5.1 Contract Review
The organization must establish a documented procedure for the Contract review that defines the process for the review of the requirements related to the provision of products and required servicing.
5.1.2 Determination of Requirements
The organization shall determine stated customer requirements, legal and other requirements, requirements considered by the organization necessary for provision of the products. When the customer requirements are not documented, the organization must confirm the requirements with the customer and records them.
5.1.3 Review of Requirements
Prior to the organization‘s commitment to deliver product to the customer, the organization shall review the requirements related to provision of products. The organization should ensure that requirements are identified and documented. The requirements differing from those previously identified are resolved and the organization has the capability to meet the documented requirements. Where contract requirements are changed, organizations must document all changes and amend all relevant documentation and the organizations must notify all affected personnel of changes The results of the review and the action taken must be recorded
The requirement states that organization should now include a review of the requirements arising either from customer , legal or other requirement or organization’s own customer. The organization should seek and record evidence that these requirements are considered during product and service reviews. The sub-clause mandates that your organization should not issue a quotation or accept an order until it has been reviewed to ensure requirements are defined, and that the organization has the capability to meet the defined requirements. It goes on to require that records of the review and any subsequent actions be maintained. The organization should conduct a review of customer requirements before order acceptance. It can conduct a contract review checklist with following headings as a minimum:
Necessary information is available:
- Technical data;
- Specifications and standards;
Customer requirements are understood and can be met:
- For product acceptance (e.g. Quality, inspections & tests, verification & validation, and any special monitoring);
- For delivery expectations;
- For post-delivery expectations.
Related standards have been reviewed and can be met:
- International quality (e.g. ISO-9001:2015, API Q1);
- Other necessary and applicable standards.
Unclear or ambiguous requirements are resolved;
Feasibility has been determined:
- capability to meet order requirements;
- have the equipment;
- have the floor space;
- have adequate resources;
- have skilled personnel.
Differences between the contract and quote are resolved;
Methods of communicating with the customer are defined related to:
- Product information;
- Concerns and complaints handling.
Requirements that are not stated by the customer are defined.
If the customer does not provide their requirements in writing, the requirements must still be confirmed before they are accepted. Define your organization’s arrangements for the retention of documented information to capture the results of the review including any new requirements or changes e.g. record of contract review, including for example customer, reference, date, persons, resources, conventional/special requirements, risks outcome and changes.
Planning requires that organizations identify and plan the processes and documents needed for product realization. During planning, the organization must address the following:
a) Required resources and work environment management
b) Product and Customer-specified requirements
c) Legal and other applicable requirements
d) Contingency planning on risk assessment
e) Design and development requirements
f) Required verification, validation, monitoring, measurement, inspection and test activities specific to the product and the criteria for product acceptance
g) Management of change
h) Records needed to provide evidence that the realization processes meet requirements
The output of planning should be documented and updated as changes occur. The plans can be maintained in a structure which is suitable for the organization.
Planning is a critical requirement. During discussion, participants will notice that sections (a) through (h) reference other parts of the API Spec Q1 9th edition specification. It is critical that the organization takes the referenced sections into account during planning. Once review of requirements has occurred, organizations can begin to plan for the manufacturing or servicing of product.
(a) Resources and Management
During planning, organizations must take into account resources and work environment management necessary to manufacturing or servicing of product.
(b) Product and Customer Requirements
The organization must take into account Product and Customer-specified requirements (see 5.1).
Meeting customer specified requirements at a minimum, must be achieved in order for the manufacturing or servicing of product to be an accepted.
(c) Legal and Other Requirements
The expectation that organizations know and understand legal and other applicable requirements resonates throughout the API Spec Q1 9th edition. HSE, quality, and other requirements are included in this expectation. It is not possible to properly plan manufacturing or servicing of product if the organization is not aware of the legal and other requirements that they are mandated to comply with.
(e) Contingency Planning
Based on the customer requirements for manufacturing of product, the organization shall identify the contingency plans for the identified risk found in the initial risk assessment to reduce and or eliminate the risk through identified process or back-up planning as well as developed employee competencies to manage the identified risk.
(f) Contingency Planning Based on Risks
Planning must include the initial risk assessments so that the risks can be mitigated.
(g) Design and Development Requirements
When planning under section 5.2 Planning, organizations must take into account section
5.4 Design and Development.
- 5.4.1 Design and Development Planning
- 5.4.2 Design and Development Inputs
- 5.4.3 Design and Development Outputs
- 5.4.4 Design and Development Review
- 5.4.5 Design and Development Verification and Final Review
- 5.4.6 Design and Development Validation and Approval
- 5.4.7 Design and Development Changes.
(h) Verification, Validation & Test
Organization must address the following for product acceptance:
- Test activities
(i) Management of Change
Change is in manufacturing product. When things go wrong, or something unplanned occurs, the organization can refer to the contingency plan, which is still part of . However, when changes fall outside the scope of the contingency plan, an MOC is required. If changes initiated by the organization or the customer result in risks, the organization must notify the customer through the MOC process, as previously discussed.
Records needed to provide evidence that the product realization processes meet requirements. This links to the following API Q1 elements:
- 5.7.7 Inspection and testing : Maintaining Records
- 5.9 Product release : Maintaining Records
5.3 Risk Assessment and Management
The organization must establish a documented procedure to identify and control risk associated with impact on delivery and quality of product. The procedure must identify the techniques and tools to be applied for risk identification, assessment, and mitigation . Risk assessment must include availability of facilities, availability of equipment. It must also include the maintenance of facilities and equipment. The supplier performance should be part of the risk assessment which must also include supply/availability of material. Availability of competent personal and delivery of nonconforming product must also be included. Record of Risk assessment and the management of risk should be available. Contingency plan may be developed as a result of risk assessment. Corrective action and /or preventive action can be taken as a result of risk assessment. Risk assessment includes consideration of severity, detection methods, and probability of occurrence.
The purpose of the procedure is to outline your organization’s risk management framework and the activities within. The risk management framework defines the current risk management process, which includes; methodology, risk appetite, methods for training and reporting. Risk Assessment and Management is fundamental to API Spec Q1, 9th edition success as well as aiding the organization to eliminate loss associated with its manufacturing products, processes and services. The API Spec Q1, 9th edition’s foundation is about understanding and mitigating risks associated with its manufacturing processes, products and services. By design, this Specification does not detail the organization’s procedure for Risk Assessment and Management. Since there are many different methods and applications available to organizations, it will be up to the manufacturing or servicing providers to decide which procedure best fits their needs. Risk Based Management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.
1.Identify the Risks
A lot will go into the identification of potential risks for a company. There are two distinct kinds of risk that a company may encounter: external and internal. External risk is risk incurred from the environment in which the company operates. These can be legal, regulatory, financial, and cultural risks. Internal risk is risk incurred from within an organization. This can be caused by an organization’s structure, resource deficiencies or allocation, and hierarchy. Risk need to be determined within the context of the business, something that will lead to different definitions of each term for different organizations.
2 Plan Your Response
As with any other part of the standard, companies are required to develop a plan for addressing the risk and opportunities they’ve identified. A company will need to do an in-depth assessment of the possible risks for this part. How likely are these risks? How disruptive would they be if they were to happen? What amount of resources is your company willing to dedicate to mitigating these risks? Can their likelihood be increased while mitigating the risk? Is the potential risk worth incurring for a chance at capitalizing on the opportunity? Once these assessments have been made, an organization can develop a plan for addressing the risks based on their stated strategies. Without properly assessing their appetite for risk, an organization cannot properly plan to either mitigate it or capitalize on the opportunities it presents. These plans need to be clearly laid out, with a plan for documenting the process and keep clear records on it.
3 Integrate the Response into Your QMS
This step requires a company to insert the plan they’ve developed for addressing risk and opportunity into the greater framework of the QMS that they already have in place. This step is critical, in that the plan needs to allow for the rest of a company’s QMS to remain seamless. As a standard that emphasizes universal application, the nature will require that the process developed for addressing risk be compatible with all other procedures in the company. For this reason, keeping a company’s QMS in mind as it goes through the process of developing a plan for addressing risk and opportunity can prove to be helpful. Developing a plan only to find that it doesn’t integrate well into the larger process means time and energy has been wasted.
4 Evaluate Effectiveness
As with any other procedure in a company , proper documentation and record keeping processes will need to be put in place. This is where a company can record the outcomes and measure the effectiveness of their efforts. This stage in the process is also why it is crucial to develop a comprehensive assessment of the company’s willingness to take on risk and pursue potential opportunities. Without a detailed understanding of the company’s aims in regards to both risk and opportunity, it will be all but impossible to properly assess the effectiveness of the process that’s been implemented. As with any procedure , this step allows for the constant scanning of potential inefficiencies that can be improved upon. It should be noted that context is also a key factor in any risk assessment process. Risk at one juncture of the process might look different than the same risk at another juncture. This is why having a comprehensive strategy for risk assessment is critical. Preparing for and thinking about all the possibilities will help better prepare your company.
5.4.1 Design and Development Planning
The organization must maintain a documented procedure to plan and control the design and development of the product. The organization’s procedures is to identify:
o Design and development plans and plan updates
o The design and development stages
o The resources, responsibilities, authorities, and their interfaces to ensure effective communication
o The review, verification, and validation activities necessary to complete each design and development stage
o The requirements for a final review of the design
The procedure must ensure that all the requirements of design and development as given in clause 5.4 are met even when design and development activities are performed at different locations within the same organization. The procedure must include the requirements of outsourcing as given in clause 126.96.36.199
Design and development for products will vary greatly in complexity. Some products present low risks while others may present significant risk, based upon their design and application. All product in the Petroleum, Oil and Gas Industry is expected to meet the requirements of 5.4 Design & Development. The organization shall maintain a documented procedure to plan and control the design and development of the product.
- Plans and Updates: Plan and control procedure must include the design and development plans and plan updates.
- D&D Stages: Under this Subpart, organizations are required to identify the D&D stage in its plan and control procedure.
- Resources, Responsibilities & Authorities: Plan and control procedures must include the resources, responsibilities, authorities and their interfaces to ensure effective communication for the D&D activities
- Review Activities: In addition to identifying the different D&D stages in the plan and control procedure, organizations must include the review, verification, and validation activities necessary to complete each design and development stage.
- Final Review: The plan and control procedure the requirements for a final review of the design.
Design planning must specify the design and development stages, activities and tasks; responsibilities; timeline and resources; specific tests, validations and reviews; and outcomes. There are many tools available for planning ranging from a simple checklist to complex software. Control product design and development planning activities including:
- Scope of the design e.g. customer requirements design rationale, design assumptions, objectives, complexity, size, detail, timescales, criticality, constraints, risks, producibility, accessibility, maintainability;
- Stages of the design process, distinct activities and review e.g. work breakdown structure, work packages (tasks, resources, responsibilities, content, inputs/outputs), concept design, preliminary design, detail design, design review gates preliminary design review, detail design review, critical design review);
- Verification and validation activities comprising checks, trials, tests, simulations, demonstrations required to ensure requirements are met;
- Assignment of responsibilities and authorities e.g. job profiles, CVs, accountability statements, delegation of authority, levels of approval, register of authority and approvals, authorized signatories;
- Internal and external resources such as knowledge acquisition, people, competency, investment, funding, facilities, equipment, innovation, technology, interested parties (customers, external providers, research establishments), information (principles, standards, rules, codes of practice);
- Organizational interfaces such as personnel and functions e.g. sales, project management, production, procurement, quality, finance, customers, end users;
- Levels of control required or implied by interested parties (customers, regulators, end users etc.) e.g. customer acceptance, safety checks, risk management, verification/validation activity, product certification;
- Required documented information e.g. design plan, design reviews, design outputs (specifications, schemes, drawings, models, data, reports), control plans, certificates.
The design management plan typically includes specific quality practices, assessment methodology, record-keeping, documentation requirements, resources, etc., and usually reference the sequence of activities relevant to a particular design or design category. The design management plan references applicable codes, standards, regulations and specifications. and describe the interfaces with different groups or activities that provide, or result in, an input to the design and development process. Each design activity is planned, divided into phases, and tasks assigned to competent and skilled design personnel equipped with adequate tools and resources. Design management plans are documented and updated as the design evolves. As required, at the commencement of a design package, the Design Manager is required to complete a Design Management Plan (DMP) which will include at a minimum:
- Confirmation of the standards baseline used for the work being undertaken and an explanation of how compliance to this baseline will be demonstrated;
- An organisation chart with defined responsibilities for all staff with direct involvement in design or with a potential impact on safety;
- Skills matrix to define the competence of individuals with ‘prepare’, ‘check’ and ‘approval’ duties;
- Scope definition and interface identification including key issues and operational requirements;
- Projected output, timelines, milestones, and defined deliverables;
- Stated processes and procedures to ensure acceptable quality assurance will be demonstrated and records maintained (specifically the formal Assurance Gates);
- Processes and procedures to be used to ensure compliance with the engineering safety management;
- The design review process, both single (SDR) and multi-design consultant (IDR) reviews and stakeholder intervention, prior to the Assurance Gate Reviews at 20%, 60% & 100% design completion stages;
- Explanation of how compliance with input requirements will be demonstrated.
5.4.2 Design and Development Inputs
The organization must identify the D&D Inputs and review them for adequacy, completeness, and lack of conflict. The functional and technical requirements of D&D Inputs can be customer-specified requirements , requirements provided from external sources, including API product specifications, environmental and operational conditions, methodology, assumptions, and formulae documentations, historical performance and other information derived from previous similar designs, legal requirements and results from risk assessments . The design inputs must be recorded.
Define which design and development inputs are required to carry out the design and development process. The inputs should be determined according to the design and development activities. For example, which employees are required or what information is required for every step of the development process. When determining design input requirements, ensure the retention of documented information such as:
- Statutory and regulatory requirements e.g. legislation, regulation, directives;
- Standards or codes of practice e.g. policies, standards, specifications, rules and aids, protocols, guidance, industry codes
- Functional and performance requirements informed by customer requirements, operational and performance charateristics, usability, reliability, availability, maintainability, and safety (e.g. Human factors and RAMS);
- Knowledge exchange from other, similar proven designs, lessons-learned, performance data, in-service data, customer feedback, external feeback, best practice, benchmarking;
- Design assumptions and associated risks;
- Methods of validation and verification;
- Adequacy of inputs e.g. clear, complete, unambiguous, and authorized;
- Conflicting inputs are resolved by communicating with interested parties/contract amendments.
Conceptual Design Statement (CDS)
The Conceptual Design Statement (CDS) includes a design statement that declares the inputs to be used in the design and the proposed design solution. A design statement illustrates the principles concepts and input data relevant to the design and allows relevant stakeholders to understand the thinking behind any chosen design solution. The Design Team will normally produce a Conceptual Design Statement that states the standards and requirements against which the design is to be developed, the processes to be applied and the level of independent checking to be carried out (if any) that is proportionate to the level of risk. The design activities are then carried out by the Design Team using the CDS as the basis. Design and development inputs are documented and controlled. Design and development inputs can be in any form, including data sheets, customer drawings and specifications, photographs, samples, references to standards, etc.
Design standards baseline
All designs are based on a list of approved design standards, referred to as the Standards Baseline. This list is owned and managed by the Engineering Manager. The Standards Baseline is made up of a combination of National and International Standards, National Engineering Specifications, and Approved Codes of Practice. The Standards Baseline should be reviewed monthly and any changes are controlled by the Engineering Manager. At the commencement of any given design package, the Design Team is required to specify the Standards Baseline that will be used in the design. The Engineering Manager should be responsible for checking that the correct design standards have been specified and for verifying that the design output complies with these standards and design requirements. Due to the continuous review and updating of standards, the baseline between different design instructions may vary so a strict configuration control is maintained and only agreed changes are used in the assurance process. Once a design package has been instructed, the baseline for that element of work becomes fixed and will not reflect any subsequent changes in standards.
Assumptions will normally be statements to fill uncertainties in available information. They are generated by the Design Team in order to allow designs to continue in the early stages. The anticipation is that assumptions are temporary and are closed out either by obtaining data or updating documents to confirm or change the assumption. Assumptions have the potential to be incorrect, and are therefore a source of risk, that require management. Any associated risk is identified and raised through the Risk Register. The assumption management activity is coordinated by Design Manager, with input from the Design Team. Assumptions regarding domain knowledge include facts about the application of the end product or service that allow requirements to be developed in a particular context. The assumptions are normally traceable to gaps or inconsistencies in the design inputs e.g. incomplete or conflicting functional requirements, inconsistencies between the applicable Standards, unclear scope of work, or demarcation issues. The Responsible Body; which might be another company, organisation, person, or team against which an assumption has been made or who are responsible for providing a feature or undertaking an action to resolve an assumption agreed by them. Qualifying criteria for design assumptions are based on the following:
- Assumptions on scope and allocation;
- Assumption regarding gap or conflict in the stated capabilities, systems or operational aspects;
- Conflict between standards;
- Assumptions due to missing design data;
- Assumptions regarding a design decision;
- Assumptions relating to interface issues.
Assumptions must not be raised on programme and cost related matters. The requirements or the design statement will be verifiable against the raised assumption or the origin of the assumption. Assumptions are accepted by the Resolving Body; they may be turned into design requirements or project risks. The process for managing design assumptions is summarised as follows:
- Assumptions are managed using an Assumptions Register;
- The Design Team propose an assumption to fill an uncertainty;
- The Engineering Manager reviews the suitability of the assumption against the criteria;
- Once agreed with the Resolving Body, the Design Team updates the assumption register;
- Action owner closes out assumption by agreed date, this could be done either by establishing additional data or confirming a decision;
- The Engineering Manager monitors that action owners are closing out assumptions and takes action to expedite if necessary;
- Any assumption remaining at the end of the design phase must be clearly recorded in the Assumptions Register and transferred to the Risk Register.
Assumptions are considered closed when they are successfully resolved i.e. accepted by the Resolving Body and the Resolving Body has taken an action that is documented in a resolving document. This resolving document must be properly reviewed, verified and issued before the closure of an assumption is accepted. The respective Gate Review Authority are the final authority to accept or reject the closure of an assumption. The confirmation of closure is noted in the Assumptions Register and a reference to the resolving document with the relevant clause is provided for verification purposes.
The design management process is geared towards meeting customer requirements, while providing a product cost, which enables organizations to have a satisfactory return on investment. The physical and performance requirements of a product used as a basis for product design and development; includes user requirements, regulatory requirements, and system requirements. The customer and user requirements are translated into design requirements and may either be hardware or software (according to intended use) and included in the design specifications and other design documents.
The requirements are reviewed for adequacy by a cross functional, multidisciplinary team involving Design, Engineering, Sales, Manufacturing, Procurement, Sales and Quality to ensure the requirements are complete, unambiguous and not in conflict with each other. The Design Team notifies Engineering Manager if the requirements are ambiguous or conflict with each other. The Design Team produces evidence of the capture of and compliance with the requirements. This evidence is presented in the Requirements Register. The Design Team should provide compliance matrices and verification reports to demonstrate how the designs meet the requirements, supported by the compliance rationale, evidence, models and analysis as required, whilst ensuring that:
- All requirements are traceable to the identifier, author, rationale, source, requirement owner, allocation and stakeholder;
- All requirements have been validated and approved by identified personnel;
- All requirements set been reviewed and agreed with the customer;
- Are requirements are recorded into the project applicable database;
- All allocated requirements are understood and accepted by all the recipients.
In order to progress their close-out and acceptance, compliance statements are prepared and allocated to each requirement, commensurate to the design stage e.g. Gate 1, 2, or 3. Links and references to supporting drawings and documents are provided as the design progresses.
Customer supplied user requirements are transferred to the Requirements Review Checklist and additional requirements are addressed with the customer. The Marketing Manager and the Sales Manager should identify and document the markets’ need for new solutions in a requirement statement which serves as the input for design and development work. The requirement statement includes the following:
- What is required (features/functions, etc.);
- Why it is needed (customer demand);
- When it is needed;
- Assumptions needed to progress the design;
- Risk and opportunity, and hazard analysis;
- Requirements for performance, reliability, safety, statutory and regulatory, etc.;
- Pricing targets and design project milestones.
When a product is designed or modified to meet specific customer requirements, the Engineering Manager receives from Marketing Manager and the Sales Manager an outline design order with customer requirements and specifications. The Design Team translates the needs and expectations from the requirements and design statements to technical specifications for materials, products, services and processes.
Where necessary, the Design Team should form working groups to develop interface control documents and record agreements for interfacing stakeholders in order to elicit their requirements and to provide feedback that may be important to your designs. Their emphasis should be on the identification and co-ordination of the important characteristics, parameters and configurations that need to be developed to deliver effective interface designs. The level of detail documented must be proportionate with the level of detail being developed in the design outputs.
- Identify, specify and manage interfaces;
- Assist in the resolution of interface issues relating to commercial or contractual issues;
- Assist in the production of and agree interface documents with interfacing parties;
- Ensure that the process of interface management is fully supported during the development of detailed designs;
- Review and monitor the development of interface identification.
The established document numbering system must be used by the Design Team. All documents produced to support the design and the design assurance process should be listed in the Master Design Document List, which is a list of all plans, processes and procedures to be used to control the safety, quality and efficiency of the design output.
All design documents must follow the ‘Prepare’, ‘Check’, and ‘Approve’ process, evidenced by the signatures of competent individuals. All design documents should be signed off in the three categories:
- Prepared – by a competent person who produces the design document, checking their own work complies with codes and standards governing that work.
- Checked – by a competent person able to undertake a formal detailed check/review of design methods, codes and standards used, deliverables, calculations, drawings and specifications produced by another member of the Design Team. This role is undertaken by a competent person of the same discipline, not the Preparer, but can be a member of the same team.
- Approved – by a competent person of the same discipline, but not a member of the same team, able to undertake a review of the design output after detail checking has taken place to validate that the design is consistent with requirements, is fully integrated and satisfies interface requirements.
Design and development reference materials (e.g. standards, catalogues, etc.) should be available and maintained by the Engineering Manager. Only current issues and revisions of reference material must be used. All documents produced to support the design and the design assurance process must be listed in the Master Design Documents List.
5.4.3 Design and Development Outputs
The outputs of Design and Development should meet the input requirements for design and development. It must provide appropriate information for purchasing, production, and servicing. It must identify or must design acceptance criteria (DAC). It must identify or refer to products and/or components which are critical to the design. It must include results of applicable calculations and must specify the characteristics of the product that are essential for its safe and proper use. The organization must document its D & D outputs for verification against the design and development input requirements. The design output must be recorded. Identification of criticality of products and/or components can be maintained outside of the design and development process.
The design and development output is the result of design and development process. The output is a clear description of the product, containing detailed information for production. The organization’s design and development outputs reconcile with its design and development inputs by:
- Ensuring outputs meet input requirements e.g. checklists, design review records, authorization to proceed, customer acceptance, and product certification;
- Ensuring outputs are adequate for product and service provision e.g. standards, specifications, schemes, drawings, models, part lists, materials, methods, manufacturing instructions, technical packages, tooling, machine programs, preservation, handling, packaging, specialist training, user instructions, service manuals, repair schemes, and external provision;
- Reference to monitoring and measuring equipment e.g. inspection equipment, gages, instruments, environment;
- Acceptance criteria e.g. product/service specification, limits, tolerances, and quality acceptance standards;
- Product/service characteristics e.g. key characteristics, customer critical features, interface features, inspections, service intervals, and operating characteristics;
- Critical items such as identification, key characteristics, special handling, service intervals, component lifing, cyclic life, life management plans, source and method change, and traceability;
- Outputs are approved prior to release e.g. scope of authorization, authorized persons, levels of authorization, method of authorization and documented information is retained.
Outputs of the detailed design are the final technical documents used for purchasing, production, installation, inspection and testing, and servicing. Design output includes production specifications as well as descriptive materials which define and characterize the finished design and include drawings and documents used to procure components, fabricate, test, inspect, install, maintain, and service the product. Design and development outputs are in the form of documented information that defines the product, including its characteristics that affect safety, fitness for use, performance, and reliability are provided for the manufacturing phase:
- Schematics, assembly drawings and wiring diagrams.
- Component and material specifications.
- Production and process specifications.
- Software design specifications.
- Bills of materials.
- User operation and maintenance instructions.
- Results of risk analysis and transfer of residual risk.
- Software source code and software machine code.
- Results of verification and validation activities.
- Quality assurance specifications and procedures.
- Installation and servicing procedures.
- Packaging and labeling specifications, including methods and processes.
- Details of new or revised procedures, work instructions, or processes.
- Applicable workmanship standards.
- Inspection and test criteria.
Specifications and procedures for product packaging and labeling are also part of the design and development output. Support documentation (e.g. calculations, risk analysis, test results, verification and validation reports, etc.) is also part of the design and development output. The transfer of a design to production typically involves review and approval of specifications and procedures and, where applicable, the proving of the adequacy of the specification, methods and procedures through process validation including the testing of finished product under actual or simulated use conditions. The design transfer phase ensures that the design is correctly translated into production specifications, such as assembly drawings, component procurement specifications, workmanship standards, manufacturing instructions, and inspection and test specifications. They may also be:
- Documentation (in electronic format as well as paper);
- Training materials (e.g. manufacturing processes, assembly, and test and inspection methods);
- Digital data files (e.g. computer-aided manufacturing (CAM) programming files);
- Manufacturing jigs and other aids (e.g. molds or templates).
The Engineering Manager should ensure that the design transfer process addresses the following basic elements by:
- Undertaking a qualitative assessment of the completeness and adequacy of the production specifications;
- Ensuring that all documents and articles that constitute the production specifications are reviewed and approved;
- Ensuring that only approved specifications are used for manufacture and production.
Prior to execution of a work transfer, analysis of any regulatory or contractual requirements are reviewed and flowed down through the supply chain to ensure compliance of any established requirements.Outputs may also include product preservation methods, identification, packaging, service requirements, etc. as appropriate.
5.4.4 Design and Development Review
Periodically at suitable stages of D & D , the organization must review its Design and Development. The review is performed to identify any problems and take necessary actions. The organization must evaluate the suitability, adequacy, and effectiveness of the results of design and development stages to meet specified requirements. Representatives of concerned functions should be part of the review. The result of review and any necessary action should be recorded.
Design reviews should be carried out after the initial concept stage and again after the detailed design stage and finally, before the design is released. The design review function is carried out at various stages of the design process in order to check that the design solution is in accordance with the original design inputs and objectives and includes identification of concerns, issues and potential problems with the design. Design review meetings should be held at pre-defined points during the development process, with reviews held on an as-needed basis, depending upon the complexity of the design. Participants of design review meetings are competent to evaluate the design stage and discipline under review to permit them to examine the design and its implications.
Assurance reviews: The Design Manager should ensure that design reviews are carried out in accordance with the Design Management Plan when the design has progressed by 20%, 60% and 100%. A cross functional, multidisciplinary team (including at least one individual who does not have direct responsibility for the design stage under review) undertake a documented, comprehensive, systematic examination of the design to evaluate its adequacy, to determines the capability of the design to meet the requirements, and to identify problems, whilst ensuring that:
- The input for the Design Reviews is captured from all stakeholders;
- All open actions from previous Design Reviews are tracked through to closure;
- All areas of concern are highlighted for further discussion and risk mitigation;
- All design reviews are documented and shared with stakeholders in a timely manner.
The following elements are considered during design reviews:
- Customer needs and expectations versus technical specifications;
- Ability to perform under expected conditions of use and environment;
- Safety and potential liability during unintended use and misuse;
- Safety and environmental considerations;
- Compliance with applicable regulatory requirements, national, and international standards;
- Comparison with similar designs for analysis of previous quality problems and possible recurrence;
- Reliability, serviceability, and maintainability;
- Product acceptance/rejection criteria, aesthetic specifications and acceptance criteria;
- Ease of assembly, installation, and safety factors;
- Packaging, handling, storage, shelf life, and disposability;
- Failure modes and effects analysis;
- Ability to diagnose and correct problems;
- Identification, warnings, labelling, traceability, and user instructions;
- Manufacturability, including special processes;
- Capability to inspect and test;
- Materials and components specifications;
- Review and use of standard parts.
The reviewers are responsible for raising any comments, while the Design Manager should be responsible for capturing comments using the Design Review Meeting Minutes. Conclusions drawn during design reviews are considered and implemented as appropriate. Not all identified concerns result in corrective actions, the Engineering Manager should decide whether the issue is relevant, or the issue is erroneous or immaterial. In most cases, however, resolution involves a design change, a change in requirements, or a combination of the two. Records of design review meetings are retained and identify those present at the meeting and the decisions reached.
Single-consultant Design Review (SDR): The Single-consultant Design Review (SDR) is a presentation of the design to relevant stakeholders. These reviews are carried out by the Design Manager when the design has progressed by 20%, 60% and 100%. The purpose of the review is to present evidence at each of these stages to confirm that the design is compliant with the standards and requirements defined in the Conceptual Design Statement. The reviewers are responsible for raising any comments, while the Design Manager should be responsible for capturing comments using the Design Review Meeting Minutes, and referencing the document upon which they are commenting along with their name. If a reviewer cannot attend a session it is their responsibility to ensure adequate cover or to issue their comments the Design Manager for inclusion. The minutes of SDR meetings are recorded. Meeting minutes include a detailed listing of all the documents that have provided the basis of the review. Issues raised may be addressed in the following design stage. Any outstanding issues are recorded in the Design Issues Log (or similar), presented at the Assurance Gate Review meeting as issues for the next design stage and subsequently confirmed as being closed out at the subsequent Gate.
Inter-consultant Design Review (IDR): The Inter-consultant Design Review (IDR) is a presentation of the design of a work package or packages to interfacing Design Teams. These are carried out by the Design Manager when the design has progressed by 20%, 60% and 100%. Its primary purpose is to seek evidence that all interfaces have been agreed and that the design integrates to deliver the requirements. At each IDR an Inter-consultant Design Review Certificate is produced to evidence that all interfacing Design Teams are satisfied with the design under consideration. It should be signed by accepted representatives of the interfacing Design Teams and contain a list of any actions required to close out any exceptions raised but not deemed a bar to acceptance. The reviewers are responsible for issuing any comments in writing using the Design Review Meeting Minutes, and referencing the document upon which they are commenting along with their name. If a reviewer cannot attend a session it is their responsibility to ensure adequate cover. The minutes of IDR meetings are recorded and include a detailed listing of all the documents that have provided the basis of the review. Issues raised may be addressed in the following design stage. Any outstanding issues are recorded in the Design Issues Log (or similar), presented at the Assurance Gate Review Meeting as issues for the next design stage and subsequently confirmed as being closed out at the subsequent Gate. Other instances of design reviews may be required when the Engineering Manager has identified significant design change that requires a review to revalidate the design.
Assurance gate reviews: The Assurance Gate Reviews 1 to 3 are the primary control mechanism that provides progressive assurance when evidence is reviewed at defined stages to confirm that the designs produced meet the design project’s objectives, requirements, obligations and that the risks associated with the engineering are identified and fully understood.
- Gate 1 – (Initial concept (20% complete) The details will be outline only but will define the character, limit and form of manufacture, fabrication or construction.
- Gate 2 – (Functional design (60% complete) At this stage the design has progressed to an intermediate position (progress check at 60% complete) This Gate is a check point at about the mid-point between Gate 1 and the final design. At the outset of a design project, the target deliverables at Gate 2 are clearly defined so that it provides an interim way point to confirm progress.
- Gate 3 – (Detailed design ready for manufacture, fabrication or construction (100% complete) At this stage the design is complete and ready to be issued for manufacture, fabrication, or construction. Design details are finalised and fully integrated with other interfaces.
The purpose of the Assurance Gate Review process is to provide progressive assurance during the design stage that the objectives of the design intent can be achieved and that the design can progress successfully to the next stage. The next stage of the design process can only proceed when the Assurance Gate Review is successfully passed. If the evidence submitted at the Assurance Gate Review demonstrates that the design meets the objectives, it will be approved. If the Gate Review Panel decides that the submitted deliverables fall short of the requirements, the design will not pass through the Assurance Gate Review and is therefore prevented from proceeding to the next stage. The Gate Review Panel also known as the ‘Approval Authority’ has the responsibility to make the appropriate decision at each Assurance Gate Review. The Gate Review Panel is a multi-discipline committee formed of members from various departments and stakeholders throughout the organization. The Gate Review Panel members should be selected based on perceived risks, applicable regulatory or legal requirements, technical complexity, financial repercussions and criticality of the product. Department representation should include: Quality, Manufacturing, Engineering, Sales, Planning, Purchasing, Business Development, Contract, Legal, or others as deemed necessary. Formal, documented design and development Assurance Gate Reviews should be held at appropriate stages of the design and development cycle and include representatives from all concerned functions and stakeholders. Each Assurance Gate Review focuses on assessing whether the design deliverables meet all the objectives and appropriate criteria. The minimum approval criteria used for determining whether the design meets the intent are set out below. In addition to these minimum requirements, the Engineering Manager may specify further criteria at the outset of each design stage. The Gate Review Panel is responsible for managing the Gates Review process thereby ensuring that:
- The design progress and the design status has successfully reached a stage of development appropriate to the Gate being assessed;
- Cost and programme issues have been agreed and align with budget constraints;
- The assurance evidence presented to the panel is sufficient to support the Gate requirements;
- The risks are either designed out, have appropriate mitigation or have been clearly identified and agreed that they can proceed to the next stage;
- All the necessary deliverables and other legal have been identified, complied with and that the design is compliant with any including undertakings and assurances;
- At the conclusion of the Gate Review Panel and the Gates Chair Person a shall confer, taking full account of the views of the other Panel Members, and decide whether or not the design submission and presentation meets the Assurance Gate Review objectives and consequently can be given a pass or is prevented from passing the Gate.
- If the Gates Chair Person decides that missing deliverables or evidence do not impact on the ability of the project to proceed, then a conditional pass may be given, subject to the remaining deliverables being completed within a specified time.
- The conditions and timescales are conveyed to the Design Manager at the Review;
- Where conditions are raised that are potentially of a significant risk, consideration shall be given to inclusion of the conditions;
- The Gate Review Panel’s findings and decisions are recorded, together with any supporting data.
The Design Review Meeting Minutes should capture the results of the Gate Review Panel’s review. It serves as a record of the review and summaries the findings. The key aspects of the report are recording the evidence presented to satisfy the approval criteria and using this to support the decision regarding pass or re submission. It is the Design Manager’s responsibility to assemble and present to the Gate Review Panel sufficient evidence, see table of deliverables below, when the design has progressed to 20%, 60% and 100%, to enable the Gate Review Panel to discharge their duties. Key design deliverables that are associated with the Assurance Gate Review are provided to the Gate Review Panel at least 5 working days prior to the scheduled review date
5.4.5 Design and Development Verification and Final Review
In accordance with planned arrangements the design and development verification and a final review must be conducted and documented to ensure that the design and development outputs meets the design and development input requirements. Design and development verification and the final review must be recorded.
Design verification is confirmation by examination and provision of objective evidence that the specified input requirements have been fulfilled. Any approach which establishes conformance with a design input requirement is an acceptable means of verifying the design with respect to that requirement. Complex designs require more and different types of verification activities. The nature of verification activities varies according to the type of design output. Design verification is carried out to check that the outputs from each design phase meet the stated requirements for the phase. Requirements traceability verification is undertaken to ensure that the design fulfills the design concept, while expressing the necessary functional and technical requirements. This process verified throughout the Assurance Gate Reviews. In most cases, verification activities are completed prior to each design review, and the verification results are submitted to the reviewers along with the other design deliverables to be reviewed. The results of the design verification, including identification of the design, method(s), the date, and the individual performing the verification, shall be documented and retained.
5.4.6 Design and Development Validation and Approval
Design and development validation shall be performed in accordance with planned arrangements to ensure that the resulting product is capable of meeting the specified requirements. Validation shall be completed prior to the delivery of the product, when possible. The completed design shall be approved after validation. Competent individual other than the person or persons who developed the design shall approve the final design. Records of the design and development validation, approval, and any necessary actions shall be maintained .
Design and development validation shall be performed in accordance with planned arrangements to ensure that the resulting product is capable of meeting the specified requirements. Validation shall be completed prior to the delivery of the product, when possible. Design validation is similar to verification, except this time you should check the designed product under conditions of actual use. If you are designing dune buggies, you might take your creation for a spin on the beach. If you are making beverages, you might conduct a consumer taste test. Verification is a documentary review while validation is a real-world test. Perform design and development validation by ensuring the product meets the specified requirements. Maintain records of validation activities and approvals. Design validation follows successful verification, and ensures, by examination and provision of objective evidence, that each requirement for a particular use is fulfilled. The performance characteristics that are to be assessed are identified, and validation methods and acceptance criteria are established . At the commencement of the design project, the requirements received from the previous design phase form the initial baseline. During design reviews, the requirements are considered to ensure that the right requirements and any assumptions have been captured, to identify missing requirements and ensure that the design intent will meet those requirements. The results of the design validation, including identification of the design, method, the date, and the individual(s) performing the validation, should be documented and retained. The organization shall have records that the product designed will meet defined user needs prior to delivery of the product to the customer, as appropriate. Methods of validation could include simulation techniques, proto-type build and evaluation, comparison to similar proven designs, beta testing, field evaluations, etc. Irrespective of the methods used, the validation activity should be planned, executed with records maintained as defined in the planning activity. Retain documented information to demonstrate that the any test plans and test procedures have been observed, and that their criteria have been met, and that the design meets the specified requirements for all identified operational conditions e.g. reports, calculations, test results, data, and reviews.
5.4.7 Design and Development Changes
Any changes for Design and Development must be identified, reviewed, verified, and validated, as appropriate, and approved before implementation. The review of design and development changes includes evaluation of the effect of the changes on product and/or their constituent parts already delivered. Design and development changes must have all the controls as with the original design and development. This includes change in the design documents. The design and development changes, their review and any necessary action must be recorded.
It is important to control design changes throughout the design and development process and it should be clear how these changes are handled and what affects they have on the product. The organization has retained documented information concerning:
- Design and development changes;
- The results of reviews;
- The authorization of changes;
- Actions taken to prevent adverse impacts.
The organization should begin identifying, reviewing and controlling of design changes including the implementation of a process to notify the customer when changes affect the customer requirement e.g. customer communication, notifications of change, requests for deviation, and contract amendments. The Engineering Manager in conjunction with the Design Manager is responsible for evaluating the risks and the impact of design changes against the criteria. The Engineering Manager logs all change requests in the Design Change Request Log, performs an evaluation and either approves or denies the request. Major changes are also evaluated by any affected stakeholders. All change requests serve as design and development inputs for design and development changes. Design documentation is updated to accurately reflect the revised design.
It is as important to control design changes throughout the design and development process and it should be clear how these changes are handled and what effects they have on the product. Ensure control over design and development changes, design changes must be:
Configuration control can be managed via alteration requests, notice of change, amendments, deviations, waivers, concessions, part revision changes, part number changes, change categories, service bulletins, modification bulletins, airworthiness directives, engineering communication notice, product change boards. Design and development changes (after the original verification and validation) have to be ‘verified and validated as appropriate’ (as well as reviewed) and to ‘include evaluation of the effect of changes on constituent parts and products already delivered’. If the organization chooses not to perform re-verification and re-validation on every design change, then the auditor should expect to see some very well-defined criteria as to when the activity needs to occur. Retain documented information that includes design change history, evaluation of change results, authorization of change and actions taken in relation to subsequent activities that are impacted by the change.
5.5 Contingency Planning
The organization must maintain a documented procedure for contingency planning needed to address risk associated with impact on delivery and quality of product. Contingency planning must be based on assessed risks, and output to be documented and communicated to the relevant personnel and updated as required.
While contingency has been applied by the industry for years, application has been inconsistent and has overlooked critical information to mitigate risks. The standard mandates that a documented procedure for contingency planning must be available. This requirement for the procedure will include risk mitigation for delivery and quality of product. Contingency planning needed to address risk associated with the impact on:
- Delivery and Product Quality.
- Based on assessed risk
- Communicated to relevant personnel.
5.5.2 Planning Output
The contingency plan is to include, at a minimum actions required in response to significant risk scenarios to mitigate effects of disruptive incidents, identification and assignment of responsibilities and authorities and internal and external communication controls .
Contingency planning output must be documented and communicated to the relevant operational personnel and updated as required to minimize the likelihood or duration of disruption of manufacturing. The outputs of the contingency planning must be based on assessed risks that were discussed in section 5.3 of this specification. As mentioned in the dictation under 5.5.1, the better the Risk Assessment, the less disruption and the smaller the likelihood of an incident. If an incident does occur, it is more likely to be contained or controlled through contingency planning, thereby minimizing loss.
The contingency plan shall include, at a minimum:
- Actions required in response to significant risk scenarios to mitigate effects of disruptive incidents;
- Identification and assignment of responsibilities and authorities, and
- Internal and external communications controls
Actions Required in Response to Significant Risks covers actions required in response to significant risk scenarios to mitigate effects of disruptive incidents. This is obvious and is what most manufactures often think of when doing contingency planning. This is how we prevent or mitigate the “Incident” we discussed in 5.5.1 of the specification. Here, the manufacture must review different real and potential risk scenarios and do the proper assessments to understand the in order to prevent and/or mitigate the loss. Most manufactures do this as it relates to HSE. However, API Spec Q1 requires this to be done to include delivery and product quality related incidents as well ,
The basic contingency planning process includes
1. Map out essential processes.
What processes are essential to your business and safely delivering your product or service to customers? If you’re a manufacturing company that ships directly to consumers, a simplified process list might look something like this:
- Getting raw materials from suppliers
- Manufacturing process
- Freight and shipping
- Packaging and warehousing
- Last-mile delivery
Looking at this list, you can see how vulnerable it is to natural disasters or even minor human errors.
2.Create a list of risks for each process.
Once the process list is created, consider what might disrupt business continuity. What can go wrong with each of these critical processes? Let’s look at an example of what could go wrong with “last-mile delivery”
- The driver can deliver single or multiple packages to the wrong address.
- The package can be damaged during delivery.
- The package could get lost at a distribution center.
- A truck full of packages could be involved in an accident.
- A flood could cripple the road system in a specific area.
- The driver could get delayed because a moose wants to lick salt splatter off the car (seriously, it’s a thing).
- And that’s only a preliminary list. Once you start thinking about it, you’ll realize how many things you rely on to avoid going wrong, even for fundamental processes.
Every business process is vulnerable to some sort of emergency or human error.
3. Evaluate the potential impact and likelihood of each risk.
Once the risks are identified, it’s essential to determine how they could impact your business. Are they likely to happen? How large will the impact on your business if they do occur? Most companies use “qualitative risk assessment” to do this.
4. Calculate costs and contingency reserves, and identify issues to mitigate.
The quantitative risk assessment approach is to assess the potential cost of each risk. This means you can make an educated decision when budgeting contingency reserves into project plans and yearly budgets. During the risk analysis, estimate the potential costs of the adverse event.
5. Create a response plan for prioritized events.
Create a response plan for events by exploring the following questions:
- What can be done ahead of time to minimize any adverse effects on the event? For example, backing up data, carrying extra stock, or having more employees on call.
- What can be done immediately after the event to minimize the impact? For example, ordering more from a secondary supplier, rerouting another vehicle, or bringing in on-call staff.
The specifics depend on your company’s unique processes and situation.
5.6.1 Purchasing Control
Procurement and the controls of materials, products and suppliers is one of the most critical elements of API Q1. The organization must maintain a documented procedure to ensure that purchased product or outsourced activities conform to specified requirements and must address:
a) the determination of the criticality of activities or products as they are applicable to conformance to product or customer specifications
b) Initial evaluation and selection of suppliers based on their ability to supply products or activities in accordance with the organization’s requirements
c) type and extent of control applied to the supplier based on the criticality of product or activity
d) criteria, scope, frequency, and methods for reassessment of suppliers
e) maintaining a list of approved suppliers and scope of approval, and
f) type and extent of control applied to outsourced activities
a) Determination of Criticality: The determination of the criticality of the activities or products as they are applicable to conformance to product or customer specifications. This is an important requirement to both ensure that all incoming raw materials, components and finished product(s) meet specification. It is also important factor for determining which suppliers may or may not be critical as well.
b) Initial Evaluation of Suppliers: Initial evaluation and selection of suppliers based on their ability to supply products or activities in accordance with the organization’s requirements
Some things to consider here include:
o Suppliers ability to meet the organizational requirements
o Suppliers ability to meet customer requirements
o The supplier’s actual capacity and capability of meeting organization requirements.
c) Applied Control: This mandates that organizations include in the procedures, the type and extent of control applied to the supplier and activities or products based on the of the activities or products. The term “criticality” is important. The criticality of the activities or products as well as the supplier’s risks, determines the type and extent of controls that the organization provides for the supplier, activities or products.
d) Reassessment of Suppliers: The procedure shall address:
o For supplier reassessments
e) Approved Supplier Listing: The procedure shall address:
o List of approved suppliers
o Scope of approval
f) Control Over Outsourced Activities: The procedure shall address the type and extent of control to be applied to outsourced activities. The amount of control normally takes the suppliers performance into account. Some performance criteria include:
- Quality of product and service
- On time delivery
- Reporting & documentation
Approved suppliers must have satisfactorily demonstrated their ability to meet your business’s requirements, as well as customer and legal requirements, as determined and evidenced by the initial supplier evaluation process. Suppliers are often approved, or not approved, on the basis of financial standing, preferred cost, product expertise, past performance, technology, logistics, supply chain integrity, business risk, and any known significant environmental, or health and safety compliance issues. If the supplier is acceptable, they should be added to your approved supplier list. Signed approval must be given by an authorized representative, typically the Quality Manager or Contracts Manager have the authority sign off on supplier approvals. The approval status of each supplier must be clearly authorized on your approved supplier list.
188.8.131.52 Initial Supplier Evaluation—Critical Purchases
For purchases of critical products, components or activities, the criteria for the initial evaluation of suppliers by the organization shall be site-specific for each supplier. For purchases of critical products, components or activities, the criteria for the initial evaluation of suppliers by the organization shall be site-specific for each supplier and shall include verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization. Assessment of the supplier to ensure its capability to meet the organization’s purchasing requirements by performing an on-site evaluation of relevant activities, or performing first article inspection to ensure conformance to stated requirements, or identifying how the supplied product conforms to stated requirements when limited by proprietary, legal, and/or contractual arrangements.
A critical vendor is one that you rely on heavily to support the most important activities within your organization – oftentimes called ‘critical activities’. While critical activities will differ between organizations, examples of critical vendors might include those who:
Inspection Companies– Non Destructive Testing, Magnetic Particle Inspection, thread inspection, etc. 3rd party inspection companies could be considered a critical supplier.
Calibration Companies – The organization requires certificates published from the 3rd party vendors. This makes calibration companies a critical supplier.
Material –Product and Raw Material Supplier– The Supplier for material would be considered a critical supplier to our needs since many of the products are supplied because if we would stop buying from them our operation would simply crumble
Trucking and delivery – These are suppliers are crucial to the end result as we depend on them to get it to the rigs, so they would definitely be considered critical.
O-rings, seals, and gasket suppliers – Anytime product requires O-rings, seals and gaskets they can be classified as critical.
Defining your critical vendors begins with being clear about your own critical activities. A good place to start is with your company’s business continuity/disaster recovery plan, which defines critical activities within your own operations. Knowing those activities will help you determine which vendors support those critical operational areas. Here are a few things you should do to get started to identify critical vendors:
- Inquire of your Procurement department if they maintain a listing of all vendor contracts.
- Review your user listings to critical systems. You should already perform periodic user access reviews, but doing so will give you an understanding of what vendors have access to your network or sensitive data.
- Once you have performed these tasks, you may be able to better categorize your critical vendors, according to the following classifications and how they rate within your own organization:
- Vendor type
- Regulatory requirements
- Specific services provided
- Business disruption factors
- Data type and volume
184.108.40.206 Initial Supplier Evaluation—Noncritical Purchases
Even for purchase of noncritical products, components, or activities that impact product realization or the final product, the criteria for evaluation of suppliers by the organization must either meet the requirements of criteria of evaluation of critical suppliers or satisfy verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization or assessment of the supplier to meet the organization’s purchasing requirements or assessment of the product upon delivery or activity upon completion.
A non-critical vendor is one that does not undergo the same level of examination as critical vendors. Non-critical vendors simply offer support to the operations that allow employees to do their jobs efficiently, effectively and in comfort. They do not, however, have any impact on the final product or service. These vendors may affect productivity but they do not affect the product or service provided itself. The main difference in treatment between a critical and non-critical vendor lies in the frequency between reviews and assessments. Critical vendors generally undergo reviews once a year while non-critical vendors only face reviews once every two-to-three years.
220.127.116.11 Supplier Reevaluation
For re-evaluation of all suppliers weather critical or noncritical, the requirements of 18.104.22.168 shall apply. The criteria for re-evaluation of suppliers by the organization must either meet the requirements of criteria of evaluation of critical suppliers or satisfy verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization or assessment of the supplier to meet the organization’s purchasing requirements or assessment of the product upon delivery or activity upon completion
A typical supplier evaluation and reevaluation might include:
- Gathering and analysis of data (such as technological and operational capabilities, logistics, quality, technical risks) about the supplier.
- An on-site assessment of the quality system or compliance review by your Audit staff.
- Completing and signing a quality agreement or contract.
- Businesses often assess the supplier’s facilities, quality system, and process controls to determine if there is potential impact on their own manufacturing or service provision processes.
- Assign risk levels on parts/materials, as appropriate:
- Determine if there is potential product or regulatory risk.
- Confirm the capability of the supplier to supply or manufacture to requirements.
22.214.171.124 Supplier Evaluation Records
Records of the results of all evaluations and any necessary actions arising from the evaluations shall be maintained.
All suppliers should be given an overall performance rating between 0-100%. Set the minimum performance threshold or benchmark to 95% for example. The resulting performance rating is an indication of a supplier’s performance ability and their ability to meet your requirements. Retain records of supplier evaluations and the related actions.
When an organization choose to outsource any activity within the scope of its quality management system, the organization shall ensure that all applicable elements of its quality management system are satisfied and shall maintain responsibility for product conformance to specified requirements, including applicable API product specifications associated with product realization. Records of outsourced activities shall be maintained.
Monitoring Outsourcing performance
The performance of outsource processes must be consistently monitored by the Quality Manager or Contracts Manager. Various ways include the review of measures, targets, KPIs, score cards, dash-boards, scored ratings, or survey results. The ongoing monitoring of commonly use some of the following criteria to rate performance:
- An assessment of the quality and quantity of products, services or materials provided.
- On-time delivery performance.
- Total number of corrective actions.
- response time.
- Defective parts per million (PPM).
- Total cost.
- A review of receiving records, inspection records, or acceptance records.
Organization should periodically communicate these results to their vendors as appropriate. On-site audits and process audits at the vendor’s premises is deemed necessary by the Quality Manager and the Purchasing, or Contracts Manager. Issues or conditions which might initiate a vendor’s audit include quality issues, engineering changes, process changes, plant location changes or the criticality of the part or service. When an audit is necessary, you should contact the vendor and schedule an on-site visit and confirm the agenda.
5.6.2 Purchasing Information
The organization must ensure prior to communicating with the supplier the adequacy of the purchasing information must be adequate and documented. Purchasing information must describe the product or activity to be purchased, including acceptance criteria, and where appropriate requirements for approval of supplier’s procedures, processes, equipment,applicable version of specifications, drawings, process requirements, inspection instructions, traceability, and other relevant technical data. It must also describe if any supplier personnel’s qualification and QMS requirements.
Purchase orders for items that are essential to fulfill customer requirements and directly affect the quality of your products and services should only be raised by the Purchasing Manager, or the Accounts Department (at the request of the Purchasing Manager). Purchase orders may be raised by the use of the computerized purchasing system or soft backed purchase order books. Purchase orders should contain:
- Purchase Order Number;
- Items required;
- Required delivery date;
- Quoted prices where applicable or known;
- Any other information deemed critical for the supply of the material should also be noted.
Ensure that purchase orders or purchasing specifications include, where appropriate the requirements for the approval and acceptance of products, services, procedures, processes or equipment. Purchasing documentation should also define the requirements for approval of the supplier’s personnel, verification arrangements, or quality management system requirements as necessary. All purchase orders or purchasing specifications must be reviewed and approved before they are released to the supplier. Where appropriate, ensure the requirements for certification, inspection reports, statistical data, approval of samples, etc. are included in purchasing documents. Some purchasing documents may include an agreement obligating your suppliers to give notification of changes to their product or service. When notification is received, the Quality Manager and the Purchasing, or Contracts Manager should evaluate how, and whether the changes affect the quality of your completed products or services.
The organization must where appropriate, communicated not just the products or services they wish to receive but also any processes they want the external provider to undertake on their behalf. To ensure adequacy of specified purchasing information prior to their communication to the supplier, the supplier is usually requested to quote on price and availability. All pertinent purchasing information, as determined by your organization and customer requirements; should be included in the request for a quote (RfQ). The purchase order should be created after the review and acceptance of a supplier’s quote, and must contain the same content as the request for a quote. Describe the product to be purchased by:
- Defining product approval requirements, e.g.; certificate of conformity;
- Defining intended verification arrangements, e.g.; witness testing or certification;
- Defining personnel qualifications and quality, environmental, and safety requirements;
- Maintaining records.
Where activities are wholly outsourced, or subcontracted; your organization maintains responsibility for product conformance to all specified requirements. Purchasing information should include acceptance criteria, and where appropriate, state the requirements for the approval of supplier’s procedures, processes, and equipment. Applicable versions of specifications, drawings, process requirements, inspection instructions, traceability, relevant technical data, and requirements for qualification/competence of the supplier’s personnel, and quality management system must be specified and communicated.
5.6.3 Verification of Purchased Products or Activities
The organization must establish a documented procedure for the verification or other activities necessary for ensuring that purchased products or activities meet specified purchase requirements. Where the organization or its customer intends to perform verification at the supplier‘s premises, the organization shall state the intended verification arrangements and method of product release in the purchasing information. The organization must ensure and provide evidence that purchased products and activities conform to specified requirements. The organization shall maintain records of verification activities.
The documented procedure must ensure that items, which are essential to fulfilling customer requirements and which directly affect the quality of products and services, are verified upon product receipt or service delivery to verify they conform to:
- QMS requirements;
- Competency of external personnel;
- Purchase orders;
- Purchasing specification;
- Purchasing agreements;
- Delivery notes;
- Release certificates;
- Certificates of conformity;
- Inspection and acceptance tests;
- Product specifications;
- National or international standards.
- Receiving inspection
On receipt of incoming materials, the receiving personnel must identify and inspect the items, goods and materials and match them against the delivery note. The delivery note is compared to the corresponding purchase order and any related documentation. This inspection should include but not be limited to:
- Confirmation of identification using purchase order number, drawing numbers, material markings etc.;
- Confirmation of adherence to delivery schedule;
- Confirmation of conformance to purchase order requirements;
- Confirmation of correct quantities;
- Visual examination for obvious defects;
- Measurement comparison to drawings where required;
- Specified certification/documentation as required.
For large numbers of identical items, visual and dimensional checks should be undertaken on a minimum of 5% of the total quantity. No material is released for further processing until receiving inspection has been completed and goods accepted. All accepted materials passing immediate inspection can be allocated a storage area. Any non-compliant goods must be placed in a separate area, and clearly identified. Further investigating should determine whether the items, materials or goods are to be:
- Returned to Supplier;
- Reworked to a useable condition.
When inspecting materials that include specified certification or documentation should only be accepted when such certification and documentation has been viewed and approved by the Quality Manager or the Purchasing Manager.
5.7 Production and Servicing Provision
5.7.1 Control of Production and Servicing
The organization must establish a documented procedure that describes controls associated with the production of products. The procedure shall address the availability of information that describes the characteristics of the product, when applicable implementation of the product quality plan, when applicable ensuring design requirements and related changes are satisfied, when applicable, the availability and use of suitable production, testing, monitoring, and measurement equipment,when applicable the availability of work instructions, process control documents, implementation of monitoring and measurement activities, and implementation of product release including applicable delivery and post-delivery activities.
- The procedure shall address the following the availability of information that describes the characteristics of the product. A product characteristic is an attributes or property of the product that describes the product’s ability to satisfy its purpose in a larger system.Examples of product characteristics are size, shape, weight, color, quality, hardness, etc. The list of product characteristics depends on your product and how its functional design requirements have been defined. Some product characteristics are more significant that others in terms of reliability, quality and safety. Thus, it can be important to identify those that are most critical.
- The procedure shall address the following implementation of the product quality plan, when applicable.
- The procedure shall address ensuring design requirements and related changes are satisfied, when applicable. Changes to the Product Quality Plan design requirements and related changes may affect the application or other risk associated with the changes therefore a review of the Design and Development process is required to ensure associated with the changes related to product quality, delivery and meeting customer requirements are affected.
- The availability and use of suitable Production, Testing, Monitoring and Measurement Equipment. Manufacturing in the process must ensure that production equipment required for the manufacturing process is available, based on capacity and suitability for the application required as well as having properly calibrated TMME suitable for monitoring the manufacturing process to ensure the product meets the stated specifications.
- The availability of work instructions, when applicable. While not stated in the specification, processes especially critical processes should have work instructions describing critical steps and include what risks to Quality, Health & Safety that could affect product quality/delivery and where employee’s health and safety are at risk. This is linked to their competencies
- The procedure shall address process control documents. Process control documents includes those documents demonstrating to the stated requirements (Customer, API, product standards/ codes etc.) and listed within the product quality plans, if applicable. These documents include routing, travelers, checklists, process sheets, or equivalent controls required by the company.
- The procedure shall address the implementation of monitoring and measurement activities.
- The procedure shall address the implementation of product release, including applicable delivery and post-delivery activities. Product release cannot proceed until the product meets the agreed upon planned arrangement or approved by a relevant authority and, where applicable, by the customer.
The organization must establish a documented procedure that describes controls associated with the servicing of products. The procedure shall address the review and implementation of the organization’s, customer-specific, product servicing, and other servicing requirements, the availability and use of suitable servicing, testing, monitoring, and measurement equipment, the availability of work instructions, when applicable, ensuring identification and traceability requirements are maintained throughout the servicing process, the implementation of monitoring and measurement activities, process control documents and requirements for release of the product that was serviced.
- The procedure shall address review and implementation of the organization’s customer-specific, product servicing, and other servicing requirements. The documented controls in the procedure addressing these servicing requirements are critical to ensure that both the product being serviced meets requirements and to ensure that it stays within the scope of API Q1.
- The procedure shall address the availability and use of suitable Servicing, Testing, Monitoring and Measurement Equipment. Calibration has been replaced with Testing, Monitoring and Measurement Equipment. Monitoring also includes verification . This includes equipment that is both critical to the process while having the possibility of presenting significant risk to person, such as H2S monitors, other gas monitors, confined space monitors, etc.
- The procedure shall address the availability of work instructions, when applicable.
- During servicing, (related to returning SRP back to OEM specification) especially critical service-related product and the processes associated with the servicing of those within the manufacturing scope should have work instructions.
- The procedure shall ensure identification & traceability requirements are maintained throughout the servicing process.
- The implementation of monitoring and measurement activities.
- During servicing, manufacturing must ensure that all product (critical) has the proper controls by using the appropriate monitoring and measurement devices and activities. These activities are documented using the proper
- Process control documents includes those documents demonstrating conformance to the stated requirements (Customer, API, product standards/ codes etc.) and listed within the product quality plans if applicable. These documents include routing, travelers, checklists, process sheets, or equivalent controls required by the company.
- The procedure shall address the requirements for release of the product that was serviced.
126.96.36.199 Process Control Documents
Process controls are be documented in routing, travelers, checklists, process sheets, or equivalent controls as required by the organization including requirements for verifying conformance with applicable product quality plans , API product specifications, customer requirements, and/or other applicable product standards/codes. The process control documents also include or have reference to instructions and acceptance criteria for processes, tests, inspections, and required customer’s inspection hold or witness points.
Process control is about monitoring and controlling all aspects of a manufacturer’s production and operation. It’s part of the larger supply chain management and it works in conjunction with other operation management functions such as inventory control and quality control. The purpose of production control is to balance the output of a facility to guarantee that the specifications of the products being produced are met. It does this by applying specific actions and making insightful decisions to predict, plan and schedule work. Some of the activities that are regulated in production control include labor, the availability of materials and any restrictions on capacity and cost. The end result of production control is to achieve the expected quality and demanded quantity while monitoring the production schedule to ensure that the production plan is being met. he production control process varies from industry to industry and even business to business. That said, there are some fundamental steps that are common in any production control process. They are as follows.
Routing: The first step of any production control process is the definition of your operation, from beginning to end. This includes what raw materials you’ll need for production, other resources, such as labor and equipment, the needed quantity, quality expectations and where the production will take place. This process is to determine the most efficient and cost-effective step-by-step manufacturing process through scheduling.
Traveler: It is a document that contains all of the details about the materials and processes that went into the production of a given item. When a manufacturer receives an order, they create a work order to begin the production process. In addition to the work order, a traveler is created and moves along with the product as it flows through the production facilities. The traveler contains information about what items are necessary for the given product, what tools will be needed, and what steps the product will need to go through to be assembled.
Checklist for Manufacturing: A control checklist for manufacturing includes all the requirements for a product, both visual and physical. It is a beneficial tool to ensure all parties are on the same page about the demands for the parts, materials, and final product. It outlines the standards your suppliers and manufacturers should meet and describes the “ideal” product that your customer expects from you. You can think of a checklist as guidelines for all teams to follow when making and selling your products. It streamlines the cooperation process and helps eliminate any possible errors occurring along your entire manufacturing workflow.
Process sheet: A process sheet is a document that provides all the steps for manufacturing products.Process sheets are also processed records, production documents, or shop orders. A process sheet consists of manufacturing instructions for a specific batch, lot, or run. It describes the operating parameters and settings for the equipment and facilities used and associated tooling or supplies. It contains part information, routing information, and operation detail information.A process sheet is a set of instructions that can be followed to achieve the desired goal.
188.8.131.52 Product Realization Capability Documentation
The organization must documentation the product realization plans (see 5.2) and records of review/verification, validation, monitoring, measurement, inspection, and test activities, including criteria for product acceptance to demonstrates the capability of the organization to satisfy specified product and/or servicing requirements. Product realization documentation is evidence of the capability of the organization to manufacture products or families of products and does not extend to every work order or individual product manufactured.
184.108.40.206 Validation for Production & Servicing
This section reviews the validation of process for production and servicing. All those process of production and servicing has to be validated where the resulting output cannot be verified by subsequent monitoring or measurement, and as a consequence, deficiencies become apparent only after the product is in use or the servicing has been delivered. The organization shall maintain a documented procedure to address methods for review and approval of the processes including:
o Required equipment
o Qualification of personnel
o Use of specific methods
o Identification of acceptance criteria
o Requirements for records
The organization shall validate those processes identified by the applicable product specification as requiring validation. If these processes are not identified, or there is no product specification involved, the processes requiring validation shall include, as a minimum, nondestructive examination, welding, and heat treating, if applicable to the product.
Process validation is the act of controlling a process and actually performing the necessary tests to ensure that the process can, in fact, perform according to the requirements it is designed to meet. The monitoring and measuring of the characteristic of the been designed, implemented and executed in a way that enables fulfillment of the planned results. Each organization with the implemented quality management system need validate each of their production and delivery services processes where these processes operate without exhaustive monitoring or measurement.
A process needs to be validated if you will not be able to check if the product or service is compliant with input requirements. An example might be a soldering process or welding process where you cannot check the strength of every weld during your regular production without damaging or destroying the parts. Not every process is required to undergo a validation so if you have a process where validation is not required you can still choose to validate the process. For instance, you may want to validate a process in order to reduce a complex or costly inspection of the product or service after the process, even if you could check that the outputs meet the input requirements. Which processes you validate is determined by you and your needs.
5.7.2 Product Quality Plans
The organization must develop a product quality plan [ can also be called as quality plan (QP), inspection and test plan (ITP), manufacturing process specification (MPS), process control plan (PCP), and quality activity plan (QAP)] which specifies the processes of QMS including the product realization process and resources to be applied to products when required by contract. The product quality plan must description of the product to be manufactured, required processes and documentation, including required inspections, tests, and records, for conformance with requirements, identification and reference to control of outsourced activities, identification of each procedure, specification, or other document referenced or used in each activity and identification of the required hold, witness, monitor, and document review points. These product quality plans must ensure customer requirements are met and must be communicated to customer. The product quality plans and any revisions must be approved by the organization and documented. A product quality plan may be comprised of one or several different documents. A product quality plan often makes references to parts of the quality manual or to procedure documents.
A Product Quality Plan (PQP) is a tool that will allow you to effectively communicate what you expect from your suppliers, your in-house workforce, or external contractors. It covers all areas of the production process from first concepts to the finished product. A Product quality plan is a document that specifies quality standards, practices, resources, specifications, and the sequence of activities relevant to a particular product. An example of this can be a manufacturing company that machines metal parts. Its quality plan consists of applicable procedures, applicable workmanship standards, the measurement tolerances acceptable, the description of the material standards, and so forth. These may all be separate documents. Work orders specify the machine setups and tolerances, operations to be performed, tests, inspections, handling, storing, packaging, and delivery steps to be followed. An operating-level quality plan translates the customer requirements into actions required to produce the desired outcome and couples this with applicable procedures, standards, practices, and protocols to specify precisely what is needed, who will do it, and how it will be done. Product Quality Plan shows the techniques and procedures for controlling the product. Product Quality Plan need to consider the goals of reliability and quality. Reliability goals are established based on the needs and expectations of end users. Quality goals should be based on metrics that are gained from company production or past experience. The Product Quality Plan may be as simplistic as a one-page document or as complex as a 5” binder document set. The complexity of an Product Quality Plan varies depending on the complexity of the product.
5.7.3 Identification and Traceability
The organization must establish a documented procedure for identification and traceability while the product is under control of the organization as required by the organization, the customer, and/or the applicable product specifications throughout the product realization process, including applicable delivery and post-delivery activities. The procedure shall include requirements for maintenance or replacement of identification and/or traceability marks. Identification and traceability must be recorded.
Where traceability is a requirement, the organization should control and records the unique identity of the product throughout the production process to ensure that only products that have passed the required inspections and tests are utilized. The process for the identification and traceability of outputs, in terms of the monitoring and measurement requirements at all stages of production, to enable the demonstration of conformity to requirements, e.g. physical part marking, labeling, tags, bar codes, signage, visual indicators, part segregation, lay down areas, storage racks. There are several ways of identifying products to prevent them becoming mixed with other parts, components, or orders. The most obvious is using tags or stickers with a unique traceability identifier, such as a lot or batch number included on the product labels. The identification may be engraved in the product itself, or the product may simply be marked by a color. Establish and implement a procedure to identify the product through the design, development, manufacture and delivery stages. The established a traceability system should track components from raw material through inspection, test, and final release operations, including rework:
- Establish the identity and status of products;
- Maintain the identity and status of products;
- Maintain records of serial or batch numbers.
5.7.4 Product Inspection/Test Status
The organization must establish a documented procedure for the identification of product inspection and/or test status throughout the product realization process that indicates the conformity or nonconformity of product with respect to inspections and/or tests performed. The organization shall ensure that only product that meets requirements or that is authorized under concession is released.
Product inspection & test status are conducted for the product identification, and all the quality requirements managed in it. Product inspection and test status documentation is managed to recording information of the quality inspection and quality test that conducted, progress of the test and its status records are managed in the documents, the quality inspection and test status is maintained for the product identification. The documentation of the Product inspection & test status are maintained each process stages that required for the manufacturing, producing materials with quality as per customer requirements. The documents covered materials and its identification method that used to product realization with detailed information is managed in the quality inspection and test status. Management of the quality concern issues and its concern methods are also maintained in details. The stages of the product management are conducted incoming materials to final product and its concern information that used for the product identification. The documentation for inspection and test status is the part of the product identification, and the records are managed by quality manager, and quality manager is responsible for the managing records and its concern activities that help to determine actions for improvement for particular stages and its methods that handled during the process.
5.7.5 Customer-supplied Property
The organization must a documented procedure for the identification, verification, safeguarding, preservation, maintenance, and control of customer-supplied property, including intellectual property and data, while under control of the organization. The procedure includes requirements for reporting to the customer any loss, damage, or unsuitability for use of customer-supplied property. The control and disposition of customer-supplied property must be recorded.
This contains the requirement for organizations to have documented procedures for the identification, verification, safeguarding, preservation, maintenance, and control of customer supplied property. Check that your organization communicates with its customers in regard to the handling and treatment of their property. You should also check that contingency plans and, where relevant, actions are undertaken when non-conformities occur with customer property. Good sources of information often include the following examples:
- Goods returned by the customer;
- Warranty claims;
- Revised invoices;
- Credit notes;
- Articles in the media;
- Consumer websites;
- Direct observation of, or communication with, the customer.
If there are any products, materials, or tools on your organization’s premises that are owned by a customer, all employees must exercise care with this property. This means they must ensure that the product is not lost or damaged. If customer property is lost or damaged, this needs to be recorded and the customer needs to be notified. Establish and implement a process to manage property supplied by customers:
- Establish the identity and status of customer supplied product;
- Maintaining records.
5.7.6 Preservation of Product
The organization must establish a documented procedure for preservation of product and its constituent parts, It must describe the methods used to preservation throughout product realization and delivery to the intended destination in order to maintain conformity to requirements. It must include identification and traceability marks, transportation, handling, packaging, and protection as applicable.
The preservation process must include packaging, storage and other product specific handling methods.
- Identification and traceability– Ensure that products are properly identified and do not become mixed with other orders. You should expect to see that all products are clearly identified. This is relative to identification and traceability however for preservation of product it is a requirement and not ‘as applicable’;
- Handling – This may include bulk handing using moving equipment or physical contact where handling may influence product conformity. You should verify that suitable handling methods are implemented throughout the processes.
- Packaging – Ensure that labeling and marking of shipped products are sufficient to enable adequate identification and traceability back through your QMS. This should include ensuring that labeling and marking maintains its integrity and remains affixed throughout the shipping process. You should expect to see that methods have been established for packaging the product to preserve its integrity. Package products appropriately for shipping in order to preserve the product’s integrity throughout the shipping process;
- Protection – Raw materials, in-process materials, inspected product, nonconforming product and product ready for shipping should also be identified with its status and protected from any unintended alteration. You should verify that appropriate measures are in place to protect product. This will vary depending on the product.
220.127.116.11 Storage and Assessment
The procedure must also identify the requirements for storage and assessment of the and its constituent parts . There must be designated storage areas or stock rooms to prevent damage or deterioration of product before its use or delivery. To check for deterioration, the condition of product or constituent parts in stock has to be assessed at specified intervals . The interval will be appropriate to the products or constituent parts being assessed.
The organization must use designated storage areas or stock rooms to prevent damage or deterioration of product, pending use or delivery. Appropriate methods for authorizing receipt to and dispatch from such areas shall be stipulated. The storage facilities, should not only be physical security but also the environmental conditions (e.g., temperature and humidity). In order to detect deterioration, the condition of product in stock shall be assessed at appropriate intervals. It may be appropriate to check periodically items in storage to detect possible deterioration. The methods for marking and labeling should give legible, durable information in accordance with the specifications. Consideration may need to be given to administrative procedures for expiration dates, and stock rotation and lot segregation.
5.7.7 Inspection and Testing
The organization must establish a documented procedure for inspection and testing to verify that product requirements have been met. It includes in-process and final inspection and testing. The inspection and testing results must be recorded
18.104.22.168 In-process Inspection and Testing
The organization must inspect and test the product at planned stages as per the product quality plan, process control documents , and/or documented procedures. Evidence of conformity with the acceptance criteria must be maintained.
22.214.171.124 Final Inspection and Testing
The organization must perform all final inspection and testing as per the product quality plan and/or documented procedures to validate and document conformity of the finished product to the specified requirements. Personnel who has not performed or directly supervised the production must conduct final acceptance inspection. For single step manufacturing processes (e.g. threading), in-process and final inspection and testing may be same.
A product inspection is the process of examining your goods against a list of pre-set criteria to ensure they meet your quality standards. The process might include packaging and labeling checks, visual examination, functionality checks, and measurement taking.Product testing typically involves using advanced equipment in a laboratory setting to verify product safety, compliance, or performance. You might test your products to check for harmful chemicals, comply with regulations, or simulate repeated use.The key differences between inspection and testing in manufacturing are:
- Inspections typically take place at the factory where the goods are produced, while testing occurs in a specialized lab.
- Inspections typically use basic equipment that an inspector can carry with them, while testing involves advanced equipment.
- Inspections are typically focused on maintaining quality standards, while testing is focused on regulatory compliance and performance standards.
Types of inspection / verification:
- Description: size, weight, diameter, length
- 100% or sampling
- Visual inspection
- Dimensional inspection
- Nondestructive examination
- Hardness testing
- Positive material identification
- Document review (inspection reports, material test reports)
In-process inspections seek to examine workflow with the goal of reducing cycle time and Work-in-Process (WIP), while increasing capacity. Resources are evaluated to ensure proper training. Environmental factors are taken into consideration and products are inspected directly on the shop floor. The inspections can be performed by both manufacturing and inspection personnel.
Final inspections take place when production is complete. The overall product is measured against engineering, customer requirements, and standards. Final inspections and device approvals play an integral role in the decision to move items to stock or shipment. An inspection report is run prior to final device approval to ensure there are no open items. A final inspection report will validate that all required operations are complete, all non-conformances have been resolved, and required traceability has been recorded.
Usually, the Quality Manager determines the scope of the inspection and testing. This will be thoroughly communicated to all personnel. This procedure usually includes
- Holding back products until all inspections have been finalized
- The work order is reviewed to ensure all first part inspections, processes, and specifies operations have been completed—the relevant supervisor signs off the sheet
- Check that all documents are traceable to each product and made available for inspection
- Do a visual inspection to verify all specified operations have been completed. This is also done to detect any visible damage or defects
- Goods are released for packaging and shipping after the final inspection has been completed
5.7.8 Preventive Maintenance
The organization must establish a documented procedure for preventive maintenance for equipment used in product realization. The procedure shall identify type of equipment to be maintained, frequency and personnel responsible for preventive maintenance. Record for Preventive maintenance must be maintained . Preventive maintenance can be based on risk, system reliability, usage history, experience, industry recommended practices, relevant codes and standards, original equipment manufacturer’s guidelines, or other applicable requirements.
Preventive maintenance consists of regular, scheduled maintenance activities that are performed on equipment to reduce the chance of failure and extend up-time. Preventive maintenance can be defined as being the “systematic inspection, detection, correction, and prevention of incipient failures, before they become actual or major failures.”
a) This specification requires that the type of equipment used in the process realization process be identified and maintained.
(b) Frequency Identifying the frequency of the preventive maintenance to be performed. This may include:
(c) Identifying the responsible personnel to perform the preventive maintenance. This may include:
- Maintenance Personnel
- Manufacture/ 3rd Party
5.8 Control of Testing, Measuring, Monitoring Equipment
The organization must determine the testing, monitoring, and measurement required and the associated equipment needed to provide evidence of conformity to those requirements. The organization must establish a documented procedure for maintenance and calibration of the testing, measurement, and monitoring equipment and that the equipment is used as per the monitoring and measurement requirements. The procedure shall include unique identifier, calibration status, equipment traceability to international or national measurement standards. If no such standards exist, the basis used for calibration or verification must be recorded. It must also include frequency of calibration prior to use and also at specific intervals. The calibration or verification method, including adjustments and readjustments as necessary, the acceptance criteria and control of equipment identified as out-of-calibration in order to prevent unintended use should be included in the procedure. When the equipment is found to be out of calibration, an assessment of the validity of previous measurements must be undertaken. Actions to be taken on the equipment and product. If any suspect product has been shipped, there must be evidence of notification to the customer. Records must be maintained. Testing, measuring, and monitoring equipment (TMME) must be calibrated or verified, or both, against measurement standards. Verification against identified acceptance criteria is performed on nonadjustable equipment. TMME must have the calibration status identifiable by the user for the activities being performed at all times. It must be safeguarded from adjustments that would invalidate the measurement result or the calibration status. It must be protected from damage and deterioration during handling, maintenance, and storage. It must be used under environmental conditions that are suitable for the calibrations, inspections, measurements, and tests being carried out. When used in the testing, monitoring, or measurement of specified requirements, the ability of computer software to satisfy the intended application must be confirmed prior to initial use and reconfirmed as necessary. When the equipment is provided from either third-party, proprietary, employee- and customer-owned equipment, the organization must verify that the equipment is suitable and provide evidence of conformity to the requirements. The organization must maintain a registry of the required TMME which must include a unique identification, specific to each piece of equipment. Record of results calibration and verification must be maintained.
TMME are subject to the following controls:
- Devices are calibrated at intervals or prior to use, based on recognized standards;
- Devices are adjusted as necessary in accordance with manufacturer’s instructions;
- Devices are identified to enable calibration status to be determined;
- Devices are safeguarded from adjustment, which may invalidate results;
- Devices are protected from damage during handling, maintenance or storage;
- The validity of results from a non-confirming device are re-checked with a conforming device;
- Devices are calibrated by external providers certified to ISO 17025;
- Records of calibration and verification are maintained;
- Computer software which is used for monitoring/measuring is validated prior to initial use;
- Computer software used for monitoring and measuring is re-validated where necessary.
If measurement traceability is not required, verify that those monitoring and measuring resources used by your organization are suitable. You should ensure that record is maintained in order to demonstrate suitability of monitoring and measuring equipment. While this is not required, all equipment requiring calibration must be identified and must be:
- Calibrated or verified at specific intervals, or prior to being used. Equipment must be calibrated using measurement standards traceable to international or national measurement standards. Where there is no standard available for the device the basis for calibration or verification must be recorded. A Certification Auditor would expect to see that traceable standards are used and where applicable have not expired. Where calibration is completed by an outsourced process i.e. vendor, the records of traceability must be reviewed.
- Adjusted or readjusted as necessary. There must be evidence that equipment found to be out of calibration are adjusted/re-adjusted by qualified personnel and the validity of the previous measuring results are accessed when equipment is found to be out of calibration and appropriate action is taken (may include recall of product). A process must be in place to provide traceability of each piece of equipment to the process/product that the equipment was used on. The results of calibration and verification are required to be maintained as quality records.
- Identified to show calibration status. Each piece of equipment must be identified in such a way that the user can determine that the device has current calibration, this may be accomplished by the equipment unique serial number traceable to the calibration record however, the calibration status label is a good practice. Other methods may be used however must clearly identify the calibration status. Where the environment is not conducive to the use of stickers, status may be identified by color-coding, identification number with associated calibration record, and/or calibrated prior to every use.
- Safeguarded from adjustment. A process must be in place to ensure that users outside the calibration process do not adjust equipment. Equipment may be verified prior to use however any adjustments made to equipment must meet all requirements of this section. Methods to safeguard may include; locking materials for setscrews, tamper-proof seals, limited entrance to calibration areas, and other methods.
- Protected from damage during handling, maintenance and storage. The measuring equipment must be handled and stored in a manner to protect the equipment from damage.
5.9 Release of Product
The organization must establish a documented procedure to ensure release of product to the customer shall not proceed until all the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer. Records to enable identification of the individual releasing the product must be maintained
The release of product must not be completed until the planned requirements have been met. The release of product may include, according to product planning and the verification stages; release to the next operation, release to an internal customer, or release to final customer, etc. Planned arrangements can include design verification and design validation, which can involve modelling, simulations, experiments, trials, prototypes, functional testing, performance testing; inspections comprising, in-process, first article and final inspection; thorough examination through destructive and non-destructive testing; customer acceptance testing, product certification/qualification, third party qualification from a regulator, recognized society, or independent testing body etc. For product release , the planning requirements may be waived, but must be approved by relevant authority and by the customer as appropriate. Monitor and measure product characteristics to ensure they are able to demonstrate:
- Product characteristics are continually met;
- Evidence of conformity with product requirements.
Retain records to provide evidence that acceptance criteria have been met might include: e.g. certificate of conformity, release certificate, regulatory certificate. Ensure traceability to the person(s) authorizing the release such as name, authorized signatories, user identification, stamp impression etc., including their authority status (release signatory, certifying staff, scope of authorization etc.).
5.10 Control of Nonconforming Product
The organization must establish a documented procedure to identify the controls including the responsibilities and authorities for nonconforming product. The procedure for nonconforming product identified during product realization must includes controls for product identification to prevent unintended use or delivery, address the detected nonconformity, take action to preclude its original intended use or delivery and authorizing its use, release, or acceptance under concession by relevant authority and, where applicable, by the customer.
The procedure for nonconforming product identified after delivery must include identifying, documenting, and reporting nonconformances or product failure identified after delivery. It must ensure the analysis of product nonconformance or failure, provided the product or documented evidence supporting the nonconformity is available to facilitate the determination of the cause. It must take action appropriate to the effects, or potential effects, of the nonconformance when nonconforming product is detected after delivery.
5.10.2 Nonconforming Product
The organization shall address nonconforming product by repair or rework with subsequent inspection to meet specified requirements; and /or re-grade for alternative applications; release under concession and/or reject or scrap.
5.10.3 Release of Nonconforming Product Under Concession
The evaluation and release under concession of nonconforming product that does not satisfy manufacturing acceptance criteria (MAC) can be permitted when the organization’s relevant authority and the customer (where applicable) have authorized the release provided that products continue to satisfy the applicable Design acceptance criteria (DAC) and/or customer criteria; or the violated MAC are categorized as unnecessary to satisfy the applicable DAC and/or customer criteria or the DAC are changed and the products satisfy the revised DAC and associated MAC requirements.
5.10.4 Customer Notification
The organization shall notify customers of product not conforming to DAC or contract requirements, that has been delivered. The organization shall maintain records of such notifications .
The nature of nonconformities and any subsequent actions taken, including concessions obtained, must be recorded.
The organization must keep records of each nonconformance or defect and how it was dealt with. Records of product nonconformity should be periodically reviewed to determine if a chronic problem exists with the production process. The product should then be subject to further inspection to verify that it is now correct. As for records, if you documented the nonconforming product there should normally be somewhere to verify that you successfully (or not) cured the problem and that it is now conforming. Re-verification simply means that you cannot assume that because someone tells you they have corrected the problem then it is ok. The clause is asking you to re-verify by whatever means you originally chose. If you used inspection as a method of verification then re-inspect in the same method. If not, use whatever method suits you (or your customer). Just make sure it is ok before it leaves. The re-verification after remedial work might involve testing as well as inspection. The reason is not just to verify that the defect has been removed, but also to assure that fresh defects have not been introduced by the rework. Records would be as appropriate for the re-inspection or re-testing performed. Re-verification is equivalent to re-inspection and records could include a signature of approval or a more formal test report. Whichever format is chosen, it must be defined in the nonconformity procedure. You may need to supply new evidence of conformance to your customer along with corrective action documentation if requested. The method that you use in either of these situations should be defined in your procedures, that way you relieve yourself and your auditor from guessing how you would address them. Where necessary, any product or process outputs that do not conform to specified requirements should be properly identified and controlled to prevent unintended use or delivery. Improvements are then implemented to ensure the nonconformance does not reoccur. Control defective products by:
- Defining how nonconforming products and processes are identified;
- Defining how nonconforming products and processes are dealt with;
- Removing or correcting nonconformities;
- Preventing the delivery or use of nonconforming products and processes;
- Verifying how nonconforming products and processes were corrected;
- Providing evidence that corrected products and processes now conform to requirements;
- Keeping records that catalogue nonconforming products and processes.
There may be instances where it is impossible to completely eliminate the cause of the nonconformity, so in these instances, the best you can do is to reduce the likelihood or the consequences of a similar problem happening again in order to reduce the risk to an acceptable level. Where applicable any corrective action taken and controls implemented to eliminate the cause of nonconformity should be applied to other similar processes and products.
Handling Nonconforming Products
Documented procedure should indicate the plan of action for controlling products. Nonconforming product is identified and separated from other conforming products. Nonconforming product must be reviewed and approved before release. Details of nonconformity must be documented. If nonconformity is identified after delivery, separate actions taken. Re-processed nonconforming products should be re-validated before release. When it comes to controlling and handling non conforming products , there is a specific procedure that must be carefully followed to ensure that the wrong product is not given out to consumers. First and foremost, the organization should already have a documented procedure that indicates the method they will use or plan of action that will be taken in order to control the products in question.
Upon the removal of the non conforming products , the organization will ensure that it does not get mixed up with the quality products that are on their way to be distributed to the masses. Once the product has been effectively identified and removed from the others, it must be properly reviewed and approved before it can be released. The release of a nonconforming product can be made under concession by an authorized person. Any release of this kind should be properly documented after it has been completed. The other details of the nonconformity must also be documented in detail. This should include the exact non-conforming characteristics that were identified, as well as the procedures that were followed in order to get rid of it and prevent it from happening in the future. From the documentation of the nonconforming product, all company personnel should be able to understand the nature of the event, why the product did not conform to the specified standards, and what was done to eliminate the issue. In the event that a nonconforming product is identified after it has already been distributed or delivered, there will be a separate set of actions that must be taken to solve the problem at hand. These actions will depend on the severity of the nonconformity, and will be determined by the discretion of the company leaders. When a nonconforming product has been identified and a plan of action has been established to solve the problem, it can either be permanently removed or possibly altered in order to fit the guidelines and be considered a qualifying product. When any nonconforming product is reprocessed, it must go through a revalidation process by someone of proper authority in order to be approved for release.
5.11 Management of Change (MOC)
A process for Management of Change(MOC) must be established. The integrity of the quality management system must be maintained when changes to the quality management system are planned and implemented. For MOC, the organization must identify the potential risks associated with the change and any required approvals prior to the introduction of such changes. MOC activities must be recorded.
5.11.2 MOC Implementation
Management of change process are to implemented when there are changes in the organizational structure , changes in key or essential personnel, changes in critical suppliers and/or changes to the management system procedures, including changes resulting from corrective and preventive actions and these changes may negatively impact the quality of the product.
5.11.3 MOC Notification
The organization must notify relevant personnel, including the customer when required by contract, of the change and residual or new risk due to changes that have either been initiated by the organization or requested by the customer.
Changes are intended to be beneficial but they need to be carried out when determined by your organization as relevant and achievable. In addition, consideration of newly introduced risks and opportunities should also be taken into account. To achieve the benefits associated with changes, your organization should consider all types of change that may occur. These changes may be generated, for example, in:
- Processes and procedures;
- Quality manual;
- Documented information;
- Process equipment;
- Employee training;
- Supplier evaluation;
- Stakeholder management;
- Interested party requirements.
Whenever quality management system changes are planned, Top management should ensure that all personnel are made aware of any changes which affect their process, and that subsequent monitoring is undertaken to ensure that QMS changes are effectively implemented. The organization must consider
- The purpose of the changes and their potential risk and opportunities.
- The integrity of the management system.
- The availability of resources.
- The allocation or reallocation of responsibilities and authorities
Decide on Disposition Option
This is the step where you decide what to do with the non-conforming products. There are several options that you can choose from:
- Eliminate the non-conformance: By applying rework to the product , you can bring it back to fully meeting the requirements. The main difference between a rework and a repair is that the non-conformance is fully eliminated to be compliant with a rework, but it is only eliminated enough to make it usable with a repair. Finding a bracket with holes that were too small and drilling them bigger to meet a drawing would be an example of a rework.
- Authorizing use: If there is a concession from the requirements and the product or service is useable, although not fully compliant, then you can accept to use the product or service as is. Sometimes a repair to the product will be required to change the product enough to make it usable, although it will not fully meet the requirements. If a bracket has holes out of position, you could make the holes into slots so that the part fits in place. This would be an example of a repair.
- Preclude original use: This is when you decide to either scrap the product or to re-grade the product or service (such as product sold as seconds).
- Correct per Disposition: This is simply doing the actions you decided to do . If you are accepting the product or service as is, then allow it to continue. If you are reworking or repairing something, have the steps carried out to do so as planned (and make sure it is re-verified afterwards). If you are using the unit to sell as a second, how do you identify it so that it ends up being used properly at the end of the process?
- Corrective Action: Finally, after deciding how to fix the product , take a look at why the non-conformance happened, and try to find and fix the cause so that it doesn’t happen again. If there is an error in the instructions that caused the problem, get the instructions fixed. If a program bug caused a service error, fix the program. If you have found that a part of the machine is wearing out, implementing a preventive maintenance check on that machine could go a long way toward helping prevent similar problems in the future. If this is a recurring problem, then maybe switching the investigation over to the Corrective Action process would allow for greater improvements. Often, the Non-conforming Product process is the biggest input to the Corrective Action process.