff).
Publishing it on your website.
The example includes written Quality policy, company induction, basic training, toolbox talks.
5.3 Organizational roles, responsibilities, and authorities.
The requirement for a Management representative is no longer specified. The duties previously assigned to that role may now be assigned to any role or split across several roles. The top Management must ensure that responsibilities are allocated across the organization to maintain the management system to make sure what is supposed to happen is happening. While allocating Roles, Responsibilities, and authorities, the organization must remember the customer at all times and the outcome of the business processes, and how they can be improved. Remembering to update the system as and when you change how you work or the intended process is amended. The organization must be defining job roles prior to recruitment, allocating job descriptions to personnel, and linking this to the processes within the business. For eg A sales administrator might be expected to have 12 months’ experience in writing quotations. When they join there would be a period of training and reinforcing this through a written job description. The output would be a more senior colleague reviewing quotes, confirming they are correct, and ensuring that the customer is being quoted for what they asked for. If a form or process is amended along the way advising the sales administrator and ensuring the new versions are applied.
To be read along with clause 5.3 of ISO 9001 Please click hear for clause 5.3 of ISO 9001.The organization must define the roles at all relevant function, levels and process. The organization must have a procedure for establishing the responsibilities and authorities to ensure that QMS conform to the requirement of the ISO 29001:2020 std, all process are delivery their intended output, promotion of customer focus through out the organization, integrity of QMS is maintained when changes to QMS is planned and implemented, and reporting the performance of QMS as well as the opportunities of improvement to the top Management . The organization must have record of these roles , and responsibilities and authorities of these roles.
Rationale for this supplement as per ISO : Requirements for defining roles and documented information for responsibilities and authorities related to these roles are added as these elements are considered essential to be documented, also in view of conformity assessment activities.
6.0 Planning
Risk-based Thinking
The main objectives of ISO 29001 are to provide confidence in the organization’s ability to consistently provide customers with conforming Products and services and to enhance customer satisfaction. The concept of “risk” in the context of ISO 29001 relates to the uncertainty in achieving these objectives. ISO 29001 incorporates risk-based thinking in its requirements for the establishment, implementation, maintenance, and continual improvement of the quality management system. Organizations may choose to implement a formal risk management program such as ISO 31000, ISO/TR 31004 and IEC 31010 provide guidance on risk management principles, framework and generic processes, and risk assessment techniques . In these ISO and IEC deliverables, risk includes opportunity. The concept of risk is built into the whole management system. Risk-based thinking is also part of the process approach. Risk-based thinking can also help to identify opportunities. For risk-based thinking, the organization must understand any external and internal issues as given in clause 4 context of the organization. Risks and opportunities are determined in clause 6.1. Implementing Risk-based thinking also assures preventive action. One of the key purposes of a quality management system is to act as a preventive tool. ISO 9001:2015 does not have a separate clause titled preventive action. The concept of preventive action is controlled through risk-based thinking by managing risks and opportunities identified in clause 6.1
6.1 Actions to address risks and opportunities.
This sub-clause requires a risk-based approach. In addition to this clause, the reference to the terms ‘risk’ and ‘opportunity’ are made throughout the standard. Consider the issues determined in clause 4.1 and the needs and expectations of interested parties in clause 4.2 to determine your risk and opportunity. The organization should determine risks and opportunities to assure that that the quality management system can achieve its objective, prevent or reduce undesired effects, and for continual improvement. The organization shall plan actions to address risks and opportunities. The actions identified should be appropriate to its potential impact on the QMS. The action of risk and opportunities must be integrated and implemented into the QMS processes. The effectiveness of these actions must be evaluated. Actions to address the risks – First, the organization should identify the risks and opportunities it wants to address. Then the organization must determine the severity of each risk and opportunity. Understanding the severity, the organization must plan action to address the risk and opportunity. This can be captured in the Risk plan. Plan how all the elements can come together, and how it will be run, and a means of checking them, and that the plan is on track. Use risk methodologies to ensure that you apply things appropriately. The greater the risk and the impact on the organization, the greater the control measures, planning, management, etc. If necessary, have a Plan B. Consider how an understood risk can be used in a positive way to look at other ways of doing things or other products.
To be read along with clause 6.1 of ISO 9001 Please click hear for clause 6.1 of ISO 9001.The organization must establish a procedure to support and demonstrate the establishment of process of management of risks and opportunities. The procedure must define the tool, technique and their application for the identification and identification of risk and opportunities, and also prevention and mitigation of risk. It must identify relevant interested parties, sources of risk and opportunity, areas of impacts, events and their causes, and their potential consequences, The procedure must also include analyses for potential risk and opportunity by determining its consequences and likelihood, evaluation of risk and opportunity and to develop controls for them, and application of appropriate risk treatments and opportunity realization plans. The organization must also have record as an evidence of support and demonstration of the management of risks and opportunities as per the process established.
Rationale for this supplement as per ISO: Requirements for processes for managing risks and opportunities are added in view of the (potential) high risk associated with operations in the petroleum, petrochemical and natural gas industries, including the supply chain which can contain several providers following a ‘cascading model’ (e.g. contractors and sub-contractors), and to align the activities with the risk management methodology as described in ISO 31000.
6.2 Quality objectives and planning to achieve them.
No quality plan can be complete without having measurable quality objectives. An objective should include a description of who is responsible, what is the target, when is it planned to be achieved. Progress must be monitored. Also, requires objectives to be set for relevant processes. Ensure that whatever objectives you implement are SMART
Specific
Measurable
Achievable
Realistic
Time-bound
Some key rules are as follows:
Make sure they comply with the law and industry standards.
Make sure they conform with the products and services to make them better.
Monitor your objectives periodically to check what you are doing.
Tell the staff what they are and what you expect of them.
Updated when the management changes something.
Keep records of this. This should be included in the customer SLA and planning should be in place to ensure you can resource this response rate. An example could be Understanding the total number of planned maintenance, the number of reactive maintenance to ensure you calculate the appropriate levels of resources. Organizations need to clearly understand how these will be realized. For example, if your aim is to provide national coverage, how will this be achieved? What resources will you allocate, recruiting staff countrywide? Who will manage it? Have you understood when it needs to be achieved and what will you do to check it is effective?
The clause lists items to be considered in change management. When some changes need to be made in the organization either in the product, service, or process, the impact of the change needs to be considered before a change is made. You will need to demonstrate that you have: a) considered why are you changing it and what could happen when you make the change; b) ensured that the QMS doesn’t get affected negatively, e.g. something can’t be done any longer once you have changed a process like you stop recording the number of quotes you are doing and therefore you don’t have an ability to review conversion rates; c) thought about what you need to achieve it (e.g. people/technology, etc.); d) considered what changes need to be made in the organization to make it happen.
To be read along with clause 6.3 of ISO 9001 Please click hear for clause 6.3 of ISO 9001.Any risk and opportunities which are associated with proposed change management must be managed as per as the procedure or Process of management of Risk and opportunities as mentioned in clause 6.1 . The organization must establish a procedure to manage the process of change. The organization must have records as an evidence of the implementation of change management.
Rationale for this supplement as per ISO : Requirement for management of risks and opportunities associated with proposed changes is added as management of change is core principle in the petroleum, petrochemical and natural gas industries and underpins key frameworks, notably process safety. Requirement for documented information is added as management of changes is considered essential to be documented, also in view of conformity assessment activities.
7.0 SUPPORT
7.1 Resources.
7.1.1 General
The organization must determine and provided the resources needed for the establishment, implementation, maintenance, and continual improvement of the QMS. The organization must have the resources it needs to ensure the effective operation of the QMS. Resources may include raw materials, infrastructure, finance, personnel, and IT, all of which can be either internally or externally provided. The organization must have a clear understanding of:
what an organization has in house and whether this is sufficient/fit for purpose to achieve its goals and objectives.
what additional support might be needed externally.
For example Specialist skills that are better outsourced due to the size of the organization (e.g. security screening, health, and safety advice).
This standard expects an organization to determine and provide the appropriate number of personnel to effectively implement the QMS and for the operation and control of its processes. Allocation of staff in order to achieve the required outcome. This means determining that you have someone to carry out a specific process e.g. recruitment, screening, and training of staff. Dependent on the size of the organization this may be one or two people or a team. The senior management will need to determine the resource needed and maintain this. This will be about ensuring you have the right number of engineers or security officers to provide the service that you have quoted. This will depend on the specifics set out in the contract and terms. e.g. ensuring you have sufficient engineers to respond within 24 hours. Ensuring you have sufficient trained security officers to replace those who may be sick or on holiday.
Essentially a company needs to consider all the things they will need in order to deliver a service and product to the customer. This may be :
buildings, water, gas, electricity, etc.
equipment such as e computers, operating systems, printers, software, monitoring equipment, etc
vehicles that may be needed for engineers, managers, sales and survey staff;
information such as standards that have to be applied, the internet, mobile phones, tablets, etc.
To be read along with clause 7.1.3 of ISO 9001 Please click hear for clause 7.1.3 of ISO 9001. The organization must have a procedure to establish a process for identifying Infrastructure and their usage to achieve conformity of the product and services. The organization must retain records as evidence implementation of the procedure for identification and usage of infrastructure. The procedure and record must include infrastructure to be maintained, method of maintaining including frequency and monitoring for the infrastructure to ensure infrastructure integrity for performance requirements. It must also include outcome of maintenance, including applicable testing methods and acceptance criteria and responsible personnel. For service related infrastructure such as equipment or Machines it must include usage history, repairs or redress, modifications, re manufacturing, inspection, and test activities that allow direct verification for reuse of infrastructure as well as list of critical spare parts as recommended by the original equipment manufacturer or customer or technical requirement or combination of three. The organization can apply risk based maintenance which includes the concept of
— preventive and predictive maintenance; — reliability centred maintenance; — mean time between failures; — system, design and process failure mode and effects analysis; — failure mode and criticality effects analysis; — process control plans; and — others that are in context of the organization and its risks.
Rationale for this supplement as per ISO: Requirements for documented information are added as infrastructure related products and services are considered essential to be documented, also in view of conformity assessment activities. The possibility of applying risk-based maintenance is added to enhance user’s understanding of the concepts that are part of risk-based maintenance, which will be supportive in maintaining the infrastructure.NOTE Lessons learned from industry events demonstrate the need to maintain and retain documented information.
7.1.4 Environment for the operation of processes
The environment for the operation of processes clause ensures that the organization determines, provides, and maintains an environment necessary for the operation of its processes and to achieve conformity. The term environment refers to the work environment and is used to describe the set of conditions in which employees perform their work and under which products and services are produced. Conditions can include physical, social, psychological, and environmental factors (such as temperature, lighting, recognition schemes, social and occupational stress, ergonomics, etc). It can also relate to conditions on how work is actually done (complex, repetitive, creative, interactive, team, etc.) in work processes and procedures. The standard makes reference to the environment that you work in and may include the following:
Equality Opportunities, whistleblowing, the anti-bullying policy.
Violence at work, counseling support, lone working.
The organization needs to decide what tools it uses to measure organization performance. It also needs to consider whether these tools will give them everything they need as a result. You may use commissioning paper trail and or electronic processes. For eg to monitor Customer Service, you may take feedback after installing via phone call. Other organizations may have a CRM in place. Some of the Suitable measuring tools may be equipment that is used to test and commission systems such as multimeters, insulation testers, sound pressure level meters, etc. You may be required to do calibration of all the test equipment that you use.
To be read along with clause 7.1.5.1 of ISO 9001 Please click hear for clause 7.1.5.1 of ISO 9001. The organization must establish a procedure that defines the processes and controls to manage monitoring and measurement resources (equipment). The procedure must have mechanism to ensure equipment are suitable for he specific type of monitoring and measurement activities being undertaken. Their maintenance for their continuing fitness. The organization must also have record as an evidence of fitness for purpose of the monitoring and measurement resources
Rationale for this supplement as per ISO: Requirement for documented information is added as defining processes and controls related to monitoring and measuring resources is considered essential to be documented, also in view of conformity assessment activities. NOTE Although ISO 29001 cannot impose that laboratories are accredited to ISO/IEC 17025, it is common practice to require accreditation when performing laboratory activities, either internally or externally.
7.1.5.2 Measurement traceability
Measurement traceability is the process of validating the equipment that will be used to measure products and resources. This will give the organization confidence that all measurements are completely correct. You need to establish whether this is relevant to you and meeting all applicable requirements for the product and services.
Is it required to be calibrated?
Allocated unique reference numbers and listed on a register of some sort.
Allocated to personnel as and when needed and a clear process in place to ensure all staff knows how to use it properly.
Able to identify calibration status
Protected from an adjustment that could affect results of measurement
Protected from damages during moving, repairs, or storage
Non-conforming devices are checked against a conforming device
To be read along with clause 7.1.5.2 of ISO 9001 Please click hear for clause 7.1.5.2 of ISO 9001. Organization must have a procedure and all relevant records as an evidence of the procedure being followed for the measurement traceability. The procedure must demonstrate the conformance and measurement traceability of the measuring equipment used to determine product conformity to requirements. Organizations are expected to check results from calibration to ensure they are comfortable and have not been tampered with. You may have a measuring equipment register Register. The procedure must include a unique identification, specific to each piece of equipment. The procedure must establish as mechanism for calibration or verification of the measuring equipment or both, at specified intervals, or prior to use, against measurement standards traceable to international or national measurement standards When no such standards exist, the procedure must establish the basis used for calibration or verification. It must include the identification for determining their status. It must establish mechanism for safe guarding the measuring equipment from adjustments, damage or deterioration that would invalidate the calibration status and subsequent measurement results. The procedure must establish a mechanism for action to be taken when validity of previous measurement results has been affected when a instrument is found to be defective during its planned verification or calibration or when in use. It must also establish a mechanism for customer notification.
Rationale for this supplement as per ISO: Requirements for documented information are added as traceability of measuring equipment and actions taken in cases of inappropriate measurements are considered essential to be documented, also in view of conformity assessment activities.
7.1.6 Organizational knowledge
The organization shall determine the knowledge necessary for the operation of the QMS, ensure the conformity of products and services, enhance customer satisfaction. As necessary the organization is responsible for maintaining, protecting, and making sure the knowledge is available. Knowledge is to be considered when making changes to the organization. Knowledge required depends on the size and complexity of the organization, the risks and opportunities it needs to address, accessibility of knowledge, the process for considering and controlling past, existing, and additional knowledge. As long as the conformity of products and services can be achieved, the balance between knowledge held by competent people and knowledge made available by other means is at the discretion of the organization. Consideration can be given to whether competent employees have this knowledge
The organization needs to determine the necessary competence of its employees, and ensure those employees are competent on the basis of appropriate education, training, and experience. The organization must have a process for determining the necessary competence and achieving it through training or other means. Determining competence is a necessity in any organization. Working out on the skills your team has and the skills they don’t yet have and the skills they will need to achieve the company’s objectives. For example to achieve the objective of “Increase in sales”, you need to improve the competency of your sales team by training them.
To be read along with clause 7.2 of ISO 9001 Please click hear for clause 7.2 of ISO 9001. The organization must establish a procedure and all relevant records as an evidence of implementation of procedure for competence. The procedure must define the practices employed to manage competence requirements of personnel whose responsibilities influence the achievement of quality objectives. The procedure must include the determination of necessary competence of its employees whether staff ,workers, contract workers, full time or part time or outsourced, on the basis of appropriate education, training, or experience. In case gaps are identified in the competence the procedure must include actions to be taken to acquire necessary competency and evaluation of the effectiveness of the actions taken .The procedure must also validate the competence to the risk level associated to the above mentioned task as per procedure as given in clause 6.1. Competency Matrix/ catalogue, proficiency levels, criteria for attaining and maintaining proficiency, competence profiles can be part of the competency model as a part of the procedure. Validation of proficiency levels can include technical interviews, assessments and on job/ classroom/online training.
Rationale for this supplement as per ISO : Requirement for validation of competency is added in view of the (potential) high risk associated with operations in the petroleum, petrochemical and natural gas industries, including the supply chain which can contain several providers following a ‘cascading model (e.g. contractors and sub-contractors). Requirement for documented information is added as managing competencies is considered essential to be documented, also in view of conformity assessment activities.
7.3 Awareness.
The clause of Awareness is closely related to the clause of competence. Employees must be made aware of the Quality Policy and its contents. They must also be aware of how their personal performance currently impacts QMS and its objectives or may impact it in the future. They must understand the implications of positives or improved performance, and poor performance may be to the QMS. There is a greater focus on not just communicating the policy but to ensure that it is understood by all the employees and how it affects their work, especially if they deviate from it. They must understand what they contribute and how this can make the organization better. From a QMS point of view, the organization should look to explain policies more clearly so that the staff understands their meaning. It may useful to capture this on a training record, For Quality Policy the employees:
Read and understood = insufficient
Understand companies aim = Yes
Understand the company’s processes in which they are involved = Yes
Understand their impact = Yes
Understand they can have a positive effect = Yes
Understand they can have a negative effect = Yes
To be read along with clause 7.3 of ISO 9001 Please click hear for clause 7.3 of ISO 9001. The organization must also ensure that its employees whether staff ,workers, contract workers, full time or part time or outsourced are aware of related to their work the customer requirement, regulations, the process of risk mitigation, the requirements of conformity assessment.
Rationale for this supplement as per ISO : Requirement for awareness of specified regulated and customer quality requirements, risk mitigation and verification requirements related to work is added to align with with API Spec Q1 and API Spec Q2.
7.4 Communication.
This clause includes both internal and external communication about the QMS. Processes for internal and external communication need to be established within the QMS.
The key elements of Communication that an organization must establish are
what needs to be communicated?
when it needs to be communicated?
how it should be done?
who needs to receive the communication? and
who will communicate?
It should be noted here that any communication outputs should be consistent with related information and content generated by the QMS for the sake of consistency. This is a straightforward clause and is simply about effectively communicating to all those within the organization and those affected by it. Internal communications can include briefings to staff on:
new policies;
new or amended objectives;
new or amended strategies;
new clients;
new or amended technology;
new products;
issues with suppliers;
anything that will have an impact on them.
Designate a person responsible for updates that may be either department heads or Top Management.
The term “documented information” in the ISO 29001 is basically a combination of the two terms “documents” and “records”. “Documents”, “Documentation” and “Records” are combined to become “Documented information”. It refers to all of the important information within the organization that must be kept organized and controlled. It is a requirement to determine, make available, and maintain knowledge. It mentions issues such as confidentiality, access, and data integrity. The organization may adopt information security due to the increasing use of electronic documents/data. Documented procedures (e.g. to define, control, or support a process) are now expressed as a requirement to maintain documented information. and records are expressed as a requirement to retain documented information.
7.5.2 Creating and updating
When documented information is created or updated, organization should ensure that it is appropriately identified and described (e.g. title, date, author, reference number). It must be in an appropriate format (e.g. language, software version, graphics) and on appropriate media (e.g. paper, electronic). Confirm that documented information is reviewed and approved for suitability and adequacy. When documented information is created or updated, Organization should ensure that it is appropriately identified and described (e.g. title, date, author, reference number). It must be in an appropriate format (e.g. language, software version, graphics) and on appropriate media (e.g. paper, electronic). Documented information should be reviewed and approved for suitability and adequacy.
7.5.3 Control of documented information
A robust document control process invariably lies at the heart of any compliant management system; almost every aspect of auditing and compliance verification is determined through the scrutiny of documented information. With this in mind, it becomes apparent that the on-going maintenance of an efficient document management system must not be overlooked. Organization must control the documented information required by the QMS. A suitable process must be implemented to define the controls needed to; approve, review, update, identify changes, identify revision status and provide access. The documented information process should define the scope, purpose, method and responsibilities required to implement these parameters. In order to comply with the documented information requirements, it is essential that all personnel understand what types of information that should be controlled and more importantly, how this control should be exercised. To get the most out of your documented information process, it must communicated to ensure that staff and other users of the documentation information understand what they must do in order to manage that information effectively and efficiently. Demonstrate the organization’s arrangements for controlling documented information required by ISO 29001 and your organizations own requirements, including:
Availability e.g. document accessibility (hard copy, electronic media), readily available at the point of use;
Suitability e.g. format, media suitable to the environment, ease of understanding, language, interpretation;
Protection e.g. document authentication, document markings (official, secret, restricted, confidential, private, sensitive, classified, unclassified), access controls (individual, role specific),
Physical security (master documents, server rooms, libraries) IT security (User ID, password, servers, download, back up, encryption, ‘read only’, ‘read/write’), protection from corruption and unintended alterations.
Demonstrate the organization’s arrangements for document retention e.g. organization/legal/contractual retention periods, storage, preservation, back up, retention of knowledge, disposal, obsolescence e.g. withdrawal, replacement, legacy archive and suitable identification (‘for information only’, ‘not to be used after….’, ‘uncontrolled copy’, ‘for reference purposes only’, etc.
Ensure your organization protects electronic data, e.g. security policy, system access profiles, password rules, storage and back-up policy including protection from loss, unauthorized changes, unintended alteration, corruption, physical damage. Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the documented information.
To be read along with clause 7.5 of ISO 9001 Please click hear for clause 7.5 of ISO 9001. The organization must establish a procedure for Control of Documented Information. The procedure must include mechanism for distribution, access, retrieval and use of the Documented Information (Documents and Records.). It must include storage and preservation, including preservation of legibility, ) control of changes (e.g. version control), retention and disposition. It must also include the process for preventing unintended alteration of Records. It must Include process for identification and control of Documented Information (Documents and Records.) of External origins (Example can include standards, equipment manual, Tender document, Purchase order, Invoice, etc ). It must also include the practice of integrating external specification requirements, including addenda, errata, and updates that are used in manufacturing and designing of product or services into related operating processes.
Rationale for this supplement as per ISO: Requirements for documented information are added as defining processes and controls for documented information and defining practices to integrate external specifications in their own operating processes are considered essential to be documented, also in view of conformity assessment activities.
8.0 Operation
8.1 Operational planning and control.
In order to meet the requirements for the delivery of products and services, the organization needs to plan, implement, and control its processes. The first step is to determine the requirements for products and services, meaning what features the product or service will have. Then, the organization needs to define how processes will be performed and what criteria the product or service needs to meet to be accepted for release. Finally, the organization needs to determine the resources needed for the processes and the records needed to demonstrate that the processes were carried out as planned. Once they have done their planning for what they are going to sell, they then must plan the detail of how this can be done operationally. The organization may need to :
Set up supplier accounts/trade accounts.
Purchase stock.
Ensure staff have the correct skills and understand the process.
Purchase tools and vehicles.
Make sure you have enough staff.
Issue clear instructions, drawings, procedures risk assessments to enable them to do the job.
The organization needs to show clear control of the process. They will be expected to check that delivery is as expected and when there are deviations that this is managed and negative impacts controlled. The same control should be applied to subcontractors.
To be read along with clause 8.1 of ISO 9001 Please click hear for clause 8.1 of ISO 9001. The organization must take into account the customer’s scope when determining the requirements for the products and services. The organization can establish a quality plan, service quality plan or inspection and test plan which specifies the processes of QMS and the resources to be applied to a specific product, service, project or contract. This and all relevant records, as an evidence of implementation must be controlled as per procedures given 6.1 and 7.5. While planning the operation base on the risk of achieving requirement and improvement opportunities the organization must apply change management process as per the procedure given in clause 6.3. When contingency plans are established as a risk treatment it must include at minimum roles and responsibility for response, communication and immediate actions.
Rationale for this supplement as per ISO : Requirements related to operational planning and control are added to link these activities with risk treatments, including contingency plans where appropriate, and change management processes when planning the operations to ensure that product or service outcomes meet the requirements or obligations. Explanation is provided that documented information in this context is (better) known as quality plan, service quality plan or inspection and test plan.
8.2 Requirements for products and services.
Requirements for products and services are closely related to communication with customers. This communication must include information related to the products or services, handling inquiries, contracts or orders, customer feedback, handling and controlling customer property, and, if needed, establishing specific requirements for contingency actions. Before offering the product or service to the customer, the organization needs to ensure that the requirements for the products and services are defined and that the organization is able to deliver such products or services. Requirements for products and services include any applicable legislation and the requirements that the organization considers being necessary. After receiving the order, the organization must, prior to delivery, review the requirements related to the product and keep records about the review. If the customer changes its requirements, these also must be reviewed and recorded. In case of changes, the organization must ensure that all documented information is amended and all relevant persons are aware of the changes.
8.2.1 Customer communication
This is essentially about how you relate to the customer, to include: a) what you are selling; b) how they can expect to be dealt with (e.g. formal quote/email/letter/terms you will work under/within); c) getting feedback from the customer; d) looking after their property (e.g. premises whilst you are in there); e) what plans you put in place for if something goes wrong.
Ensuring the customer has a clear written quotation and specification relating to the services they want. Allocating a specific person/manager to the customer so that they have one key contact for all communication; that way, positive and negative feedback is captured and dealt with. you must give useful information about your products/services. you must provide some mechanism to have your customers ask about the products/services and e a way for customers to inquire about your invoices and fees. The customer must have a way to ask about changes. There should be a way to collect customer complaints and a way to collect feedback. If your customers provide their property as a part of your product/service, they must be able to understand how it is handled. If there are any risks associated with your product or service, your customer must be told of them and how they are handled
8.2.2 Determining the requirements for products and services
Organizations need to be clear about what is required in order to sell their products and services. You must review customer requirements before committing to supply the product or service. You need to take into account a few things here. You must consider:
Delivery
Installment
Service
Warranty
Applicable acts and regulations
What to do when providing verbal contracts.
for legal and industry norm;
elements the organization determines as necessary for their own needs.
Once all that is considered and reviewed, you need to formally accept the requirements with confirmation back to the customer of what you are going to deliver and when. You need to keep documented information on this review. The organization must be able to deliver what it is selling. Liaise with suppliers, attend open days, read the product literature.
8.2.3 Review of the requirements for products and services
Organizations are expected to review whether they can provide what they intend to sell. This review must include taking into account: a) what the customer orders, the install and any after work, e.g. maintenance / follow up / servicing; b) elements that need to be completed to ensure the job is fitted correctly – meter reading tests / commissioning forms / standard operational check; c) anything else the company need to implement; d) legal and industry standards e) any variations. If the customer has changed their order, this needs to be defined and the customer must accept this change if they haven’t already confirmed it in writing.
Reviews must be documented. If they want to use new products and services, this must be recorded. Customers should be made aware of the impact of changing products and services, etc. Organizations may choose to do a contract review either using paper or electronic documents, confirmation emails, quote proposals, etc. It must also record any change in technology you might use.
Rationale for this supplement as per ISO: Requirement for documented information is added as defining processes for reviewing requirements related to the provision of products or services is considered essential to be documented, also in view of conformity assessment activities.
8.2.4 Changes to requirements for products and services
If there is any change in the Customer order, this needs to be tracked and documented. Someone in the organization who is responsible for executing the customer order must ensure that all related departments related to executing the order are aligned. You should seek and record evidence that your organization has ensured that all relevant documented information relating to changed product or service requirements, is amended and that relevant personnel is made aware of the changed requirements. Define your organization’s arrangements for amending documented information and communication of changed requirements e.g. updated contract review records, amended orders/contracts, memos, change notices, quality plans, meeting minutes, together with communication to relevant interested parties (persons within or outside the organization that may be impacted by the change).
8.3 Design and development of products and services.
8.3.1 General
This clause refers to design and development management, from the initial idea to the final acceptance of the product. The definition of design is “a plan or drawing produced to show the look and function or workings of a building, garment, or another object before it is made.” Putting it simply if the organization is creating something be it a tangible product or intangible service, there will certainly be an element of Design. ISO 9000 explains that the terms “design” and “development” are often used as synonyms, and defines the different phases of overall design and development. This means that design can’t be used apart from development and that they represent one single process. During design and development planning, all its phases must be defined with appropriate activities of review, verification, and validation for each phase. ISO 29001 refers to the design and development of the product and not to the design and development of processes. Design and development inputs requirements relate to the product include:
Functional requirements and product performance requirements
Legal and regulatory requirements for product
Information from previous similar projects
Other requirements relevant to design and development, usually customer requirements, market information, package, etc.
Design and development outputs must be in a form suitable for verification related to input elements and must be approved before acceptance. They can be in the form of a drawing, engineering documentation, plans, etc. The organization also needs to define design and development review activities. The purpose of these activities is to determine whether the design and development process goes in the intended direction. The review must be done in appropriate phases and at the end of the project. The review identifies problems during design and development and suggests actions to resolve them. It can include other interested parties. The design and development review must be recorded. Also, the company needs to identify, review, and control changes during the design and development of products and services. A record should be kept regarding the changes, results of reviews, authorization of the change, and actions taken to prevent adverse effects.
The organization must have a plan on how to do the design and development. A design and development plan which will have the project timescales, deliverables, responsibilities of team & individuals, persons of authority for sign-off for an internal, or external customer, design reviews at a relevant phase in the project e.g. start, confirmation of inputs, post verification, post validation, finish, etc., resources required throughout the project, communication with subsequent process owners, and required controls throughout the project and intended use of the output.
To be read along with clause 8.3.2 of ISO 9001 Please click hear for clause 8.3.2 of ISO 9001.The organization must establish a procedure for Design and development of products and services that defines the processes used to plan and control design and development activities of products and/or services. During the planning stage the organization must ensure that the process of managing risks and opportunities are incorporated in the design development process as per the procedure given in clause 6.1
Rationale for this supplement as per ISO :Requirement for activities for managing risks and opportunities is added to ensure coherence with the organizational and operational planning processes, also in view the (potential) high risk associated with operations in the petroleum, petrochemical and natural gas industries, including the supply chain which can contain several providers following a ‘cascading model’ (e.g. contractors and sub-contractors). Requirement for documented information is added as defining processes for planning and controlling design and development activities of products and/or services is considered essential to be documented, also in view of conformity assessment activities.
8.3.3 Inputs
There are many inputs to the process. The inputs may be:
The requirements from the customer like what do they want to achieve and what are their needs & expectations
The parameters & constraints of designs e.g. materials, dimensions, functionality, life cycle, sustainability, etc.
The statutory and regulatory requirements or codes of practice like product and safety directives, building regulations, etc
Availability of information from previous designs like a review of learnings – good/bad/potential improvements, etc.
Rationale for this supplement as per ISO :Statement related to performance requirements is added to enhance user’s consideration of environmental and safety conditions as part of the performance requirements. Requirement for output of processes of managing risks and opportunities is added to ensure that this source is also considered in design and development inputs, also in view the (potential) high risk associated with operations in the petroleum, petrochemical and natural gas industries, including the supply chain which can contain several providers following a ‘cascading model (e.g. contractors and sub-contractors).
8.3.4 Controls
It is a critical step in Design and Development. It helps the organization to determine how the results to be achieved such as what are the project deliverables, how will they be achieved and how will they be measured (acceptance criteria). The reviews have to be conducted throughout the project as mentioned above at the relevant phase in order to meet the input requirements.
It is the outcome of the Design and Development process. Typical examples of outputs include conceptual designs, technical/engineering drawings, product specifications, manufacturing instructions, bill of materials, information for purchasing, and other subsequent processes. The output must meet the input requirements ie it has achieved the intended results. The organization must determine that they can move forward in the project using the outputs, and must confirm any necessary equipment for measuring and/or testing and the acceptance criteria.
The organization must have an established formal process for controlling design and development changes throughout the project and during reviews. The changes have to be documented and the results of design and development reviews communicated. There has to a person of authority to authorize the changes. The process must include a mechanism to identify the most up-to-date revisions and mitigate the risk of using superseded versions, Examples of this can be version no /revision no /authorization control on drawings, a design/drawing register, engineering change notes, etc.
8.4 Control of externally provided processes, products, and services.
8.4.1 General
This clause refers to purchasing. The purchasing includes products and services you acquire from suppliers and outsourced processes. ISO 9001:2015 expresses “suppliers” and “Outsourcing” as external providers of products and services. “Purchasing” and “Purchased products” are referred to as “Externally provided products and services”. Clause 8.4 Control of externally provided products and services addresses all forms of external provision, whether it is by purchasing from a supplier, through an arrangement with an associate company, through the outsourcing of processes and functions of the organization, or by any other means. The organization needs to establish and document criteria for suppliers’ selection, which includes how crucial the purchased product or service is to the quality of your product. The results of the supplier evaluation must be recorded. The organization is required to take a risk-based approach to determine the type and extent of controls appropriate to particular external providers and externally provided products and services. In order to ensure that externally provided processes, products, and services do not have an adverse effect on the conformance of the organization’s products and services, the organization needs to establish controls including verification and other activities. As part of the controls, the organization needs to communicate to external providers its requirements for:
the processes, products, and services to be provided
the approval of methods, processes, and equipment
Competence
verification or validation of the activities that the organization intends to perform
The organization must evaluate the critical suppliers against a fixed set of criteria. The criteria can include technology, Quality, Responsiveness, Delivery, Cost, Environmental impact. As they use these suppliers they will need to monitor their performance against its requirements. It takes some effort to ensure that the suppliers are performing, but it is time and resources very well spent. As they regularly talk with critical suppliers about the issues and requirements a relationship will be built, one which will be mutually beneficial in the long-term. The organization must ensure outsourced processes are controlled. It must define the controls for the supplier. These controls could be defined through purchase orders, in agreements, or in contracts. In addition, it needs to control the actual product or service they purchase. It could ask for a certificate of conformance, or a test report, or a third-party test. The organization doesn’t require to have “one-size-fits-all” controls for all suppliers. For the critical suppliers that have a significant risk to the organization, they need to put tighter controls in place. For others – not so much. Also, they must ensure that suppliers meet local laws and regulations. Also, they need to inspect the product or service from the supplier.
To be read along with clause 8.4.2 of ISO 9001 Please click hear for clause 8.4.2 of ISO 9001.The organization must establish a procedure for control of externally provided processes, products, and services. The procedure must ensure that externally provided processes, products and services do not adversely affect the organization’s ability to consistently deliver conforming products and services to its customers and remain within the control of its QMS. It must define controls that it intends to apply to an external provider (suppliers/vendors/ contractors etc.) and those it intends to apply to the purchase product or services by taking into consideration their potential impact of their processes, products and services consistently meeting customers and legal requirements and the effectiveness of those controls. The procedure must determine the necessary verification, to ensure that the externally provided processes, products and services meet requirements. The organization must have the records as an evidence of the effectiveness of the verification activity. The procedure must include the planned assessment of the performance of external provider to be periodically so as to adjust the type and extent of controls to manage associated risks and opportunities. The procedure should address the risks to the achievement of specified requirements and improvement opportunities for the products and/or services
Rationale for this supplement as per ISO :Requirement for assessing external provider performance is added as to ensure that changes in risk profiles are taken into account in defining and adjusting the type and extent of controls for externally provided processes, products and services, also in view the (potential) high risk associated with operations in the petroleum, petrochemical and natural gas industries, including the external providers following a ‘cascading model (e.g. contractors and sub-contractors). Requirements for documented information are added as defining processes and controls for documented information and defining practices to integrate external specifications in their own operating processes are considered essential to be documented, also in view of conformity assessment activities.
8.4.3 Information for external providers
This is about ensuring that third-party suppliers and subcontractors have a clear understanding of what they are expected to supply. This is typically done with a purchase order but it could also be by contract or agreement. Other methods of spelling out requirements for suppliers can be inspection and test plans, work briefs, statements of work, and even forecasts.
An expansion on previous requirements e.g. documented information to specify intended results and to determine the nature and extent of any post-delivery (after-sales) activities. The production and services provision process needs to be performed under controlled conditions that will ensure that the product or service delivered is compliant with initial requirements. This includes a sufficient level of documentation, like procedures, work instructions, and records, monitoring and measurement equipment, appropriate infrastructure, etc. The organization must use suitable means to identify outputs when it is necessary to ensure products and services conformance. When traceability is a requirement, the organization needs to control the unique identification of outputs and retain documented information necessary to enable traceability. In cases when the organization uses property belonging to a customer or external provider, it is required to identify, verify, protect, and safeguard this property. When the property of the customer or external provider is lost or damaged, the organization will have to report to the owner and retain documented information on what has occurred. The decision on the extent of post-delivery activities will be affected by the following:
statutory and regulatory requirements
potential undesired consequences related to products and services
lifetime, use, and the nature of the products and services
customer requirements and feedback.
In case of changes in the production and service provision process, the organization must review and control the changes in order to ensure continuing conformity with the requirements.
8.5.1 Control of production and service provision:
The organization must carry out the activities to provide products or services under controlled conditions. The common controlled conditions that should be used include documented information for products and services, suitable monitoring and measurement resources (including equipment), suitable infrastructure and environment, competent persons, validation of the ability to achieve results, actions to prevent human error, and activities controlling product release, delivery, and post-delivery. As with all other processes, these do not need to be documented procedures unless non-conformance would occur if the procedure was not written down.
To be read along with clause 8.5.1 of ISO 9001 Please click hear for clause 8.5.1 of ISO 9001. The organization must establish a procedure that defines the controls used to meet the requirements of of production and/ or service provision. The Control conditions must include the special characteristics of the product , services or the activities of the organization, the results that needs to be achieved, availability of monitoring and measuring equipment, ensuring of monitoring and measuring activities (inspection) takes places at different stages of production/service to have the confidence that both the processes themselves and the process outputs (product/service) meet the organization’s acceptance criteria. Suitable infrastructure and work environment. Competent personal with required qualification.Product and service release, delivery and post-delivery activities are implemented. action to prevent human error like use of work instruction and training of employees. The organization must also establish a procedure for validation of processes , where the results cannot be verified by subsequent monitoring or measurement. The process itself is initially validated and then periodically re-evaluated. The procedure must include required equipment, competence of personnel, use of specific methods, including identified operating parameters, identification of acceptance criteria and re validation. The organization must have all relevant records as an evidence of the procedures being followed and to demonstrate the control effectiveness.
Rationale for this supplement as per ISO : Requirement for the methods to be considered in the validation methods is added to align with API Spec Q1 and API Spec Q2. Requirement for documented information is added as defining controls for meeting the production and service provision requirements is considered essential to be documented, also in view of conformity assessment activities.
8.5.2 Identification and traceability
Organization should seek and record evidence that product is identified (as appropriate) and its status with regards to monitoring and measuring (conforming or not) is identified throughout the manufacturing processes. Where traceability is a requirement, Organization should be controlling and recording the unique identity of the product throughout the production process to ensure that only products that have passed the required inspections and tests are utilized. organization must have a process in place for the identification and traceability of outputs, in terms of the monitoring and measurement requirements at all stages of production, to enable the demonstration of conformity to requirements, e.g. physical part marking, labeling, tags, bar codes, signage, visual indicators, part segregation, lay down areas, storage racks. There are several ways of identifying products to prevent them becoming mixed with other parts, components, or orders. The most obvious is using tags or stickers with a unique traceability identifier, such as a lot or batch number included on the product labels. The identification may be engraved in the product itself, or the product may simply be marked by a colour. Establish and implement a procedure to identify the product through the design, development, manufacture and delivery stages. The established a traceability system should track components from raw material through inspection, test, and final release operations, including rework:
Establish the identity and status of products;
Maintain the identity and status of products;
Maintain records of serial or batch numbers.
To be read along with clause 8.5.2 of ISO 9001 Please click hear for clause 8.5.2 of ISO 9001. The organization must establish a procedure and all relevant records as an evidence of implementation of procedure for Identification and traceability. The procedure defines the processes for use of suitable means for the identification and traceability of outputs (product and services) to enable the demonstration of conformity to requirements. It also defines the process for the identification of status of outputs (product and services) to enable the demonstration of conformity to requirements through out the manufacturing/ servicing process. Where traceability is a requirement, Organization must controlling and record the unique identity of the product throughout the production process to ensure that only products that have passed the required inspections and tests are utilized.
Rationale for this supplement as per ISO: Requirement for documented information is added as defining processes to meet the identification and traceability requirements is considered essential to be documented, also in view of conformity assessment activities.
8.5.3 Property belonging to customers or external providers:
This requirement is very important if the organization uses the customer or supplier property. It can come in many forms such as piece parts that will become part of the delivered product, special equipment to perform specific testing for the customer, or even proprietary information that is needed to use to design and deliver the product or service. When a customer or other party has given any property to use in supplying their needs, it is needed to control that property from unintended use and have a way of dealing with that property with external party involvement should there be a problem with it. Records of this activity need to be maintained to show accurate records of customers or external property. In fact, personal data that is provided by the customer and supplier would also need protection.
To be read along with clause 8.5.3 of ISO 9001 Please click hear for clause 8.5.3 of ISO 9001. The organization must establish a procedure and all relevant records as an evidence of implementation of procedure for Control of Customer /External provider property. The procedure defines the processes for the care the organization must exercise with property belonging to customers or external providers while it is under the organization’s control or use by identifying, verifying, protecting and safeguarding it. If property is lost or damaged or found to be unsuitable, this needs to be recorded and the customer needs to be notified.
Rationale for this supplement as per ISO : Requirement for documented information is added as defining processes to meet the requirements of property belonging to customers or external providers is considered essential to be documented, also in view of conformity assessment activities.
8.5.4 Preservation:
Adequate measures must taken to protect and preserve the product during internal processing and delivery to the intended destination. The preservation process must include packaging, storage and other product specific handling methods, the requirements for which are likely to be an output of the design process.
Identification – The organization must ensure that products are properly identified and do not become mixed with other orders. All products are clearly identified. This is relative to identification and traceability however for preservation of product it is a requirement and not ‘as applicable’;
Handling – This may include bulk handing using moving equipment or physical contact where handling may influence product conformity. Suitable handling methods should be implemented throughout the processes.
Packaging – The organization must ensure that labeling and marking of shipped products are sufficient to enable adequate identification and traceability back through QMS. This should include ensuring that labeling and marking maintains its integrity and remains affixed throughout the shipping process. The methods must be established for packaging the product to preserve its integrity. Package products appropriately for shipping in order to preserve the product’s integrity throughout the shipping process;
Storage – This should include storage conditions to prevent the deterioration, damage or loss. The product should be stored in a manner to safe guard product;
Protection – Raw materials, in-process materials, inspected product, nonconforming product and product ready for shipping should be identified with its status and protected from any unintended alteration. Appropriate measures are in place to protect product. This will vary depending on the product.
To be read along with clause 8.5.4 of ISO 9001 Please click hear for clause 8.5.4 of ISO 9001. The organization must establish a procedure and all relevant records as an evidence of implementation of procedure for risk based Preservation. The procedure defines the methods used to preserve products and constituent parts throughout operations up to the delivery to its destination and or service delivery in order to maintain conformity to requirements. The procedure must also consider preservation of work environment controls. The procedure must also define the process for preservation of product and constituent parts kept in storage area before use or delivery to prevent damage or deterioration . It must also include type and frequency of assessment of products and constituent parts to detect deterioration. The procedure must also address identification and traceability marks, transportation, handling, packaging, and protection requirements, as applicable
Rationale for this supplement as per ISO : Requirement for documented information is added to ensure that essential information for risk-based preservation is defined and maintained, also to align with API Spec Q1 and API Spec Q2.
8.5.5 Post-delivery activities:
Sometimes there is a need to perform activities on the product or service after it has been delivered to the customer. While the requirements for what needs to be done can vary greatly from one product or service to another. organization must meet requirements for post-delivery activities associated with the products and services. When determining the extent of post-delivery activities that are required, Organization should consider:
Statutory and regulatory requirements;
The potential undesired consequences associated with its products and services;
The nature, use and intended lifetime of its products and services;
Customer requirements;
Customer feedback.
Taking these into account will give you an idea of what needs to be done after delivery, such as warranty provisions, maintenance services, or even recycling and final disposal services.
The organization must implement a process for responding to unplanned changes that are considered essential in order to ensure that products or services continue to meet their specified requirements, in such a way that conformity with requirements is maintained. Changes should be documented and information retained about the changes, including who authorized the change and the actions arising from the change. The organization should make changes in a thoughtful manner and to consider the potential impact to other process, products and possibly the customer. Key items to consider are:
Is the impact of the change evaluated to determine its affects to work in process or products already delivered?
What process control documentation (procedures, travellers, forms, etc.) will need updating as the result of change to be implemented?
Was the change approved prior to implementation including, where applicable, approval by the customer, statutory or regulatory authority?
Does retained documented information indicate the source of change and information on necessary actions and approvals?
Organization must implement a process to control unplanned changes in accordance with the requirements set out above.
To be read along with clause 8.5.6 of ISO 9001 Please click hear for clause 8.5.6 of ISO 9001. The organization must review and control the unplanned changes of the product and service provision which includes changes in the organizational structure, key or essential personnel, critical providers, design, the management system in order to ensure that products or services continue to meet their specified requirements, in such a way that conformity with requirements is maintained. The organization must also review the changes due to the assessment of risk and opportunities and corrective action. The organization must notify the customers when these changes impact its product or services. Where specified the customer must also be notified of the effect of changes on residual or new risks.
Rationale for this supplement as per ISO: Requirements for control of changes in production or service provision, and possible communication for effect of these changes, are added to align with API Spec Q1 and API Spec Q2.
8.6 Release of products and services.
The organization must have a process (method, techniques, formats, etc.) is in place to monitor and measure the characteristics of product to verify that requirements are being met. This must be accomplished at appropriate stages of the design and development process. Records must be maintained to provide evidence of conformity and indicate the person(s) authorizing the release of products. The release of product or delivery of service must not be completed until the planned requirements defined in Clause 8.1 have been met. The release of product may include, according to product planning and the verification stages; release to the next operation, release to an internal customer, or release to final customer, etc. Planned arrangements can include design verification and design validation, which can involve modelling, simulations, experiments, trials, prototypes, functional testing, performance testing; inspections comprising, in-process, first article and final inspection; thorough examination through destructive and non-destructive testing; customer acceptance testing, product certification/qualification, third party qualification from a regulator, recognized society, or independent testing body etc. For product release or service delivery, the planning requirements may be waived, but must be approved by relevant authority and by the customer as appropriate. Monitor and measure product characteristics to ensure they are able to demonstrate:
Product characteristics are continually met;
Evidence of conformity with product requirements.
Retain records to provide evidence that acceptance criteria have been met might include: e.g. certificate of conformity, release certificate, regulatory certificate. Ensure traceability to the person(s) authorizing the release such as name, authorized signatories, user identification, stamp impression etc., including their authority status (release signatory, certifying staff, scope of authorization etc.).
To be read along with clause 8.6 of ISO 9001 Please click hear for clause 8.6 of ISO 9001. The organization must establish a procedure and all relevant records as an evidence of implementation of procedure for Release of products and services.The procedure defines the process for implementation of planned arrangements, at appropriate stages, to verify that the product and service requirements have been met. The product or service should not be release until all the arrangements and complete and requirements being met or being approved by customer or relevant authorities. On the release of product and service the organization must have records of evidence that acceptance criteria have been met including person authorizing the release.
Rationale for this supplement as per ISO : Requirement for documented information is added as defining processes to meet the requirements of release of products and services is considered essential to be documented, also in view of conformity assessment activities.
8.7 Control of nonconforming outputs.
Nonconforming outputs must be prevented from unintended use or delivery, so the organization must identify and control nonconforming outputs that emerge from any phase of production or service delivery. Depending on the nature of the nonconformity, the organization can take one or more of the following actions:
correction
segregation, containment, return, or suspension of the provision of products and services
informing the customer
obtaining authorization for acceptance under concession
Conformity to the requirements must be verified when the nonconforming output is corrected. The organization also needs to keep documented information that describes the nonconformity, the action taken, concessions obtained, and the authority deciding the action with respect to the nonconformity. You do not need a documented procedure any longer to detail how you will deal with things that go wrong but you do need to do the following:
Fix it.
Remove it if necessary.
Tell the customer.
Ask them to accept it.
You should record what you do when things go wrong:
About what is wrong.
what you did as a result.
What concessions you gave? (e.g. did the customer accept it but you altered the cost)
Who had the authority to make the change?
To be read along with clause 8.7 of ISO 9001 Please click hear for clause 8.7 of ISO 9001. The organization must establish a procedure and all relevant records as an evidence of implementation of procedure for control of non conforming output. The procedure ensure that non conforming output including those nonconforming products and services that are detected after delivery of products, during or after the provision of services are identified and controlled to prevent their unintended use or delivery. Based on the nonconformity and its effect on the conformity of products and services, the organization shall take appropriate action which can be correction, segregation, containment, return or suspension of provision of products and services, informing the customer and obtaining authorization for acceptance under concession. Once nonconforming outputs are corrected, Conformity to the requirements shall be verified.
Rationale for this supplement as per ISO : Requirement for documented information is added as defining processes to meet the requirements of control of nonconforming outputs is considered essential to be documented, also in view of conformity assessment activities.
9.0 Performance Evaluation
9.1 Monitoring, measurement, analysis, and evaluation.
9.1.1 General
Organization must develop a process (method, techniques, format, etc.) to identify, collect and analyze various data and information from both internal and external sources, including:
Monitoring and measuring results;
Process performance results;
Meeting objectives;
Internal audit findings;
Customer surveys and feedback;
2nd or 3rd party audit results;
Competitor and benchmarking information;
Product test results;
Supplier performance information.
This ‘input’ (information and data) should reflect upon the adequacy, suitability and effectiveness of the quality management system and its processes. The ‘output’ (result of the analysis) must provide information (understanding, insight, awareness, confidence, knowledge of, etc.). The analysis output must provide insight to:
Customer satisfaction and perception;
Product conformance;
Process performance;
Product and process characteristics;
Trends in products and processes;
Opportunities for preventive action;
Suppliers and subcontractors.
Other potential or useful options might include:
Need for corrective action;
Opportunity for improvement;
Competition.
It is important to document and retain as evidence the results of the evaluation of the performance of the quality management system. The quality objectives and the related KPIs established under Clause 6.2 provides useful input into addressing this clause.
Monitoring and measuring QMS operations and activities will establish a mechanism to ensure that your organization is meeting its policies, objectives and targets. In order to meet this requirement, your organization must perform six steps:
Identify the activities that can have a significant impacts and risks;
Determine key characteristics of the activity to be monitored;
Select the best way to measure the key characteristics;
Record data on performance, controls and conformance with objectives and targets;
Determine the frequency with which to measure the key characteristics;
The organization must have a consistent and systematic approach to deal with customer feedback and is obtaining information on customer perception. Just collecting data on customer perceptions is not sufficient, it must seek and record evidence that it has analyzed and evaluated customer data and that conclusions have been made with regard to the effectiveness of the management system.
Are there any trends?
Is the situation stable, improving, or deteriorating?
Are customer needs and expectations changing?
A consistent and systematic approach has to be implemented to deal with customer complaints. This approach would typically include defined responsibilities for logging and tracking complaints, clearing technical issues, determining problem causes and actions to address them. Specific examples of complaints must be sampled. The link between the customer complaint process and corrective action also requires special scrutiny. Determine appropriate methods for monitoring and measuring customer satisfaction by:
Using customer satisfaction surveys;
Providing methods for receiving and dealing with customer feedback;
Providing suitable processes to monitoring trends in, and reviewing customer data.
To be read along with clause 9.1.2 of ISO 9001 Please click hear for clause 9.1.2 of ISO 9001. The organization must establish a procedure and all relevant records as an evidence of implementation of procedure to measure customer satisfaction. The procedure defines the process employed to monitor customers’ perceptions of the degree to which their needs and expectations have been fulfilled. The procedure must include the methods for obtaining, monitoring and reviewing this information.
Rationale for this supplement as per ISO : Requirement about documented information is added as defining processes to meet the customer satisfaction requirements is considered essential to be documented, also in view of conformity assessment activities.
9.1.3 Analysis and evaluation
The organization must analyse and evaluate data and information, obtained either internally about the QMS and its operational process, or externally about its suppliers. Organization must develop a process (method, techniques, format, etc.) to identify, collect and analyze and evaluate data and information from both internal and external sources (i.e. quality records, monitoring and measuring results, process performance results, objectives, internal audit findings, customer surveys and feedback, 2nd or 3rd-party audit results, competitor and bench marking information, product test results, complaints, supplier performance information, etc.). This ‘input’ (information and data) should reflect upon the adequacy, suitability and effectiveness of the quality management system and its processes. The ‘output’ (result of the analysis) must provide information (understanding, insight, awareness, confidence, knowledge of, etc.). The analysis output must provide insight to:
Customer satisfaction and perception; Product conformance; Process performance; Product and process characteristics; Trends in products and processes; Opportunities for preventive action; Suppliers and subcontractors. Need for corrective action; Opportunity for improvement; Competition.
Any record with data that is an established part of the management system may be considered relevant for analysis. Records are evidence of system performance and should be analyzed for potential improvements.
To be read along with clause 9.1.3 of ISO 9001 Please click hear for clause 9.1.3 of ISO 9001. The organization must establish a procedure and all relevant records as an evidence of implementation of procedure for the identification, collection and analysis of data to demonstrate the suitability and effectiveness of the quality management system. Analysis must be conducted to evaluate
a)conformity of products and services; b) the degree of customer satisfaction; c) the performance and effectiveness of the quality management system; d) if planning has been implemented effectively; e) the effectiveness of actions taken to address risks and opportunities; f) the performance of external providers; g) the need for improvements to the quality management system
The analysis must also include data generated from monitoring and measurement, internal audits, management reviews, and other relevant sources.
Rationale for this supplement as per ISO : Requirement about documented information is added as defining processes for the identification, collection and analysis of data to demonstrate the suitability and effectiveness of the quality management system is considered essential to be documented, also in view of conformity assessment activities.
9.2 Internal Audit.
There continues to be a need to carry out internal audits and to do it effectively. The goal of an internal audit is not to determine nonconformity; its goal is to check whether your QMS: a) complies with the requirements of ISO 29001 and the requirements of your organization b) is effectively implemented and maintained There is no need for an internal audit procedure but it may be useful to keep it. You do need to define audit criteria. There is more emphasis on how they are done, how feedback should be taken, and audits being corrected in a reasonable time to fix non-conformances identified. Ensuring that all the right people are included in the audit outcome. At the end of the audit, you will get audit results by evaluating the data you collected during the audit. Audit results can be manifested as positive, recommendations for improvements, and nonconformities (major and minor). Verification of actions taken to fix the non-conformity may be needed, and in that case, the next step is a follow-up audit. The audit schedule must take customer feedback into account. The organization can determine the technique of doing internal audits and the length of the intervals between the two audits is up to you. They can decide how the organization conforms to the requirement of QMS and that of ISO 29001. The organization can determine the manner by which it can maintain the system. To conduct the audit the organization must:
Plan approach to internal audits based on the importance of the processes.
For each audit, work out the scope of what will be covered. You can’t audit 100% of the process, but you do need to cover enough to be satisfied that the important issues have been captured.
Make sure the auditors are independent of the process under audit.
Report all findings to the relevant managers so there aren’t any surprises.
Ensure that the corrective actions from the audit are dealt with.
Retain the audit results in a document.
To be read along with clause 9.2 of ISO 9001 Please click hear for clause 9.2 of ISO 9001. While planning for the interval for the internal audit, the organization must consider the risks and opportunities and the the results of performance evaluation of the processes to be audited. The planned internal can be monthly, quarterly, annually, or according to a schedule that differs for areas or processes over the course of a year.
Rationale for this supplement as per ISO : Requirement related to planned intervals of internal audits is added to ensure that risks associated with the process and the results of performance evaluation are considered, also in view the (potential) high risk associated with operations in the petroleum, petrochemical and natural gas industries, including the supply chain which can contain several providers following a ‘cascading model (e.g. contractors and sub-contractors).
9.3 Management review.
A Management Review is a formal, structured meeting that involves top management and takes place at regular intervals throughout the year. They are a critical and required part of running an ISO 9001 Management System. The purpose of a Management Review meeting is to review and evaluate the effectiveness of your Management System, helping you to determine its continued suitability and adequacy. At least once a year, the top-level management must review the QMS in order to determine its:
Appropriateness – does it serve its purpose and satisfy the needs of the organization?
Adequacy – does the QMS conform to standard requirements?
Applicability – are activities performed according to procedures?
Effectiveness – does it accomplish the planned results?
This review must evaluate possibilities for improvement and needs for changing the QMS, Quality Policy, and objectives. Considering the inputs for the management review, such as the results of the previous management reviews, changes in the context, customer satisfaction survey results, performance of the QMS and suppliers, etc., the top management must make decisions regarding opportunities for improvement, need for changes in the QMS, and resources needed for the upcoming period. A Management Review also ensures that all levels of management are made aware of any changes, updates, revisions, etc. to the day-to-day workings of the Management System itself. The organization will need to decide when it will take place, what will be discussed, and who should attend. You must document when the meetings have occurred and what has been discussed. A Management Review should cover the following topics:
Discussion on the status of any issues from the previous meeting.
Changes to external and internal issues that affect the Management System.
Examination of the performance of the Management System.
Review of available resources and their adequacy.
Examination of how effective the actions are taken towards identified risks and opportunities were.
Identification of further opportunities for improvement.
The inputs to the Management review should be:
Minutes of previous Management Review meeting
Management System documentation
Internal and External Audit Reports
Relevant records (including customer feedback, corrective action log, etc.)
Register of Legal and other requirements
Complaints analysis
Corrective and preventive actions and close-out of Management Information Reports
Policies review
In order to keep improving your Management System, you need to be looking for trends both inside and outside of the organization. Consider looking for trends in the following areas:
The requirements of external interested parties
Compliance to legislation, regulations, and other requirements
Changes to products, services, and processes
Customer satisfaction and complaint records
Non-conformances and the effectiveness of any corrective actions taken in response
The output to the management review includes decisions and actions related to:
Any opportunities for improvement within the organization
Any changes to the Management System, processes, or policies that are required
Any revisions to company objectives or Key Performance Indicators (KPIs)
Any amendments to business plans or budgets
Any changes to the resources that are needed for the smooth running of the Management System
These types of changes affect day-to-day operations so it is important to keep staff informed of these changes as this will ensure that your Management System is operating effectively.
Your organization should actively seek out and realize improvement opportunities that will better enable it to achieve the intended outcomes of its management system. Potential sources of improvement opportunities include the results of analysis and evaluation of quality performance, compliance, internal audits, and management reviews. The actions for improvement can be in the form of corrective actions, training, reorganization, innovation, and so on. Improvement can be achieved through corrective actions. It can be achieved incrementally over time by a step change. It can be a breakthrough process achieved through innovation or by reorganization and transformation. There is now a requirement for organizations to focus clearly on customer satisfaction and customer needs, not only that but to look for ways to improve: a) products and services, now and for the future. b) fixing and controlling issues to reduce things going wrong. c) improving the QMS. No requirement for a procedure on preventive action. This term is removed.
Any nonconformity needs to be reacted upon by taking actions to control it and deal with the consequences. Once identified, a nonconformity should trigger a corrective action in order to remove the cause of the nonconformity and prevent its recurrence. The effectiveness of actions taken must be evaluated and documented, along with the originally reported information about the nonconformity / corrective action and the results achieved. We must also record the nature of nonconformities. On discovering a nonconformity, an explicit requirement is introduced for organizations to determine whether other similar nonconformities actually exist, or could potentially exist.
When something goes wrong you must:
react to it by
do something / take action / fix it;
deal with the impact it had (e.g. upset customer).
evaluate what went wrong to prevent it from happening again and check there are no other similar issues that could happen.
The Key now is to update risks and opportunities. Keep records of all non-conformities, what you did to resolve them, implement additional measures, etc.
Rationale for this supplement as per ISO : Requirement about documented information is added as defining processes for implementing the nonconformity requirements is considered essential to be documented, also in view of conformity assessment activities.
10.3 Continual improvement.
Continual improvement is a key aspect of the QMS, to achieve and maintain the Quality Management System’s suitability, adequacy, and effectiveness regarding the organization’s objectives. There is now a clearer expectation for organizations to use data from monitoring and measuring to review the organization’s performance and that of the QMS. Organizations should use this information, analyzing it and ensuring that the QMS is adequate for the organization. The impetus for continual improvement must come from the use of as a minimum:
Policies;
Risks and opportunities;
Objectives;
Analysis and evaluation of data;
Audit results;
Management review;
Non-conformity and corrective action.
Consider using the PDCA cycle (Plan, Do Check, Act) to guide your continuous improvement efforts. Once you’ve identified the improvement action to take, you cycle through the PDCA phases by planning the action (plan), implementing what is planned (do), monitoring the process and reporting results (check), and taking any further actions to improve if necessary (act).
Rationale for this supplement as per ISO: Requirement about considering implementation of improvement as a management of change process is added to ensure that this kind of implementations are taken into account as part of the plan-do-check-act cycle. Requirement about documented information is added as defining processes for implementing the continual improvement requirements is considered essential to be documented, also in view of conformity assessment activities.
If you need assistance or have any doubt and need to ask questions contact me at preteshbiswas@gmail.com. You can also contribute to this discussion and I shall be happy to publish them. Your comment and suggestion are also welcome.
I’m excited to share the book I have authored:
Standard for Integrated Management System for Quality, Environment & Health & Safety
ISBN: 978-8199763272 Published by Brown Books Publications
This book provides a practical, risk-based framework to integrate Quality, Environmental, and Occupational Health & Safety systems into one streamlined management system — helping organizations eliminate duplication, improve efficiency, and drive continual improvement.
