Example of procedure for Risk Assessment & Management

1.0 PURPOSES

The purpose of this procedure

  • To define the process of risk assessment and control of risk in a manner that is consistent with the product quality & product delivery requirements.
  • To identify techniques, tools and their application for risk identification, assessment, and mitigation.

2.0 SCOPE

This procedure applicable to the risks associated with the impact on Product delivery & quality. This procedure is applicable to:

  • API Spec Q1, 9th edition/ ISO 29001: 2020
  •  API Spec …..
  • API Spec ……
  • API Spec ……
  • API Spec …..
  • API Spec ….

Applies to all process which has an influence on product quality & Product Delivery

3.0 RESPONSIBILITY

  1. QA/QC Engineer
  2. Management Representative
  3. All concerned process heads

4.0 INPUTS

Identification of Risks from all processes, Departmental procedures,

5.0 RESOURCES

Manpower, XXX Procedures

6.0 PROCEDURE

XXX has documented procedure to identify & control risk associated with impact on delivery & quality of products. This procedure identifies techniques, tools & their application for risk identification, assessment and mitigation.

6.1 RISK ASSESSMENT:

Risk Assessment Associated with Delivery of product shall generally include, but not limited to following:

  1. Availability of facilities & their maintenance
  2. Availability of equipment
  3. Breakdown / preventive maintenance of equipment
  4. Material availability
  5. Timely Supply of material
  6. Quality of supplied material
  7. Suppliers performance in terms of Quality, Delivery & Other capabilities
  8. In adequate QA / QC activities

Risk assessment Associated with product Quality shall generally include, but not limited to following:

  1. Competencies & Performance of critical, non-critical suppliers, sub-contractors, and outsourced vendors
  2. Delivery of non-conforming products to customers
  3. Maintenance of  Facilities, equipment including testing equipment
  4. Incoming, Inprocess, and final inspection and its controls.
  5. Addressing the non-conformance of the product in process at all levels to avoid the effect or potential effects on the final product.
  6. Availability of competent personnel.

Risk assessment provides a structured process for analyzing risk in terms of consequences and likelihood before deciding on further actions. Records of risk assessment and management including actions taken are maintained. This structured process attempts to answer some fundamental questions:

  1. What may happen and why (risk identification)?
  2. What might be the consequences?
  3. What is the likelihood of them happening? And
  4. Is there anything that might mitigate the consequences or reduce the likelihood?

Risk identification:

It is defined as the process of finding, recognizing and describing risk. It could be a historical data or theoretical analysis which involves identification of risk sources, events, causes and their potential consequences which delay the originations objectives

Risk analysis:

It is the process of analyzing the nature of risk and determining the level of risk associated with the relevant activity. RPN (Risk Priority Number) is used for analyzing the impact. Risk analysis provides an input to risk evaluation and decisions on whether risks need to be treated and on the most appropriate risk treatment strategies and methods. Risk analysis also provides an input into making decisions where choices must be made and the options involve different types and levels of risk. Risk analysis involves consideration of the causes and sources of risk, their positive and negative consequences and the likelihood that those consequences can occur. Factors that affect consequences and likelihood identified. Risk is analyzed by determining consequences and their likelihood, and other attributes of the risk. An event can have multiple consequences and can affect multiple objectives. Existing controls and their effectiveness and efficiency are taken into account. The way in which consequences and likelihood are expressed and the way in which they are combined to determine a level of risk to reflect the type of risk the information available and the purpose for which the risk assessment output is to be used.

The significant risk associated with each process are segregated based on the below 5 categories,

Men:

Human resource is one of the important and mandatory requirements for product realization which includes workmen, staff and managers.

Machine:

A machine is an important resource to meet the required product realization and possible risk like breakdown / out of tolerance is considered while carrying out risk analysis.

Method:

Risk related to material handling and preservation of the product is considered in method.

Material:

Risk related to material rejection, delayed shipment from the supplier, raw material shortage considered for carrying out risk assessment.

Environment:

Risk related to natural disaster and their impact on quality or delivery of the product with required communication is considered.

Risk evaluation:

The purpose of risk evaluation is to assist in making decisions, based on the outcomes of risk analysis, about which risks need control / mitigation and the priority for control / mitigation implementation. Risk evaluation involves comparing the level of risk found during the analysis process with risk criteria established. Based on this comparison, the need for control /mitigation can be considered

Risk control / mitigation involves,

  1. Deciding whether residual risk level are tolerable, if the XXX feels that the present non-significant risk become significant in future, then it is treated as significant.
  2. If not tolerable, generating a new risk treatment and assessing its effectiveness Further, activities pertaining to the below criteria is called as significant which requires proper action plan.

6.2 GUIDELINES FOR DETERMINING RPN:

The guideline followed at XXX to determine RPN while performing risk assessment includes the following important terms.

Severity evaluation criteria (S):

Severity for the each activity / problem is worked based on the amount of impact it creates on the equipment / legal / customer satisfaction (delivery and product quality). The value range is between1 to 5. The tabulation 01 used to plot the applicable severity number for the relevant activity is given in Guideline 2. When the severity is 5, it is defined as critical class (CC), and for the values 4 it is called significant class (SC) and less than 3 are common activity are left unfilled.

Occurrences evaluation criteria (O):

Occurrence for each activity / problem is worked based on the number of repeated cases in the past history or assumptions based on experience. The value range is between 1 to 5.The tabulation 02 used to plot the applicable occurrences number for the relevant activity is given in Guideline 2.

Detection evaluation criteria (D):

Detection for each activity is defined as the possibility of capturing the problem / defect with the present existing controls. The value ranges from 1 to 5. The tabulation 03 used to plot the applicable detection number for the relevant activity.

Risk assessment output:

The output of risk assessment is used as an input for contingency planning and also the same is considered in corrective and preventive actions

Risk assessment Frequency

The Risk assessment at XXX is carried out once in a year for all the relevant processes and the records are documented with necessary actions. Re-evaluation can be done, whenever there is need due to Management requirement, major process change and customer request, changes in the RPN number and major quality or delivery issue.

TABLE 01 – SEVERITY (S) EVALUATION CRITIERIA

EffectCriteria: Severity of Effect  Ranking
CatastrophicVery high severity & multiple effect on product quality or delivery. Severe & wide spread damage to the customer with respect to delivery & quality of product5
CriticalMajor Severity & Multiple  effect on product quality or delivery4
SeriousSingle severe impact & Multiple Minor impact on product quality and delivery3
 MinorLow or minor impact and short term effect on product quality and delivery2
LowNegligible or trivial effect and or impact on product quality and delivery1

TABLE 02 – OCCURRENCE EVALUATION CRITERIA

ProbabilityRanking
Frequent : Persistent Failures (shall occur Several times )5
 Probable :  Frequent Failures (Occurs Repeatedly / an event to be expected ) 4
Occasional : Occasional Failures (Could take place or occur sometimes)3
 Remote : Relatively unlikely & Few Failures2
 Improbable : Failure so is unlikely that probability not there1

TABLE 03 – DETECTION EVALUATION CRITERIA

DetectionCriteriaSuggested Range of Detection MethodsRanking
Almost ImpossibleAbsolute certainty of non-detection of problemCannot detect or is not checked5
LowControl have poor chance of detection of problemControl is achieved with visual inspection only4
ModerateControls may detect the problemControl is based on variable gauging after parts have left the station, or Go/No Go gauging performed on 100% of the parts after parts have left the station3
HighControls have a good chance to detect the problemError detection in station or error detection in subsequent operations by multiple layers of acceptance: supply, select, install, verify. Cannot accept discrepant part2
Very HighControls certain to detect the problemDiscrepant parts cannot be made because the process or the equipment / item have been error-proofed by process / product design.1

Based on above criteria given in Table No. 1, 2 & 3 severity, occurrence and detection rating for each potential risk is determined. While determining this potential causes for failures are taken into account for severity rating, current process control prevention are considered while doing occurrence rating.

Risk Priority Number (RPN):    RPN = S X O X D where S – Severity Rating, O – Occurrence rating and D – Detection Rating. RPN no. for each potential risk is determined. Value of RPN is always from 1 to 125. The RPN value is used to rank the order of concern in the Product delivery and Product Quality.  Special attention is to be given when the value of RPN is 80 or more than 80 or alternatively if Severity value is more than 4. The highest severity of effect should be taken for calculating risk priority number.

In XXX we have set a cut off limit of RPN value as 80. Appropriate corrective actions are recommended & Implemented in all such cases where RPN value exceeds 80. And also risks having RPN number more than 80 are considered for contingency planning and entered in the risk assessment register.

Recommended action and or Mitigation

After completion of the steps described above, the RPNs are to be analyzed to identify the priority areas for control and mitigation.  Higher risk priority numbers generally requires immediate action and contingency planning, however the severity ranking more than 4 are to be considered with high priority irrespective of the RPN value.

The recommended actions are to be taken to prevent / eliminate the causes to reduce the occurrence ranking. The general steps for risk mitigation are:

  1. Where Possible risk elimination
  2. Substitution by alternate man , material , machine or method as applicable
  3. Segregation of products and or  material
  4. Changes in the system of working that reduces the risk to an acceptable level ( This includes having written procedure , adequate supervision , training and information & instructions

Verification of implementation:  QA / QC Engineer has to verify the action for implementation. After the corrective action have been implemented estimate & record the resulting ‘Severity’, ‘Occurrence’ and ‘Detection’ rankings. Calculate the “Resulting RPN”. If no actions are taken, leave the related ranking columns blank.

Risk Assessment review & updating: This document is a dynamic document, this is to be reviewed whenever there is a change in process, customer requirement, on identification of new failures & causes, when the process becomes unstable & / or incapable. Whenever Risk Assessment  is reviewed the concerned process related documents like Quality  plan, operating instructions, setup instructions, maintenance instructions etc. are to be reviewed and updated as required.

7.0 OUTPUTS

Completed Risk assessment format  

8.0 KEY PERFORMANCE INDICATORS

All risks controlled & mitigated

9.0 ASSOCIATED DOCUMENTS & RECORDS

DESCRIPTIONFORMAT NUMBERRESPONSIBILITY
Risk Assessment and ManagementXXX / MR/18Quality Systems Manager

Example of procedure for use of External documents in Product Realization

1.0 PURPOSE

To define the methodology followed by XXX for the regular change, updating, maintenance and control of External documents. The documented procedure includes:

  • Standards, Directive, and Customer Specifications.
  • External specification requirements, including addenda, errata, and updates are used in the design or manufacture of the product.
  • Integration of these requirements into the product realization and other affected processes.

2.0 SCOPE

This procedure is applicable to all the following systems and standards

  • API Spec Q1, 9th edition/ ISO 29001: 2020
  •  API Spec ….
  • API Spec ……
  • API Spec ……
  • API Spec …..
  • API Spec ……

3.0 INPUTS

  • Drawings, Specifications
  • Purchase Orders
  • Customer Standards
  • International Standard
  • Document request form

4.0 RESPONSIBILITY:

  • Management Representative / Quality Systems Manager
  • All concerned process heads

5.0 RESOURCES:

Competent Manpower, Computers, Printer & Internet connection, Stationery, International standards & specifications, XXX Procedures          

6.0 TERMS AND DEFINITIONS

Document: Information (meaningful data) and supporting medium

Procedure: XXX’s documented method for performing an activity under controlled conditions to achieve conformity to specified requirements.

NOTE this definition was previously identified as a “control feature” in earlier editions of this specification.

Specifications: Document stating requirements

7.0 PROCEDURE

7.1 External Origin Standard

  • A Master list of External Origin Documents is maintained which is essential for the planning and operation of the Quality Management System.  The master list of external origin document is identified, controlled and updated as and when changes are made to the standard.
  • API product or other external specification requirements including addenda, errata & advisory details (revisions and updates) are updated and maintained by checking www.api.org website monthly wise
  • MR keeps tab on the versions of standards mentioned in master list of External origin standards on respective websites once in 6 months and updated if necessary.
  • Regarding revision of legal standards, once in three month, it is checked with authorized like PCB, Inspectorate of  Factories etc. and updated
  • Based on the Updation of External standards, the Technical Procedures are updated
  • All standards are collected by MR and review with Engineer – Design & Development, Operations, Quality Control in monthly basis
  • System related changes in Standards is identified and done by MR
  • Technical changes like design & development, Quality are identified by related Personnel (Engineer) and inform to MR
  • If any changes required from management side and those will be discussed in the Management Review Meeting and MR takes responsibility of it.

7.2 DOCUMENT CONTROL

  1. External Document are following,
    • Drawings
    • Specifications
    • Purchase Orders
    • Customer Standards
  2. Issue control of external documents lies with the QA/QC Engineer.
  3. Machine shop Manager/Operations Engineer shall ensure the latest editions of the drawings/specifications/other documents are available prior to the commencement of the work.
  4. If the copies of the Customer/OEM/Internal drawings are lost or damaged by the user departments, the department head makes a request to the QA/QC Engineer for issue of fresh copy of the drawings.
  5. Once the product realization process completed relevant documents shall be handed-over to the QA/QC Engineer.
  6. Copies of the external documents shall be disposed after use in controlled conditions and appropriate records shall be maintained.

8.0 OUTPUTS

Master List of External Origin Standards

9.0 Key performance indicator

All external origin documents available as per requirements & controlled.

10.0 ASSOCIATED DOCUMENTS & RECORDS

DESCRIPTIONFORMAT NUMBERRESPONSIBILITY
Master List of External Origin StandardsXXX/MR/D 04Management Representative

Example for procedure for Contract Review

1.0 PURPOSE

The purpose of this procedure includes for:

  • Receiving, reviewing and processing of business enquiries and contracts / orders from customers.
  • Legal and other applicable requirements
  • Requirements not stated by the customer but considered necessary by the XXX for the provision of the product.

2.0 SCOPE

This procedure is applicable to all the following systems and standards

  • ISO 29001:2020/ API Spec Q1, 9th edition
  • API Spec ……
  • API Spec ……
  • API Spec ……
  • API Spec ……
  • API Spec …….

Applies to all process which have an influence on product quality

3.0 RESPONSIBILITY

  • Business Development Manager
  • Commercial Officer
  • Management representative
  • Quality Systems Manager
  • All concerned process heads

4.0 INPUTS

Products & services, Customer enquiries & requirements, Statutory and Regulatory Requirements, International standard.

5.0 RESOURCES

Competent Manpower, Computers, Printer & Internet connection, Stationaries, Customer standards & specifications, XXX Procedures          

6.0 DESCRIPTION

The main concerns of the Contract Review are:

  • Determining customer’s and product requirement which includes delivery as well as after sales services.
  • Ensuring correct understanding of all aspects of RFQ
  • Submitting a detailed quotation
  • Doing Pre-Review and Post-Review
  • Ensuring transfer of correct specification to the Project owner & Administration for meeting customer’s and statutory requirements
  • Following up the fulfillment of Contract
  • Archiving the Original Document
  • Preserving evidence of Contract fulfillment.

7.0 PROCEDURE

7.1 CUSTOMER ENQUIRY

  • All customer enquiries to XXX are logged in to the Enquiry register in commercial department.
  • Upon receipt of enquiry, the enquiries are categorised based on the type and are as follows:
    • Enquiry Job (EJ)                 –           Enquiry for Machine shop services/work
    • Enquiry Contracts (EC)      –           Enquiry for Contracts
    • Enquiry Supply (ES)           –           Enquiry product sale
  • Each enquiry has a unique number which identify the type, year and the serial number. E.g. EJ/23/005 Where-EJ stands for the type of enquiry (Enquiry Job), 17 is for year 2023 and 005 is the serial number in that category.
  • After allocating the enquiry number the Commercial Officer or his designee registers the description of enquiry, client, contact person and the closing date in the log book and fill the enquiry form with necessary information and open an enquiry file.
  • Based on the type of enquiry the Commercial Officer forward the enquiry to the concern personnel for estimation.
  • Based on the complexity of enquiry the person responsible for estimation or the commercial officer himself may call for an enquiry review meeting in order to verify:
    • Is the enquiry within XXX scope?
    • Does XXX have enough resources to manage the order/contract?
    • Does XXX have suitable infrastructure to carry out the job?
    • Is the time permitted by the client is sufficient? If not is it possible to get any extension?
    • Does it require any specialist, vendor or sub-contractor to perform the activity and are they lined?
    • Requirement of Bid-Bond
    • Person responsible for estimation
    • Is there any pre-tender meeting or site visit and who are attending?
  • When enquiry received verbally, the personnel received the enquiry fill the verbal enquiry form and forwarded to the commercial department for the necessary action.
  • The Commercial Officer is responsible for submitting the details of the enquiry to planning and estimation department.
  • Based on the details bid calculation is prepared and accordingly quotation is prepared, reviewed and sent to the client.

7.2 QUOTATION FOLLOW-UP

  • In case of quotation submitted to the customers are followed constantly by the sales team, the personnel received the initial enquiry, the responsible manager or the Commercial Officer. The Commercial Officer coordinate with others and if required he should contact the customer by himself.
  • The commercial officer provided with the status of quotation or he may contact directly the client/customer.  All lost tender/bid, the enquiry file closed and may send to the lost tender/order documents or may retain by the estimation engineer of the concern manager for reference purpose.

7.3 CONTRACT REVIEW

  • Upon receipt of the customer order the same is recorded in the Job Register with an internal order number, which allocated according to the type of order JO & SO.
    • JO   –    Machine shop services/job order/Contract Order
    • SO  –    Product Sale Order/Supply Order
  • The Job Register have the following information:
    • Enquiry No (XXX)
    • Order No (XXX)
    • Customer Name
    • Description of order
    • Order Value
    • Customer PO reference
    • Commencement Date
    • Completion Date
  • On receipt of a Customer’s Order, the order and the quotation reviewed simultaneously and any changes to the customer order with respect to the original quotation resolved with the Customer.
  • It is the responsibility of the Commercial officer with the concern manager, who reviews the requirements of both the Quotation and the Order in line with this procedure.
  • Contract review form XXX/COM/02 is the document for contract review and all requirements including legal and other requirements.  Contract Review checklist verified with each process owner for feasibility and review minutes are noted down to summit to Chairman
  • In case of verbal order the concern manager is responsible to document the customer requirement in order to avoid any ambiguities in the later stage.
  • The work in progress monitored regularly and discussed in the weekly meeting.
  • Depends on the requirements the concern manager may call for additional progress meeting in order to review the status of the project.
  • XXX reviews the requirements related to provision of products, this review prior to the XXX’s commitment to deliver product to customer and ensures that requirements are identified and documented, requirements differing from previously identified and solved.

7.4 INVOICING

  • Correctly and timely invoicing is important for XXX’ operation in order to maintain the cash flow in a planned condition. In this respect the Machine shop Manager, Operations Engineer who responsible for the contract/order raise the invoice request and forward to the commercial department.
  • The commercial officer then verifies the same with the contract specification and updates his record on the contract/order file. Upon completion of his/her review and updating the records in the order file and the same forwarded to the Machine Shop Manager for review and signature and the same forwarded to the finance department.
  • The finance department prepares the invoice based on the invoice request and then submit to the client/customer.
  • All invoices submitted to the customer have a received signature on the office copy. It is not mandatory for payment against delivery.
  • The finance department do the follow up for all invoices submitted by XXX.
  • If there is no written order from the customer is available, the invoice request may prepare based on the verbal agreement. In such case it is the responsibility of the concern manager to do the necessary follow up for invoice.

7.5 AMENDMENT TO CONTRACT

  • In case of any change in the scope of work or revision in quantity from the original contract, treated as amendment to contract and discussed and agreed by both parties.
  • Amendments to a contract treated in the same way as any enquiry; however it may incorporate in the same order/contract. In such case a letter of amendment signed by both the customer and XXX attached to the original contract/order.
  • The letter of amendment prepared/ received with all changes with respect to the original contract that might take place prior to the execution of such changes.
  • In case of any engineering or technical changes received from the customer or the concern personnel, commercial officer forward the same to the Machine shop Manager and he then informs the Planning Engineer to update the Production & Quality Plan. Then he sends the updated plan to Machine shop Supervisor.
  • In case the project management is directly handling such amendment, the record of amendment informed to the commercial or project-planning department.
  • Any amendment affecting the contract value informed finance department.
  • Based on the relationship with customer the amendments may accept verbally to continue the work but it is the responsibility of the concern manager to receive such change request/amendment from the customer accordingly.
  • Where contract requirements are changed, XXX ensures that relevant documents are amended and that relevant personnel are made aware of the changed requirements.

Once the job is completed, Documentation Checklist shall be used to ensure that adequate records are available.

7.6 OUTPUTS

    Orders received from the customers along with necessary inputs, Drawings or Specifications from customer, Order acceptance, Contract review, Customer feedback, correspondence from customer.

    8.0 KEY PERFORMANCE INDICATORS

    • Enquiry to order conversion = 70%
    • Increasing customer base
    • Effectiveness of contract review process
    • Effectiveness in fulfilling Statutory and Regulatory Requirements

    9.0 ASSOCIATED DOCUMENTS & RECORDS

    DESCRIPTIONFORMAT NUMBERRESPONSIBILITY
    Master List of CustomersXXX / COM / D01Commercial officer
    Enquiry RegisterXXX / COM / 01Commercial  officer
    Contract ReviewXXX / COM / 02Commercial  officer
    Verbal Enquiry FormXXX / COM / 03Commercial  officer
    QuotationXXX / COM / 08Commercial  officer
    Documentation ChecklistsXXX / COM / 11Commercial  officer

    Example of procedure for Control of Records

    1.0 PURPOSE:

    To establish & maintain documented procedure for identification, collection, indexing, access, filing, storage, maintenance, disposition and retention of records related to Quality management system.

    2.0  SCOPE:

    Applicable to all quality records of the organization related to Quality management system. This procedure is applicable to all the following systems and standards

    • ISO 29001:2020/ API Spec Q1, 9th edition
    • API Spec …..
    • API Spec …..
    • API Spec ……
    • API Spec ……
    • API Spec ……

    3.0   RESPONSIBILITY:

    • Management representative/ Design & Quality Systems Manager
    • All concerned process owners

    4.0  INPUTS:

    • Forms & formats
    • Document change request

    5.0 RESOURCES:

    Competent Manpower, Computers, Printer & Internet connection, Stationary, International standards & specifications, XXX Procedures

    6.0 PROCEDURE:

    Records refer to documented information to be retained by XXX as evidence to have confidence that the processes are being carried out as planned. M.R. shall prepare the list of Records to be maintained across the organization & shall issue the same to the concerned.

    6.1 IDENTIFICATION OF RECORDS:

    All files/register are identified by using labels which indicates the reference no., description, the period to which the contained records belong.

    6.2 COLLECTION OF RECORD:

    1. The origin of records & generating authorities are described in respective Quality management system procedures, work instruction, quality internal procedure method statements & check lists.
    2. Each department head shall ensure all the records are legible by the concerned users & specify the collection method in the list of records & shall maintain the records safely.

    6.3 INDEXING & FILING OF RECORDS:

    1. The individual records shall be indexed in chronological order or date / serial nos. wise or subject of records as felt appropriate by the department in charge. The records in the form of book copies shall be kept in chronological order of period for each book, which lead to easy retrieval of any record needed.
    2. The records shall be filed in a new file when the current file becomes bulky for handling or after the predetermined time period.

    6.3 ACCESS OF RECORDS:

    1. All the personnel performing various tasks addressed in the system shall have access to any record required by them in connection with their work, through the department incharge.
    2. Whenever required, the records are made available for analysis, audit purpose & for any other reference purpose.
    3. If contractually agreed, the appropriate records shall be made available to the customers as & when required.
    4. The records stored in departments or record room shall be provided adequate protection from any type of damage, deterioration or loss.

    6.4  DISPOSITION OF RECORDS:

    The records after the completion of retention period shall be destroyed by the department by shredding.

    6.5  RETENTION PERIOD OF RECORDS :

    1. The retention period for each record shall be mentioned in the list of records, which is prepared & maintained by M.R.
    2. Records of internal quality system audit & management review shall be retained for a period of five years by M.R.

    However for any other reasons, if felt necessary, any of the records shall be retained further for time period needed by department heads and destroyed subsequently.

    6.6 COLLECTION OF RECORD:

    1. The origin of records & generating authorities are described in respective Quality management system procedures, work instruction, quality internal procedure method statements & check lists.
    2. Each department head shall ensure all the records are legible by the concerned users & specify the collection method in the list of records & shall maintain the records safely.

    6.7 INDEXING & FILING OF RECORDS:

    1. The individual records shall be indexed in chronological order or date / serial nos. wise or subject of records as felt appropriate by the department in charge. The records in the form of book copies shall be kept in chronological order of period for each book, which lead to easy retrieval of any record needed.
    2. The records shall be filed in a new file when the current file becomes bulky for handling or after the predetermined time period.

    6.8 ACCESS OF RECORDS:

    1. All the personnel performing various tasks addressed in the system shall have access to any record required by them in connection with their work, through the department incharge.
    2. Whenever required, the records are made available for analysis, audit purpose & for any other reference purpose.
    3. If contractually agreed, the appropriate records shall be made available to the customers as & when required.
    4. The records stored in departments or record room shall be provided adequate protection from any type of damage, deterioration or loss.

    6.9 DISPOSITION OF RECORDS:

    The records after the completion of retention period shall be destroyed by the department by shredding.

    6.10 RETENTION PERIOD OF RECORDS :

    1. The retention period for each record shall be mentioned in the list of records, which is prepared & maintained by M.R.
    2. Records of internal quality system audit & management review shall be retained for a period of five years by M.R.
    3. However for any other reasons, if felt necessary, any of the records shall be retained further for time period needed by department heads and destroyed subsequently.
    Sl. No.DescriptionRetention PeriodResponsibility
    1Internal Quality Audit Report5 yearsQuality Systems Manager
    2Minutes Management Review Meeting5 yearsQuality Systems Manager
    3Contract/Job order file including related documents10 years from the completion dateCommercial Officer
    4Quality records5 years or 10 years/As per API product spec requirementsQA/QC Engineer
    5Inspection records10 years or Part of contract/job order recordsCommercial Officer
    6API Monogrammed Product records5 years or 10 years/As per API product spec requirementsCommercial Officer
    7Purchase documents10 year after settlement unless specified otherwiseProcurement Engineer
    8Finance documents5 years after settlement unless specified otherwiseFinance Controller
    11Training records5 yearsHR Manager
    12Personnel records of Permanent employment5 years  after end of employmentHR  Manager
    13Legal documents5 years after closing all legal issuesChairman  
    14Product Specification…..records5 yearsQA/QC Engineer
    15Product Specification ….. records10 yearsQA/QC Engineer
    16Product Specification ….. records5 yearsQA/QC Engineer

    6.11 EXTERNAL RECORDS

    • Records prepared or generated by the Sub Contractors / Suppliers which are the part of Quality Management System are maintained as company’s own records.
    • Such records generated by the Sub Contractors / Suppliers are verified for accuracy and endorsed by the responsible person receiving these records.

    7.0 OUTPUTS

    Completed forms & formats

    8.0 KEY PERFORMANCE INDICATOR

    All records available as per requirements.

    9.0 ASSOCIATED DOCUMENTS & RECORDS

    DESCRIPTIONFORMAT NUMBERRESPONSIBILITY
    All Quality records (Master List of records)XXX/MR/D02All functional heads

    Example for procedure for Control of Documents

    1.0  PURPOSE:

    This procedure outlines the method for control of documents to ensure that the appropriate revisions of the documents are available with the user. It also addresses responsibilities for approval and re-approval and identifies the controls needed to ensure that the documents required by the Quality management system including revisions, translations, and updates.

    2.0 SCOPE:

    Applicable to all documents related to documented Quality management system generated internally and externally.

    This procedure is applicable to all the levels of documents pertaining to:

    • API Spec Q1, 9th edition /ISO 29001:2020
    • API Spec …..
    • API Spec …..
    • API Spec …..
    • API Spec …..
    • API Spec …..

    3.0 INPUTS

    Need for new documents, Document request form, International Standard, Customer requirements, XXX procedures requirement.

    4.0 RESPONSIBILITY:

    • Management Representative
    • Manager – Design & Quality Systems
    • All concerned process heads

    5.0    RESOURCES:

    Competent Manpower, Computers, Printer & Internet connection, Stationaries, International standards & specifications, XXX Procedures          

    6.0 PROCEDURE:

    The procedure specifies responsibilities for approval and re-approval and identifies the controls needed to ensure that the documents required by the Quality management system, including revision, translation, and updates are available where the activity is being performed and remains legible and readily identifiable.

    1. The XXX manual for Quality management system is the Quality System Manual. The Master copy of Manuals is available in hard. Responsibility of updating Quality Management System Manual lies with the Management Representative.
    2. Quality Management System Procedure are linked to Quality Management System Manual
    3. Quality Procedures are mapped as per defined processes in Quality Management System Manual.
    4. Quality Systems Manager updates them in hard and soft. Prior to the issuance of the documents, the Management Representative has reviewed the copy for its adequacy, legibility and for in line with ISO 29001: 2022/ API Spec Q1, 9th edition, API Spec …, API Spec …., API Spec …, API Spec … and API Spec … requirements, gets it approved from the top authority in XXX.
    5. All such documents identified by a unique serial number (Copy No) and the copy number logged in the issue register for future reference.

    6.1 PREPARATION OF DOCUMENTS:

    All the documentation of Quality Management System is prepared by Management Representative by taking inputs from all process heads & concern personnel. When creating and updating documented information, XXX ensures appropriate:

    1. Identification and description (e.g. a title, date, author, or reference number)
    2. Format (e.g. language, software version, graphics) and media (e.g. paper, electronic)
    3. Review and approval for suitability and adequacy.

    6.2 DOCUMENT IDENTIFICATION:

    All Quality Procedures and level 3 documents have their reference number, revision date, and revision number, page number, title as appropriate. Each document has unique identification.

    DOCUMENT STATUS IDENTIFICATION:

    Sr. NoDescriptionIdentificationColor
    1.All Master copiesMaster Copy (on front side of document and for document with multiple pages it is mentioned in the contents page with Signature of the MR)Blue
    2.All Controlled copiesControlled Copy (on front side of document and for document with multiple pages it is mentioned in the contents page with Signature of the MR)Blue
    3.For all obsolete copiesOBSOLETE COPY (on front side of document and for document with multiple pages it is mentioned in the contents page with Signature of the MR)Red

    6.3 ISSUE CONTROL:

    • Master copy stamped in Blue color on the document and is used for taking photocopies for the purpose of issuing copies.
    • Record of issue is maintained in Record of Issue and Distribution and kept with master copy only.
    • For 01 issue documents the revision status is 00. Whenever there is any change in particular document the revision number is raised as 01, 02 to 09.
    • For major changes, issue number will be incremented.
    • The issue number is raised to next issue number in following circumstances.
    • Whenever there is any major change in API Q1 Spec requirements/ISO 29001/2020.
    • Major changes in Company’s Organization.
    • Whenever Revision number of any particular document will go above 09.

    6.4 NEW DOCUMENT/CHANGE CONTROL:

      • The employee who desire or suggests any new document or change in the document shall raise a New Document Request form and Document change request respectively. Requesting it to MR for reviews. Approval authority to takes decisions whether to include a document or revise that document or not.
      • If the document is to be newly implemented or revised, MR shall take the approval from the authority that has originally approved the document.
      • The nature of document changes is communicated to concerned departments through the document-change note.
      • The revision in the level 2 and 3 documents are recorded in Record of Revision and Distribution by MR and are kept with Master copies. Control copyholder can refer to these sheets as and when required to know revision in their documents.
      • The document change request indicates the effective date for implementation of change.
      • MR issues the revised document to all concerned as detailed in record of revision and distributions.
      • MR ensures that all the obsolete copies are received back from concerned persons. All obsolete copies shall be destroyed except master copies of previous version.

      6.5 DOCUMENT MASTER LIST:

        • MR has a master list of all documents, which shows the current issue status and revision status of the document.
        • Whenever there is any revision in the document MR updates master list of that particular document.

        6.6 RESPONSIBILITY OF USER DEPARTMENT:

          • It is responsibility of the Quality Systems Manager to ensure that the updated copies are available with the controlled copy holders and shall ensure to remove the obsolete copies from use.
          • All controlled copyholders shall make available relevant procedures, work instructions, and check lists formats and any other documentation to the employees working under them. They ensure that procedures and work instructions are understood and implemented in day to day working by concerned persons.

          6.7 CONTROL OF EXTERNAL ORIGINAL DOCUMENTS:

            • All International standards, code or specification required for the manufacturing controlled by the Design & Quality Systems Manager/ or his designee by periodic check.
            • Any changes (revision or addenda) obtained and incorporated within the system
            • A master list for External Origin standards maintained and controlled accordingly and also ensures that the relevant version are used and maintained.
            • In case of any such changes to the relevant specification, which affect the company management systems or documents, such reviewed and necessary changes to be made accordingly.
            • Supplier’s technical manual and their data sheets are stored in XXX Technical Library.
            • All official documentation such as commercial registration, registration with chamber of commerce, memorandum of association, import export license, approval from various departments (fire, water, electricity etc.) maintained by the administration department under the direct supervision of HR Manager.
            • XXX controls procedure, work instruction and forms required the Quality management system.

            6.8 CONTROL OF DOCUMENTS STORED IN ELECTRONIC MEDIA

              • Utmost care shall be taken while storing data in electronic media.
              • Only authorized users shall be allowed to use the data.
              • Wherever possible, data shall be protected by providing passwords.
              • Regular back up shall be taken to avoid data loss or damage / corrupted.
              • Data shall be protected from viruses by using latest anti-virus programs.

              6.9 DOCUMENT CONTROLS

              Sl. No.DocumentUserControl
              1.Quality Management System ManualAll Process heads & applicable usersWith MR / Top Management / Hardcopy / Softcopy
              3.Quality Management System ProceduresAll Process heads& applicable usersWith MR / Top Management / Hardcopy / Softcopy
              5.Work instructions (WI)/ Quality Internal Procedures (QIP)All Process heads & applicable usersWith MR / Top Management / Hardcopy / Softcopy
              6.RecordsDepartment usersRespective Department Manager/In-charge

              6.10 APPROVAL & RE-APPROVAL AUTHORITY

              Level 01           Quality Manual                       Chairman

              Level 02           Quality Procedures                 Chairman

              Level 03           Work instruction / QIP            MR/Process Heads/Machine Shop Manager

              Level 04           Formats/Records                    MR / Process Heads/Machine Shop Manager

              6.11 REVIEWING AUTHORITY

              Level 01           Quality Manual                                   MR

              Level 02           Quality Procedures                             MR

              Level 03           Work instruction / QIP                        MR / Process heads

              Level 04           Formats/Records                                MR / Process heads

              7.0 OUTPUTS

              New documents, Forms & formats

              Revised documents

              8.0 Key performance indicator

              All documents are available as per requirements of International standard, XXX procedures & customer.

              9.0 ASSOCIATED DOCUMENTS & RECORDS

              DESCRIPTIONFORMAT NUMBERRESPONSIBILITY
              Master list of DocumentsXXX / MR / D01Management Representative
              Master list of QMSPXXX / MR / D03Management Representative
              Master list of External Origin StandardsXXX / MR / D04Management Representative
              Master list of Quality Policy DisplayXXX / MR / D06Management Representative
              Master list of Quality Internal ProceduresXXX / MR / D08Management Representative
              Master list of Work InstructionsXXX / MR / D11Management Representative
              Master list of NDT ProceduresXXX / MR / D12Management Representative
              Document Change RequestXXX / MR / 01Management Representative
              New Document Request FormXXX / MR / 01AManagement Representative
              Document Control & Issue RegisterXXX / MR / 02Management Representative
              Document Amendment RegisterXXX / MR / 03Management Representative

              Example for procedure of Personnel Competency & training requirements

              1.0 PURPOSE:

              The aim of this procedure is to maintain a documented procedure for:

              • Defining personnel competency.
              • to identify the rationale for, and elements of, the process the Company uses to verify the background and qualifications of a candidate for employment at XXX
              • Identifying training requirements.
              • Actions to achieve the necessary competency of personnel whose responsibilities fall within the scope of the Quality management system.
              • Includes provisions for determining and documenting the effectiveness of the training or other actions taken toward the achievement of required competency.
              • Ensure that all personnel performing activities affecting quality are capable of performing their respective assigned tasks.
              • Ensure that persons doing work under the organization’s control are aware of relevant requirements.

              2.0 SCOPE:

              This procedure is applicable to all the following systems and standards

              • API Spec Q1, 9th edition /ISO 29001:2020
              • API Spec ….
              • API Spec ….
              • API Spec ….
              • API Spec ….
              • API Spec ….

              Applies to all processes which has an influence on product quality.

              3.0 RESPONSIBILITY:

              1. Human Resource Manager
              2. Management Representative (MR)
              3. All concerned process owners

              4.0 INPUTS:

              • Training need identification
              • Skill – Competency matrix
              • Annual Training Plan

              5.0 RESOURCES:

              • Competent Manpower
              • Funds
              • Infrastructure for training

              6.0 PROCEDURE:

              6.1 General

              All personnel performing work effecting product quality shall be competent on the basis of appropriate education, relevant, and necessary training, skills and experience. XXX determines the necessary competence of person doing work under its control that affects its Quality performance and its ability to fulfill its compliance obligation. There are two forms of training available in XXX and are:

              1. In-house Training (on the job training)
              2. External Training (off the job training)

              Evidence of the determination of competence of personnel have been recorded and maintained. Refer Level – 03 Skill Matrix.

              XXX:

              1. Provides for Quality management system training and job training;
              2. Ensures that customer-specified training and/or customer-provided training, when required, is included in the training program; (Refer Annual Training Calendar)
              3. Ensures that the frequency and content of training is identified;
              4. Ensures that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives; and
              5. Maintains appropriate records of education, training, skills, and experience.

              6.1.1 IDENTIFICATION OF TRAINING NEEDS

              1. The knowledge and skills of employees necessary for the department to achieve QMS objectives are been identified by the respective process heads and approved by the HR Manager.
              2. Frequency of Identification of training is minimum of 1 year.
              3. Annual training calendar is prepared by the HR every year. As per the training calendar, trainings are conducted throughout the year.
              4. Knowledge and skill levels are considered in recruitment and personnel selection as per Skill / Competency Chart.
              5. Ongoing developments of employee skills are accomplished through internal and external training programs.
              6. Training for Internal Auditing is given for identified Internal Auditors.
              7. Training needs are associated with QMS requirements, environmental aspects, OH&S risks and its HSE management system requirements.

              6.1.2 INDUCTION & ON THE JOB TRAINING

              • Induction Training shall be provided to the newly employed personnel. Quality, Environmental, Health & Safety Management System requirements and the roles and responsibilities of their position shall be discussed in the induction training. Induction Training shall be performed within one month from the date of joining of the person.
              • Depends on the operation where ever required “on the job training” provided for employees performing job effecting product quality. This includes XXX as well as sub-contractors/manpower suppliers/ agencies manpower whoever involved in the actual job.
              • All the employees involved in the work effecting product quality informed and aware of the importance of maintaining the product quality and not carry-out any activity that they are not competent enough without proper supervision. 
              • XXX provides Quality Management System training and ensures that customer-specified training and/or customer provided training is included in the training program.

              6.1.3 SAFETY TRAINING

              • The Chairman has overall responsibility for ensuring that all personnel carry out their duties in a safe and responsible manner, in accordance with the company safety policy and the international standard API Spec Q1, 9th Edition. The Machine Shop Manager or his designee is responsible, at local level, for ensuring that all employees are familiar with safe working practices and the requirements of the Health and Safety Regulations and local legislation.
              • In order to make the safety awareness to the employee, periodic safety training carried-out and performed accordingly.

              6.1.4 IMPLEMENTATION OF TRAINING & AWARENESS

                XXX ensures that personnel are aware of

                1. Quality policy
                2. Relevant objectives
                3. The potential consequences of departure from specified procedures.
                4. Their contribution to the effectiveness of the Quality management system, including the benefits of improved performance
                5. The implications of not conforming with the Quality management system requirements, including not fulfilling the organization’s compliance obligations

                Requirements of periodic Training are based on the following:

                1. Competence of personnel performing work effecting product quality.
                2. Awareness of product/process requirements
                3. Awareness of Standards, technical specifications
                4. Company Quality Policy and Quality Objectives
                5. Safety awareness, Company safety policy and Health and Safety requirements
                6. Housekeeping
                7. Communication and customer service
                • Training towards achievement of policies, objectives and targets are provided to all personnel within the department.
                • New Employees are given training which includes training in the methods and skills required to perform their tasks in an efficient and competent fashion and knowledge of the impact that their activities can have on the QMS and business processes if performed incorrectly.
                • Skill-competence evaluation for new employees is done only after three months from his date of joining.
                • Training is given to each and every department to ensure that employees have appropriate and current knowledge of regulatory requirements, QMS policy, department’s procedures and objectives, and the consequences of noncompliance.
                • The level and detail of training is determined with the help of Process heads.
                • Identified personnel are trained as Internal Auditors.
                • Monitor the training effectiveness in day to day work and highlight the same in inter department meetings and with the department employees.
                • Training feedback is obtained from the attendees, immediately after the completion of training. This is used for improving the quality of the training as to the faculty, contents, location and presentation of the training material.
                • Once the training process is completed, the Human Resource Officer collects the feedback document and analyses the improvement opportunities from the training process.

                6.1.5 EVALUATION AND EFFECTIVENESS OF TRAINING

                1. Evaluation test (written or oral) is conducted as a part of the training programme. The result of the test determines the effectiveness of the training. Evaluation of training is done by the department heads after a given period of time which is usually three months.
                2. In order to evaluate the effectiveness of the training given, the trained personnel are closely monitored during the initial period and personnel found not competent in their trained activity/task returned for training or alternate arrangement made. It is the responsibility of department managers to monitor the effectiveness of personnel training.

                6.1.6    EMPLOYEE PRE-SCREENING

                This procedure applies to all new hires of full-time and part-time administrators, staff members. The procedure does not apply to part-time student employees or part-time temporary special assignment employees (less than 3 months in duration) if those employees will not work with minors under the age of 18. This procedure also applies to all full-time temporary positions.

                Pre-employment screening includes core elements and additional elements depending on the nature of the duties involved.

                The core elements that apply to all new hires are:

                • Background checks for criminal convictions (felony and misdemeanors(
                • Education verification (to verify degree(s) earned from accredited institutions)
                • Reference checks [these should continue to be done prior to an offer of employment by the relevant hiring department in consultation with Human Resources].

                Reference Check list :

                • Complete resume
                • Educational Qualification Copy
                • Additional Qualifications
                • Experience Certificates

                In order to assure a consistent and effective application of this procedure, the process of conducting background checks will be managed by the Office of Human Resources. Any exceptions to this procedure must be approved by the chairman.

                The Contingent Offer of Employment:

                The Office of Human Resources and the technical department work together to identify a candidate for hire. Once that candidate has been identified, an offer of employment is extended by the HR department to the candidate, specifically indicating that the offer is contingent upon the successful completion of appropriate pre-employment screening.

                The appropriate release form(s) must be signed by the candidate and delivered to the Office of Human Resources before the start of full time employement. Accordingly, in order to initiate the pre-employment screening process, the Office of Human Resource Management must have the following documents:

                • Candidate Signed Offer Letter
                • Copy of reference check list , work permit , Iqama Copy , Civil ID copy and Signature Authorization Letter from the previous company

                6.1.7 Process to Verify Information:

                Commencement of employment is contingent upon the results of the screening process. All pre-employment screening must be completed and the results verified before the candidate begins to work. Based on the check/test results, the Office of Human Resource Management notifies the hiring department of the candidate’s ability or inability to commence employment. At no time should a candidate begin to work until the Office of Human Resource Management has verified results of the candidate’s pre-employment screening.

                The Office of Human Resources will review the results of the background investigation in relation to the position under consideration. All known factors regarding the candidate will be considered. Any misrepresentation of facts noted on the Company Employment Application may be cause for dismissal or refusal to employ.

                6,1,8 Re-employment:

                Team member separated from the Company two years or longer are required to undergo a new pre-employment background check upon rehire. Time is measured by reviewing the end date of the prior service in comparison to the beginning date of the new service. In some cases and based on position, a new background check may be required with less than a two year separation. In such cases, Chairman Approval shall be required.

                7.0 TRAINING RECORDS

                Training records should include:

                1. Employee’s name
                2. Job title
                3. Job description
                4. Training requirements
                5. Faculty Name
                6. Date of Training and qualification record of each employee is maintained till their tenure in XXX.

                8.0 OUTPUTS:

                Training Records,

                Training feedback

                Training evaluation & effectiveness

                9.0 KEY PERFORMANCE INDICATOR

                • Completion of training as per Annual Training Schedule.

                10.0 ASSOCIATED DOCUMENTS & RECORDS

                DESCRIPTIONFORMAT NUMBERRESPONSIBILITY
                Master List of EmployeesXXX / HR / D01HR Manager
                Skill – Competency matrixXXX / HR / D02Department Managers
                ML of Personnel Visual Acuity TestXXX / HR / D03MR
                Job DescriptionXXX / HR / D04HR Manager
                Annual Training CalendarXXX / HR / 01HR Manager
                Training Request FormXXX / HR / 03HR Manager
                Training Need AnalysisXXX / HR / 04HR Manager
                Training Attendance RecordXXX / HR / 05HR Manager
                Training Feedback formXXX / HR / 06HR Manager
                Training Effectiveness formXXX / HR / 36HR Manager
                Induction Training FormXXX/HSE/R 37HR Manager
                S. No.ActivityResponsibility
                1Training Plan & Training ScheduleHR Manager
                2Collecting Training Feedback documentHR Manager
                3Maintaining Training RecordsHR Manager
                4Evaluation of Effectiveness of EmployeesDepartment Managers

                API Q1 6  Quality Management System Monitoring, Measurement, Analysis, and Improvement

                6.1 General

                The organization must plan and implement the monitoring process, measurement process, analytical process, and improvement process to confirm to the requirements of API Q1 and to continually improve the effectiveness of the quality management system. The process must include applicable methods, including techniques for the analysis of data, and the extent of their use.

                The organization to must analysis the results of monitoring and measurement and confirm that organization has considered what, how and when to measure and that the outcomes from decisions result are ensuring appropriate process control. It must monitor the performance and effectiveness of organization’s quality management system. It must develop a process (method, techniques, format, etc.) to identify, collect and analyze various data and information from both internal and external sources, including:

                • Monitoring and measuring results;
                • Process performance results;
                • Meeting objectives;
                • Internal audit findings;
                • Customer surveys and feedback;
                • 2nd or 3rd party audit results;
                • Competitor and benchmarking information;
                • Product test results;
                • Supplier performance information.

                This ‘input’ (information and data) should reflect upon the adequacy, suitability and effectiveness of the quality management system and its processes. The ‘output’ (result of the analysis) must provide information (understanding, insight, awareness, confidence, knowledge of, etc.). The analysis output must provide insight to:

                • Customer satisfaction and perception
                • Product conformance.
                • Process performance
                • Product and process characteristics
                • Trends in products and processes
                • Opportunities for preventive action
                • Suppliers and subcontractors.

                Other potential or useful options might include:

                • Need for corrective action
                • Opportunity for improvement
                • Competition.

                It is important to document and retain as evidence the results of the evaluation of the performance of the quality management system. Monitoring and measuring QMS operations and activities will establish a mechanism to ensure that your organization is meeting its policies, objectives and targets. In order to meet this requirement, your organization must perform six steps:

                • Identify the activities that can have a significant impacts and risks
                • Determine key characteristics of the activity to be monitored
                • Select the best way to measure the key characteristics
                • Record data on performance, controls and conformance with objectives and targets
                • Determine the frequency with which to measure the key characteristics
                • Establish management review and reporting.

                Establish the monitoring and tracking criteria for each activity that has a significant impact or risk and review the action plan.

                6.2 Monitoring, Measuring, and Improving

                6.2.1 Customer Satisfaction

                The organization must establish a documented procedure to measure customer satisfaction. The procedure shall address the frequency of measurement, obtaining customer feedback, key performance indicators (KPIs), and other information that the organization uses to determine whether the organization has satisfied customers in meeting identified requirements. The result customer satisfaction information must be recorded.

                Customer satisfaction should be monitored to determine to which degree their expectations and needs are being fulfilled. The methods for obtaining this information need to be determined by the QMS. Methods of measuring and monitoring the way customers perceive your company can be done through;

                • Physical customer feedback through meetings
                • Customer surveys
                • Warranty/Guarantee claims
                • Compliments/Complaints
                • Dealer reports

                Producing high levels of customer satisfaction is an essential metric tool for gathering real-time information to improve the QMS system and product. Each customer will be different and present different needs and the organization will have to use additional measures and controls to measure and analyze the data.

                Defining Customer Satisfaction Indicators: The procedure for customer satisfaction should have a customer satisfaction indicators. This process should also include;

                • The frequency of data collection
                • The method of data collection
                • A summarization
                • A review of the data
                • An evaluation of the data
                • Actions on how to improve
                • The required timeline for remedy
                • Whose responsibility it is and
                • The follow-up with the customer

                To continuously improve on customer satisfaction, customer feedback and trends must be constantly. This will be the baseline to use for both internal and external customer.

                6.2.2 Internal Audit

                6.2.2.1 General

                Internal Audits are conducted to verify that the Organization’s QMS is effectively implemented and maintained and conforms to the requirements of the API Q1. The organization must establish a documented procedure for Internal audit. It must define the responsibilities for planning, conducting, and documenting internal audits. The results of previous audits and criticality of the process being audited must be considered while planning for internal audits . While planning for the internal audit the organization must identify the audit criteria, scope, frequency, and methods of Internal audit. The procedure must ensure that all processes of the quality management system claiming conformity to the API Q1 requirements are audited at least once. every 12 months. All Outsourced activities that impact the quality of the product and that are performed at the organization’s facility must be part of the internal audit .

                6.2.2.2 Performance of Internal Audit

                All processes of Organization’s QMS must be audit to claim conformance to the API Q1 requirements. Records of the audits provides objective evidence that the QMS is implemented and maintained . Independent , Competent personnel who do not perform or directly supervise the process being audited shall conduct the Audit. This is to ensure objectivity and impartiality of the audit process. Product specification requirements can be embedded throughout the quality management system processes and audited in conjunction with one or more quality management system processes.

                6.2.2.3 Audit Review and Closure

                For the non-conformities identified during the internal audit , the responsible management must ensure necessary correction and corrective action. The organization must identify response times to addressing detected non-conformities. Records related to internal audits must be maintained. The results of internal audits and the status of corrective actions are to be reported in the management review.

                Organization should establish an internal audit plan to cover all requirements of the standards. In addition, consideration should be given to the status and importance of the processes that comprise the audit and the results of previous audits. Objective evidence should demonstrate information of concerning the effective implementation the audit plan, as well as a sample of audit results. The internal audit process should include the following activities:

                • The development of a program of internal audits which can be revised depending on the results of previous audits and the results of performance monitoring.
                • The identification, selection and training of internal auditors.
                • The analysis and evaluation of the results of internal audits.
                • The identification of the need for corrective or improvement measures.
                • The verification of the completion and effectiveness of these measures.
                • The documentation pertaining to the execution and results of audits.
                • The communication of the results of audits to the top management.

                The internal audit process is part of the continual improvement feedback loop to evaluate and improve the effectiveness of the management system. It also highlights where processes and procedures are not addressing risks adequately and where changes are needed to improve efficiency or effectiveness. The audit process also serves as a method of compliance monitoring.

                Planning for internal audit

                During the early stages of implementing of this standard , the internal audit often focuses on ensuring that any compliance issues or non conformities are discovered and rectified prior to the assessment. However, once organization is registered, the internal audit must evolve. The focus of the internal audit planning should be re-directed, away from compliance with standards, to an audit strategy that bases the audit frequency upon process performance data, feedback from customers, etc., to ensure that you are focusing on the risks and issues that should be on Top management’s radar. When planning the Internal audit organization should ensure that customer feedback, organizational changes and risks and opportunities are brought into consideration. Process importance as the degree of direct impact that process performance has on customer satisfaction should be considered i.e. could the process provide the customer with a defective product? One should consider process status in terms of maturity and stability; a more established, proven process will be audited less frequently than a newly implemented or recently modified process. Conversely; processes which are not performing to the planned arrangements should be audited more frequently. Support processes should be given a lower ranking than the manufacturing/service provision processes. In addition, the results of previous audits should be considered too. Processes that have been audited recently that have shown effectiveness and improvement should be audited less frequently. When applying risk-based thinking to select internal audits and their frequency, consider the following:

                • Processes that are critical to product and service quality;
                • Complex processes that require close monitoring and control to ensure conformity;
                • Balance across operational and non-operational processes;
                • Processes that utilize qualified personnel;
                • Activities or processes that occur across multiple locations;
                • Processes impacted by human factors;
                • Introduction of new or changed processes;
                • Changes affecting the organization;
                • Statutory and regulatory issues;
                • Process performance, e.g. process conformity/non-conformity, escapes to the customer, complaints, previous internal/external audit results, identified risk.

                When planning your internal audit one should ensure that customer feedback, organizational changes, and risks and opportunities have been brought into consideration. Internal audit that are based on risk and customer feedback will help your organization to embark upon new methods of compliance in which risk-based thinking and continual improvement are the drivers, rather than compliance.

                Determining the frequency of internal audits
                Deciding the frequency of internal audits will depend on the perceived need for the audit and the size and complexity of your organization. The frequency of internal audits should depend on the criticality of each process and the perceived need to audit it, but all processes should be formally audited at least once during a 12-month audit cycle. Critical processes that directly affect process and product conformity, and customer satisfaction should be audited more frequently, e.g. monthly, quarterly, or more regularly as required. When determining internal audit frequency, you should consider the following:

                The level of risk associated with the activity, policy or procedure;
                The priority of the specific element of the management system;
                The results of previous audits; and
                The significance of problems identified in the areas to be audited.

                The basic requirement of the quality management system is that it is audited at least once per year. If many issues are found during audits, then additional audits can be undertaken to help get that part of the system working effectively again as soon as possible. ISome audits are likely to be conducted on a monthly basis in order to cover all manufacturing processes over the year. Unscheduled audits may be conducted at any time based upon:

                Previous audit results;
                Regulatory inspections;
                Operational changes (planned or unplanned);
                Management review concerns;
                Identified non-conformances.

                The frequency of internal audits should be reviewed and, where appropriate, adjusted based on occurrence of process changes, internal and external nonconformities, and/or customer complaints. The effectiveness of the audit should be reviewed as a part of management review.

                The internal audit checklist is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the necessary requirements. The checklist stands as a reference point before, during and after the audit, and will provide the following benefits:

                • Ensures the audit is conducted systematically;
                • Promotes audit planning;
                • Ensures a consistent audit approach;
                • Actively supports your organization’s audit process;
                • Provides a repository for notes collected during the audit process;
                • Ensures uniformity in the performance of different auditors;
                • Provides reference to objective evidence.

                Before a new audit is started in a particular area, it is important to check the status of any outstanding issues since the last audit (if any) was performed in the area. If there are outstanding issues, then they may be carried forward into the current audit, and the previous audit could then be closed off. The system audits are best undertaken using and internal audit checklist. This type of audit focuses on the quality management system as a whole, and compares the planning activities and broad system requirements to ensure that each clause or requirement has been implemented. A good summary report is the final output of the audit and deserves an appropriate amount of attention and effort. The audit report is the detail of what was found during the audit. It presents an overall summary of the audit findings, as well as any positive aspects noted during the audit. The audit report must also identify nonconformities identified during the audit and their associated corrective actions. The Internal Auditor should be responsible for finalizing the audit report, which should include:

                • The area and element/procedure/process audited;
                • Audit team composition, audit scope, persons interviewed;
                • Executive summary;
                • Observations and key findings (identified nonconformities);
                • Recommendations;
                • Opportunities for improvement, which are areas that may become nonconforming in the future;
                • Graphical representation of findings.

                On completion of the audit, a closing meeting should be scheduled between the audit team and the organization or department being audited, to present the results of the audit and discuss any subsequent steps required to complete the audit. Observations may also be recorded for future consideration. The audit report needs to be signed by the lead auditor and the manager of the relevant department, and distributed as required to relevant persons. The findings and conclusions should be formally documented as part of the summary report. Too often, the audit report only recites back facts and data the managers already know. The value is in identifying issues and opportunities they do not know! This summary should be reviewed first with the lead auditor, then the Process Owner and Management Team. Make final revisions and file the audit report and all supporting audit materials and notes. The audit summary and the corrective action forms should be attached to the audit report, which now becomes the audit record. Only the summary report and corrective actions need be given to the Process Owner and a copy of the audit report should be given to Top management.

                6.2.3 Process Evaluation

                Suitable evaluation methods must be applied on the QMS processes to ensure that QMS processes achieve planned results, including conformity to product requirements. When are not achieved, correction and corrective action shall be taken as appropriate. Process evaluation can be done by performance of internal audits and management reviews

                Process evaluation is about auditing your organization’s processes and their interactions, which together comprise the quality management system. The process audit provides assurance that the processes have been implemented as planned and provides information on the ability of the process to produce a quality output. Use the process audit template for conducting an in-depth analysis to verify that the individual processes comprising the management system are performing and producing outputs in accordance with the planned outcomes. The process audit also identifies any opportunities for improvement and possible corrective actions. Process audits are used to concentrate on any special, vulnerable, new or high-risk processes. A process is a set of interrelated activities that transform inputs, such as materials, customer requirements and labor, via a series of activities into outputs, such as a finished product or service. Various stages of the process must meet various applicable clauses of the standard. There are six characteristics to look out for when auditing a process:

                Does the process have an owner?
                Is the process defined?
                Is the process documented?
                Are links between other processes established?
                Are processes and their links monitored?
                Are records maintained?

                The process audits must be scheduled according to the processes defined by your management system. The audit schedule should not be based on the clauses of the standard, but it should instead be based upon the importance and criticality of the process itself. The process approach to auditing should cover three vital stages:

                • Preparing for the audit;
                • Auditing the process and its linkages;
                • Preparing the summary and audit report.

                An audit of each process should be conducted at planned intervals in order to determine whether the processes conform to planned arrangements in order to determine whether the process is properly implemented and maintained and to provide process performance information to top management. Effective process auditing requires the auditor to identify and record audit trails that will make a difference to the organization. The audit should begin with the process owner in order to understand how the process interacts with the other process inputs, outputs, suppliers and/or customers.

                6.3 Analysis of Data

                The organization must establish a documented procedure for the identification, collection, and analysis of data to demonstrate the suitability and effectiveness of the quality management system. The analysis includes data generated from monitoring and measurement, internal audits , management reviews, and other relevant sources. The data analysis output provides information relating to customer satisfaction, quality objectives, supplier performance and conformity to product requirements. The nonconformities and product failures identified after delivery or use, provided the product or documented evidence is available to facilitate the determination of the cause. The characteristics and trends of processes and products including opportunities for preventive action. The organization must use data to evaluate where continual improvement of the effectiveness of the quality management system can be made.

                Analysis of Data must include:

                • Levels of Customer satisfaction
                • Level of Supplier performance
                • The results of product and process monitoring
                • Rates of non-conformances
                • Trends and opportunities for corrective and preventive action

                Where the analysis shows unacceptable performance then those items should become Quality objectives and where appropriate, become subject to preventive or corrective action.

                The purpose of analyzing data is to:

                • Assess organizational performance against established plans and stated quality objectives
                • Identify areas for improvement
                • Help determine the cause of problems
                • Provide guidance for determining the most appropriate corrective or preventive action to take

                Data collected for analysis includes:

                • Results from customer surveys
                • Results from employee surveys
                • Customer, supplier and employee feedback
                • Results from internal audits
                • Results from process monitoring and measurements
                • Results from product monitoring and measurements
                • Non-conformance reports
                • Warranty claims and returned products
                • How do I analyze data?

                Effective data analysis is an essential part of any quality management system:

                • Use statistical techniques where appropriate (e.g. Statistical Process Control)
                • Data should be analyzed by designated, competent personnel
                • Use data feedback for continuous product and process improvement
                • Should I document our analysis of data process?

                It is not a mandatory requirement to document your analysis of data process. However, you should always look to adequately define and control any operational processes that generate information on the performance of your quality management system. Therefore, the implementation of an analysis of data procedure will be appropriate to the majority of businesses. Develop and implement a procedure that defines the roles and responsibilities for analyzing quality management system data in order to drive continual improvement and to facilitate a factual approach to decision making:

                • Data collection
                • Data analysis
                • Information output
                • Reporting
                • Looking for help documenting the process?

                The effectiveness of the analysis of data process is often determined by looking for evidence that the organization has sufficiently utilized data from the outputs of its activities and has used that data to drive continual improvement and enhance customer satisfaction.

                6.4 Improvement

                6.4.1 General

                The organization must look to continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions, and management review. The definition of correction, corrective action, and preventive action ans given in ISO 9000 is applicable here.

                The organization is expected to revise the quality system documentation and processes as the quality management system matures or when a new process is implemented. The organization must identify improvement opportunities and management system underperformance using the data output from its processes, such as data analysis and evaluation, internal auditing, management review, and the use of appropriate tools and methodologies to support validate findings. The organization must implement the identified opportunities for improvement in a controlled manner.The organization should ensure that it has implemented a process, with appropriate methods, techniques, and formats for identifying areas of underperformance or opportunities for improvement. The organization should select the appropriate tools and techniques to investigate the causes and thereby establishing and implementing a process for continual improvement. The impetus for continual improvement must come from the use of (as a minimum):

                1. Policies;
                2. Risks and opportunities;
                3. Objectives;
                4. Aspect and impacts
                5. Hazards and safety risks;
                6. Analysis and evaluation of data;
                7. Audit results;
                8. Management review;
                9. Non-conformity and corrective action.

                Processes can always be made more efficient and effective, even when they are producing conforming products. The aim of a continual improvement programme is to increase the odds of satisfying customers by identifying areas that need improvement. It requires the organization to plan improvement systems and to take into account many other activities that can be used in the improvement process. You will be required to ensure that you continually improve the degree to which your products and services meet customer requirements and to measure effectiveness of your processes. To this end the continual improvement principle implies that you should adopt the attitude that improvement is always possible and your organizations should develop the skills and tools necessary to drive improvement.

                6.4.2 Corrective Action

                The organization must establish a documented procedure to correct non conformities and to take corrective actions appropriate to the effect of nonconformity to eliminate the causes of non conformities to minimize the likelihood of its recurrence. Corrective action are to apply both internally and within the supply chain to both quality management system processes and nonconforming product trends. The procedure must identify requirements for reviewing a process nonconformity including customer complaints, determining and implementing corrections, identifying the root cause of the nonconformity and evaluating the need for corrective actions , implementing corrective action to reduce the likelihood that a nonconformity recurs, identifying the time frame and responsible persons for addressing corrections and corrective action, verification of the effectiveness of the corrections and corrective action taken and Management Of Change when the corrective actions require new or changed controls within the quality management system. Records of the activities for control of a nonconforming process shall be maintained. Records shall identify the activities performed to verify effectiveness of the corrective actions taken.

                Definition of correction
                Correction (also referred to as immediate correction) is action taken to eliminate a detected nonconformity or defect (adapted from ISO 9000). A correction can be made in conjunction with undertaking corrective action. For a product nonconformity, correction might include reworking the part, accepting the nonconformance through the concession process, replacing the product, or scrapping the product.

                Definition of corrective action
                Action implemented to address the root-cause and contributing cause of the undesirable condition, situation, nonconformity, or failure; action taken to prevent recurrence. As part of the corrective action process you must identify all the causes (root-cause and contributing causes) that have or may have generated an undesirable condition, situation, nonconformity, or failure.

                The decision to apply or not apply the corrective action process should be made by the appropriate level of management within the company, based on the level of risk. Many factors that can trigger the corrective action process, examples include:

                • A safety impact that affects the product or personal;
                • Product performance and/or reliability issues;
                • High impact on production and/or maintenance operations;
                • Repetitive problems to one part of the activity/process, or similar problems across many activities/processes;
                • Difficulty in detecting the nonconformity;
                • By customer request;
                • Significant quality or management system issues;
                • Complex problem that cannot be solved without assistance of others not located where the problem occurred.

                The analysis of nonconformities should not look for someone to blame, or a department that is ‘more responsible than another’, but rather for understanding and improving the organizational weaknesses that made them possible. Where internal audits identify that organization’s policy, objectives, standards and other requirements as outlined within their management system are either not implemented, or are improperly implemented, a nonconformance report should be raised and entered into the nonconformity log as appropriate. This should require an agreed response from the relevant Line Manager prior to closure. The root-cause must address the nonconformity and the corrective action must address the root-cause. Any nonconformities and subsequent actions to prevent their reoccurrence and the effectiveness of the corrective action(s), should be duly documented and retained.

                Step 1. Identify the Problem
                Once a problem has been identified through inspection, customer complaints, or audit results, it should be captured using non-conformity reports (NCRs) or corrective action reports (CARs) in order to identify who is affected by the problem and what the impact is. Considering the following:

                • What are the operations, products, materials, defects, malfunctions that may characterise the problem? What is it about?
                • Who is concerned with the problem? Who is reporting the problem? Who is rectifying the problem? Who is the problem affecting?
                • Where are all the places where the event takes place; shop floor, services, machine, process step?
                • Where is it seen? Where does it originate?
                • When does the event appear (time, date, when does it start, how long does it last, how often)
                • When is the problem reported defective? When is the problem repaired?
                • Has it occurred before? If yes, what is the history?
                • How do we know there’s a problem (how is it detected)?
                • How does the event appear, how does it stop?
                • How frequently is the problem experienced?
                • How is the effect of the problem being measured (costs, delays, scrap rate, customer complaints, return rate, concessions, reliability rate, etc)?
                • How is the problem currently addressed? How is it corrected?

                This step helps to fully describe a situation, precisely analyse all its elements and gain a common understanding of them, allowing the definition of an action plan. Ensure that all team members agree about the definition of the issue and resulting impact. The problem description should describe the problems in terms of what, where, when, and how big. On a flip chart, presentation board, or even paper; write out a description of what you know about the problem. Try to document the problem and describe it as completely as possible. The description should contain facts; such as observations and documentary evidence and not assumptions. All information must be gathered before identifying the root-cause can begin. Make sure both of the above factors are true before you move to the next step. Consider any new information that the team may have gathered since completing the initial problem description. Describe the problem by identifying what is wrong and detail the problem in quantifiable terms. Define, verify and implement the interim containment action to isolate the effects of the problem from any internal/external customer until Permanent Corrective Actions (PCA) are implemented.

                Step 2. Establish a Response Team
                Identify representatives from functions that may have an influence on the corrective action process, including the identification of the root causes. Remember to assign responsibilities and objectives to the team members. Remember, those performing the job, such as operators, inspectors, drivers, etc., are the best people to help identify the real causes, don’t leave them out of the team! The size and composition of the team should depend on the complexity and the impact of the problem. The composition of the team is not fixed forever and may evolve depending on the analysis results and the required actions. New team members should join the team if analysis shows they are identified as being in the scope, some others will leave if their area is definitely identified as out of the scope. However, consideration should be made that expending the size of the core team over 6 to 8 members generally results in less efficiency. When more members or special skills are required, sub teams should be considered. Don’t forget, root-cause analysis must not be used for assigning blame or transferring responsibility. In summary, you should establish an investigation team with:

                • Process and/or product knowledge;
                • Allocated time and resources;
                • Authority to solve the problem and implement corrective actions;
                • Skill in the required technical disciplines;
                • A designated Team Leader.

                Brainstorming sessions should be used to identify potential causes to investigate each potential cause. Coordinate parallel activities with different team members to help expedite the process of verification. Once you have reviewed the problem description, you can undertake a comparative analysis. A comparative analysis will help you identify relevant changes in a change-induced situation. Then you can reduce the number of possibilities that you must consider to determine root-cause. To complete a comparative analysis:

                • Ask yourself; what is unique, peculiar, different, or unusual about the symptoms?
                • Consider features such as people, processes, materials, machines and the environment;
                • List all facts without prejudice as to the possible cause;
                • Consider each difference you listed, and look for changes, ask yourself what has changed to give rise to this difference?
                • Keep in mind that each difference may not have a corresponding change;
                • List the changes next to the difference;
                • Look at the dates each change occurred;
                • Eliminate some changes if they occurred after the problem started;
                • Consider categories of people, machines, processes or measurements.

                If the problem is change-induced, the root-cause must be the result of a change relative to one or more of the identified changes. It is important to remember that you have not yet moved from the ‘observations’ phase of the process. Any information you develop during the comparative analysis must be fact based, not opinion based and must be true only for the symptom’s information. Do not rule out any facts that might be valid answers. If it is a fact and it answers the question, write it down. Your organization should first contain the problem by taking immediate corrective action (ICA) and then evaluating the need for initiating the formal problem-solving process. Where necessary, provide an emergency response action to protect the customer from the problem, protect the customer operations and the organisation (to stop the problem getting worse) and verify that problem does not degrade until the root-causes are known. An interim containment action is kept in place until a verified permanent corrective action can be implemented. In some cases, the interim containment action may be the same as or similar to the emergency response action. An interim containment action provides more opportunity for investigation. Conduct trial runs whenever possible. However, in some situations, your verification may simply be a matter of common sense. For example, if an interim containment action involves stopping the shipment of all products, you can be sure that customers will stop experiencing the problem. An interim containment action can be any action that protects the customer from the problem. However, before you implement an interim containment action, you need to verify that the interim containment action will work. To verify the interim containment action:

                • Prove before implementation it protects the customer from the problem;
                • Provide a before-and-after comparison;
                • Prove that the interim containment action will not introduce any new problems.

                Methods of verification may include:

                • A test to determine the desired performance level;
                • A demonstration that changes eliminated the issue without creating a new problem;
                • A comparison between the interim containment action and similar proven actions;
                • A review to evaluate whether the interim containment action was effective;
                • Assurance that the interim containment action did not introduce a new problem.

                Any interim containment action you implement must protect the customer from the problem without the introduction any new problems. Also, a single interim containment action may not be enough. You may need to implement more than one interim containment action to fully protect the customer.

                Step 3. Identify the Root-Cause(s)
                Root-cause analysis (RCA) is a class of problem-solving methods aimed at identifying the root-causes of problems or events. The practice of root-cause analysis is predicated on the belief that the problems are best solved by attempting to correct or eliminate root-causes, as opposed to merely addressing the immediately obvious symptom. Listed below are various root-cause analysis techniques, we recommend you use the 5-Whys (1st Why, 2nd Why, 3rd Why, 4th Why, and 5th Why – and the root-cause) technique to problem solving but you are free to undertake any of the following depending on the complexity of the problem:

                • 3-Ws (what, where, when);
                • 8D Eight Dimensions;
                • Failure Mode and Effects Analysis (FMEA & DFEMA);
                • Fish-bone Analysis;
                • Pareto Analysis;
                • Fault-tree Analysis;
                • Cause Mapping – draws out, visually, the multiple chains of interconnecting causes;
                • Barrier analysis – a technique often used in process industries;
                • Change analysis – an investigation technique often used for problems or accidents.

                The 5-Whys technique offers some real benefits to organizations with varying degrees of management system maturity:

                • Simplicity. It is easy to use and requires no advanced mathematics or tools that allows you to dig deep and find underlying issues rather than using quick-fix solutions;
                • Effectiveness. It helps to separate the symptoms from the causes and identifies the root-cause of a problem using evidence-based analysis;
                • Comprehensiveness. It aids in determining the relationships between various problem causes and allows you to proactively eliminate problems for good;
                • Flexibility. It works well alone and when combined with other quality improvement and troubleshooting techniques such as ones listed above;
                • Engaging. By building a culture that embraces progress, by its very nature, it fosters and produces teamwork within and outside of the organization, encourages the reporting of issues without fear or judgement;
                • Inexpensive. It is a guided, team focused exercise that seeks to improve and adapt processes to ensure long-term success. There are no additional costs.

                Launching a formal root-cause analysis and problem-solving process should always be considered when an issue; such as, undesirable conditions, defects and failures are detected. The decision not to apply the process must be made based on objective evidence of absence of risks!

                Step 4. Implement Corrective Action
                When all root and contributing causes have been identified and their effects understood, implement all selected corrective actions. Verify that the planned actions were taken as scheduled and assess their effectiveness in permanently preventing the undesirable condition, situation, non-conformity or failure from recurring. Steps for corrective action (CA) implementation:

                • Implement the corrective action (CA);
                • Implement controls;
                • Evaluate the corrective action (CA) for escape point;
                • Remove the immediate containment action ;
                • Perform validation;
                • Confirm with the customer that the symptom has been eliminated.

                To ensure the most effective corrective actions to address the most likely, or critical root causes are taken in consideration of operational and business constraints such as costs, lead time, difficulty of implementation, and resources. Select solutions that optimise value and effectiveness for all stake-holders! Implement the solutions that have been selected, verify that all actions have been completed to schedule and that they have prevented the undesirable condition, situation, non-conformity or failure from recurring. Plan and implement selected permanent corrective actions. Remove the interim containment action and monitor the long-term results.

                Step 5. Prevent Recurrence
                Modify the necessary systems, policies, practices and procedures to prevent recurrence of this problem and similar ones. Make recommendations for systemic improvements as necessary:

                • Review the history of the problem;
                • Analyze how the problem occurred and escaped;
                • Identify affected parties;
                • Identify opportunities for similar problems to occur and escape;
                • Identify practices and procedures that allowed the problem to occur;
                • Identify practices/procedures that allowed the problem to escape to the customer;
                • Analyze how similar problems could be addressed;
                • Identify and choose appropriate preventive actions;
                • Verify preventive action and its effectiveness;
                • Develop action plan;
                • Implement preventive actions;
                • Present systemic preventive recommendations to the process owner.

                Serious consequences may occur when the underlying symptoms are not addressed, when the quick fix is accepted as a final, permanent solution. Excessive reliance on containment or emergency response action will create a repeating cycle. Problem containment is an addiction that will only get worse until the root-causes are found and addressed.

                Step 6. Monitor Effectiveness
                Establish a review process to ensure corrective actions are completed according to plan and that they continue to be effective over time by confirming you have done what you have planned. Try adjusting the type and number or frequency of additional checks and audits to check that the actions remain effective. When same problem has been identified or is suspected to occur on same or similar products, processes or data, the same corrective actions must be implemented and their effectiveness verified for all these additional products, processes or data. The owner of each corrective action, the team leader and all team members should verify the effectiveness of the actions taken to date, and when relevant, the customer. Examples of verification methods include:

                • Additional process monitoring until it is demonstrated that the process is stable and capable of consistently meeting requirements (recording and analysis of process parameters and/or product characteristics, SPC, etc.);
                • Additional internal audits to specifically verify the effectiveness of the corrective actions;
                • Associated metrics showing significant improvement resulting from the corrective actions.
                • Examples of supporting evidence might include: updated procedures, work instructions, control plans, etc. to show any changes were defined. Additionally, evidence of effective implementation of the changes is also required such as SPC data, inspection records, training records, audit records, etc.

                If the corrective actions are effective, evaluate which containment actions may be eliminated (e.g. stop over inspection and over production, return to normal transportation means, etc.) without adversely affecting the product and process output. Record evidence of actions completed and associated results (what works and what does not). To document analysis results and changes to make the corrective action permanent, capture and share learning with all the stakeholders to prevent similar undesirable condition, situation, non-conformity or failure occurring on other products, production lines, factories or suppliers. Identify all that can be shared from the experience that can be transferred across business units, production lines, factories or suppliers. Ensure that you get agreement from appropriate levels of management and other process owners and functions (internally and externally) to launch actions and verify there are implemented and effective. Keep lessons learned register which includes a summary of content and results of analyses, flow charts, data bases, performance data, main actions and decisions, location where detailed data can be retrieved, difficulties encountered when managing the issue, etc. When the decision is made to implement actions in another business areas, such as; production lines, factories or suppliers, which are not under direct control of the response team, implementation and the verification of effectiveness is not necessarily the responsibility of the team. Escalation to top management or transfer to another function (procurement, engineering, etc.) may be required to ensure proper leverage and action follow-up.

                6.4.3 Preventive Action

                The organization must a documented procedure to determine and implement preventive actions appropriate to the effects of the potential problems to eliminate the causes of potential nonconformities in order to minimize the likelihood of their occurrence. Preventive action should be applied internally and within the supply chain to both quality management system processes and product analysis. The procedure should identify requirements for opportunities for improvements, potential nonconformity and its potential causes,evaluating the need for preventive action, including any immediate or short-term action required, to prevent occurrence of a nonconformity, the timeframe and responsible person for implementing a preventive action, the effectiveness of the preventive action taken and Management of Change when the preventive action require new or changed controls within the quality management system. Records of the activities for control of potential process nonconformities must be available.

                Preventive action is taken to fix the cause of a process problem before it can happen. In a management system, a preventive action (PA) definition could be: “the activities taken by the organization to eliminate the cause of a potential process nonconformity.” If you are identifying potential problems that could happen in a process, assessing what could cause these problems, and taking action to prevent the problem from occurring before it happens, then you are taking preventive action.Preventive actions are taken to prevent a potential problem, organizations try to address problems before they happen. Whereas corrective actions are taken after a problem has occurred.Corrective actions are taken after an incident occurs to fix and prevent the recurrence, whereas preventative actions are taken before the occurrence to prevent the potential problem. Preventive actions are proactive while corrective actions are reactive.For instance; a pipe burst and a water flooding incident occurred. The corresponding corrective actions address the root cause of the flood, such as fixing old pipes. Contrary to this turning off the water source is a correction that eliminates the cause temporarily. But if the organization controls their pipes regularly and realizes that a pipe is going to burst, at that time they can take preventative actions to prevent the occurrence, before it happens.

                Preventative action is an action to eliminate the cause(or causes) of the potential nonconformity and to prevent occurrence.

                the following enlisted requirements should be documented in a procedure;

                • Determine the potential nonconformity (nonconformities)
                • Review the need for possible actions to prevent the occurrence
                • Plan and document the action(s) and implement it(them)
                • Verify that the action does not adversely affect the current requirements which are already complied with.

                The last thing that the organization should perform at the end of each nonconformity management. Review the effectiveness of the taken action after a defined period

                6.5 Management Review
                6.5.1 General

                The organization‘s quality management system shall be reviewed at least every 12 months by the organization’s management to evaluate the quality management system’s continuing suitability, adequacy, and effectiveness. This review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.

                6.5.2 Input Requirements

                The input to management review shall include, as a minimum:
                – effectiveness of actions resulting from previous management reviews
                – results of audits
                – changes that could affect the quality management system, including changes to legal and other applicable requirements
                – analysis of customer satisfaction, including customer feedback
                – process performance
                – results of risk assessment
                – status of corrective and preventive actions
                – analysis of supplier performance
                – review of the analysis of product conformity, including nonconformities identified after delivery or use recommendations for improvement

                6.5.3 Output Requirements

                The output from the management review shall include a summary assessment of the effectiveness of the quality management system. The assessment shall include any required changes (see 5.11) to the processes and any decisions and actions, required resources, and improvement to products in meeting customer requirements. Top management shall review and approve the output of management reviews. Management reviews shall be documented and records of these reviews shall be maintained .

                The management review must address the possible need for changes to policy, objectives, targets, and other elements of the management system. Here’s what management systems standards are really all about: defining a policy and creating a plan with relevant objectives. You then implement the system according to the plan and begin auditing, monitoring and measuring performance against the plan and reacting to your findings. As such; management review meetings provide useful insight into the operation of the management system and its processes to enable Top management to respond to issues and to recommend improvements.

                It is important that a member of Top management chairs the management review meetings. It is imperative that everyone involved with the management review process fully understand and appreciate the management review requirements. Other attendees at management review meetings should include functional management, line management, process owners, process champions, lead process users, and action owners within the scope of the quality management system, as appropriate, and the internal auditor(s) should also attend. The management review process must ensure that the necessary information is collected ahead of time to allow management to effectively carry out an evaluation prior to the meeting. Note taking and action recording is often undertaken by the Management Representative who will forward minutes of the management review meeting to those on the distribution list and to those with actions.

                Critical management review agenda items, such as; process performance, customer feedback and monitoring and measuring results should be reviewed monthly, while less critical agenda items, such as reviewing the quality policy and objectives should be undertaken less frequently, perhaps every quarter. This approach minimizes the length of each management review meeting, covers all of the required management review inputs over the duration of the management review programme, and allows for the analysis of trends in data while the information is contemporary. Annual management reviews are insufficient in frequency to be able react to any issues effectively. Performance metrics should be monitored with varying frequencies, some hourly, some daily, some weekly and some monthly. Management cannot wait for six months to respond, if they do, it will be too late. Top management might conduct weekly meetings in which they review metrics and objectives to determine if any corrective action is required. The process owner is then responsible for reporting close out progress in the meeting a week later. Every time management convenes to review and react to performance, it is considered as a management review. Some companies have multiple review levels, whereby, each review may require multiple subjects and rely upon multiple metrics as inputs. Sometimes subjects are reviewed at more than one level, e.g. production numbers might be reviewed by the Production teams during daily production meetings and then by senior management, possibly weekly.

                API Q1 5 Product Realization

                5.1 Contract Review

                5.1.1 General

                The organization must establish a documented procedure for the Contract review that defines the process for the review of the requirements related to the provision of products and required servicing.

                5.1.2 Determination of Requirements

                The organization shall determine stated customer requirements, legal and other requirements, requirements considered by the organization necessary for provision of the products. When the customer requirements are not documented, the organization must confirm the requirements with the customer and records them.

                5.1.3 Review of Requirements

                Prior to the organization‘s commitment to deliver product to the customer, the organization shall review the requirements related to provision of products. The organization should ensure that requirements are identified and documented. The requirements differing from those previously identified are resolved and the organization has the capability to meet the documented requirements. Where contract requirements are changed, organizations must document all changes and amend all relevant documentation and the organizations must notify all affected personnel of changes The results of the review and the action taken must be recorded

                The requirement states that organization should now include a review of the requirements arising either from customer , legal or other requirement or organization’s own customer. The organization should seek and record evidence that these requirements are considered during product and service reviews. The sub-clause mandates that your organization should not issue a quotation or accept an order until it has been reviewed to ensure requirements are defined, and that the organization has the capability to meet the defined requirements. It goes on to require that records of the review and any subsequent actions be maintained. The organization should conduct a review of customer requirements before order acceptance. It can conduct a contract review checklist with following headings as a minimum:

                Necessary information is available:

                • Technical data;
                • Specifications and standards;
                • Drawings.
                  Customer requirements are understood and can be met:
                • For product acceptance (e.g. Quality, inspections & tests, verification & validation, and any special monitoring);
                • For delivery expectations;
                • For post-delivery expectations.
                  Related standards have been reviewed and can be met:
                • Statutory;
                • Regulatory;
                • International quality (e.g. ISO-9001:2015, API Q1);
                • Other necessary and applicable standards.
                  Unclear or ambiguous requirements are resolved;
                  Feasibility has been determined:
                • capability to meet order requirements;
                • have the equipment;
                • have the floor space;
                • have adequate resources;
                • have skilled personnel.
                  Differences between the contract and quote are resolved;
                  Methods of communicating with the customer are defined related to:
                • Product information;
                • Enquiries;
                • Feedback;
                • Concerns and complaints handling.
                  Requirements that are not stated by the customer are defined.

                If the customer does not provide their requirements in writing, the requirements must still be confirmed before they are accepted. Define your organization’s arrangements for the retention of documented information to capture the results of the review including any new requirements or changes e.g. record of contract review, including for example customer, reference, date, persons, resources, conventional/special requirements, risks outcome and changes.

                5.2 Planning

                Planning requires that organizations identify and plan the processes and documents needed for product realization. During planning, the organization must address the following:

                a) Required resources and work environment management
                b) Product and Customer-specified requirements
                c) Legal and other applicable requirements
                d) Contingency planning on risk assessment
                e) Design and development requirements
                f) Required verification, validation, monitoring, measurement, inspection and test activities specific to the product and the criteria for product acceptance
                g) Management of change
                h) Records needed to provide evidence that the realization processes meet requirements

                The output of planning should be documented and updated as changes occur. The plans can be maintained in a structure which is suitable for the organization.

                Planning is a critical requirement. During discussion, participants will notice that sections (a) through (h) reference other parts of the API Spec Q1 9th edition specification. It is critical that the organization takes the referenced sections into account during planning. Once review of requirements has occurred, organizations can begin to plan for the manufacturing or servicing of product.

                (a) Resources and Management
                During planning, organizations must take into account resources and work environment management necessary to manufacturing or servicing of product.

                (b) Product and Customer Requirements
                The organization must take into account Product and Customer-specified requirements (see 5.1).
                Meeting customer specified requirements at a minimum, must be achieved in order for the manufacturing or servicing of product to be an accepted.

                (c) Legal and Other Requirements
                The expectation that organizations know and understand legal and other applicable requirements resonates throughout the API Spec Q1 9th edition. HSE, quality, and other requirements are included in this expectation. It is not possible to properly plan manufacturing or servicing of product if the organization is not aware of the legal and other requirements that they are mandated to comply with.

                (e) Contingency Planning
                Based on the customer requirements for manufacturing of product, the organization shall identify the contingency plans for the identified risk found in the initial risk assessment to reduce and or eliminate the risk through identified process or back-up planning as well as developed employee competencies to manage the identified risk.

                (f) Contingency Planning Based on Risks
                Planning must include the initial risk assessments so that the risks can be mitigated.

                (g) Design and Development Requirements
                When planning under section 5.2 Planning, organizations must take into account section
                5.4 Design and Development.

                • 5.4.1 Design and Development Planning
                • 5.4.2 Design and Development Inputs
                • 5.4.3 Design and Development Outputs
                • 5.4.4 Design and Development Review
                • 5.4.5 Design and Development Verification and Final Review
                • 5.4.6 Design and Development Validation and Approval
                • 5.4.7 Design and Development Changes.

                (h) Verification, Validation & Test
                Organization must address the following for product acceptance:

                • Verification
                • Validation
                • Monitoring
                • Measurement
                • Inspection
                • Test activities

                (i) Management of Change
                Change is in manufacturing product. When things go wrong, or something unplanned occurs, the organization can refer to the contingency plan, which is still part of . However, when changes fall outside the scope of the contingency plan, an MOC is required. If changes initiated by the organization or the customer result in risks, the organization must notify the customer through the MOC process, as previously discussed.

                (j) Records
                Records needed to provide evidence that the product realization processes meet requirements. This links to the following API Q1 elements:

                • 5.7.7 Inspection and testing : Maintaining Records
                • 5.9 Product release : Maintaining Records

                5.3 Risk Assessment and Management

                The organization must establish a documented procedure to identify and control risk associated with impact on delivery and quality of product. The procedure must identify the techniques and tools to be applied for risk identification, assessment, and mitigation . Risk assessment must include availability of facilities, availability of equipment. It must also include the maintenance of facilities and equipment. The supplier performance should be part of the risk assessment which must also include supply/availability of material. Availability of competent personal and delivery of nonconforming product must also be included. Record of Risk assessment and the management of risk should be available. Contingency plan may be developed as a result of risk assessment. Corrective action and /or preventive action can be taken as a result of risk assessment. Risk assessment includes consideration of severity, detection methods, and probability of occurrence.

                The purpose of the procedure is to outline your organization’s risk management framework and the activities within. The risk management framework defines the current risk management process, which includes; methodology, risk appetite, methods for training and reporting. Risk Assessment and Management is fundamental to API Spec Q1, 9th edition success as well as aiding the organization to eliminate loss associated with its manufacturing products, processes and services. The API Spec Q1, 9th edition’s foundation is about understanding and mitigating risks associated with its manufacturing processes, products and services. By design, this Specification does not detail the organization’s procedure for Risk Assessment and Management. Since there are many different methods and applications available to organizations, it will be up to the manufacturing or servicing providers to decide which procedure best fits their needs. Risk Based Management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

                1.Identify the Risks
                A lot will go into the identification of potential risks for a company. There are two distinct kinds of risk that a company may encounter: external and internal. External risk is risk incurred from the environment in which the company operates. These can be legal, regulatory, financial, and cultural risks. Internal risk is risk incurred from within an organization. This can be caused by an organization’s structure, resource deficiencies or allocation, and hierarchy. Risk need to be determined within the context of the business, something that will lead to different definitions of each term for different organizations.

                2 Plan Your Response
                As with any other part of the standard, companies are required to develop a plan for addressing the risk and opportunities they’ve identified. A company will need to do an in-depth assessment of the possible risks for this part. How likely are these risks? How disruptive would they be if they were to happen? What amount of resources is your company willing to dedicate to mitigating these risks? Can their likelihood be increased while mitigating the risk? Is the potential risk worth incurring for a chance at capitalizing on the opportunity? Once these assessments have been made, an organization can develop a plan for addressing the risks based on their stated strategies. Without properly assessing their appetite for risk, an organization cannot properly plan to either mitigate it or capitalize on the opportunities it presents. These plans need to be clearly laid out, with a plan for documenting the process and keep clear records on it.

                3 Integrate the Response into Your QMS
                This step requires a company to insert the plan they’ve developed for addressing risk and opportunity into the greater framework of the QMS that they already have in place. This step is critical, in that the plan needs to allow for the rest of a company’s QMS to remain seamless. As a standard that emphasizes universal application, the nature will require that the process developed for addressing risk be compatible with all other procedures in the company. For this reason, keeping a company’s QMS in mind as it goes through the process of developing a plan for addressing risk and opportunity can prove to be helpful. Developing a plan only to find that it doesn’t integrate well into the larger process means time and energy has been wasted.

                4 Evaluate Effectiveness
                As with any other procedure in a company , proper documentation and record keeping processes will need to be put in place. This is where a company can record the outcomes and measure the effectiveness of their efforts. This stage in the process is also why it is crucial to develop a comprehensive assessment of the company’s willingness to take on risk and pursue potential opportunities. Without a detailed understanding of the company’s aims in regards to both risk and opportunity, it will be all but impossible to properly assess the effectiveness of the process that’s been implemented. As with any procedure , this step allows for the constant scanning of potential inefficiencies that can be improved upon. It should be noted that context is also a key factor in any risk assessment process. Risk at one juncture of the process might look different than the same risk at another juncture. This is why having a comprehensive strategy for risk assessment is critical. Preparing for and thinking about all the possibilities will help better prepare your company.

                5.4 Development

                5.4.1 Design and Development Planning

                The organization must maintain a documented procedure to plan and control the design and development of the product. The organization’s procedures is to identify:
                o Design and development plans and plan updates
                o The design and development stages
                o The resources, responsibilities, authorities, and their interfaces to ensure effective communication
                o The review, verification, and validation activities necessary to complete each design and development stage
                o The requirements for a final review of the design

                The procedure must ensure that all the requirements of design and development as given in clause 5.4 are met even when design and development activities are performed at different locations within the same organization. The procedure must include the requirements of outsourcing as given in clause 5.6.1.6

                Design and development for products will vary greatly in complexity. Some products present low risks while others may present significant risk, based upon their design and application. All product in the Petroleum, Oil and Gas Industry is expected to meet the requirements of 5.4 Design & Development. The organization shall maintain a documented procedure to plan and control the design and development of the product.

                • Plans and Updates: Plan and control procedure must include the design and development plans and plan updates.
                • D&D Stages: Under this Subpart, organizations are required to identify the D&D stage in its plan and control procedure.
                • Resources, Responsibilities & Authorities: Plan and control procedures must include the resources, responsibilities, authorities and their interfaces to ensure effective communication for the D&D activities
                • Review Activities: In addition to identifying the different D&D stages in the plan and control procedure, organizations must include the review, verification, and validation activities necessary to complete each design and development stage.
                • Final Review: The plan and control procedure the requirements for a final review of the design.

                Design planning must specify the design and development stages, activities and tasks; responsibilities; timeline and resources; specific tests, validations and reviews; and outcomes. There are many tools available for planning ranging from a simple checklist to complex software. Control product design and development planning activities including:

                1. Scope of the design e.g. customer requirements design rationale, design assumptions, objectives, complexity, size, detail, timescales, criticality, constraints, risks, producibility, accessibility, maintainability;
                2. Stages of the design process, distinct activities and review e.g. work breakdown structure, work packages (tasks, resources, responsibilities, content, inputs/outputs), concept design, preliminary design, detail design, design review gates preliminary design review, detail design review, critical design review);
                3. Verification and validation activities comprising checks, trials, tests, simulations, demonstrations required to ensure requirements are met;
                4. Assignment of responsibilities and authorities e.g. job profiles, CVs, accountability statements, delegation of authority, levels of approval, register of authority and approvals, authorized signatories;
                5. Internal and external resources such as knowledge acquisition, people, competency, investment, funding, facilities, equipment, innovation, technology, interested parties (customers, external providers, research establishments), information (principles, standards, rules, codes of practice);
                6. Organizational interfaces such as personnel and functions e.g. sales, project management, production, procurement, quality, finance, customers, end users;
                7. Levels of control required or implied by interested parties (customers, regulators, end users etc.) e.g. customer acceptance, safety checks, risk management, verification/validation activity, product certification;
                8. Required documented information e.g. design plan, design reviews, design outputs (specifications, schemes, drawings, models, data, reports), control plans, certificates.

                The design management plan typically includes specific quality practices, assessment methodology, record-keeping, documentation requirements, resources, etc., and usually reference the sequence of activities relevant to a particular design or design category. The design management plan references applicable codes, standards, regulations and specifications. and describe the interfaces with different groups or activities that provide, or result in, an input to the design and development process. Each design activity is planned, divided into phases, and tasks assigned to competent and skilled design personnel equipped with adequate tools and resources. Design management plans are documented and updated as the design evolves. As required, at the commencement of a design package, the Design Manager is required to complete a Design Management Plan (DMP) which will include at a minimum:

                1. Confirmation of the standards baseline used for the work being undertaken and an explanation of how compliance to this baseline will be demonstrated;
                2. An organisation chart with defined responsibilities for all staff with direct involvement in design or with a potential impact on safety;
                3. Skills matrix to define the competence of individuals with ‘prepare’, ‘check’ and ‘approval’ duties;
                4. Scope definition and interface identification including key issues and operational requirements;
                5. Projected output, timelines, milestones, and defined deliverables;
                6. Stated processes and procedures to ensure acceptable quality assurance will be demonstrated and records maintained (specifically the formal Assurance Gates);
                7. Processes and procedures to be used to ensure compliance with the engineering safety management;
                8. The design review process, both single (SDR) and multi-design consultant (IDR) reviews and stakeholder intervention, prior to the Assurance Gate Reviews at 20%, 60% & 100% design completion stages;
                9. Explanation of how compliance with input requirements will be demonstrated.

                5.4.2 Design and Development Inputs

                The organization must identify the D&D Inputs and review them for adequacy, completeness, and lack of conflict. The functional and technical requirements of D&D Inputs can be customer-specified requirements , requirements provided from external sources, including API product specifications, environmental and operational conditions, methodology, assumptions, and formulae documentations, historical performance and other information derived from previous similar designs, legal requirements and results from risk assessments . The design inputs must be recorded.

                Define which design and development inputs are required to carry out the design and development process. The inputs should be determined according to the design and development activities. For example, which employees are required or what information is required for every step of the development process. When determining design input requirements, ensure the retention of documented information such as:

                • Statutory and regulatory requirements e.g. legislation, regulation, directives;
                • Standards or codes of practice e.g. policies, standards, specifications, rules and aids, protocols, guidance, industry codes
                • Functional and performance requirements informed by customer requirements, operational and performance charateristics, usability, reliability, availability, maintainability, and safety (e.g. Human factors and RAMS);
                • Knowledge exchange from other, similar proven designs, lessons-learned, performance data, in-service data, customer feedback, external feeback, best practice, benchmarking;
                • Design assumptions and associated risks;
                • Methods of validation and verification;
                • Adequacy of inputs e.g. clear, complete, unambiguous, and authorized;
                • Conflicting inputs are resolved by communicating with interested parties/contract amendments.

                Conceptual Design Statement (CDS)

                The Conceptual Design Statement (CDS) includes a design statement that declares the inputs to be used in the design and the proposed design solution. A design statement illustrates the principles concepts and input data relevant to the design and allows relevant stakeholders to understand the thinking behind any chosen design solution. The Design Team will normally produce a Conceptual Design Statement that states the standards and requirements against which the design is to be developed, the processes to be applied and the level of independent checking to be carried out (if any) that is proportionate to the level of risk. The design activities are then carried out by the Design Team using the CDS as the basis. Design and development inputs are documented and controlled. Design and development inputs can be in any form, including data sheets, customer drawings and specifications, photographs, samples, references to standards, etc.

                Design standards baseline

                All designs are based on a list of approved design standards, referred to as the Standards Baseline. This list is owned and managed by the Engineering Manager. The Standards Baseline is made up of a combination of National and International Standards, National Engineering Specifications, and Approved Codes of Practice. The Standards Baseline should be reviewed monthly and any changes are controlled by the Engineering Manager. At the commencement of any given design package, the Design Team is required to specify the Standards Baseline that will be used in the design. The Engineering Manager should be responsible for checking that the correct design standards have been specified and for verifying that the design output complies with these standards and design requirements. Due to the continuous review and updating of standards, the baseline between different design instructions may vary so a strict configuration control is maintained and only agreed changes are used in the assurance process. Once a design package has been instructed, the baseline for that element of work becomes fixed and will not reflect any subsequent changes in standards.

                Design assumptions

                Assumptions will normally be statements to fill uncertainties in available information. They are generated by the Design Team in order to allow designs to continue in the early stages. The anticipation is that assumptions are temporary and are closed out either by obtaining data or updating documents to confirm or change the assumption. Assumptions have the potential to be incorrect, and are therefore a source of risk, that require management. Any associated risk is identified and raised through the Risk Register. The assumption management activity is coordinated by Design Manager, with input from the Design Team. Assumptions regarding domain knowledge include facts about the application of the end product or service that allow requirements to be developed in a particular context. The assumptions are normally traceable to gaps or inconsistencies in the design inputs e.g. incomplete or conflicting functional requirements, inconsistencies between the applicable Standards, unclear scope of work, or demarcation issues. The Responsible Body; which might be another company, organisation, person, or team against which an assumption has been made or who are responsible for providing a feature or undertaking an action to resolve an assumption agreed by them. Qualifying criteria for design assumptions are based on the following:

                • Assumptions on scope and allocation;
                • Assumption regarding gap or conflict in the stated capabilities, systems or operational aspects;
                • Conflict between standards;
                • Assumptions due to missing design data;
                • Assumptions regarding a design decision;
                • Assumptions relating to interface issues.

                Assumptions must not be raised on programme and cost related matters. The requirements or the design statement will be verifiable against the raised assumption or the origin of the assumption. Assumptions are accepted by the Resolving Body; they may be turned into design requirements or project risks. The process for managing design assumptions is summarised as follows:

                • Assumptions are managed using an Assumptions Register;
                • The Design Team propose an assumption to fill an uncertainty;
                • The Engineering Manager reviews the suitability of the assumption against the criteria;
                • Once agreed with the Resolving Body, the Design Team updates the assumption register;
                • Action owner closes out assumption by agreed date, this could be done either by establishing additional data or confirming a decision;
                • The Engineering Manager monitors that action owners are closing out assumptions and takes action to expedite if necessary;
                • Any assumption remaining at the end of the design phase must be clearly recorded in the Assumptions Register and transferred to the Risk Register.

                Assumptions are considered closed when they are successfully resolved i.e. accepted by the Resolving Body and the Resolving Body has taken an action that is documented in a resolving document. This resolving document must be properly reviewed, verified and issued before the closure of an assumption is accepted. The respective Gate Review Authority are the final authority to accept or reject the closure of an assumption. The confirmation of closure is noted in the Assumptions Register and a reference to the resolving document with the relevant clause is provided for verification purposes.

                Design requirements

                The design management process is geared towards meeting customer requirements, while providing a product cost, which enables organizations to have a satisfactory return on investment. The physical and performance requirements of a product used as a basis for product design and development; includes user requirements, regulatory requirements, and system requirements. The customer and user requirements are translated into design requirements and may either be hardware or software (according to intended use) and included in the design specifications and other design documents.

                The requirements are reviewed for adequacy by a cross functional, multidisciplinary team involving Design, Engineering, Sales, Manufacturing, Procurement, Sales and Quality to ensure the requirements are complete, unambiguous and not in conflict with each other. The Design Team notifies Engineering Manager if the requirements are ambiguous or conflict with each other. The Design Team produces evidence of the capture of and compliance with the requirements. This evidence is presented in the Requirements Register. The Design Team should provide compliance matrices and verification reports to demonstrate how the designs meet the requirements, supported by the compliance rationale, evidence, models and analysis as required, whilst ensuring that:

                • All requirements are traceable to the identifier, author, rationale, source, requirement owner, allocation and stakeholder;
                • All requirements have been validated and approved by identified personnel;
                • All requirements set been reviewed and agreed with the customer;
                • Are requirements are recorded into the project applicable database;
                • All allocated requirements are understood and accepted by all the recipients.

                In order to progress their close-out and acceptance, compliance statements are prepared and allocated to each requirement, commensurate to the design stage e.g. Gate 1, 2, or 3. Links and references to supporting drawings and documents are provided as the design progresses.

                Customer supplied user requirements are transferred to the Requirements Review Checklist and additional requirements are addressed with the customer. The Marketing Manager and the Sales Manager should identify and document the markets’ need for new solutions in a requirement statement which serves as the input for design and development work. The requirement statement includes the following:

                • What is required (features/functions, etc.);
                • Why it is needed (customer demand);
                • When it is needed;
                • Assumptions needed to progress the design;
                • Risk and opportunity, and hazard analysis;
                • Requirements for performance, reliability, safety, statutory and regulatory, etc.;
                • Pricing targets and design project milestones.

                When a product is designed or modified to meet specific customer requirements, the Engineering Manager receives from Marketing Manager and the Sales Manager an outline design order with customer requirements and specifications. The Design Team translates the needs and expectations from the requirements and design statements to technical specifications for materials, products, services and processes.

                Design interfaces

                Where necessary, the Design Team should form working groups to develop interface control documents and record agreements for interfacing stakeholders in order to elicit their requirements and to provide feedback that may be important to your designs. Their emphasis should be on the identification and co-ordination of the important characteristics, parameters and configurations that need to be developed to deliver effective interface designs. The level of detail documented must be proportionate with the level of detail being developed in the design outputs.

                1. Identify, specify and manage interfaces;
                2. Assist in the resolution of interface issues relating to commercial or contractual issues;
                3. Assist in the production of and agree interface documents with interfacing parties;
                4. Ensure that the process of interface management is fully supported during the development of detailed designs;
                5. Review and monitor the development of interface identification.

                Design documentation

                The established document numbering system must be used by the Design Team. All documents produced to support the design and the design assurance process should be listed in the Master Design Document List, which is a list of all plans, processes and procedures to be used to control the safety, quality and efficiency of the design output.

                All design documents must follow the ‘Prepare’, ‘Check’, and ‘Approve’ process, evidenced by the signatures of competent individuals. All design documents should be signed off in the three categories:

                1. Prepared – by a competent person who produces the design document, checking their own work complies with codes and standards governing that work.
                2. Checked – by a competent person able to undertake a formal detailed check/review of design methods, codes and standards used, deliverables, calculations, drawings and specifications produced by another member of the Design Team. This role is undertaken by a competent person of the same discipline, not the Preparer, but can be a member of the same team.
                3. Approved – by a competent person of the same discipline, but not a member of the same team, able to undertake a review of the design output after detail checking has taken place to validate that the design is consistent with requirements, is fully integrated and satisfies interface requirements.

                Design and development reference materials (e.g. standards, catalogues, etc.) should be available and maintained by the Engineering Manager. Only current issues and revisions of reference material must be used. All documents produced to support the design and the design assurance process must be listed in the Master Design Documents List.

                5.4.3 Design and Development Outputs

                The outputs of Design and Development should meet the input requirements for design and development. It must provide appropriate information for purchasing, production, and servicing. It must identify or must design acceptance criteria (DAC). It must identify or refer to products and/or components which are critical to the design. It must include results of applicable calculations and must specify the characteristics of the product that are essential for its safe and proper use. The organization must document its D & D outputs for verification against the design and development input requirements. The design output must be recorded. Identification of criticality of products and/or components can be maintained outside of the design and development process.

                The design and development output is the result of design and development process. The output is a clear description of the product, containing detailed information for production. The organization’s design and development outputs reconcile with its design and development inputs by:

                1. Ensuring outputs meet input requirements e.g. checklists, design review records, authorization to proceed, customer acceptance, and product certification;
                2. Ensuring outputs are adequate for product and service provision e.g. standards, specifications, schemes, drawings, models, part lists, materials, methods, manufacturing instructions, technical packages, tooling, machine programs, preservation, handling, packaging, specialist training, user instructions, service manuals, repair schemes, and external provision;
                3. Reference to monitoring and measuring equipment e.g. inspection equipment, gages, instruments, environment;
                4. Acceptance criteria e.g. product/service specification, limits, tolerances, and quality acceptance standards;
                5. Product/service characteristics e.g. key characteristics, customer critical features, interface features, inspections, service intervals, and operating characteristics;
                6. Critical items such as identification, key characteristics, special handling, service intervals, component lifing, cyclic life, life management plans, source and method change, and traceability;
                7. Outputs are approved prior to release e.g. scope of authorization, authorized persons, levels of authorization, method of authorization and documented information is retained.

                Outputs of the detailed design are the final technical documents used for purchasing, production, installation, inspection and testing, and servicing. Design output includes production specifications as well as descriptive materials which define and characterize the finished design and include drawings and documents used to procure components, fabricate, test, inspect, install, maintain, and service the product. Design and development outputs are in the form of documented information that defines the product, including its characteristics that affect safety, fitness for use, performance, and reliability are provided for the manufacturing phase:

                1. Schematics, assembly drawings and wiring diagrams.
                2. Component and material specifications.
                3. Production and process specifications.
                4. Software design specifications.
                5. Bills of materials.
                6. User operation and maintenance instructions.
                7. Results of risk analysis and transfer of residual risk.
                8. Software source code and software machine code.
                9. Results of verification and validation activities.
                10. Quality assurance specifications and procedures.
                11. Installation and servicing procedures.
                12. Packaging and labeling specifications, including methods and processes.
                13. Details of new or revised procedures, work instructions, or processes.
                14. Applicable workmanship standards.
                15. Inspection and test criteria.

                Specifications and procedures for product packaging and labeling are also part of the design and development output. Support documentation (e.g. calculations, risk analysis, test results, verification and validation reports, etc.) is also part of the design and development output. The transfer of a design to production typically involves review and approval of specifications and procedures and, where applicable, the proving of the adequacy of the specification, methods and procedures through process validation including the testing of finished product under actual or simulated use conditions. The design transfer phase ensures that the design is correctly translated into production specifications, such as assembly drawings, component procurement specifications, workmanship standards, manufacturing instructions, and inspection and test specifications. They may also be:

                1. Documentation (in electronic format as well as paper);
                2. Training materials (e.g. manufacturing processes, assembly, and test and inspection methods);
                3. Digital data files (e.g. computer-aided manufacturing (CAM) programming files);
                4. Manufacturing jigs and other aids (e.g. molds or templates).

                The Engineering Manager should ensure that the design transfer process addresses the following basic elements by:

                1. Undertaking a qualitative assessment of the completeness and adequacy of the production specifications;
                2. Ensuring that all documents and articles that constitute the production specifications are reviewed and approved;
                3. Ensuring that only approved specifications are used for manufacture and production.

                Prior to execution of a work transfer, analysis of any regulatory or contractual requirements are reviewed and flowed down through the supply chain to ensure compliance of any established requirements.Outputs may also include product preservation methods, identification, packaging, service requirements, etc. as appropriate.

                5.4.4 Design and Development Review

                Periodically at suitable stages of D & D , the organization must review its Design and Development. The review is performed to identify any problems and take necessary actions. The organization must evaluate the suitability, adequacy, and effectiveness of the results of design and development stages to meet specified requirements. Representatives of concerned functions should be part of the review. The result of review and any necessary action should be recorded.

                Design reviews should be carried out after the initial concept stage and again after the detailed design stage and finally, before the design is released. The design review function is carried out at various stages of the design process in order to check that the design solution is in accordance with the original design inputs and objectives and includes identification of concerns, issues and potential problems with the design. Design review meetings should be held at pre-defined points during the development process, with reviews held on an as-needed basis, depending upon the complexity of the design. Participants of design review meetings are competent to evaluate the design stage and discipline under review to permit them to examine the design and its implications.

                Assurance reviews: The Design Manager should ensure that design reviews are carried out in accordance with the Design Management Plan when the design has progressed by 20%, 60% and 100%. A cross functional, multidisciplinary team (including at least one individual who does not have direct responsibility for the design stage under review) undertake a documented, comprehensive, systematic examination of the design to evaluate its adequacy, to determines the capability of the design to meet the requirements, and to identify problems, whilst ensuring that:

                1. The input for the Design Reviews is captured from all stakeholders;
                2. All open actions from previous Design Reviews are tracked through to closure;
                3. All areas of concern are highlighted for further discussion and risk mitigation;
                4. All design reviews are documented and shared with stakeholders in a timely manner.

                The following elements are considered during design reviews:

                1. Customer needs and expectations versus technical specifications;
                2. Ability to perform under expected conditions of use and environment;
                3. Safety and potential liability during unintended use and misuse;
                4. Safety and environmental considerations;
                5. Compliance with applicable regulatory requirements, national, and international standards;
                6. Comparison with similar designs for analysis of previous quality problems and possible recurrence;
                7. Reliability, serviceability, and maintainability;
                8. Product acceptance/rejection criteria, aesthetic specifications and acceptance criteria;
                9. Ease of assembly, installation, and safety factors;
                10. Packaging, handling, storage, shelf life, and disposability;
                11. Failure modes and effects analysis;
                12. Ability to diagnose and correct problems;
                13. Identification, warnings, labelling, traceability, and user instructions;
                14. Manufacturability, including special processes;
                15. Capability to inspect and test;
                16. Materials and components specifications;
                17. Review and use of standard parts.

                The reviewers are responsible for raising any comments, while the Design Manager should be responsible for capturing comments using the Design Review Meeting Minutes. Conclusions drawn during design reviews are considered and implemented as appropriate. Not all identified concerns result in corrective actions, the Engineering Manager should decide whether the issue is relevant, or the issue is erroneous or immaterial. In most cases, however, resolution involves a design change, a change in requirements, or a combination of the two. Records of design review meetings are retained and identify those present at the meeting and the decisions reached.

                Single-consultant Design Review (SDR): The Single-consultant Design Review (SDR) is a presentation of the design to relevant stakeholders. These reviews are carried out by the Design Manager when the design has progressed by 20%, 60% and 100%. The purpose of the review is to present evidence at each of these stages to confirm that the design is compliant with the standards and requirements defined in the Conceptual Design Statement. The reviewers are responsible for raising any comments, while the Design Manager should be responsible for capturing comments using the Design Review Meeting Minutes, and referencing the document upon which they are commenting along with their name. If a reviewer cannot attend a session it is their responsibility to ensure adequate cover or to issue their comments the Design Manager for inclusion. The minutes of SDR meetings are recorded. Meeting minutes include a detailed listing of all the documents that have provided the basis of the review. Issues raised may be addressed in the following design stage. Any outstanding issues are recorded in the Design Issues Log (or similar), presented at the Assurance Gate Review meeting as issues for the next design stage and subsequently confirmed as being closed out at the subsequent Gate.

                Inter-consultant Design Review (IDR): The Inter-consultant Design Review (IDR) is a presentation of the design of a work package or packages to interfacing Design Teams. These are carried out by the Design Manager when the design has progressed by 20%, 60% and 100%. Its primary purpose is to seek evidence that all interfaces have been agreed and that the design integrates to deliver the requirements. At each IDR an Inter-consultant Design Review Certificate is produced to evidence that all interfacing Design Teams are satisfied with the design under consideration. It should be signed by accepted representatives of the interfacing Design Teams and contain a list of any actions required to close out any exceptions raised but not deemed a bar to acceptance. The reviewers are responsible for issuing any comments in writing using the Design Review Meeting Minutes, and referencing the document upon which they are commenting along with their name. If a reviewer cannot attend a session it is their responsibility to ensure adequate cover. The minutes of IDR meetings are recorded and include a detailed listing of all the documents that have provided the basis of the review. Issues raised may be addressed in the following design stage. Any outstanding issues are recorded in the Design Issues Log (or similar), presented at the Assurance Gate Review Meeting as issues for the next design stage and subsequently confirmed as being closed out at the subsequent Gate. Other instances of design reviews may be required when the Engineering Manager has identified significant design change that requires a review to revalidate the design.

                Assurance gate reviews: The Assurance Gate Reviews 1 to 3 are the primary control mechanism that provides progressive assurance when evidence is reviewed at defined stages to confirm that the designs produced meet the design project’s objectives, requirements, obligations and that the risks associated with the engineering are identified and fully understood.

                1. Gate 1 – (Initial concept (20% complete) The details will be outline only but will define the character, limit and form of manufacture, fabrication or construction.
                2. Gate 2 – (Functional design (60% complete) At this stage the design has progressed to an intermediate position (progress check at 60% complete) This Gate is a check point at about the mid-point between Gate 1 and the final design. At the outset of a design project, the target deliverables at Gate 2 are clearly defined so that it provides an interim way point to confirm progress.
                3. Gate 3 – (Detailed design ready for manufacture, fabrication or construction (100% complete) At this stage the design is complete and ready to be issued for manufacture, fabrication, or construction. Design details are finalised and fully integrated with other interfaces.

                The purpose of the Assurance Gate Review process is to provide progressive assurance during the design stage that the objectives of the design intent can be achieved and that the design can progress successfully to the next stage. The next stage of the design process can only proceed when the Assurance Gate Review is successfully passed. If the evidence submitted at the Assurance Gate Review demonstrates that the design meets the objectives, it will be approved. If the Gate Review Panel decides that the submitted deliverables fall short of the requirements, the design will not pass through the Assurance Gate Review and is therefore prevented from proceeding to the next stage. The Gate Review Panel also known as the ‘Approval Authority’ has the responsibility to make the appropriate decision at each Assurance Gate Review. The Gate Review Panel is a multi-discipline committee formed of members from various departments and stakeholders throughout the organization. The Gate Review Panel members should be selected based on perceived risks, applicable regulatory or legal requirements, technical complexity, financial repercussions and criticality of the product. Department representation should include: Quality, Manufacturing, Engineering, Sales, Planning, Purchasing, Business Development, Contract, Legal, or others as deemed necessary. Formal, documented design and development Assurance Gate Reviews should be held at appropriate stages of the design and development cycle and include representatives from all concerned functions and stakeholders. Each Assurance Gate Review focuses on assessing whether the design deliverables meet all the objectives and appropriate criteria. The minimum approval criteria used for determining whether the design meets the intent are set out below. In addition to these minimum requirements, the Engineering Manager may specify further criteria at the outset of each design stage. The Gate Review Panel is responsible for managing the Gates Review process thereby ensuring that:

                1. The design progress and the design status has successfully reached a stage of development appropriate to the Gate being assessed;
                2. Cost and programme issues have been agreed and align with budget constraints;
                3. The assurance evidence presented to the panel is sufficient to support the Gate requirements;
                4. The risks are either designed out, have appropriate mitigation or have been clearly identified and agreed that they can proceed to the next stage;
                5. All the necessary deliverables and other legal have been identified, complied with and that the design is compliant with any including undertakings and assurances;
                6. At the conclusion of the Gate Review Panel and the Gates Chair Person a shall confer, taking full account of the views of the other Panel Members, and decide whether or not the design submission and presentation meets the Assurance Gate Review objectives and consequently can be given a pass or is prevented from passing the Gate.
                7. If the Gates Chair Person decides that missing deliverables or evidence do not impact on the ability of the project to proceed, then a conditional pass may be given, subject to the remaining deliverables being completed within a specified time.
                8. The conditions and timescales are conveyed to the Design Manager at the Review;
                9. Where conditions are raised that are potentially of a significant risk, consideration shall be given to inclusion of the conditions;
                10. The Gate Review Panel’s findings and decisions are recorded, together with any supporting data.

                The Design Review Meeting Minutes should capture the results of the Gate Review Panel’s review. It serves as a record of the review and summaries the findings. The key aspects of the report are recording the evidence presented to satisfy the approval criteria and using this to support the decision regarding pass or re submission. It is the Design Manager’s responsibility to assemble and present to the Gate Review Panel sufficient evidence, see table of deliverables below, when the design has progressed to 20%, 60% and 100%, to enable the Gate Review Panel to discharge their duties. Key design deliverables that are associated with the Assurance Gate Review are provided to the Gate Review Panel at least 5 working days prior to the scheduled review date

                5.4.5 Design and Development Verification and Final Review

                In accordance with planned arrangements the design and development verification and a final review must be conducted and documented to ensure that the design and development outputs meets the design and development input requirements. Design and development verification and the final review must be recorded.

                Design verification is confirmation by examination and provision of objective evidence that the specified input requirements have been fulfilled. Any approach which establishes conformance with a design input requirement is an acceptable means of verifying the design with respect to that requirement. Complex designs require more and different types of verification activities. The nature of verification activities varies according to the type of design output. Design verification is carried out to check that the outputs from each design phase meet the stated requirements for the phase. Requirements traceability verification is undertaken to ensure that the design fulfills the design concept, while expressing the necessary functional and technical requirements. This process verified throughout the Assurance Gate Reviews. In most cases, verification activities are completed prior to each design review, and the verification results are submitted to the reviewers along with the other design deliverables to be reviewed. The results of the design verification, including identification of the design, method(s), the date, and the individual performing the verification, shall be documented and retained.

                5.4.6 Design and Development Validation and Approval

                Design and development validation shall be performed in accordance with planned arrangements to ensure that the resulting product is capable of meeting the specified requirements. Validation shall be completed prior to the delivery of the product, when possible. The completed design shall be approved after validation. Competent individual other than the person or persons who developed the design shall approve the final design. Records of the design and development validation, approval, and any necessary actions shall be maintained .

                Design and development validation shall be performed in accordance with planned arrangements to ensure that the resulting product is capable of meeting the specified requirements. Validation shall be completed prior to the delivery of the product, when possible. Design validation is similar to verification, except this time you should check the designed product under conditions of actual use. If you are designing dune buggies, you might take your creation for a spin on the beach. If you are making beverages, you might conduct a consumer taste test. Verification is a documentary review while validation is a real-world test. Perform design and development validation by ensuring the product meets the specified requirements. Maintain records of validation activities and approvals. Design validation follows successful verification, and ensures, by examination and provision of objective evidence, that each requirement for a particular use is fulfilled. The performance characteristics that are to be assessed are identified, and validation methods and acceptance criteria are established . At the commencement of the design project, the requirements received from the previous design phase form the initial baseline. During design reviews, the requirements are considered to ensure that the right requirements and any assumptions have been captured, to identify missing requirements and ensure that the design intent will meet those requirements. The results of the design validation, including identification of the design, method, the date, and the individual(s) performing the validation, should be documented and retained. The organization shall have records that the product designed will meet defined user needs prior to delivery of the product to the customer, as appropriate. Methods of validation could include simulation techniques, proto-type build and evaluation, comparison to similar proven designs, beta testing, field evaluations, etc. Irrespective of the methods used, the validation activity should be planned, executed with records maintained as defined in the planning activity. Retain documented information to demonstrate that the any test plans and test procedures have been observed, and that their criteria have been met, and that the design meets the specified requirements for all identified operational conditions e.g. reports, calculations, test results, data, and reviews.

                5.4.7 Design and Development Changes

                Any changes for Design and Development must be identified, reviewed, verified, and validated, as appropriate, and approved before implementation. The review of design and development changes includes evaluation of the effect of the changes on product and/or their constituent parts already delivered. Design and development changes must have all the controls as with the original design and development. This includes change in the design documents. The design and development changes, their review and any necessary action must be recorded.

                It is important to control design changes throughout the design and development process and it should be clear how these changes are handled and what affects they have on the product. The organization has retained documented information concerning:

                • Design and development changes;
                • The results of reviews;
                • The authorization of changes;
                • Actions taken to prevent adverse impacts.

                The organization should begin identifying, reviewing and controlling of design changes including the implementation of a process to notify the customer when changes affect the customer requirement e.g. customer communication, notifications of change, requests for deviation, and contract amendments. The Engineering Manager in conjunction with the Design Manager is responsible for evaluating the risks and the impact of design changes against the criteria. The Engineering Manager logs all change requests in the Design Change Request Log, performs an evaluation and either approves or denies the request. Major changes are also evaluated by any affected stakeholders. All change requests serve as design and development inputs for design and development changes. Design documentation is updated to accurately reflect the revised design.

                It is as important to control design changes throughout the design and development process and it should be clear how these changes are handled and what effects they have on the product. Ensure control over design and development changes, design changes must be:

                • Identified.
                • Recorded.
                • Reviewed.
                • Verified.
                • Validated.
                • Approved.

                Configuration control can be managed via alteration requests, notice of change, amendments, deviations, waivers, concessions, part revision changes, part number changes, change categories, service bulletins, modification bulletins, airworthiness directives, engineering communication notice, product change boards. Design and development changes (after the original verification and validation) have to be ‘verified and validated as appropriate’ (as well as reviewed) and to ‘include evaluation of the effect of changes on constituent parts and products already delivered’. If the organization chooses not to perform re-verification and re-validation on every design change, then the auditor should expect to see some very well-defined criteria as to when the activity needs to occur. Retain documented information that includes design change history, evaluation of change results, authorization of change and actions taken in relation to subsequent activities that are impacted by the change.

                5.5 Contingency Planning

                5.5.1 General

                The organization must maintain a documented procedure for contingency planning needed to address risk associated with impact on delivery and quality of product. Contingency planning must be based on assessed risks, and output to be documented and communicated to the relevant personnel and updated as required.

                While contingency has been applied by the industry for years, application has been inconsistent and has overlooked critical information to mitigate risks. The standard mandates that a documented procedure for contingency planning must be available. This requirement for the procedure will include risk mitigation for delivery and quality of product. Contingency planning needed to address risk associated with the impact on:

                • Delivery and Product Quality.
                • Based on assessed risk
                • Communicated to relevant personnel.

                5.5.2 Planning Output

                The contingency plan is to include, at a minimum actions required in response to significant risk scenarios to mitigate effects of disruptive incidents, identification and assignment of responsibilities and authorities and internal and external communication controls .

                Contingency planning output must be documented and communicated to the relevant operational personnel and updated as required to minimize the likelihood or duration of disruption of manufacturing. The outputs of the contingency planning must be based on assessed risks that were discussed in section 5.3 of this specification. As mentioned in the dictation under 5.5.1, the better the Risk Assessment, the less disruption and the smaller the likelihood of an incident. If an incident does occur, it is more likely to be contained or controlled through contingency planning, thereby minimizing loss.

                The contingency plan shall include, at a minimum:

                • Actions required in response to significant risk scenarios to mitigate effects of disruptive incidents;
                • Identification and assignment of responsibilities and authorities, and
                • Internal and external communications controls

                Actions Required in Response to Significant Risks covers actions required in response to significant risk scenarios to mitigate effects of disruptive incidents. This is obvious and is what most manufactures often think of when doing contingency planning. This is how we prevent or mitigate the “Incident” we discussed in 5.5.1 of the specification. Here, the manufacture must review different real and potential risk scenarios and do the proper assessments to understand the in order to prevent and/or mitigate the loss. Most manufactures do this as it relates to HSE. However, API Spec Q1 requires this to be done to include delivery and product quality related incidents as well                                     ,                                              

                The basic contingency planning process includes

                1. Map out essential processes.

                What processes are essential to your business and safely delivering your product or service to customers? If you’re a manufacturing company that ships directly to consumers, a simplified process list might look something like this:

                • Getting raw materials from suppliers
                • Manufacturing process
                • Freight and shipping
                • Packaging and warehousing
                • Last-mile delivery

                Looking at this list, you can see how vulnerable it is to natural disasters or even minor human errors.

                2.Create a list of risks for each process.
                Once the process list is created, consider what might disrupt business continuity. What can go wrong with each of these critical processes? Let’s look at an example of what could go wrong with “last-mile delivery”

                • The driver can deliver single or multiple packages to the wrong address.
                • The package can be damaged during delivery.
                • The package could get lost at a distribution center.
                • A truck full of packages could be involved in an accident.
                • A flood could cripple the road system in a specific area.
                • The driver could get delayed because a moose wants to lick salt splatter off the car (seriously, it’s a thing).
                • And that’s only a preliminary list. Once you start thinking about it, you’ll realize how many things you rely on to avoid going wrong, even for fundamental processes.

                Every business process is vulnerable to some sort of emergency or human error.

                3. Evaluate the potential impact and likelihood of each risk.
                Once the risks are identified, it’s essential to determine how they could impact your business. Are they likely to happen? How large will the impact on your business if they do occur? Most companies use “qualitative risk assessment” to do this.

                4. Calculate costs and contingency reserves, and identify issues to mitigate.

                The quantitative risk assessment approach is to assess the potential cost of each risk. This means you can make an educated decision when budgeting contingency reserves into project plans and yearly budgets. During the risk analysis, estimate the potential costs of the adverse event.

                5. Create a response plan for prioritized events.

                Create a response plan for events by exploring the following questions:

                • What can be done ahead of time to minimize any adverse effects on the event? For example, backing up data, carrying extra stock, or having more employees on call.
                • What can be done immediately after the event to minimize the impact? For example, ordering more from a secondary supplier, rerouting another vehicle, or bringing in on-call staff.

                The specifics depend on your company’s unique processes and situation.

                5.6 Purchasing

                5.6.1 Purchasing Control

                5.6.1.1 Procedure

                Procurement and the controls of materials, products and suppliers is one of the most critical elements of API Q1. The organization must maintain a documented procedure to ensure that purchased product or outsourced activities conform to specified requirements and must address:
                a) the determination of the criticality of activities or products as they are applicable to conformance to product or customer specifications
                b) Initial evaluation and selection of suppliers based on their ability to supply products or activities in accordance with the organization’s requirements
                c) type and extent of control applied to the supplier based on the criticality of product or activity
                d) criteria, scope, frequency, and methods for reassessment of suppliers
                e) maintaining a list of approved suppliers and scope of approval, and
                f) type and extent of control applied to outsourced activities

                a) Determination of Criticality: The determination of the criticality of the activities or products as they are applicable to conformance to product or customer specifications. This is an important requirement to both ensure that all incoming raw materials, components and finished product(s) meet specification. It is also important factor for determining which suppliers may or may not be critical as well.
                b) Initial Evaluation of Suppliers: Initial evaluation and selection of suppliers based on their ability to supply products or activities in accordance with the organization’s requirements
                Some things to consider here include:
                o Suppliers ability to meet the organizational requirements
                o Suppliers ability to meet customer requirements
                o The supplier’s actual capacity and capability of meeting organization requirements.
                c) Applied Control: This mandates that organizations include in the procedures, the type and extent of control applied to the supplier and activities or products based on the of the activities or products. The term “criticality” is important. The criticality of the activities or products as well as the supplier’s risks, determines the type and extent of controls that the organization provides for the supplier, activities or products.
                d) Reassessment of Suppliers: The procedure shall address:
                o Criteria
                o Scope
                o Frequency
                o For supplier reassessments
                e) Approved Supplier Listing: The procedure shall address:
                o List of approved suppliers
                o Scope of approval
                f) Control Over Outsourced Activities: The procedure shall address the type and extent of control to be applied to outsourced activities. The amount of control normally takes the suppliers performance into account. Some performance criteria include:

                1. Quality of product and service
                2. On time delivery
                3. Reporting & documentation
                4. Budget
                5. Risk(s)

                Supplier approval
                Approved suppliers must have satisfactorily demonstrated their ability to meet your business’s requirements, as well as customer and legal requirements, as determined and evidenced by the initial supplier evaluation process. Suppliers are often approved, or not approved, on the basis of financial standing, preferred cost, product expertise, past performance, technology, logistics, supply chain integrity, business risk, and any known significant environmental, or health and safety compliance issues. If the supplier is acceptable, they should be added to your approved supplier list. Signed approval must be given by an authorized representative, typically the Quality Manager or Contracts Manager have the authority sign off on supplier approvals. The approval status of each supplier must be clearly authorized on your approved supplier list.

                5.6.1.2 Initial Supplier Evaluation—Critical Purchases

                For purchases of critical products, components or activities, the criteria for the initial evaluation of suppliers by the organization shall be site-specific for each supplier. For purchases of critical products, components or activities, the criteria for the initial evaluation of suppliers by the organization shall be site-specific for each supplier and shall include verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization. Assessment of the supplier to ensure its capability to meet the organization’s purchasing requirements by performing an on-site evaluation of relevant activities, or performing first article inspection to ensure conformance to stated requirements, or identifying how the supplied product conforms to stated requirements when limited by proprietary, legal, and/or contractual arrangements.

                  A critical vendor is one that you rely on heavily to support the most important activities within your organization – oftentimes called ‘critical activities’. While critical activities will differ between organizations, examples of critical vendors might include those who:

                  Inspection Companies– Non Destructive Testing, Magnetic Particle Inspection, thread inspection, etc. 3rd party inspection companies could be considered a critical supplier.
                  Calibration Companies – The organization requires certificates published from the 3rd party vendors. This makes calibration companies a critical supplier.
                  Material –Product and Raw Material Supplier– The Supplier for material would be considered a critical supplier to our needs since many of the products are supplied because if we would stop buying from them our operation would simply crumble
                  Trucking and delivery – These are suppliers are crucial to the end result as we depend on them to get it to the rigs, so they would definitely be considered critical.
                  O-rings, seals, and gasket suppliers – Anytime product requires O-rings, seals and gaskets they can be classified as critical.

                  Defining your critical vendors begins with being clear about your own critical activities. A good place to start is with your company’s business continuity/disaster recovery plan, which defines critical activities within your own operations. Knowing those activities will help you determine which vendors support those critical operational areas. Here are a few things you should do to get started to identify critical vendors:

                  • Inquire of your Procurement department if they maintain a listing of all vendor contracts.
                  • Review your user listings to critical systems. You should already perform periodic user access reviews, but doing so will give you an understanding of what vendors have access to your network or sensitive data.
                  • Once you have performed these tasks, you may be able to better categorize your critical vendors, according to the following classifications and how they rate within your own organization:
                    • Vendor type
                    • Regulatory requirements
                    • Specific services provided
                    • Business disruption factors
                    • Data type and volume

                  5.6.1.3 Initial Supplier Evaluation—Noncritical Purchases

                  Even for purchase of noncritical products, components, or activities that impact product realization or the final product, the criteria for evaluation of suppliers by the organization must either meet the requirements of criteria of evaluation of critical suppliers or satisfy verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization or assessment of the supplier to meet the organization’s purchasing requirements or assessment of the product upon delivery or activity upon completion.

                  A non-critical vendor is one that does not undergo the same level of examination as critical vendors. Non-critical vendors simply offer support to the operations that allow employees to do their jobs efficiently, effectively and in comfort. They do not, however, have any impact on the final product or service. These vendors may affect productivity but they do not affect the product or service provided itself. The main difference in treatment between a critical and non-critical vendor lies in the frequency between reviews and assessments. Critical vendors generally undergo reviews once a year while non-critical vendors only face reviews once every two-to-three years.

                  5.6.1.4 Supplier Reevaluation

                  For re-evaluation of all suppliers weather critical or noncritical, the requirements of 5.6.1.3 shall apply. The criteria for re-evaluation of suppliers by the organization must either meet the requirements of criteria of evaluation of critical suppliers or satisfy verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization or assessment of the supplier to meet the organization’s purchasing requirements or assessment of the product upon delivery or activity upon completion

                  A typical supplier evaluation and reevaluation might include:

                  • Gathering and analysis of data (such as technological and operational capabilities, logistics, quality, technical risks) about the supplier.
                  • An on-site assessment of the quality system or compliance review by your Audit staff.
                  • Completing and signing a quality agreement or contract.
                  • Businesses often assess the supplier’s facilities, quality system, and process controls to determine if there is potential impact on their own manufacturing or service provision processes.
                  • Assign risk levels on parts/materials, as appropriate:
                    • Determine if there is potential product or regulatory risk.
                    • Confirm the capability of the supplier to supply or manufacture to requirements.

                  5.6.1.5 Supplier Evaluation Records

                  Records of the results of all evaluations and any necessary actions arising from the evaluations shall be maintained.

                  All suppliers should be given an overall performance rating between 0-100%. Set the minimum performance threshold or benchmark to 95% for example. The resulting performance rating is an indication of a supplier’s performance ability and their ability to meet your requirements. Retain records of supplier evaluations and the related actions.

                  5.6.1.6 Outsourcing

                  When an organization choose to outsource any activity within the scope of its quality management system, the organization shall ensure that all applicable elements of its quality management system are satisfied and shall maintain responsibility for product conformance to specified requirements, including applicable API product specifications associated with product realization. Records of outsourced activities shall be maintained.

                  Monitoring Outsourcing performance
                  The performance of outsource processes must be consistently monitored by the Quality Manager or Contracts Manager. Various ways include the review of measures, targets, KPIs, score cards, dash-boards, scored ratings, or survey results. The ongoing monitoring of commonly use some of the following criteria to rate performance:

                  • An assessment of the quality and quantity of products, services or materials provided.
                  • On-time delivery performance.
                  • responsiveness/communication.
                  • Total number of corrective actions.
                  • response time.
                  • Defective parts per million (PPM).
                  • Total cost.
                  • A review of receiving records, inspection records, or acceptance records.

                  Organization should periodically communicate these results to their vendors as appropriate. On-site audits and process audits at the vendor’s premises is deemed necessary by the Quality Manager and the Purchasing, or Contracts Manager. Issues or conditions which might initiate a vendor’s audit include quality issues, engineering changes, process changes, plant location changes or the criticality of the part or service. When an audit is necessary, you should contact the vendor and schedule an on-site visit and confirm the agenda.

                  5.6.2 Purchasing Information

                  The organization must ensure prior to communicating with the supplier the adequacy of the purchasing information must be adequate and documented. Purchasing information must describe the product or activity to be purchased, including acceptance criteria, and where appropriate requirements for approval of supplier’s procedures, processes, equipment,applicable version of specifications, drawings, process requirements, inspection instructions, traceability, and other relevant technical data. It must also describe if any supplier personnel’s qualification and QMS requirements.

                  Purchase orders for items that are essential to fulfill customer requirements and directly affect the quality of your products and services should only be raised by the Purchasing Manager, or the Accounts Department (at the request of the Purchasing Manager). Purchase orders may be raised by the use of the computerized purchasing system or soft backed purchase order books. Purchase orders should contain:

                  • Supplier;
                  • Originator;
                  • Date;
                  • Purchase Order Number;
                  • Items required;
                  • Quantities;
                  • Required delivery date;
                  • Quoted prices where applicable or known;
                  • Any other information deemed critical for the supply of the material should also be noted.

                  Ensure that purchase orders or purchasing specifications include, where appropriate the requirements for the approval and acceptance of products, services, procedures, processes or equipment. Purchasing documentation should also define the requirements for approval of the supplier’s personnel, verification arrangements, or quality management system requirements as necessary. All purchase orders or purchasing specifications must be reviewed and approved before they are released to the supplier. Where appropriate, ensure the requirements for certification, inspection reports, statistical data, approval of samples, etc. are included in purchasing documents. Some purchasing documents may include an agreement obligating your suppliers to give notification of changes to their product or service. When notification is received, the Quality Manager and the Purchasing, or Contracts Manager should evaluate how, and whether the changes affect the quality of your completed products or services.

                  The organization must where appropriate, communicated not just the products or services they wish to receive but also any processes they want the external provider to undertake on their behalf. To ensure adequacy of specified purchasing information prior to their communication to the supplier, the supplier is usually requested to quote on price and availability. All pertinent purchasing information, as determined by your organization and customer requirements; should be included in the request for a quote (RfQ). The purchase order should be created after the review and acceptance of a supplier’s quote, and must contain the same content as the request for a quote. Describe the product to be purchased by:

                  • Defining product approval requirements, e.g.; certificate of conformity;
                  • Defining intended verification arrangements, e.g.; witness testing or certification;
                  • Defining personnel qualifications and quality, environmental, and safety requirements;
                  • Maintaining records.

                  Where activities are wholly outsourced, or subcontracted; your organization maintains responsibility for product conformance to all specified requirements. Purchasing information should include acceptance criteria, and where appropriate, state the requirements for the approval of supplier’s procedures, processes, and equipment. Applicable versions of specifications, drawings, process requirements, inspection instructions, traceability, relevant technical data, and requirements for qualification/competence of the supplier’s personnel, and quality management system must be specified and communicated.

                  5.6.3 Verification of Purchased Products or Activities

                  The organization must establish a documented procedure for the verification or other activities necessary for ensuring that purchased products or activities meet specified purchase requirements. Where the organization or its customer intends to perform verification at the supplier‘s premises, the organization shall state the intended verification arrangements and method of product release in the purchasing information. The organization must ensure and provide evidence that purchased products and activities conform to specified requirements. The organization shall maintain records of verification activities.

                  The documented procedure must ensure that items, which are essential to fulfilling customer requirements and which directly affect the quality of products and services, are verified upon product receipt or service delivery to verify they conform to:

                  • QMS requirements;
                  • Competency of external personnel;
                  • Purchase orders;
                  • Purchasing specification;
                  • Purchasing agreements;
                  • Delivery notes;
                  • Release certificates;
                  • Certificates of conformity;
                  • Inspection and acceptance tests;
                  • Product specifications;
                  • National or international standards.
                  • Receiving inspection

                  On receipt of incoming materials, the receiving personnel must identify and inspect the items, goods and materials and match them against the delivery note. The delivery note is compared to the corresponding purchase order and any related documentation. This inspection should include but not be limited to:

                  • Confirmation of identification using purchase order number, drawing numbers, material markings etc.;
                  • Confirmation of adherence to delivery schedule;
                  • Confirmation of conformance to purchase order requirements;
                  • Confirmation of correct quantities;
                  • Visual examination for obvious defects;
                  • Measurement comparison to drawings where required;
                  • Specified certification/documentation as required.

                  For large numbers of identical items, visual and dimensional checks should be undertaken on a minimum of 5% of the total quantity. No material is released for further processing until receiving inspection has been completed and goods accepted. All accepted materials passing immediate inspection can be allocated a storage area. Any non-compliant goods must be placed in a separate area, and clearly identified. Further investigating should determine whether the items, materials or goods are to be:

                  • Scrapped;
                  • Returned to Supplier;
                  • Reworked to a useable condition.

                  When inspecting materials that include specified certification or documentation should only be accepted when such certification and documentation has been viewed and approved by the Quality Manager or the Purchasing Manager.

                  5.7 Production and Servicing Provision

                  5.7.1 Control of Production and Servicing

                  5.7.1.1 Production

                  The organization must establish a documented procedure that describes controls associated with the production of products. The procedure shall address the availability of information that describes the characteristics of the product, when applicable implementation of the product quality plan, when applicable ensuring design requirements and related changes are satisfied, when applicable, the availability and use of suitable production, testing, monitoring, and measurement equipment,when applicable the availability of work instructions, process control documents, implementation of monitoring and measurement activities, and implementation of product release including applicable delivery and post-delivery activities.

                  • The procedure shall address the following the availability of information that describes the characteristics of the product. A product characteristic is an attributes or property of the product that describes the product’s ability to satisfy its purpose in a larger system.Examples of product characteristics are size, shape, weight, color, quality, hardness, etc. The list of product characteristics depends on your product and how its functional design requirements have been defined. Some product characteristics are more significant that others in terms of reliability, quality and safety. Thus, it can be important to identify those that are most critical.
                  • The procedure shall address the following implementation of the product quality plan, when applicable.
                  • The procedure shall address ensuring design requirements and related changes are satisfied, when applicable. Changes to the Product Quality Plan design requirements and related changes may affect the application or other risk associated with the changes therefore a review of the Design and Development process is required to ensure associated with the changes related to product quality, delivery and meeting customer requirements are affected.
                  • The availability and use of suitable Production, Testing, Monitoring and Measurement Equipment. Manufacturing in the process must ensure that production equipment required for the manufacturing process is available, based on capacity and suitability for the application required as well as having properly calibrated TMME suitable for monitoring the manufacturing process to ensure the product meets the stated specifications.
                  • The availability of work instructions, when applicable. While not stated in the specification, processes especially critical processes should have work instructions describing critical steps and include what risks to Quality, Health & Safety that could affect product quality/delivery and where employee’s health and safety are at risk. This is linked to their competencies
                  • The procedure shall address process control documents. Process control documents includes those documents demonstrating to the stated requirements (Customer, API, product standards/ codes etc.) and listed within the product quality plans, if applicable. These documents include routing, travelers, checklists, process sheets, or equivalent controls required by the company.
                  • The procedure shall address the implementation of monitoring and measurement activities.
                  • The procedure shall address the implementation of product release, including applicable delivery and post-delivery activities. Product release cannot proceed until the product meets the agreed upon planned arrangement or approved by a relevant authority and, where applicable, by the customer.

                  5.7.1.2 Servicing

                  The organization must establish a documented procedure that describes controls associated with the servicing of products. The procedure shall address the review and implementation of the organization’s, customer-specific, product servicing, and other servicing requirements, the availability and use of suitable servicing, testing, monitoring, and measurement equipment, the availability of work instructions, when applicable, ensuring identification and traceability requirements are maintained throughout the servicing process, the implementation of monitoring and measurement activities, process control documents and requirements for release of the product that was serviced.

                  • The procedure shall address review and implementation of the organization’s customer-specific, product servicing, and other servicing requirements. The documented controls in the procedure addressing these servicing requirements are critical to ensure that both the product being serviced meets requirements and to ensure that it stays within the scope of API Q1.
                  • The procedure shall address the availability and use of suitable Servicing, Testing, Monitoring and Measurement Equipment. Calibration has been replaced with Testing, Monitoring and Measurement Equipment. Monitoring also includes verification . This includes equipment that is both critical to the process while having the possibility of presenting significant risk to person, such as H2S monitors, other gas monitors, confined space monitors, etc.
                  • The procedure shall address the availability of work instructions, when applicable.
                  • During servicing, (related to returning SRP back to OEM specification) especially critical service-related product and the processes associated with the servicing of those within the manufacturing scope should have work instructions.
                  • The procedure shall ensure identification & traceability requirements are maintained throughout the servicing process.
                  • The implementation of monitoring and measurement activities.
                  • During servicing, manufacturing must ensure that all product (critical) has the proper controls by using the appropriate monitoring and measurement devices and activities. These activities are documented using the proper
                  • Process control documents includes those documents demonstrating conformance to the stated requirements (Customer, API, product standards/ codes etc.) and listed within the product quality plans if applicable. These documents include routing, travelers, checklists, process sheets, or equivalent controls required by the company.
                  • The procedure shall address the requirements for release of the product that was serviced.

                  5.7.1.3 Process Control Documents

                  Process controls are be documented in routing, travelers, checklists, process sheets, or equivalent controls as required by the organization including requirements for verifying conformance with applicable product quality plans , API product specifications, customer requirements, and/or other applicable product standards/codes. The process control documents also include or have reference to instructions and acceptance criteria for processes, tests, inspections, and required customer’s inspection hold or witness points.

                  Process control is about monitoring and controlling all aspects of a manufacturer’s production and operation. It’s part of the larger supply chain management and it works in conjunction with other operation management functions such as inventory control and quality control. The purpose of production control is to balance the output of a facility to guarantee that the specifications of the products being produced are met. It does this by applying specific actions and making insightful decisions to predict, plan and schedule work. Some of the activities that are regulated in production control include labor, the availability of materials and any restrictions on capacity and cost. The end result of production control is to achieve the expected quality and demanded quantity while monitoring the production schedule to ensure that the production plan is being met. he production control process varies from industry to industry and even business to business. That said, there are some fundamental steps that are common in any production control process. They are as follows.

                  Routing: The first step of any production control process is the definition of your operation, from beginning to end. This includes what raw materials you’ll need for production, other resources, such as labor and equipment, the needed quantity, quality expectations and where the production will take place. This process is to determine the most efficient and cost-effective step-by-step manufacturing process through scheduling.

                  Traveler: It is a document that contains all of the details about the materials and processes that went into the production of a given item. When a manufacturer receives an order, they create a work order to begin the production process. In addition to the work order, a traveler is created and moves along with the product as it flows through the production facilities. The traveler contains information about what items are necessary for the given product, what tools will be needed, and what steps the product will need to go through to be assembled.

                  Checklist for Manufacturing: A control checklist for manufacturing includes all the requirements for a product, both visual and physical. It is a beneficial tool to ensure all parties are on the same page about the demands for the parts, materials, and final product. It outlines the standards your suppliers and manufacturers should meet and describes the “ideal” product that your customer expects from you. You can think of a checklist as guidelines for all teams to follow when making and selling your products. It streamlines the cooperation process and helps eliminate any possible errors occurring along your entire manufacturing workflow.

                  Process sheet: A process sheet is a document that provides all the steps for manufacturing products.Process sheets are also processed records, production documents, or shop orders. A process sheet consists of manufacturing instructions for a specific batch, lot, or run. It describes the operating parameters and settings for the equipment and facilities used and associated tooling or supplies. It contains part information, routing information, and operation detail information.A process sheet is a set of instructions that can be followed to achieve the desired goal.

                  5.7.1.4 Product Realization Capability Documentation

                  The organization must documentation the product realization plans (see 5.2) and records of review/verification, validation, monitoring, measurement, inspection, and test activities, including criteria for product acceptance to demonstrates the capability of the organization to satisfy specified product and/or servicing requirements. Product realization documentation is evidence of the capability of the organization to manufacture products or families of products and does not extend to every work order or individual product manufactured.

                  5.7.1.5 Validation for Production & Servicing

                  This section reviews the validation of process for production and servicing. All those process of production and servicing has to be validated where the resulting output cannot be verified by subsequent monitoring or measurement, and as a consequence, deficiencies become apparent only after the product is in use or the servicing has been delivered. The organization shall maintain a documented procedure to address methods for review and approval of the processes including:

                  o Required equipment
                  o Qualification of personnel
                  o Use of specific methods
                  o Identification of acceptance criteria
                  o Requirements for records
                  o Re-validation

                  The organization shall validate those processes identified by the applicable product specification as requiring validation. If these processes are not identified, or there is no product specification involved, the processes requiring validation shall include, as a minimum, nondestructive examination, welding, and heat treating, if applicable to the product.

                  Process validation is the act of controlling a process and actually performing the necessary tests to ensure that the process can, in fact, perform according to the requirements it is designed to meet. The monitoring and measuring of the characteristic of the been designed, implemented and executed in a way that enables fulfillment of the planned results. Each organization with the implemented quality management system need validate each of their production and delivery services processes where these processes operate without exhaustive monitoring or measurement.

                  A process needs to be validated if you will not be able to check if the product or service is compliant with input requirements. An example might be a soldering process or welding process where you cannot check the strength of every weld during your regular production without damaging or destroying the parts. Not every process is required to undergo a validation so if you have a process where validation is not required you can still choose to validate the process. For instance, you may want to validate a process in order to reduce a complex or costly inspection of the product or service after the process, even if you could check that the outputs meet the input requirements. Which processes you validate is determined by you and your needs.

                  5.7.2 Product Quality Plans

                  The organization must develop a product quality plan [ can also be called as quality plan (QP), inspection and test plan (ITP), manufacturing process specification (MPS), process control plan (PCP), and quality activity plan (QAP)] which specifies the processes of QMS including the product realization process and resources to be applied to products when required by contract. The product quality plan must description of the product to be manufactured, required processes and documentation, including required inspections, tests, and records, for conformance with requirements, identification and reference to control of outsourced activities, identification of each procedure, specification, or other document referenced or used in each activity and identification of the required hold, witness, monitor, and document review points. These product quality plans must ensure customer requirements are met and must be communicated to customer. The product quality plans and any revisions must be approved by the organization and documented. A product quality plan may be comprised of one or several different documents. A product quality plan often makes references to parts of the quality manual or to procedure documents.

                  A Product Quality Plan (PQP) is a tool that will allow you to effectively communicate what you expect from your suppliers, your in-house workforce, or external contractors. It covers all areas of the production process from first concepts to the finished product. A Product quality plan is a document that specifies quality standards, practices, resources, specifications, and the sequence of activities relevant to a particular product.  An example of this can be a manufacturing company that machines metal parts. Its quality plan consists of applicable procedures, applicable workmanship standards, the measurement tolerances acceptable, the description of the material standards, and so forth. These may all be separate documents. Work orders specify the machine setups and tolerances, operations to be performed, tests, inspections, handling, storing, packaging, and delivery steps to be followed. An operating-level quality plan translates the customer requirements into actions required to produce the desired outcome and couples this with applicable procedures, standards, practices, and protocols to specify precisely what is needed, who will do it, and how it will be done. Product Quality Plan shows the techniques and procedures for controlling the product. Product Quality Plan need to consider the goals of reliability and quality. Reliability goals are established based on the needs and expectations of end users. Quality goals should be based on metrics that are gained from company production or past experience. The Product Quality Plan may be as simplistic as a one-page document or as complex as a 5” binder document set. The complexity of an Product Quality Plan varies depending on the complexity of the product.

                  5.7.3 Identification and Traceability

                  The organization must establish a documented procedure for identification and traceability while the product is under control of the organization as required by the organization, the customer, and/or the applicable product specifications throughout the product realization process, including applicable delivery and post-delivery activities. The procedure shall include requirements for maintenance or replacement of identification and/or traceability marks. Identification and traceability must be recorded.

                  Where traceability is a requirement, the organization should control and records the unique identity of the product throughout the production process to ensure that only products that have passed the required inspections and tests are utilized. The process for the identification and traceability of outputs, in terms of the monitoring and measurement requirements at all stages of production, to enable the demonstration of conformity to requirements, e.g. physical part marking, labeling, tags, bar codes, signage, visual indicators, part segregation, lay down areas, storage racks. There are several ways of identifying products to prevent them becoming mixed with other parts, components, or orders. The most obvious is using tags or stickers with a unique traceability identifier, such as a lot or batch number included on the product labels. The identification may be engraved in the product itself, or the product may simply be marked by a color. Establish and implement a procedure to identify the product through the design, development, manufacture and delivery stages. The established a traceability system should track components from raw material through inspection, test, and final release operations, including rework:

                  1. Establish the identity and status of products;
                  2. Maintain the identity and status of products;
                  3. Maintain records of serial or batch numbers.

                  5.7.4 Product Inspection/Test Status

                  The organization must establish a documented procedure for the identification of product inspection and/or test status throughout the product realization process that indicates the conformity or nonconformity of product with respect to inspections and/or tests performed. The organization shall ensure that only product that meets requirements or that is authorized under concession is released.

                  Product inspection & test status are conducted for the product identification, and all the quality requirements managed in it. Product inspection and test status documentation is managed to recording information of the quality inspection and quality test that conducted, progress of the test and its status records are managed in the documents, the quality inspection and test status is maintained for the product identification. The documentation of the Product inspection & test status are maintained each process stages that required for the manufacturing, producing materials with quality as per customer requirements. The documents covered materials and its identification method that used to product realization with detailed information is managed in the quality inspection and test status. Management of the quality concern issues and its concern methods are also maintained in details. The stages of the product management are conducted incoming materials to final product and its concern information that used for the product identification. The documentation for inspection and test status is the part of the product identification, and the records are managed by quality manager, and quality manager is responsible for the managing records and its concern activities that help to determine actions for improvement for particular stages and its methods that handled during the process.

                  5.7.5 Customer-supplied Property

                  The organization must a documented procedure for the identification, verification, safeguarding, preservation, maintenance, and control of customer-supplied property, including intellectual property and data, while under control of the organization. The procedure includes requirements for reporting to the customer any loss, damage, or unsuitability for use of customer-supplied property. The control and disposition of customer-supplied property must be recorded.

                  This contains the requirement for organizations to have documented procedures for the identification, verification, safeguarding, preservation, maintenance, and control of customer supplied property. Check that your organization communicates with its customers in regard to the handling and treatment of their property. You should also check that contingency plans and, where relevant, actions are undertaken when non-conformities occur with customer property. Good sources of information often include the following examples:

                  • Goods returned by the customer;
                  • Warranty claims;
                  • Revised invoices;
                  • Credit notes;
                  • Articles in the media;
                  • Consumer websites;
                  • Direct observation of, or communication with, the customer.

                  If there are any products, materials, or tools on your organization’s premises that are owned by a customer, all employees must exercise care with this property. This means they must ensure that the product is not lost or damaged. If customer property is lost or damaged, this needs to be recorded and the customer needs to be notified. Establish and implement a process to manage property supplied by customers:

                  • Establish the identity and status of customer supplied product;
                  • Maintaining records.

                  5.7.6 Preservation of Product

                  5.7.6.1 General

                  The organization must establish a documented procedure for preservation of product and its constituent parts, It must describe the methods used to preservation throughout product realization and delivery to the intended destination in order to maintain conformity to requirements. It must include identification and traceability marks, transportation, handling, packaging, and protection as applicable.

                  The preservation process must include packaging, storage and other product specific handling methods.

                  1. Identification and traceability– Ensure that products are properly identified and do not become mixed with other orders. You should expect to see that all products are clearly identified. This is relative to identification and traceability however for preservation of product it is a requirement and not ‘as applicable’;
                  2. Handling – This may include bulk handing using moving equipment or physical contact where handling may influence product conformity. You should verify that suitable handling methods are implemented throughout the processes.
                  3. Packaging – Ensure that labeling and marking of shipped products are sufficient to enable adequate identification and traceability back through your QMS. This should include ensuring that labeling and marking maintains its integrity and remains affixed throughout the shipping process. You should expect to see that methods have been established for packaging the product to preserve its integrity. Package products appropriately for shipping in order to preserve the product’s integrity throughout the shipping process;
                  4. Protection – Raw materials, in-process materials, inspected product, nonconforming product and product ready for shipping should also be identified with its status and protected from any unintended alteration. You should verify that appropriate measures are in place to protect product. This will vary depending on the product.

                  5.7.6.2 Storage and Assessment

                  The procedure must also identify the requirements for storage and assessment of the and its constituent parts . There must be designated storage areas or stock rooms to prevent damage or deterioration of product before its use or delivery. To check for deterioration, the condition of product or constituent parts in stock has to be assessed at specified intervals . The interval will be appropriate to the products or constituent parts being assessed.

                  The organization must use designated storage areas or stock rooms to prevent damage or deterioration of product, pending use or delivery. Appropriate methods for authorizing receipt to and dispatch from such areas shall be stipulated. The storage facilities, should not only be physical security but also the environmental conditions (e.g., temperature and humidity). In order to detect deterioration, the condition of product in stock shall be assessed at appropriate intervals. It may be appropriate to check periodically items in storage to detect possible deterioration. The methods for marking and labeling should give legible, durable information in accordance with the specifications. Consideration may need to be given to administrative procedures for expiration dates, and stock rotation and lot segregation.

                  5.7.7 Inspection and Testing

                  5.7.7.1 General

                  The organization must establish a documented procedure for inspection and testing to verify that product requirements have been met. It includes in-process and final inspection and testing. The inspection and testing results must be recorded

                  5.7.7.2  In-process Inspection and Testing

                  The organization must inspect and test the product at planned stages as per the product quality plan, process control documents , and/or documented procedures. Evidence of conformity with the acceptance criteria must be maintained.

                  5.7.7.3 Final Inspection and Testing

                  The organization must perform all final inspection and testing as per the product quality plan and/or documented procedures to validate and document conformity of the finished product to the specified requirements. Personnel who has not performed or directly supervised the production must conduct final acceptance inspection.  For single step manufacturing processes (e.g. threading), in-process and final inspection and testing may be same.

                  A product inspection is the process of examining your goods against a list of pre-set criteria to ensure they meet your quality standards. The process might include packaging and labeling checks, visual examination, functionality checks, and measurement taking.Product testing typically involves using advanced equipment in a laboratory setting to verify product safety, compliance, or performance. You might test your products to check for harmful chemicals, comply with regulations, or simulate repeated use.The key differences between inspection and testing in manufacturing are:

                  • Inspections typically take place at the factory where the goods are produced, while testing occurs in a specialized lab.
                  • Inspections typically use basic equipment that an inspector can carry with them, while testing involves advanced equipment.
                  • Inspections are typically focused on maintaining quality standards, while testing is focused on regulatory compliance and performance standards.

                  Types of inspection / verification:

                  • Quantity
                  • Description: size, weight, diameter, length
                  • 100% or sampling
                  • Visual inspection
                  • Gaging
                  • Dimensional inspection
                  • Nondestructive examination
                  • Hardness testing
                  • Positive material identification
                  • Document review (inspection reports, material test reports)

                  In-process Inspection
                  In-process inspections seek to examine workflow with the goal of reducing cycle time and Work-in-Process (WIP), while increasing capacity. Resources are evaluated to ensure proper training. Environmental factors are taken into consideration and products are inspected directly on the shop floor. The inspections can be performed by both manufacturing and inspection personnel.

                  Final Inspection
                  Final inspections take place when production is complete. The overall product is measured against engineering, customer requirements, and standards. Final inspections and device approvals play an integral role in the decision to move items to stock or shipment. An inspection report is run prior to final device approval to ensure there are no open items. A final inspection report will validate that all required operations are complete, all non-conformances have been resolved, and required traceability has been recorded.

                  Usually, the Quality Manager determines the scope of the inspection and testing. This will be thoroughly communicated to all personnel. This procedure usually includes

                  • Holding back products until all inspections have been finalized
                  • The work order is reviewed to ensure all first part inspections, processes, and specifies operations have been completed—the relevant supervisor signs off the sheet
                  • Check that all documents are traceable to each product and made available for inspection
                  • Do a visual inspection to verify all specified operations have been completed. This is also done to detect any visible damage or defects
                  • Goods are released for packaging and shipping after the final inspection has been completed

                  5.7.8 Preventive Maintenance

                  The organization must establish a documented procedure for preventive maintenance for equipment used in product realization. The procedure shall identify type of equipment to be maintained, frequency and personnel responsible for preventive maintenance. Record for Preventive maintenance must be maintained . Preventive maintenance can be based on risk, system reliability, usage history, experience, industry recommended practices, relevant codes and standards, original equipment manufacturer’s guidelines, or other applicable requirements.

                  Preventive maintenance consists of regular, scheduled maintenance activities that are performed on equipment to reduce the chance of failure and extend up-time. Preventive maintenance can be defined as being the “systematic inspection, detection, correction, and prevention of incipient failures, before they become actual or major failures.”

                  a) This specification requires that the type of equipment used in the process realization process be identified and maintained.

                  (b) Frequency Identifying the frequency of the preventive maintenance to be performed. This may include:

                  • Daily/weekly
                  • Monthly/Quarterly
                  • Semi-Annually
                  • Annually

                  (c) Identifying the responsible personnel to perform the preventive maintenance. This may include:

                  • Operator
                  • Maintenance Personnel
                  • Manufacture/ 3rd Party

                  5.8 Control of Testing, Measuring, Monitoring Equipment

                  The organization must determine the testing, monitoring, and measurement required and the associated equipment needed to provide evidence of conformity to those requirements. The organization must establish a documented procedure for maintenance and calibration of the testing, measurement, and monitoring equipment and that the equipment is used as per the monitoring and measurement requirements. The procedure shall include unique identifier, calibration status, equipment traceability to international or national measurement standards. If no such standards exist, the basis used for calibration or verification must be recorded. It must also include frequency of calibration prior to use and also at specific intervals. The calibration or verification method, including adjustments and readjustments as necessary, the acceptance criteria and control of equipment identified as out-of-calibration in order to prevent unintended use should be included in the procedure. When the equipment is found to be out of calibration, an assessment of the validity of previous measurements must be undertaken. Actions to be taken on the equipment and product. If any suspect product has been shipped, there must be evidence of notification to the customer. Records must be maintained. Testing, measuring, and monitoring equipment (TMME) must be calibrated or verified, or both, against measurement standards. Verification against identified acceptance criteria is performed on nonadjustable equipment. TMME must have the calibration status identifiable by the user for the activities being performed at all times. It must be safeguarded from adjustments that would invalidate the measurement result or the calibration status. It must be protected from damage and deterioration during handling, maintenance, and storage. It must be used under environmental conditions that are suitable for the calibrations, inspections, measurements, and tests being carried out. When used in the testing, monitoring, or measurement of specified requirements, the ability of computer software to satisfy the intended application must be confirmed prior to initial use and reconfirmed as necessary. When the equipment is provided from either third-party, proprietary, employee- and customer-owned equipment, the organization must verify that the equipment is suitable and provide evidence of conformity to the requirements. The organization must maintain a registry of the required TMME which must include a unique identification, specific to each piece of equipment. Record of results calibration and verification must be maintained.

                  TMME are subject to the following controls:

                  • Devices are calibrated at intervals or prior to use, based on recognized standards;
                  • Devices are adjusted as necessary in accordance with manufacturer’s instructions;
                  • Devices are identified to enable calibration status to be determined;
                  • Devices are safeguarded from adjustment, which may invalidate results;
                  • Devices are protected from damage during handling, maintenance or storage;
                  • The validity of results from a non-confirming device are re-checked with a conforming device;
                  • Devices are calibrated by external providers certified to ISO 17025;
                  • Records of calibration and verification are maintained;
                  • Computer software which is used for monitoring/measuring is validated prior to initial use;
                  • Computer software used for monitoring and measuring is re-validated where necessary.

                  If measurement traceability is not required, verify that those monitoring and measuring resources used by your organization are suitable. You should ensure that record is maintained in order to demonstrate suitability of monitoring and measuring equipment. While this is not required, all equipment requiring calibration must be identified and must be:

                  1. Calibrated or verified at specific intervals, or prior to being used. Equipment must be calibrated using measurement standards traceable to international or national measurement standards. Where there is no standard available for the device the basis for calibration or verification must be recorded. A Certification Auditor would expect to see that traceable standards are used and where applicable have not expired. Where calibration is completed by an outsourced process i.e. vendor, the records of traceability must be reviewed.
                  2. Adjusted or readjusted as necessary. There must be evidence that equipment found to be out of calibration are adjusted/re-adjusted by qualified personnel and the validity of the previous measuring results are accessed when equipment is found to be out of calibration and appropriate action is taken (may include recall of product). A process must be in place to provide traceability of each piece of equipment to the process/product that the equipment was used on. The results of calibration and verification are required to be maintained as quality records.
                  3. Identified to show calibration status. Each piece of equipment must be identified in such a way that the user can determine that the device has current calibration, this may be accomplished by the equipment unique serial number traceable to the calibration record however, the calibration status label is a good practice. Other methods may be used however must clearly identify the calibration status. Where the environment is not conducive to the use of stickers, status may be identified by color-coding, identification number with associated calibration record, and/or calibrated prior to every use.
                  4. Safeguarded from adjustment. A process must be in place to ensure that users outside the calibration process do not adjust equipment. Equipment may be verified prior to use however any adjustments made to equipment must meet all requirements of this section. Methods to safeguard may include; locking materials for setscrews, tamper-proof seals, limited entrance to calibration areas, and other methods.
                  5. Protected from damage during handling, maintenance and storage. The measuring equipment must be handled and stored in a manner to protect the equipment from damage.

                  5.9 Release of Product

                  The organization must establish a documented procedure to ensure release of product to the customer shall not proceed until all the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer. Records to enable identification of the individual releasing the product must be maintained

                  The release of product must not be completed until the planned requirements have been met. The release of product may include, according to product planning and the verification stages; release to the next operation, release to an internal customer, or release to final customer, etc. Planned arrangements can include design verification and design validation, which can involve modelling, simulations, experiments, trials, prototypes, functional testing, performance testing; inspections comprising, in-process, first article and final inspection; thorough examination through destructive and non-destructive testing; customer acceptance testing, product certification/qualification, third party qualification from a regulator, recognized society, or independent testing body etc. For product release , the planning requirements may be waived, but must be approved by relevant authority and by the customer as appropriate. Monitor and measure product characteristics to ensure they are able to demonstrate:

                  1. Product characteristics are continually met;
                  2. Evidence of conformity with product requirements.

                  Retain records to provide evidence that acceptance criteria have been met might include: e.g. certificate of conformity, release certificate, regulatory certificate. Ensure traceability to the person(s) authorizing the release such as name, authorized signatories, user identification, stamp impression etc., including their authority status (release signatory, certifying staff, scope of authorization etc.).

                  5.10 Control of Nonconforming Product

                  5.10.1 General

                  The organization must establish a documented procedure to identify the controls including the responsibilities and authorities for nonconforming product. The procedure for nonconforming product identified during product realization must includes controls for product identification to prevent unintended use or delivery, address the detected nonconformity, take action to preclude its original intended use or delivery and authorizing its use, release, or acceptance under concession by relevant authority and, where applicable, by the customer.

                  The procedure for nonconforming product identified after delivery must include identifying, documenting, and reporting nonconformances or product failure identified after delivery. It must ensure the analysis of product nonconformance or failure, provided the product or documented evidence supporting the nonconformity is available to facilitate the determination of the cause. It must take action appropriate to the effects, or potential effects, of the nonconformance when nonconforming product is detected after delivery.

                  5.10.2 Nonconforming Product

                  The organization shall address nonconforming product by repair or rework with subsequent inspection to meet specified requirements; and /or re-grade for alternative applications; release under concession and/or reject or scrap.

                  5.10.3 Release of Nonconforming Product Under Concession

                  The evaluation and release under concession of nonconforming product that does not satisfy manufacturing acceptance criteria (MAC) can be permitted when the organization’s relevant authority and the customer (where applicable) have authorized the release provided that products continue to satisfy the applicable Design acceptance criteria (DAC) and/or customer criteria; or the violated MAC are categorized as unnecessary to satisfy the applicable DAC and/or customer criteria or the DAC are changed and the products satisfy the revised DAC and associated MAC requirements.

                  5.10.4 Customer Notification

                  The organization shall notify customers of product not conforming to DAC or contract requirements, that has been delivered. The organization shall maintain records of such notifications .

                  5.10.5 Records

                  The nature of nonconformities and any subsequent actions taken, including concessions obtained, must be recorded.

                  The organization must keep records of each nonconformance or defect and how it was dealt with. Records of product nonconformity should be periodically reviewed to determine if a chronic problem exists with the production process. The product should then be subject to further inspection to verify that it is now correct. As for records, if you documented the nonconforming product there should normally be somewhere to verify that you successfully (or not) cured the problem and that it is now conforming. Re-verification simply means that you cannot assume that because someone tells you they have corrected the problem then it is ok. The clause is asking you to re-verify by whatever means you originally chose. If you used inspection as a method of verification then re-inspect in the same method. If not, use whatever method suits you (or your customer). Just make sure it is ok before it leaves. The re-verification after remedial work might involve testing as well as inspection. The reason is not just to verify that the defect has been removed, but also to assure that fresh defects have not been introduced by the rework. Records would be as appropriate for the re-inspection or re-testing performed. Re-verification is equivalent to re-inspection and records could include a signature of approval or a more formal test report. Whichever format is chosen, it must be defined in the nonconformity procedure. You may need to supply new evidence of conformance to your customer along with corrective action documentation if requested. The method that you use in either of these situations should be defined in your procedures, that way you relieve yourself and your auditor from guessing how you would address them. Where necessary, any product or process outputs that do not conform to specified requirements should be properly identified and controlled to prevent unintended use or delivery. Improvements are then implemented to ensure the nonconformance does not reoccur. Control defective products by:

                  • Defining how nonconforming products and processes are identified;
                  • Defining how nonconforming products and processes are dealt with;
                  • Removing or correcting nonconformities;
                  • Preventing the delivery or use of nonconforming products and processes;
                  • Verifying how nonconforming products and processes were corrected;
                  • Providing evidence that corrected products and processes now conform to requirements;
                  • Keeping records that catalogue nonconforming products and processes.

                  There may be instances where it is impossible to completely eliminate the cause of the nonconformity, so in these instances, the best you can do is to reduce the likelihood or the consequences of a similar problem happening again in order to reduce the risk to an acceptable level. Where applicable any corrective action taken and controls implemented to eliminate the cause of nonconformity should be applied to other similar processes and products.

                  Handling Nonconforming Products
                  Documented procedure should indicate the plan of action for controlling products. Nonconforming product is identified and separated from other conforming products. Nonconforming product must be reviewed and approved before release. Details of nonconformity must be documented. If nonconformity is identified after delivery, separate actions taken. Re-processed nonconforming products should be re-validated before release. When it comes to controlling and handling non conforming products , there is a specific procedure that must be carefully followed to ensure that the wrong product is not given out to consumers. First and foremost, the organization should already have a documented procedure that indicates the method they will use or plan of action that will be taken in order to control the products in question.

                  Upon the removal of the non conforming products , the organization will ensure that it does not get mixed up with the quality products that are on their way to be distributed to the masses. Once the product has been effectively identified and removed from the others, it must be properly reviewed and approved before it can be released. The release of a nonconforming product can be made under concession by an authorized person. Any release of this kind should be properly documented after it has been completed. The other details of the nonconformity must also be documented in detail. This should include the exact non-conforming characteristics that were identified, as well as the procedures that were followed in order to get rid of it and prevent it from happening in the future. From the documentation of the nonconforming product, all company personnel should be able to understand the nature of the event, why the product did not conform to the specified standards, and what was done to eliminate the issue. In the event that a nonconforming product is identified after it has already been distributed or delivered, there will be a separate set of actions that must be taken to solve the problem at hand. These actions will depend on the severity of the nonconformity, and will be determined by the discretion of the company leaders. When a nonconforming product has been identified and a plan of action has been established to solve the problem, it can either be permanently removed or possibly altered in order to fit the guidelines and be considered a qualifying product. When any nonconforming product is reprocessed, it must go through a revalidation process by someone of proper authority in order to be approved for release.

                  5.11 Management of Change (MOC)

                  5.11.1 General

                  A process for Management of Change(MOC) must be established. The integrity of the quality management system must be maintained when changes to the quality management system are planned and implemented. For MOC, the organization must identify the potential risks associated with the change and any required approvals prior to the introduction of such changes. MOC activities must be recorded.

                  5.11.2 MOC Implementation

                  Management of change process are to implemented when there are changes in the organizational structure , changes in key or essential personnel, changes in critical suppliers and/or changes to the management system procedures, including changes resulting from corrective and preventive actions and these changes may negatively impact the quality of the product.

                  5.11.3 MOC Notification

                  The organization must notify relevant personnel, including the customer when required by contract, of the change and residual or new risk due to changes that have either been initiated by the organization or requested by the customer.

                  Changes are intended to be beneficial but they need to be carried out when determined by your organization as relevant and achievable. In addition, consideration of newly introduced risks and opportunities should also be taken into account. To achieve the benefits associated with changes, your organization should consider all types of change that may occur. These changes may be generated, for example, in:

                  1. Processes and procedures;
                  2. Quality manual;
                  3. Documented information;
                  4. Infrastructure;
                  5. Tooling;
                  6. Process equipment;
                  7. Employee training;
                  8. Supplier evaluation;
                  9. Stakeholder management;
                  10. Interested party requirements.

                  Whenever quality management system changes are planned, Top management should ensure that all personnel are made aware of any changes which affect their process, and that subsequent monitoring is undertaken to ensure that QMS changes are effectively implemented. The organization must consider

                  • The purpose of the changes and their potential risk and opportunities.
                  • The integrity of the management system.
                  • The availability of resources.
                  • The allocation or reallocation of responsibilities and authorities

                  Decide on Disposition Option
                  This is the step where you decide what to do with the non-conforming products. There are several options that you can choose from:

                  1. Eliminate the non-conformance: By applying rework to the product , you can bring it back to fully meeting the requirements. The main difference between a rework and a repair is that the non-conformance is fully eliminated to be compliant with a rework, but it is only eliminated enough to make it usable with a repair. Finding a bracket with holes that were too small and drilling them bigger to meet a drawing would be an example of a rework.
                  2. Authorizing use: If there is a concession from the requirements and the product or service is useable, although not fully compliant, then you can accept to use the product or service as is. Sometimes a repair to the product will be required to change the product enough to make it usable, although it will not fully meet the requirements. If a bracket has holes out of position, you could make the holes into slots so that the part fits in place. This would be an example of a repair.
                  3. Preclude original use: This is when you decide to either scrap the product or to re-grade the product or service (such as product sold as seconds).
                  4. Correct per Disposition: This is simply doing the actions you decided to do . If you are accepting the product or service as is, then allow it to continue. If you are reworking or repairing something, have the steps carried out to do so as planned (and make sure it is re-verified afterwards). If you are using the unit to sell as a second, how do you identify it so that it ends up being used properly at the end of the process?
                  5. Corrective Action: Finally, after deciding how to fix the product , take a look at why the non-conformance happened, and try to find and fix the cause so that it doesn’t happen again. If there is an error in the instructions that caused the problem, get the instructions fixed. If a program bug caused a service error, fix the program. If you have found that a part of the machine is wearing out, implementing a preventive maintenance check on that machine could go a long way toward helping prevent similar problems in the future. If this is a recurring problem, then maybe switching the investigation over to the Corrective Action process would allow for greater improvements. Often, the Non-conforming Product process is the biggest input to the Corrective Action process.

                  Project Scheduling

                  Project scheduling is the mechanical process of formalizing the planned functions, assigning the start and end dates to each task or activity of the work in such a manner that the whole work (project) proceeds in a logical sequence and an orderly and systematic manner.

                  Scheduling is the sequencing of the activities of the project in the time order in which they are to be performed, and calculating the resource requirements (men, machine, material, money) needed at each stage of production/construction along with the expected completion time of each of the activity.

                  Project Schedule Techniques

                  The Project Planner graphically represents project schedules. Several methods are available, including Bar charts, Milestone Charts, CPM, PERT, and Precedence Networks. Nowadays industries rely on software for Project Scheduling, better known as MSP and Primavera.

                  All the above-listed techniques will be described in detail in this post and forthcoming posts.

                  I. Bar Charts or Gantt Charts

                  The simplest and most commonly used scheduling technique is the Bar Chart or Gantt chart. It was introduced by Henry Gantt around 1900 AD.

                  The chart consists of a horizontal scale divided into time units like days, weeks or months and a vertical scale showing project work elements like activities, tasks or work packages.

                  Please refer to the figure for more understanding

                  The Gantt chart is prepared after a WBS analysis and Work Packages or other tasks are identified. During WBS analysis, the Project Planner/Manager plans the estimated times for each activity/task.

                  Bar charts were later modified into Milestone charts. While the Bar chart represents the activities, a milestone chart represents the events which mark either the beginning or the end of an activity.

                  II Network Diagrams

                  The network diagram is an outcome of the improvements in the milestone charts. Network technique is based on the basic characteristics of all projects, that all work must be done in well-defined steps. The network technique exploits these characteristics by representing the steps of the project (activities/tasks)graphically in the form of a network or arrow diagram which resulted in two types of network –a) Activity on Arrows (AOA) b) Activity on Nodes(AON)

                  The AOA and AON network techniques were a result of two significant developments in the field of Project Management in the 1950- PERT and CPM.

                  1. Program Evaluation and Review Technique( PERT)

                  PERT was developed to aid in producing the U.S. Polaris missile system in record time in 1958. The PERT procedure provides a probability that a project will be completed on or before a specified completion date based on variable time estimates of activity durations. The PERT system uses a network diagram consisting of events which must be established to reach project objectives. An event is that particular instant of time at which some specific part of a plan is to be achieved. It indicates a point in time and does not require any resources. PERT uses event-oriented network diagrams in which successive events are joined by arrows. PERT is an AON type of network.

                  Terms of PERT/CPM

                  Activity : Activities are the recognizable jobs or operations which use resources (men, machines, materials, money & time).

                  Example –For laying a foundation the activities will be

                  •Excavate foundation

                  •Fix sideboards

                  •Concrete foundations

                  Event: Events are the state resulting from the completion of one or more activities. It is the instant of time when certain activity has been started or completed. Events consume no resources or time.

                  Example

                  •Project started

                  •Foundation started

                  •Side boards fixed

                  •Foundation concreted

                  Event and Activity

                  PERT system is preferred for those projects or operations which are of non-repetitive nature for those projects in which precise time determination for various activities cannot be made.

                  2. Critical Path Method (CPM)

                  CPM network also known as Activity on Arrow, the whole project consists of a number of clearly recognisable jobs or operations called activities. Activities are usually operations which take time to carry out, and on which resources are expended. Connections between activities are termed events.The CPM networks are often referred to as activity-oriented diagrams in which each activity is represented by an arrow and the sequence in which the activities are executed is shown by the sequence of the arrows.

                  Terms:

                  Predecessor activity: Activity or activities that are required to be performed  before an activity under consideration.

                  Successor activity: Activity or activities that are required to be performed after completion of an activity under consideration.

                  Dummy Activity: A dummy is a type of activity in the network which neither requires any time nor resources. A dummy is used to prevent two arrows from having common beginning and end events. A dummy is used to give a logical clear representation in a network having an activity common to sets of operations running parallel to each other. A dummy is thus a connecting link for control purposes or for maintaining the uniqueness of the activity. A dummy is represented by a dotted arrow in a network and is identified by the numbers of the terminal node.

                  Drawing of Network

                  Example 1: Draw a network diagram for the project having 9 activities, with the following inter-relationships:

                  •C follows D but precedes F

                  •C follows A but precedes H

                  •G follows F but precedes I

                  •E follows B but precedes I

                  •D follows B

                  •H and I terminate at the same time

                  •A and B start at the same time.

                  Example 2: A project consists of six activities (jobs) designated from A to F with the following relationships:

                  1 A is the first job to be performed.

                  2. B and C can be done concurrently and must follow A

                  3. B must precede D

                  4. E must succeed C, but it cannot start until  B is complete.

                  5. The last operation F is dependent on the completion of both.

                  API Q1 4 Quality Management System Requirements

                  API Q1 Specification for Quality Management System Requirements for Manufacturing Organizations for the Petroleum and Natural Gas Industry

                  The American Petroleum Institute (API) developed API Spec Q1 9th Edition specifically for manufacturing companies that provide products or services to the oil and gas industry. It’s one of the most prestigious company-based certifications that your organization can obtain to demonstrate its commitment to a sound quality management system. Furthermore, it allows your organization to meet the global demands of an increasingly competitive environment. For starters, ISO 9001:2015 is the basis for most (if not all) of the industry-specific quality management standards. It’s a flexible international standard that outlines the framework and guiding principles for quality management. Achieving ISO certification allows manufacturers to improve the quality of products or services while simultaneously lowering the cost of quality. On the other hand, API Spec Q1 9th Edition structurally deviates from the standard ISO 9001 series, but the results of a compliant quality management system are still the same. API Spec Q1 builds upon the classic structure of the ISO 9001 series by addressing risk and other QMS elements, but takes a different approach to quality management by bringing risk assessment and risk management into the fold. Additionally, there are some other key differences between ISO 9001 and API Q1, including:

                  • Formalizing employee competency and training
                  • Reinforcing risk assessment and risk management throughout the standard
                  • Contingency planning
                  • Controlling the supply chain
                  • Preventative maintenance
                  • Validation of designs
                  • Change management

                  API Monogram Licensing Program Requirements Part 1 – General Requirements

                  1. The information contained herein details the applicable requirements for Organizations seeking approval to use the API Monogram Mark.
                  2. To obtain and retain an API Monogram license, an Organization must have a documented and functioning quality management system in place that meets both the requirements of API Spec Q1® (Quality Programs for the Petroleum, Petrochemical and Natural Gas Industry), and at least one of the applicable API Product Specifications.
                  3. Issuance of the license(s) is dependent upon a successful evaluation of the Organization’s quality manual, API Spec Q1 Conformity Matrix and satisfactorily passing an on-site audit of the Organization’s facility and processes by API through its designated auditors. Site audits are required to verify demonstrated capability of the Organization to meet program requirements. Associated audit expenses will be paid by the facility.
                  4. Review the requirements stated in API Spec Q1 and the applicable API Product Specification(s) for which your Organization is seeking a license. If your Organization feels that its manufacturing processes meet all the stated quality requirements to obtain an API Monogram License for one or more product specifications, please complete and submit the following:
                    • API Certification Programs Application If your Organization is seeking one or more API Monogram licenses and/or registrations, this form must be completed and signed.
                    • API Monogram License Agreement For each API Product Specification for which you are requesting licensing, a separate License Agreement must be completed and signed. NOTE: The applicant is not allowed to use the API Monogram until all steps in the process have been completed (including satisfactorily passing an on-site audit), the applicant has paid the applicable fees, the applicant has agreed to comply with all terms and conditions of the agreement, and signed the License Agreement.
                    • Licensing Information Form: For each API Product Specification for which you are requesting licensing, a separate Licensing Information Form must be completed. Please submit the appropriate forms as applicable to the Product Specification(s).

                  If you do not have a Licensing Information Form for any of the API Product Specifications listed, you may obtain one online at website at www.api.org/certifications/monogram/documents/licensing-forms.cfm.

                  To request a form, please contact API Certification Programs:

                  API Certification Programs 1220 L Street, NW Washington, DC 20005-4070, USA

                  Phone: (+1) 202-962-4791 Fax: (+1) 202-682-8070

                  Email: certification@api.org Web: www.api.org/monogram

                  Do not submit a Licensing Information Form(s) without a completed API Monogram License Agreement(s) (see Part 4 – API Monogram License Agreement), your API Certification Programs Application, your Quality Manual, API Spec Q1 Conformity Matrix and License Fee. For instructions on where to send your submission, see Part 6 – Fee Schedule.

                  Structure of API Q1: 9th Edition

                  1.Scope

                  This section review section 1, scope, of the API Q1 9th edition specification.

                  This specification established the minimum quality management system requirements for organizations that manufactured products or provide manufacturing-related processes under a product specification for use in the petroleum and natural gas industry.

                  Exclusions

                  When an organization performs activities addressed by this specification, no claims to exclusion of those activities are permitted. When exclusions are permitted, they are limited to the following sections:

                  API Q1 ClausesSections
                   5.4Design and Development
                   5.7.1.2Servicing
                   5.7.1.5Validation of process for Production and Servicing
                   5.7.5Customer Supplied Property
                   5.8Control of Testing, Measuring, and Monitoring

                  As stated, any organization who performs Design (5.4); Servicing (5.7.1.2); Required to do Validation of Processes (5.7.1.5; has or utilizes Customer Supplied Property (5.7.5) or Calibration (TMME) (5.8); shall not claim an exclusion to the specification.

                  2.0 Normative references

                  The following reference document is indispensable for the application to this specification.

                  ISO 9000, Quality Management Systems – Fundamentals and vocabulary.

                  3.0 Terms, Definition and Abbreviations

                  In addition to new terms, this section focuses on existing terms that are applied differently in API Spec Q1 and the industry.

                  3.1 Terms and Definition

                  For the purpose of API Q1: 9th Edition, the terms and definitions given in ISO 9000 and the following shall apply:

                  3.1.1 acceptance criteria: Specified limits of acceptability applied to process or product characteristics.

                  3.1.2 acceptance inspection: Demonstration through monitoring or measurement that the product conforms to specified requirements.

                  3.1.3 calibration: Comparison to a standard of known accuracy and making any needed adjustment(s).

                  3.1.4 collection: Process of obtaining, assembling, and/or organizing applicable information with the intent of meeting the requirements of 4.5. Control of documents

                  3.1.5 compliance: Act or process of satisfying the legal and other applicable requirements of a regulation or regulatory body.

                  3.1.6 critical: That deemed by the organization, product specification, or customer as mandatory, indispensable or essential, needed for a stated purpose or task, and requiring specific action.

                  3.1.7 delivery: Point in time and physical location at which the agreed transfer of ownership takes place.

                  3.1.8 design acceptance criteria DAC: Defined limits placed on characteristics of materials, products, or services established by the organization, customer, and/or applicable specifications to achieve conformity to the product design.

                  3.1.9 design validation: Process of proving a design by testing to demonstrate conformity of the product to design requirements.

                  NOTE Design validation can include one or more of the following (this is not an all-inclusive list):
                  a) prototype tests,
                  b) functional and/or operational tests of production products,
                  c) tests specified by industry standards and/or regulatory requirements,
                  d) field performance tests and reviews.

                  3.1.10 design verification: Process of examining the result of design and development output to determine conformity with specified requirements.

                  NOTE Design verification activities can include one or more of the following (this is not an all-inclusive list):
                  a) confirming the accuracy of design results through the performance of alternative calculations,
                  b) review of design output documents independent of activities of design and development,
                  c) comparing new designs to similar proven designs.

                  3.1.11 first article: Representative sample of a product, component, or output from a process used to verify that prescribed activities have satisfied the requirements as specified by the organization.

                  NOTE Samples can include trial purchases and prototypes.

                  3.1.12 key performance indicator KPI: Quantifiable measure that an organization uses to gauge or compare performance.

                  3.1.13 legal requirement: Obligation imposed on an organization, including those that are statutory or regulatory.

                  3.1.14 management [noun]: Person or group of people, as defined by the organization, who directs and controls all or part of a facility, location, department, or other function; has the fiscal responsibility for the organization, and is accountable for ensuring compliance with legal and other applicable requirements.

                  NOTE For some organizations, top management (see ISO 9000) and management are the same.

                  3.1.15 manufacturing acceptance criteria MAC: Defined limits placed on characteristics of materials, products, and services established by the organization to achieve conformity to the manufacturing or servicing requirements.

                  3.1.16 outsource [outsourced activity]: Function or process that is performed by an external supplier on behalf of the organization.

                  3.1.17 preventive maintenance: Planned action to minimize the likelihood of equipment failure and unscheduled interruptions

                  3.1.18 procedure: Organization’s documented method for performing an activity under controlled conditions to achieve conformity to specified requirements.

                  NOTE This definition was previously identified as a “control feature” in earlier editions of this specification.

                  3.1.19 risk: Situation or circumstance that has both a likelihood of occurring and a potentially negative consequence.

                  3.1.20 service: Performance of an activity by one function or organization for another.

                  3.1.21 servicing: Product maintenance, adjustment, repair, and/or on-site installation when installation is required by applicable product specifications.

                  3.2 Abbreviations

                  For the purposes of this specification, the following abbreviations shall apply. DAC design acceptance criteria

                  ITP: inspection test plan

                  KPI: key performance indicator

                  MAC: manufacturing acceptance criteria

                  MOC: management of change

                  MPS: manufacturing process specification

                  PCP: process control plan

                  QAP: quality activity plan

                  QM: quality manual

                  QMS: quality management system

                  QP: quality plan

                  4 Quality Management System Requirements

                  4.1 Quality Management System

                  4.1.1 General

                  For all the products and services provided by the organization for use in the petroleum and natural gas industry, the organization must establish, document, implement, and maintain a quality management system in accordance with the requirement given in the API Q1 Standard which must be measured and improved upon at all times.

                  The Process-Based Management System Model supports all of the other API and ISO management system standards and specifications. The model starts off with understanding of Organization Customer Requirement, this in an INPUT to the organization’s Product Realization is where the product/service takes place producing an OUTPUT (Product/Service) to the Customer satisfaction. Product Realization must be constantly measured, analyzed and when needed, improved to ensure customer requirements and satisfaction is maintained. The results of the analysis goes to Top management , who is responsible to act upon the results and properly allocate resources  to the organization to ensure that Product and services will continue to keep up with Customer requirement.

                  4.1.2 Quality Policy

                  As a commitment to its quality, the organization must define and document its Quality policy. Quality policy should be the basis for the development of quality objectives. The policy must have a commitment to comply with requirements of the quality management system and to continually improve the effectiveness of the quality management system.The organization’s top management must approve the Quality policy prior to its implementation. The Quality policy must be communicated, understood, implemented, and maintained at all relevant functions and levels within the organization. The organization’s top management must review the quality policy to ensure that it is appropriate to the organization,

                  The quality policy must be appropriate to its purpose and there is a commitment to continually improving the quality management system, and the quality objectives are consistent with the quality policy.The policy does not have to include objectives but should create a framework for establishing them. The policy should be stated in such a way that it aims toward continual improvement. It should be reviewed and possibly revised to meet higher aspirations. Develop and implement a policy that is consistent with the company’s codes of conduct and business practices. The policy should be signed by senior management and commit to:

                  • Preventing process loss or quality impacts;
                  • Complying with obligations and legal requirements;
                  • Promoting continual improvement;
                  • Adopting best practice;
                  • Creation of measurable and achievable targets for performance improvement;
                  • Providing resources to achieve targets;
                  • Communicating and consulting with all stakeholders regarding the QMS;
                  • Meeting customer requirements.

                  Tell everyone about it.

                  • Making sure it is written.
                  • Making sure people know it and understand it.
                  • Giving it to people who have an interest in your business (e.g. clients/suppliers/manufacturers/staff).
                  • Publishing it on your website.

                  The example includes written Quality policy, company induction, basic training, toolbox talks.

                  4.1.3 Quality Objectives

                  Management must ensure that quality objectives re established at relevant functions and levels within the organization. It must also include objectives to meet product and customer requirements. It must measurable. It must be consistent with the Quality Policy. The Top management must approve the Quality objectives.

                  No quality plan can be complete without having measurable quality objectives. An objective should include a description of who is responsible, what is the target, when is it planned to be achieved. Progress must be monitored. Also, requires objectives to be set for relevant processes. Ensure that whatever objectives you implement are SMART

                  • Specific
                  • Measurable
                  • Achievable
                  • Realistic
                  • Time-bound

                  Some  key rules are as follows:

                  • Make sure they comply with the law and industry standards.
                  • Make sure they conform with the products and services to make them better.
                  • Monitor your objectives periodically to check what you are doing.
                  • Tell the staff what they are and what you expect of them.
                  • Updated when the management changes something.

                  Keep records of this. This should be included in the customer SLA and planning should be in place to ensure you can resource this response rate. An example could be Understanding the total number of planned maintenance, the number of reactive maintenance to ensure you calculate the appropriate levels of resources. Organizations need to clearly understand how these will be realized. For example, if your aim is to provide national coverage, how will this be achieved? What resources will you allocate, recruiting staff co

                  4.1.4 Planning

                  In order to meet the requirements of API Q1 standard, Management must ensure that Planning of the quality management system is carried out. The criteria for the operation must be determined and effectively managed. The methods for the operation must be determined and effectively managed. Also controls for all QMS processes must be determined and effectively managed.

                  In order to meet the requirements for the delivery of products and services, the organization needs to plan, implement, and control its processes. The first step is to determine the requirements for products and services, meaning what features the product or service will have. Then, the organization needs to define how processes will be performed and what criteria the product or service needs to meet to be accepted for release. Finally, the organization needs to determine the resources needed for the processes and the records needed to demonstrate that the processes were carried out as planned. Once they have done their planning for what they are going to sell, they then must plan the detail of how this can be done operationally. The organization may need to :

                  • Set up supplier accounts/trade accounts.
                  • Purchase stock.
                  • Ensure staff have the correct skills and understand the process.
                  • Purchase tools and vehicles.
                  • Make sure you have enough staff.
                  • Issue clear instructions, drawings, procedures risk assessments to enable them to do the job.

                  The organization needs to show clear control of the process. They will be expected to check that delivery is as expected and when there are deviations that this is managed and negative impacts controlled. The same control should be applied to subcontractors.

                  4.1.5   Communication

                  This clause includes both internal and external communication about the QMS. Processes for internal and external communication need to be established within the QMS. The key elements of Communication that an organization must establish are

                  • what needs to be communicated?
                  • when it needs to be communicated?
                  • how it should be done?
                  • who needs to receive the communication? and
                  • who will communicate?

                  It should be noted here that any communication outputs should be consistent with related information and content generated by the QMS for the sake of consistency. This is a straightforward clause and is simply about effectively communicating to all those within the organization and those affected by it. Internal communications  can include briefings to staff on:

                  • new policies;
                  •  new or amended objectives;
                  •  new or  amended strategies;
                  • new clients;
                  • new or amended technology;
                  • new products;
                  • issues with suppliers;
                  •  anything that will have an impact on them.

                  Designate a person responsible for updates may be department head

                  4.1.5.1         Internal

                  Management, not Top Management, is responsible for establishing a formal, documented communication process that:
                  o Ensures that all relevant functions within organization are aware of all relevant customer, legal, and other applicable requirements.
                  o Ensures that all relevant levels and functions within in the organization are aware of the results of data analysis

                  Top management must communicate the effectiveness of quality management system

                  4.1.5.2 External Communications

                  To understand the requirements and other external organizations throughout contract execution and product realization, the organization must determine and implement a process for communicating with the customers and other external organizations . The communication process must address execution of inquiries, contracts, or order handling and amendments , feedback and customer complaints. The organization must also provide product information, including product nonconformities identified after delivery to the customer . When its required by contract, the organization must provide information required by product quality plans and subsequent changes to those plans .

                  An organization may choose to communicate with other interested parties, but the requirements under 4.1.5.2 were targeted and mandated to occur between the manufacture and the operator (customer). It was also intended to go from manufacture to affected suppliers. External communication is to manage risk that occurs throughout the execution of the contract. Many will do this up front, but this occurs during tendering, contract review, and execution.

                  4.2 Management Responsibility

                  4.2.1 General

                  This section focuses more on the roles and responsibilities of management and top management. This section focuses more on the roles and responsibilities of management and top management Top management must ensure essential resources are availability necessary for establishing, implementing, maintaining, and improving the quality management system. Resources can include human resources and specialized skills, organizational infrastructure, financial resources, and technology.

                  The responsibility of management within the organization is to provide evidence of its commitment to the development and implementation of the quality management system. Management continually improve its effectiveness by ensuring that quality objectives are established including key performance indicators for use in data analysis. The management must conduct management reviews.

                  Responsibilities of Top Management in API Q1 standard

                  1. Approval of Quality policy
                  2. Review of Quality policy
                  3. Approval of Quality objectives
                  4. Availability of Resources
                  5. Appointment of Management Representative
                  6. taking report from the Management Representativeon the performance of the quality management system
                  7. Review and approve output of Management Review

                  Responsibilities of Management in API Q1 standard

                  1. Establishment of quality objective at relevant functions and levels
                  2. criteria and methods needed for the operation and control of all quality management system processes are determined, managed, and effective
                  3. planning of the quality management system is carried out in order to meet the requirements of this specification.
                  4. ensure that appropriate communication processes are established
                  5. the effectiveness of the quality management system is communicated
                  6. provide evidence of its commitment to the development and implementation of the quality management system
                  7. Review of Organization’s Quality Management System

                  4.2.2 Responsibility and Authority

                  Responsibilities, authorities, and accountabilities of personnel within the scope of this document shall be defined, documented, and communicated throughout the organization.

                  The organization must ensure that responsibilities are allocated across the organization to maintain the management system to make sure what is supposed to happen is happening. While allocating Roles, Responsibilities, and authorities, the organization must remember the customer at all times and the outcome of the business processes, and how they can be improved. Remembering to update the system as and when you change how you work or the intended process is amended. The organization must be defining job roles prior to recruitment, allocating job descriptions to personnel, and linking this to the processes within the business. For eg A sales administrator might be expected to have 12 months’ experience in writing quotations. When they join there would be a period of training and reinforcing this through a written job description. The output would be a more senior colleague reviewing quotes, confirming they are correct, and ensuring that the customer is being quoted for what they asked for. If a form or process is amended along the way advising the sales administrator and ensuring the new versions are applied.

                  4.2.3 Management Representative

                  Management Representative must be appointed by the Top management. Management Representative must be a member of the organization’s management. The Top management must always maintain the Management Representative. Irrespective of the other responsibilities the Management Representative may have, He/She shall also have responsibility and authority to ensure that processes needed for the quality management system are established, implemented, and maintained. Report to to top management on the performance of the quality management system.Report for any need for improvements. Ensuring of initiation of action(s) to minimize the likelihood of the occurrence of nonconformities and ensuring the promotion of awareness of customer requirements throughout the organization.

                  The management representative ensures that the QMS processes are established, implemented, and maintained. This may involve review and planning of internal audits, discussion with process owners, or even review of the processes in person to ensure they are properly maintained. If this were not the responsibility of the management representative, then it would be a responsibility distributed among the process owners, and when this happens no one really has the responsibility at all. By having a focal point for the overall processes, the management representative can not only ensure that each process is functioning, but that the interaction of the processes is maintained. By doing this, the interactions can then start to be optimized, because it is not always the case that optimization in one process is the best thing for the overall system.

                  The management representative has a second responsibility to report to top management on how well, or poorly, the QMS is performing. Identifying any needs for improvement to top management is also part of this responsibility. As has already been said, top management needs to be fully supportive of the Quality Management System implementation if it is going to provide true benefit to the company. In order for this to function, there needs to be a point of focus for top management to use when reviewing the resource needs of the QMS, and how best to support the improvement needed. Being the voice of the QMS for top management can be the critical factor in a QMS providing return on investment for the company, or not.

                  The management rep will gather this sort of information from the monitoring and measurement activities in the organization , as well as the results of the internal audits, and when the company uses a management review meeting, this is the sort of information that is presented.

                  The last responsibility is to ensure that people are aware of customer requirements throughout the organization. Since one of the main thrusts of an ISO 9001 Quality Management System is customer satisfaction, it is vital that all employees understand what the customer needs, and how they are able to affect how well the company satisfies these needs. Customer focus is one of the main Seven Quality Management Principles behind ISO 9001 requirements, and as such needs to have an advocate in the company. By being the “voice of the customer” in the organization, the quality management representative can make great strides in how satisfied customers are. If the company implemented a quality management system to improve customer satisfaction, it only makes sense that someone is responsible to promote the customer needs in the company, and the management rep is the leader of this initiative.

                  The quality management representative becomes the one name that the Auditing organization (like API) can call, or the customer can contact with complaints. It is often these optional responsibilities that are seen as the main role of the management rep, but in fact these could be done by one of many other people without affecting the effectiveness and success of the QMS.

                  4.3 Capability

                  4.3.1 Provision of Resources

                  The organization shall determine and provide the resources needed to implement, maintain, and improve the effectiveness of the requirements of the quality management system.

                  The organization must have the resources it needs to ensure the effective operation of the QMS. Resources may include raw materials, infrastructure, finance, personnel, and IT, all of which can be either internally or externally provided. The organization must have a clear understanding of:

                  • what an organization has in house and whether this is sufficient/fit for purpose to achieve its goals and objectives.
                  • what additional support might be needed externally.

                  For example Specialist skills that are better outsourced due the size of the organization (e.g. security screening, health, and safety advice).

                  4.3.2           Human Resources

                  4.3.2.1        General

                  The organization shall establish a documented procedure for determining competency of its employees and other personnel . The procedure must also identifying training requirements or other actions to achieve the necessary competency of these employees and other personnel. The procedure must also determine and documenting the effectiveness of the training or other actions taken toward the achievement of required competency.

                  he Four Levels of Learning In adult learning, there are four stages of learning to reach mastery. Three of the four have been incorporated into the term competent in API Spec Q1, 9th edition.

                  4.3.2.2        Personnel Competence

                  Personnel shall be competent based on the appropriate education, training, skills, and experience needed to meet product and customer requirements. Evidence of the determination of competence of personnel shall be recorded and maintained.

                  The organization needs to determine the necessary competence of its employees, and ensure those employees are competent on the basis of appropriate education, training, and experience. The organization must have a process for determining the necessary competence and achieving it through training or other means. Determining competence is a necessity in any organization. Working out on the skills your team has and the skills they don’t yet have and the skills they will need to achieve the company’s objectives. For example to achieve the objective of “Increase in sales”, you need to improve the competency of your sales team by training them.

                  4.3.2.3         Training and Awareness

                  The organization must provide for quality management system training and job training. The must also ensure that customer-specified training and/or customer-provided training, when required, is included in the training program. They must ensure that the frequency and content of training is identified. They must ensure that its personnel are aware of the relevance and importance of their activities and how they contribute to the achievement of the quality objectives and maintain appropriate records of education, training, skills, and experience .                        

                   The content of awareness training may include items covered in induction training, specific training, toolbox talks or any other quality, environmental, or health and safety issues that affect a number of employees in the workplace. You should seek evidence to confirm that this requirement has been applied by your organization to ensure that the people who need to be made aware now include all the people who work on your organization’s behalf that affect the conformity of your organization’s management system or products. You ensure that these people are aware of:

                  1. The quality policies;
                  2. Relevant quality objectives;
                  3. Their contribution to the effectiveness of the management system;
                  4. Benefits of improved performance;
                  5. The implications of not conforming to management system requirements.

                  This also is to take into account all legal and other requirements that it subscribes to or is required to comply with. Not having an understanding of these “legal and other applicable requirements” not only puts employees at risk, but it has a potential negative impact on organizational processes and the environment,

                  Awareness training

                  The awareness training does not need to follow the format of long classroom sessions. Training techniques can include short training segments supplemented with videos and hands-on demonstrations that address key elements of the management system. Other methods to promote and reinforce awareness training sessions include communication via electronic bulletin boards, posters, newsletters and informational meetings. The requirements for general awareness training apply to all employees including those whose work may cause impacts on customer / product or service requirements. Awareness training is intended to provide an overview of the organization’s policy, objectives and targets, and overall management system. Your organization must ‘establish and maintain procedures to make its employees and members at each relevant function and level aware of’:

                  1. The importance of conformance with the policy and the management system procedures and requirements;
                  2. The actual and the potential significant impacts and risks of the activities, products, and/or services;
                  3. The benefits of improved personal performance;
                  4. The employees’ roles and responsibilities in achieving conformance with policies and procedures;
                  5. The employees’ roles and responsibilities towards emergency preparedness and response;
                  6. The potential consequences of departure from specified operating procedures.

                  The awareness training materials may also include additional elements that address:

                  1. The organization’s objectives and targets;
                  2. The employees’ actions to minimize/eliminate impacts and risks and how they can contribute;
                  3. The importance of compliance with operational and regulatory requirements;
                  4. The overall improvement of the management system performance and the potential financial return;
                  5. The importance to interested parties.

                  Induction training

                  General awareness training should be undertaken in accordance with task demands. All new recruits (workers, contractors and temporary staff) must receive induction briefings and periodic Quality management system awareness training appropriate to the duration of their responsibilities to ensure they are aware of importance of ethical behavior e.g. codes of conduct, internal management, working relationships, fair treatment, confidential reporting mechanisms, protecting anonymity, no-blame-culture, awareness campaigns, notice boards, posters, training programs including:

                  • Core values and policies;
                  • Company overview;
                  • History of the company;
                  • The people and structure;
                  • Contract of employment;
                  • Induction pack;
                  • Health, safety and environmental briefing.

                  The induction record should be completed, signed by each participant and sent to the Human Resources Manager.

                  4.3.3  Work Environment

                  The organization must determine, provide, manage, and maintain the work environment needed to achieve conformity applicable to the manufacture of the product. Work environment includes buildings, workspace, and associated utilities,  process equipment and its maintenance (both hardware and software) ,supporting services (e.g. transport, communication, information systems); and conditions under which work is performed such as physical, environmental, or other factors.

                  The environment for the operation of processes clause ensures that the organization determines, provides, and maintains an environment necessary for the operation of its processes and to achieve conformity. The term environment refers to the work environment and is used to describe the set of conditions in which employees perform their work and under which products and services are produced. Conditions can include physical, social, psychological, and environmental factors (such as temperature, lighting, recognition schemes, social and occupational stress, ergonomics, etc). It can also relate to conditions on how work is actually done (complex, repetitive, creative, interactive, team, etc.) in work processes and procedures. The environment that you work in and may include the following:

                  • Equality Opportunities, whistle blowing, the anti-bullying policy.
                  • Violence at work, counseling support, lone working.
                  • Office-based risk assessment, space, noise levels.

                  The manufacture (organization) is responsible for identifying and knowing the different types of servicing and SRP that they will produce or support. They are also responsible for ensuring that the work environment needed to meet those requirements has been provided, is managed, and maintained to ensure conformity requirements are met. This includes organization’s facilities, workspace, utilities, process equipment, and physical and environmental conditions where servicing and SRP are produced. Work   environment   includes   the   organization’s  facilities,  mobile   work environments, and the well sites where services and SRP are utilized. Besides understanding what is considered the work environment, the organization also needs to understand the servicing and product conformity requirements.

                  4.4 Documentation Requirements

                  4.4.1 General

                  The quality management system documentation must include Quality manual, statements of Quality policy, statements of Quality objectives and. documented procedures. It must also include documents and records required for effective planning, operation, and control of its processes and compliance with specified requirements. Legal and other applicable requirements needed for product conformity must also be identified. Quality manual must include

                  1. the scope of the quality management system, including justification for any exclusions to specific quality management system elements ;

                  2.a description of the sequence and interaction between the processes of the quality management system;

                  3.identification of processes that require validation ; and

                  4.reference to documented procedures that control the quality management system processes;

                  The quality manual describes the quality management system in accordance with the stated quality policy and objectives, while the procedures describe the processes and activities required to implement the quality management system.Organizations can address the requirements of the standards by preparing a management system manual and by implementing procedures to control processes.The quality manual, the polices, processes and procedures are all about what organization has decided is important to ensure they can provide the services and products that continually meet customer requirements, deliver satisfaction and for the business to meet its own targets and objectives. The quality manual provides the scope of the management system . Also, the manual contains an overview of management’s and employee responsibilities as well as conformity statements applicable to the Q1 causes that are contained and supported by your management system. The management system processes and procedures provide detailed requirements for each of your key processes with the intent to specify who does what, when, where, how the process, action, or task is performed, and what documentation is used to verify that all required the quality related activities have been executed as required.

                  4.4.2 Procedures

                  All procedures mentioned in API Q1 standard must be established, documented, implemented, and maintained for continued suitability. One or more procedures can be contained in a single document or requirement of a documented procedure can be contained in one or more documents.

                  Documented Procedure Required by API Q1 standard

                  1. defining personnel competency and identifying training requirements
                  2. identification, distribution, and control of documents
                  3. integration of external specification requirements into the product realization process and any other affected processes
                  4. the identification, collection, storage, protection, retrieval, retention time, and disposition of records
                  5. review of requirements related to the provision of products and required servicing (Contract Review)
                  6. identify and control risk associated with impact on delivery and quality of product.
                  7. plan and control the design and development of the product.
                  8. contingency planning
                  9. procedure to ensure that purchased products or outsourced activities conform to specified requirements.
                  10. the verification or other activities necessary for ensuring that purchased products or activities meet specified purchase requirements
                  11. controls associated with the production of products.
                  12. controls associated with the servicing
                  13. Validation of Processes for Production and Servicing
                  14. identification and traceability
                  15. product inspection and/or test status
                  16. Customer-supplied Property
                  17. Preservation of Product
                  18. Inspection and Testing
                  19. preventive maintenance for equipments
                  20. Calibration and Maintenance of testing, measurement, and monitoring equipment.
                  21. release of product
                  22. Control of non conforming product
                  23. customer satisfaction
                  24. Internal audit
                  25. Analysis of data
                  26. correct nonconformities and to take corrective actions,
                  27. Preventive action

                  4.4.3 Control of Documents

                  The organization must establish a documented procedure for the identification, distribution, and control of its documents or that of the external origin. The procedure shall specify responsibilities for approval and re-approval of the documents. It must identify the controls needed to ensure that the documents are reviewed and approved for adequacy prior to issue and use. It must identify changes and revision status. Document must remain legible and readily identifiable, and are available where the activity is being performed. Documents of external origin must be controlled to ensure that the relevant versions are used and maintained. The organization must ensure against unintended use of obsolete documents and removed from all points of issue or use, or otherwise identified if they are retained for any purpose. All Procedures, work instructions, and forms must be controlled.

                  Organization must control the documents required by the its QMS. A suitable process must be implemented to define the controls needed to; approve, review, update, identify changes, identify revision status and provide access. The procedure should define the scope, purpose, method and responsibilities required to implement these parameters. In order to comply with the document requirements, it is essential that all personnel understand what types of information that should be controlled and more importantly, how this control should be exercised. To get the most out of your procedure it must communicated to ensure that staff and other users of the documentation information understand what they must do in order to manage that information effectively and efficiently. Demonstrate the organization’s arrangements for controlling document required by API Q1 and your organizations own requirements, including

                  • Availability e.g. document accessibility (hard copy, electronic media), readily available at the point of use;
                  • Suitability e.g. format, media suitable to the environment, ease of understanding, language, interpretation;
                  • Protection e.g. document authentication, document markings (official, secret, restricted, confidential, private, sensitive, classified, unclassified), access controls (individual, role specific),
                  • Physical security (master documents, server rooms, libraries) IT security (User ID, password, servers, download, back up, encryption, ‘read only’, ‘read/write’), protection from corruption and unintended alterations.
                  • Demonstrate the organization’s arrangements for document retention e.g. organization/legal/contractual retention periods, storage, preservation, back up, retention of knowledge, disposal, obsolescence e.g. withdrawal, replacement, legacy archive and suitable identification (‘for information only’, ‘not to be used after….’, ‘uncontrolled copy’, ‘for reference purposes only’, etc.

                  Ensure your organization protects electronic data, e.g. security policy, system access profiles, password rules, storage and back-up policy including protection from loss, unauthorized changes, unintended alteration, corruption, physical damage. Access can imply a decision regarding the permission to view the documented information only, or the permission and authority to view and change the document.

                  4.4.4 Use of External Documents in Product Realization

                  The organization must establish a documented procedure for the integration of the requirements coming from external specification such as API product including addenda, errata, and updates into the product realization process and any other affected processes when such requirement are used in the design or manufacture of the product.

                  External documents are the documents relevant to the quality management system (QMS) and issued by an external entity. Examples of those issuers can be: customers, suppliers, legislators, regulators, standardization bodies, or business partners. Documents of external origin relevant for the QMS can be, for example, Product Specifications, Logistics Specifications, Material Safety Data Sheets, Legislation, Permits, Standards, Platform Rules, or Work Instructions.Organization must determine what the relevant documents of external origin are used in design and manufacture of the products. The organization must ensure that external document is still updated.If the document was changed, what are the implications on the specification of the product. Do the changes in the document imply changes in the manufacturing process. The procedure must include:

                  • what are the relevant documents of external origin
                  • who is responsible for checking, with what frequency,
                  • who is going to do what when there are changes or new documents;
                  • get new versions or new document
                  • update register
                  • distribute new version or new document
                  • check if it is applicable
                  • plan changes
                  • implement changes
                  • confirm that changes were implemented

                  4.5 Control of Records

                  The organization must establish a documented procedure for control of Records. The procedure must identify the controls and responsibilities needed for the identification, collection, storage, protection, retrieval, retention time, and disposition of records. Records should remain legible, identifiable, and retrievable. The retention of record should be based on customer, legal, and other applicable requirements or 5 year whichever is more.The records including those of outsourced process must be e established and controlled to provide evidence of conformity to requirements and the organization’s quality management system.

                  Records Required by API Q1 standard

                  1. records of education, training, skills, and experience
                  2. records to ensure the effective planning, operation, and control of its processes and compliance with specified requirements
                  3. record of customer requirement, when customer provides no documented statement of requirements
                  4. Records of contract review including resulting actions
                  5. records needed to provide evidence that the product realization processes meet requirements (for eg inspection record)
                  6. Records of risk assessment and management including actions taken
                  7. Contingency plan
                  8. Records of design inputs
                  9. Records of design outputs
                  10. Records of design review
                  11. Records of design and development verification and the final review
                  12. Records of the design and development validation, approval, and any necessary actions
                  13. Records of design and development changes,
                  14. Records of supplier evaluation
                  15. Records of outsourced activities
                  16. Records of verification of Purchased Products or Activities
                  17. Records of product realization plan
                  18. records of review/verification, validation, monitoring, measurement, inspection, and test activities, including criteria for product acceptance
                  19. Records of validation of Processes for Production and Servicing
                  20. Records of identification and traceability
                  21. Records for the control and disposition of customer-supplied property
                  22. Records of the results of assessments of product kept in storage
                  23. Records of required inspection and testing
                  24. Records of preventive maintenance
                  25. Records of assessment of the validity of previous measurements and actions to be taken on the equipment and product, when the equipment is found to be out of calibration.
                  26. Records of the results of calibration and verification
                  27. Records shall be maintained to enable identification of the individual releasing the product
                  28. Records of notification to customers of product not conforming to DAC or contract requirements
                  29. Records of nature of nonconformities of non conforming product and any any subsequent actions taken
                  30. Records of MOC activities
                  31. Records of customer satisfaction
                  32. Records of internal audit
                  33. Records of the Corrective action
                  34. Records of the preventive action
                  35. Records of Management Review