6.1 General

The organization must plan and implement the monitoring process, measurement process, analytical process, and improvement process to confirm to the requirements of API Q1 and to continually improve the effectiveness of the quality management system. The process must include applicable methods, including techniques for the analysis of data, and the extent of their use.

The organization to must analysis the results of monitoring and measurement and confirm that organization has considered what, how and when to measure and that the outcomes from decisions result are ensuring appropriate process control. It must monitor the performance and effectiveness of organization’s quality management system. It must develop a process (method, techniques, format, etc.) to identify, collect and analyze various data and information from both internal and external sources, including:

• Monitoring and measuring results;
• Process performance results;
• Meeting objectives;
• Internal audit findings;
• Customer surveys and feedback;
• 2nd or 3rd party audit results;
• Competitor and benchmarking information;
• Product test results;
• Supplier performance information.

This ‘input’ (information and data) should reflect upon the adequacy, suitability and effectiveness of the quality management system and its processes. The ‘output’ (result of the analysis) must provide information (understanding, insight, awareness, confidence, knowledge of, etc.). The analysis output must provide insight to:

• Customer satisfaction and perception
• Product conformance.
• Process performance
• Product and process characteristics
• Trends in products and processes
• Opportunities for preventive action
• Suppliers and subcontractors.

Other potential or useful options might include:

• Need for corrective action
• Opportunity for improvement
• Competition.

It is important to document and retain as evidence the results of the evaluation of the performance of the quality management system. Monitoring and measuring QMS operations and activities will establish a mechanism to ensure that your organization is meeting its policies, objectives and targets. In order to meet this requirement, your organization must perform six steps:

• Identify the activities that can have a significant impacts and risks
• Determine key characteristics of the activity to be monitored
• Select the best way to measure the key characteristics
• Record data on performance, controls and conformance with objectives and targets
• Determine the frequency with which to measure the key characteristics
• Establish management review and reporting.

Establish the monitoring and tracking criteria for each activity that has a significant impact or risk and review the action plan.

6.2 Monitoring, Measuring, and Improving

6.2.1 Customer Satisfaction

The organization must establish a documented procedure to measure customer satisfaction. The procedure shall address the frequency of measurement, obtaining customer feedback, key performance indicators (KPIs), and other information that the organization uses to determine whether the organization has satisfied customers in meeting identified requirements. The result customer satisfaction information must be recorded.

Customer satisfaction should be monitored to determine to which degree their expectations and needs are being fulfilled. The methods for obtaining this information need to be determined by the QMS. Methods of measuring and monitoring the way customers perceive your company can be done through;

• Physical customer feedback through meetings
• Customer surveys
• Warranty/Guarantee claims
• Compliments/Complaints
• Dealer reports

Producing high levels of customer satisfaction is an essential metric tool for gathering real-time information to improve the QMS system and product. Each customer will be different and present different needs and the organization will have to use additional measures and controls to measure and analyze the data.

Defining Customer Satisfaction Indicators: The procedure for customer satisfaction should have a customer satisfaction indicators. This process should also include;

• The frequency of data collection
• The method of data collection
• A summarization
• A review of the data
• An evaluation of the data
• Actions on how to improve
• The required timeline for remedy
• Whose responsibility it is and
• The follow-up with the customer

To continuously improve on customer satisfaction, customer feedback and trends must be constantly. This will be the baseline to use for both internal and external customer.

6.2.2 Internal Audit

6.2.2.1 General

Internal Audits are conducted to verify that the Organization’s QMS is effectively implemented and maintained and conforms to the requirements of the API Q1. The organization must establish a documented procedure for Internal audit. It must define the responsibilities for planning, conducting, and documenting internal audits. The results of previous audits and criticality of the process being audited must be considered while planning for internal audits . While planning for the internal audit the organization must identify the audit criteria, scope, frequency, and methods of Internal audit. The procedure must ensure that all processes of the quality management system claiming conformity to the API Q1 requirements are audited at least once. every 12 months. All Outsourced activities that impact the quality of the product and that are performed at the organization’s facility must be part of the internal audit .

6.2.2.2 Performance of Internal Audit

All processes of Organization’s QMS must be audit to claim conformance to the API Q1 requirements. Records of the audits provides objective evidence that the QMS is implemented and maintained . Independent , Competent personnel who do not perform or directly supervise the process being audited shall conduct the Audit. This is to ensure objectivity and impartiality of the audit process. Product specification requirements can be embedded throughout the quality management system processes and audited in conjunction with one or more quality management system processes.

6.2.2.3 Audit Review and Closure

For the non-conformities identified during the internal audit , the responsible management must ensure necessary correction and corrective action. The organization must identify response times to addressing detected non-conformities. Records related to internal audits must be maintained. The results of internal audits and the status of corrective actions are to be reported in the management review.

Organization should establish an internal audit plan to cover all requirements of the standards. In addition, consideration should be given to the status and importance of the processes that comprise the audit and the results of previous audits. Objective evidence should demonstrate information of concerning the effective implementation the audit plan, as well as a sample of audit results. The internal audit process should include the following activities:

• The development of a program of internal audits which can be revised depending on the results of previous audits and the results of performance monitoring.
• The identification, selection and training of internal auditors.
• The analysis and evaluation of the results of internal audits.
• The identification of the need for corrective or improvement measures.
• The verification of the completion and effectiveness of these measures.
• The documentation pertaining to the execution and results of audits.
• The communication of the results of audits to the top management.

The internal audit process is part of the continual improvement feedback loop to evaluate and improve the effectiveness of the management system. It also highlights where processes and procedures are not addressing risks adequately and where changes are needed to improve efficiency or effectiveness. The audit process also serves as a method of compliance monitoring.

Planning for internal audit

During the early stages of implementing of this standard , the internal audit often focuses on ensuring that any compliance issues or non conformities are discovered and rectified prior to the assessment. However, once organization is registered, the internal audit must evolve. The focus of the internal audit planning should be re-directed, away from compliance with standards, to an audit strategy that bases the audit frequency upon process performance data, feedback from customers, etc., to ensure that you are focusing on the risks and issues that should be on Top management’s radar. When planning the Internal audit organization should ensure that customer feedback, organizational changes and risks and opportunities are brought into consideration. Process importance as the degree of direct impact that process performance has on customer satisfaction should be considered i.e. could the process provide the customer with a defective product? One should consider process status in terms of maturity and stability; a more established, proven process will be audited less frequently than a newly implemented or recently modified process. Conversely; processes which are not performing to the planned arrangements should be audited more frequently. Support processes should be given a lower ranking than the manufacturing/service provision processes. In addition, the results of previous audits should be considered too. Processes that have been audited recently that have shown effectiveness and improvement should be audited less frequently. When applying risk-based thinking to select internal audits and their frequency, consider the following:

• Processes that are critical to product and service quality;
• Complex processes that require close monitoring and control to ensure conformity;
• Balance across operational and non-operational processes;
• Processes that utilize qualified personnel;
• Activities or processes that occur across multiple locations;
• Processes impacted by human factors;
• Introduction of new or changed processes;
• Changes affecting the organization;
• Statutory and regulatory issues;
• Process performance, e.g. process conformity/non-conformity, escapes to the customer, complaints, previous internal/external audit results, identified risk.

When planning your internal audit one should ensure that customer feedback, organizational changes, and risks and opportunities have been brought into consideration. Internal audit that are based on risk and customer feedback will help your organization to embark upon new methods of compliance in which risk-based thinking and continual improvement are the drivers, rather than compliance.

Determining the frequency of internal audits
Deciding the frequency of internal audits will depend on the perceived need for the audit and the size and complexity of your organization. The frequency of internal audits should depend on the criticality of each process and the perceived need to audit it, but all processes should be formally audited at least once during a 12-month audit cycle. Critical processes that directly affect process and product conformity, and customer satisfaction should be audited more frequently, e.g. monthly, quarterly, or more regularly as required. When determining internal audit frequency, you should consider the following:

The level of risk associated with the activity, policy or procedure;
The priority of the specific element of the management system;
The results of previous audits; and
The significance of problems identified in the areas to be audited.

The basic requirement of the quality management system is that it is audited at least once per year. If many issues are found during audits, then additional audits can be undertaken to help get that part of the system working effectively again as soon as possible. ISome audits are likely to be conducted on a monthly basis in order to cover all manufacturing processes over the year. Unscheduled audits may be conducted at any time based upon:

Previous audit results;
Regulatory inspections;
Operational changes (planned or unplanned);
Management review concerns;
Identified non-conformances.

The frequency of internal audits should be reviewed and, where appropriate, adjusted based on occurrence of process changes, internal and external nonconformities, and/or customer complaints. The effectiveness of the audit should be reviewed as a part of management review.

The internal audit checklist is just one of the many tools which are available from the auditor’s toolbox that help ensure your audits address the necessary requirements. The checklist stands as a reference point before, during and after the audit, and will provide the following benefits:

• Ensures the audit is conducted systematically;
• Promotes audit planning;
• Ensures a consistent audit approach;
• Actively supports your organization’s audit process;
• Provides a repository for notes collected during the audit process;
• Ensures uniformity in the performance of different auditors;
• Provides reference to objective evidence.

Before a new audit is started in a particular area, it is important to check the status of any outstanding issues since the last audit (if any) was performed in the area. If there are outstanding issues, then they may be carried forward into the current audit, and the previous audit could then be closed off. The system audits are best undertaken using and internal audit checklist. This type of audit focuses on the quality management system as a whole, and compares the planning activities and broad system requirements to ensure that each clause or requirement has been implemented. A good summary report is the final output of the audit and deserves an appropriate amount of attention and effort. The audit report is the detail of what was found during the audit. It presents an overall summary of the audit findings, as well as any positive aspects noted during the audit. The audit report must also identify nonconformities identified during the audit and their associated corrective actions. The Internal Auditor should be responsible for finalizing the audit report, which should include:

• The area and element/procedure/process audited;
• Audit team composition, audit scope, persons interviewed;
• Executive summary;
• Observations and key findings (identified nonconformities);
• Recommendations;
• Opportunities for improvement, which are areas that may become nonconforming in the future;
• Graphical representation of findings.

On completion of the audit, a closing meeting should be scheduled between the audit team and the organization or department being audited, to present the results of the audit and discuss any subsequent steps required to complete the audit. Observations may also be recorded for future consideration. The audit report needs to be signed by the lead auditor and the manager of the relevant department, and distributed as required to relevant persons. The findings and conclusions should be formally documented as part of the summary report. Too often, the audit report only recites back facts and data the managers already know. The value is in identifying issues and opportunities they do not know! This summary should be reviewed first with the lead auditor, then the Process Owner and Management Team. Make final revisions and file the audit report and all supporting audit materials and notes. The audit summary and the corrective action forms should be attached to the audit report, which now becomes the audit record. Only the summary report and corrective actions need be given to the Process Owner and a copy of the audit report should be given to Top management.

6.2.3 Process Evaluation

Suitable evaluation methods must be applied on the QMS processes to ensure that QMS processes achieve planned results, including conformity to product requirements. When are not achieved, correction and corrective action shall be taken as appropriate. Process evaluation can be done by performance of internal audits and management reviews

Process evaluation is about auditing your organization’s processes and their interactions, which together comprise the quality management system. The process audit provides assurance that the processes have been implemented as planned and provides information on the ability of the process to produce a quality output. Use the process audit template for conducting an in-depth analysis to verify that the individual processes comprising the management system are performing and producing outputs in accordance with the planned outcomes. The process audit also identifies any opportunities for improvement and possible corrective actions. Process audits are used to concentrate on any special, vulnerable, new or high-risk processes. A process is a set of interrelated activities that transform inputs, such as materials, customer requirements and labor, via a series of activities into outputs, such as a finished product or service. Various stages of the process must meet various applicable clauses of the standard. There are six characteristics to look out for when auditing a process:

Does the process have an owner?
Is the process defined?
Is the process documented?
Are links between other processes established?
Are processes and their links monitored?
Are records maintained?

The process audits must be scheduled according to the processes defined by your management system. The audit schedule should not be based on the clauses of the standard, but it should instead be based upon the importance and criticality of the process itself. The process approach to auditing should cover three vital stages:

• Preparing for the audit;
• Auditing the process and its linkages;
• Preparing the summary and audit report.

An audit of each process should be conducted at planned intervals in order to determine whether the processes conform to planned arrangements in order to determine whether the process is properly implemented and maintained and to provide process performance information to top management. Effective process auditing requires the auditor to identify and record audit trails that will make a difference to the organization. The audit should begin with the process owner in order to understand how the process interacts with the other process inputs, outputs, suppliers and/or customers.

6.3 Analysis of Data

The organization must establish a documented procedure for the identification, collection, and analysis of data to demonstrate the suitability and effectiveness of the quality management system. The analysis includes data generated from monitoring and measurement, internal audits , management reviews, and other relevant sources. The data analysis output provides information relating to customer satisfaction, quality objectives, supplier performance and conformity to product requirements. The nonconformities and product failures identified after delivery or use, provided the product or documented evidence is available to facilitate the determination of the cause. The characteristics and trends of processes and products including opportunities for preventive action. The organization must use data to evaluate where continual improvement of the effectiveness of the quality management system can be made.

Analysis of Data must include:

• Levels of Customer satisfaction
• Level of Supplier performance
• The results of product and process monitoring
• Rates of non-conformances
• Trends and opportunities for corrective and preventive action

Where the analysis shows unacceptable performance then those items should become Quality objectives and where appropriate, become subject to preventive or corrective action.

The purpose of analyzing data is to:

• Assess organizational performance against established plans and stated quality objectives
• Identify areas for improvement
• Help determine the cause of problems
• Provide guidance for determining the most appropriate corrective or preventive action to take

Data collected for analysis includes:

• Results from customer surveys
• Results from employee surveys
• Customer, supplier and employee feedback
• Results from internal audits
• Results from process monitoring and measurements
• Results from product monitoring and measurements
• Non-conformance reports
• Warranty claims and returned products
• How do I analyze data?

Effective data analysis is an essential part of any quality management system:

• Use statistical techniques where appropriate (e.g. Statistical Process Control)
• Data should be analyzed by designated, competent personnel
• Use data feedback for continuous product and process improvement
• Should I document our analysis of data process?

It is not a mandatory requirement to document your analysis of data process. However, you should always look to adequately define and control any operational processes that generate information on the performance of your quality management system. Therefore, the implementation of an analysis of data procedure will be appropriate to the majority of businesses. Develop and implement a procedure that defines the roles and responsibilities for analyzing quality management system data in order to drive continual improvement and to facilitate a factual approach to decision making:

• Data collection
• Data analysis
• Information output
• Reporting
• Looking for help documenting the process?

The effectiveness of the analysis of data process is often determined by looking for evidence that the organization has sufficiently utilized data from the outputs of its activities and has used that data to drive continual improvement and enhance customer satisfaction.

6.4 Improvement

6.4.1 General

The organization must look to continually improve the effectiveness of the quality management system through the use of the quality policy, quality objectives, audit results, analysis of data, corrective and preventive actions, and management review. The definition of correction, corrective action, and preventive action ans given in ISO 9000 is applicable here.

The organization is expected to revise the quality system documentation and processes as the quality management system matures or when a new process is implemented. The organization must identify improvement opportunities and management system underperformance using the data output from its processes, such as data analysis and evaluation, internal auditing, management review, and the use of appropriate tools and methodologies to support validate findings. The organization must implement the identified opportunities for improvement in a controlled manner.The organization should ensure that it has implemented a process, with appropriate methods, techniques, and formats for identifying areas of underperformance or opportunities for improvement. The organization should select the appropriate tools and techniques to investigate the causes and thereby establishing and implementing a process for continual improvement. The impetus for continual improvement must come from the use of (as a minimum):

1. Policies;
2. Risks and opportunities;
3. Objectives;
4. Aspect and impacts
5. Hazards and safety risks;
6. Analysis and evaluation of data;
7. Audit results;
8. Management review;
9. Non-conformity and corrective action.

Processes can always be made more efficient and effective, even when they are producing conforming products. The aim of a continual improvement programme is to increase the odds of satisfying customers by identifying areas that need improvement. It requires the organization to plan improvement systems and to take into account many other activities that can be used in the improvement process. You will be required to ensure that you continually improve the degree to which your products and services meet customer requirements and to measure effectiveness of your processes. To this end the continual improvement principle implies that you should adopt the attitude that improvement is always possible and your organizations should develop the skills and tools necessary to drive improvement.

6.4.2 Corrective Action

The organization must establish a documented procedure to correct non conformities and to take corrective actions appropriate to the effect of nonconformity to eliminate the causes of non conformities to minimize the likelihood of its recurrence. Corrective action are to apply both internally and within the supply chain to both quality management system processes and nonconforming product trends. The procedure must identify requirements for reviewing a process nonconformity including customer complaints, determining and implementing corrections, identifying the root cause of the nonconformity and evaluating the need for corrective actions , implementing corrective action to reduce the likelihood that a nonconformity recurs, identifying the time frame and responsible persons for addressing corrections and corrective action, verification of the effectiveness of the corrections and corrective action taken and Management Of Change when the corrective actions require new or changed controls within the quality management system. Records of the activities for control of a nonconforming process shall be maintained. Records shall identify the activities performed to verify effectiveness of the corrective actions taken.

Definition of correction
Correction (also referred to as immediate correction) is action taken to eliminate a detected nonconformity or defect (adapted from ISO 9000). A correction can be made in conjunction with undertaking corrective action. For a product nonconformity, correction might include reworking the part, accepting the nonconformance through the concession process, replacing the product, or scrapping the product.

Definition of corrective action
Action implemented to address the root-cause and contributing cause of the undesirable condition, situation, nonconformity, or failure; action taken to prevent recurrence. As part of the corrective action process you must identify all the causes (root-cause and contributing causes) that have or may have generated an undesirable condition, situation, nonconformity, or failure.

The decision to apply or not apply the corrective action process should be made by the appropriate level of management within the company, based on the level of risk. Many factors that can trigger the corrective action process, examples include:

• A safety impact that affects the product or personal;
• Product performance and/or reliability issues;
• High impact on production and/or maintenance operations;
• Repetitive problems to one part of the activity/process, or similar problems across many activities/processes;
• Difficulty in detecting the nonconformity;
• By customer request;
• Significant quality or management system issues;
• Complex problem that cannot be solved without assistance of others not located where the problem occurred.

The analysis of nonconformities should not look for someone to blame, or a department that is ‘more responsible than another’, but rather for understanding and improving the organizational weaknesses that made them possible. Where internal audits identify that organization’s policy, objectives, standards and other requirements as outlined within their management system are either not implemented, or are improperly implemented, a nonconformance report should be raised and entered into the nonconformity log as appropriate. This should require an agreed response from the relevant Line Manager prior to closure. The root-cause must address the nonconformity and the corrective action must address the root-cause. Any nonconformities and subsequent actions to prevent their reoccurrence and the effectiveness of the corrective action(s), should be duly documented and retained.

Step 1. Identify the Problem
Once a problem has been identified through inspection, customer complaints, or audit results, it should be captured using non-conformity reports (NCRs) or corrective action reports (CARs) in order to identify who is affected by the problem and what the impact is. Considering the following:

• What are the operations, products, materials, defects, malfunctions that may characterise the problem? What is it about?
• Who is concerned with the problem? Who is reporting the problem? Who is rectifying the problem? Who is the problem affecting?
• Where are all the places where the event takes place; shop floor, services, machine, process step?
• Where is it seen? Where does it originate?
• When does the event appear (time, date, when does it start, how long does it last, how often)
• When is the problem reported defective? When is the problem repaired?
• Has it occurred before? If yes, what is the history?
• How do we know there’s a problem (how is it detected)?
• How does the event appear, how does it stop?
• How frequently is the problem experienced?
• How is the effect of the problem being measured (costs, delays, scrap rate, customer complaints, return rate, concessions, reliability rate, etc)?
• How is the problem currently addressed? How is it corrected?

This step helps to fully describe a situation, precisely analyse all its elements and gain a common understanding of them, allowing the definition of an action plan. Ensure that all team members agree about the definition of the issue and resulting impact. The problem description should describe the problems in terms of what, where, when, and how big. On a flip chart, presentation board, or even paper; write out a description of what you know about the problem. Try to document the problem and describe it as completely as possible. The description should contain facts; such as observations and documentary evidence and not assumptions. All information must be gathered before identifying the root-cause can begin. Make sure both of the above factors are true before you move to the next step. Consider any new information that the team may have gathered since completing the initial problem description. Describe the problem by identifying what is wrong and detail the problem in quantifiable terms. Define, verify and implement the interim containment action to isolate the effects of the problem from any internal/external customer until Permanent Corrective Actions (PCA) are implemented.

Step 2. Establish a Response Team
Identify representatives from functions that may have an influence on the corrective action process, including the identification of the root causes. Remember to assign responsibilities and objectives to the team members. Remember, those performing the job, such as operators, inspectors, drivers, etc., are the best people to help identify the real causes, don’t leave them out of the team! The size and composition of the team should depend on the complexity and the impact of the problem. The composition of the team is not fixed forever and may evolve depending on the analysis results and the required actions. New team members should join the team if analysis shows they are identified as being in the scope, some others will leave if their area is definitely identified as out of the scope. However, consideration should be made that expending the size of the core team over 6 to 8 members generally results in less efficiency. When more members or special skills are required, sub teams should be considered. Don’t forget, root-cause analysis must not be used for assigning blame or transferring responsibility. In summary, you should establish an investigation team with:

• Process and/or product knowledge;
• Allocated time and resources;
• Authority to solve the problem and implement corrective actions;
• Skill in the required technical disciplines;
• A designated Team Leader.

Brainstorming sessions should be used to identify potential causes to investigate each potential cause. Coordinate parallel activities with different team members to help expedite the process of verification. Once you have reviewed the problem description, you can undertake a comparative analysis. A comparative analysis will help you identify relevant changes in a change-induced situation. Then you can reduce the number of possibilities that you must consider to determine root-cause. To complete a comparative analysis:

• Ask yourself; what is unique, peculiar, different, or unusual about the symptoms?
• Consider features such as people, processes, materials, machines and the environment;
• List all facts without prejudice as to the possible cause;
• Consider each difference you listed, and look for changes, ask yourself what has changed to give rise to this difference?
• Keep in mind that each difference may not have a corresponding change;
• List the changes next to the difference;
• Look at the dates each change occurred;
• Eliminate some changes if they occurred after the problem started;
• Consider categories of people, machines, processes or measurements.

If the problem is change-induced, the root-cause must be the result of a change relative to one or more of the identified changes. It is important to remember that you have not yet moved from the ‘observations’ phase of the process. Any information you develop during the comparative analysis must be fact based, not opinion based and must be true only for the symptom’s information. Do not rule out any facts that might be valid answers. If it is a fact and it answers the question, write it down. Your organization should first contain the problem by taking immediate corrective action (ICA) and then evaluating the need for initiating the formal problem-solving process. Where necessary, provide an emergency response action to protect the customer from the problem, protect the customer operations and the organisation (to stop the problem getting worse) and verify that problem does not degrade until the root-causes are known. An interim containment action is kept in place until a verified permanent corrective action can be implemented. In some cases, the interim containment action may be the same as or similar to the emergency response action. An interim containment action provides more opportunity for investigation. Conduct trial runs whenever possible. However, in some situations, your verification may simply be a matter of common sense. For example, if an interim containment action involves stopping the shipment of all products, you can be sure that customers will stop experiencing the problem. An interim containment action can be any action that protects the customer from the problem. However, before you implement an interim containment action, you need to verify that the interim containment action will work. To verify the interim containment action:

• Prove before implementation it protects the customer from the problem;
• Provide a before-and-after comparison;
• Prove that the interim containment action will not introduce any new problems.

Methods of verification may include:

• A test to determine the desired performance level;
• A demonstration that changes eliminated the issue without creating a new problem;
• A comparison between the interim containment action and similar proven actions;
• A review to evaluate whether the interim containment action was effective;
• Assurance that the interim containment action did not introduce a new problem.

Any interim containment action you implement must protect the customer from the problem without the introduction any new problems. Also, a single interim containment action may not be enough. You may need to implement more than one interim containment action to fully protect the customer.

Step 3. Identify the Root-Cause(s)
Root-cause analysis (RCA) is a class of problem-solving methods aimed at identifying the root-causes of problems or events. The practice of root-cause analysis is predicated on the belief that the problems are best solved by attempting to correct or eliminate root-causes, as opposed to merely addressing the immediately obvious symptom. Listed below are various root-cause analysis techniques, we recommend you use the 5-Whys (1st Why, 2nd Why, 3rd Why, 4th Why, and 5th Why – and the root-cause) technique to problem solving but you are free to undertake any of the following depending on the complexity of the problem:

• 3-Ws (what, where, when);
• 8D Eight Dimensions;
• Failure Mode and Effects Analysis (FMEA & DFEMA);
• Fish-bone Analysis;
• Pareto Analysis;
• Fault-tree Analysis;
• Cause Mapping – draws out, visually, the multiple chains of interconnecting causes;
• Barrier analysis – a technique often used in process industries;
• Change analysis – an investigation technique often used for problems or accidents.

The 5-Whys technique offers some real benefits to organizations with varying degrees of management system maturity:

• Simplicity. It is easy to use and requires no advanced mathematics or tools that allows you to dig deep and find underlying issues rather than using quick-fix solutions;
• Effectiveness. It helps to separate the symptoms from the causes and identifies the root-cause of a problem using evidence-based analysis;
• Comprehensiveness. It aids in determining the relationships between various problem causes and allows you to proactively eliminate problems for good;
• Flexibility. It works well alone and when combined with other quality improvement and troubleshooting techniques such as ones listed above;
• Engaging. By building a culture that embraces progress, by its very nature, it fosters and produces teamwork within and outside of the organization, encourages the reporting of issues without fear or judgement;
• Inexpensive. It is a guided, team focused exercise that seeks to improve and adapt processes to ensure long-term success. There are no additional costs.

Launching a formal root-cause analysis and problem-solving process should always be considered when an issue; such as, undesirable conditions, defects and failures are detected. The decision not to apply the process must be made based on objective evidence of absence of risks!

Step 4. Implement Corrective Action
When all root and contributing causes have been identified and their effects understood, implement all selected corrective actions. Verify that the planned actions were taken as scheduled and assess their effectiveness in permanently preventing the undesirable condition, situation, non-conformity or failure from recurring. Steps for corrective action (CA) implementation:

• Implement the corrective action (CA);
• Implement controls;
• Evaluate the corrective action (CA) for escape point;
• Remove the immediate containment action ;
• Perform validation;
• Confirm with the customer that the symptom has been eliminated.

To ensure the most effective corrective actions to address the most likely, or critical root causes are taken in consideration of operational and business constraints such as costs, lead time, difficulty of implementation, and resources. Select solutions that optimise value and effectiveness for all stake-holders! Implement the solutions that have been selected, verify that all actions have been completed to schedule and that they have prevented the undesirable condition, situation, non-conformity or failure from recurring. Plan and implement selected permanent corrective actions. Remove the interim containment action and monitor the long-term results.

Step 5. Prevent Recurrence
Modify the necessary systems, policies, practices and procedures to prevent recurrence of this problem and similar ones. Make recommendations for systemic improvements as necessary:

• Review the history of the problem;
• Analyze how the problem occurred and escaped;
• Identify affected parties;
• Identify opportunities for similar problems to occur and escape;
• Identify practices and procedures that allowed the problem to occur;
• Identify practices/procedures that allowed the problem to escape to the customer;
• Analyze how similar problems could be addressed;
• Identify and choose appropriate preventive actions;
• Verify preventive action and its effectiveness;
• Develop action plan;
• Implement preventive actions;
• Present systemic preventive recommendations to the process owner.

Serious consequences may occur when the underlying symptoms are not addressed, when the quick fix is accepted as a final, permanent solution. Excessive reliance on containment or emergency response action will create a repeating cycle. Problem containment is an addiction that will only get worse until the root-causes are found and addressed.

Step 6. Monitor Effectiveness
Establish a review process to ensure corrective actions are completed according to plan and that they continue to be effective over time by confirming you have done what you have planned. Try adjusting the type and number or frequency of additional checks and audits to check that the actions remain effective. When same problem has been identified or is suspected to occur on same or similar products, processes or data, the same corrective actions must be implemented and their effectiveness verified for all these additional products, processes or data. The owner of each corrective action, the team leader and all team members should verify the effectiveness of the actions taken to date, and when relevant, the customer. Examples of verification methods include:

• Additional process monitoring until it is demonstrated that the process is stable and capable of consistently meeting requirements (recording and analysis of process parameters and/or product characteristics, SPC, etc.);
• Additional internal audits to specifically verify the effectiveness of the corrective actions;
• Associated metrics showing significant improvement resulting from the corrective actions.
• Examples of supporting evidence might include: updated procedures, work instructions, control plans, etc. to show any changes were defined. Additionally, evidence of effective implementation of the changes is also required such as SPC data, inspection records, training records, audit records, etc.

If the corrective actions are effective, evaluate which containment actions may be eliminated (e.g. stop over inspection and over production, return to normal transportation means, etc.) without adversely affecting the product and process output. Record evidence of actions completed and associated results (what works and what does not). To document analysis results and changes to make the corrective action permanent, capture and share learning with all the stakeholders to prevent similar undesirable condition, situation, non-conformity or failure occurring on other products, production lines, factories or suppliers. Identify all that can be shared from the experience that can be transferred across business units, production lines, factories or suppliers. Ensure that you get agreement from appropriate levels of management and other process owners and functions (internally and externally) to launch actions and verify there are implemented and effective. Keep lessons learned register which includes a summary of content and results of analyses, flow charts, data bases, performance data, main actions and decisions, location where detailed data can be retrieved, difficulties encountered when managing the issue, etc. When the decision is made to implement actions in another business areas, such as; production lines, factories or suppliers, which are not under direct control of the response team, implementation and the verification of effectiveness is not necessarily the responsibility of the team. Escalation to top management or transfer to another function (procurement, engineering, etc.) may be required to ensure proper leverage and action follow-up.

6.4.3 Preventive Action

The organization must a documented procedure to determine and implement preventive actions appropriate to the effects of the potential problems to eliminate the causes of potential nonconformities in order to minimize the likelihood of their occurrence. Preventive action should be applied internally and within the supply chain to both quality management system processes and product analysis. The procedure should identify requirements for opportunities for improvements, potential nonconformity and its potential causes,evaluating the need for preventive action, including any immediate or short-term action required, to prevent occurrence of a nonconformity, the timeframe and responsible person for implementing a preventive action, the effectiveness of the preventive action taken and Management of Change when the preventive action require new or changed controls within the quality management system. Records of the activities for control of potential process nonconformities must be available.

Preventive action is taken to fix the cause of a process problem before it can happen. In a management system, a preventive action (PA) definition could be: “the activities taken by the organization to eliminate the cause of a potential process nonconformity.” If you are identifying potential problems that could happen in a process, assessing what could cause these problems, and taking action to prevent the problem from occurring before it happens, then you are taking preventive action.Preventive actions are taken to prevent a potential problem, organizations try to address problems before they happen. Whereas corrective actions are taken after a problem has occurred.Corrective actions are taken after an incident occurs to fix and prevent the recurrence, whereas preventative actions are taken before the occurrence to prevent the potential problem. Preventive actions are proactive while corrective actions are reactive.For instance; a pipe burst and a water flooding incident occurred. The corresponding corrective actions address the root cause of the flood, such as fixing old pipes. Contrary to this turning off the water source is a correction that eliminates the cause temporarily. But if the organization controls their pipes regularly and realizes that a pipe is going to burst, at that time they can take preventative actions to prevent the occurrence, before it happens.

Preventative action is an action to eliminate the cause(or causes) of the potential nonconformity and to prevent occurrence.

the following enlisted requirements should be documented in a procedure;

• Determine the potential nonconformity (nonconformities)
• Review the need for possible actions to prevent the occurrence
• Plan and document the action(s) and implement it(them)
• Verify that the action does not adversely affect the current requirements which are already complied with.

The last thing that the organization should perform at the end of each nonconformity management. Review the effectiveness of the taken action after a defined period

6.5 Management Review
6.5.1 General

The organization‘s quality management system shall be reviewed at least every 12 months by the organization’s management to evaluate the quality management system’s continuing suitability, adequacy, and effectiveness. This review shall include assessing opportunities for improvement and the need for changes to the quality management system, including the quality policy and quality objectives.

6.5.2 Input Requirements

The input to management review shall include, as a minimum:
– effectiveness of actions resulting from previous management reviews
– results of audits
– changes that could affect the quality management system, including changes to legal and other applicable requirements
– analysis of customer satisfaction, including customer feedback
– process performance
– results of risk assessment
– status of corrective and preventive actions
– analysis of supplier performance
– review of the analysis of product conformity, including nonconformities identified after delivery or use recommendations for improvement

6.5.3 Output Requirements

The output from the management review shall include a summary assessment of the effectiveness of the quality management system. The assessment shall include any required changes (see 5.11) to the processes and any decisions and actions, required resources, and improvement to products in meeting customer requirements. Top management shall review and approve the output of management reviews. Management reviews shall be documented and records of these reviews shall be maintained .

The management review must address the possible need for changes to policy, objectives, targets, and other elements of the management system. Here’s what management systems standards are really all about: defining a policy and creating a plan with relevant objectives. You then implement the system according to the plan and begin auditing, monitoring and measuring performance against the plan and reacting to your findings. As such; management review meetings provide useful insight into the operation of the management system and its processes to enable Top management to respond to issues and to recommend improvements.

It is important that a member of Top management chairs the management review meetings. It is imperative that everyone involved with the management review process fully understand and appreciate the management review requirements. Other attendees at management review meetings should include functional management, line management, process owners, process champions, lead process users, and action owners within the scope of the quality management system, as appropriate, and the internal auditor(s) should also attend. The management review process must ensure that the necessary information is collected ahead of time to allow management to effectively carry out an evaluation prior to the meeting. Note taking and action recording is often undertaken by the Management Representative who will forward minutes of the management review meeting to those on the distribution list and to those with actions.

Critical management review agenda items, such as; process performance, customer feedback and monitoring and measuring results should be reviewed monthly, while less critical agenda items, such as reviewing the quality policy and objectives should be undertaken less frequently, perhaps every quarter. This approach minimizes the length of each management review meeting, covers all of the required management review inputs over the duration of the management review programme, and allows for the analysis of trends in data while the information is contemporary. Annual management reviews are insufficient in frequency to be able react to any issues effectively. Performance metrics should be monitored with varying frequencies, some hourly, some daily, some weekly and some monthly. Management cannot wait for six months to respond, if they do, it will be too late. Top management might conduct weekly meetings in which they review metrics and objectives to determine if any corrective action is required. The process owner is then responsible for reporting close out progress in the meeting a week later. Every time management convenes to review and react to performance, it is considered as a management review. Some companies have multiple review levels, whereby, each review may require multiple subjects and rely upon multiple metrics as inputs. Sometimes subjects are reviewed at more than one level, e.g. production numbers might be reviewed by the Production teams during daily production meetings and then by senior management, possibly weekly.

5.1 Contract Review

5.1.1 General

The organization must establish a documented procedure for the Contract review that defines the process for the review of the requirements related to the provision of products and required servicing.

5.1.2 Determination of Requirements

The organization shall determine stated customer requirements, legal and other requirements, requirements considered by the organization necessary for provision of the products. When the customer requirements are not documented, the organization must confirm the requirements with the customer and records them.

5.1.3 Review of Requirements

Prior to the organization‘s commitment to deliver product to the customer, the organization shall review the requirements related to provision of products. The organization should ensure that requirements are identified and documented. The requirements differing from those previously identified are resolved and the organization has the capability to meet the documented requirements. Where contract requirements are changed, organizations must document all changes and amend all relevant documentation and the organizations must notify all affected personnel of changes The results of the review and the action taken must be recorded

The requirement states that organization should now include a review of the requirements arising either from customer , legal or other requirement or organization’s own customer. The organization should seek and record evidence that these requirements are considered during product and service reviews. The sub-clause mandates that your organization should not issue a quotation or accept an order until it has been reviewed to ensure requirements are defined, and that the organization has the capability to meet the defined requirements. It goes on to require that records of the review and any subsequent actions be maintained. The organization should conduct a review of customer requirements before order acceptance. It can conduct a contract review checklist with following headings as a minimum:

Necessary information is available:

• Technical data;
• Specifications and standards;
• Drawings.
  Customer requirements are understood and can be met:
• For product acceptance (e.g. Quality, inspections & tests, verification & validation, and any special monitoring);
• For delivery expectations;
• For post-delivery expectations.
  Related standards have been reviewed and can be met:
• Statutory;
• Regulatory;
• International quality (e.g. ISO-9001:2015, API Q1);
• Other necessary and applicable standards.
  Unclear or ambiguous requirements are resolved;
  Feasibility has been determined:
• capability to meet order requirements;
• have the equipment;
• have the floor space;
• have adequate resources;
• have skilled personnel.
  Differences between the contract and quote are resolved;
  Methods of communicating with the customer are defined related to:
• Product information;
• Enquiries;
• Feedback;
• Concerns and complaints handling.
  Requirements that are not stated by the customer are defined.

If the customer does not provide their requirements in writing, the requirements must still be confirmed before they are accepted. Define your organization’s arrangements for the retention of documented information to capture the results of the review including any new requirements or changes e.g. record of contract review, including for example customer, reference, date, persons, resources, conventional/special requirements, risks outcome and changes.

5.2 Planning

Planning requires that organizations identify and plan the processes and documents needed for product realization. During planning, the organization must address the following:

a) Required resources and work environment management
b) Product and Customer-specified requirements
c) Legal and other applicable requirements
d) Contingency planning on risk assessment
e) Design and development requirements
f) Required verification, validation, monitoring, measurement, inspection and test activities specific to the product and the criteria for product acceptance
g) Management of change
h) Records needed to provide evidence that the realization processes meet requirements

The output of planning should be documented and updated as changes occur. The plans can be maintained in a structure which is suitable for the organization.

Planning is a critical requirement. During discussion, participants will notice that sections (a) through (h) reference other parts of the API Spec Q1 9th edition specification. It is critical that the organization takes the referenced sections into account during planning. Once review of requirements has occurred, organizations can begin to plan for the manufacturing or servicing of product.

(a) Resources and Management
During planning, organizations must take into account resources and work environment management necessary to manufacturing or servicing of product.

(b) Product and Customer Requirements
The organization must take into account Product and Customer-specified requirements (see 5.1).
Meeting customer specified requirements at a minimum, must be achieved in order for the manufacturing or servicing of product to be an accepted.

(c) Legal and Other Requirements
The expectation that organizations know and understand legal and other applicable requirements resonates throughout the API Spec Q1 9th edition. HSE, quality, and other requirements are included in this expectation. It is not possible to properly plan manufacturing or servicing of product if the organization is not aware of the legal and other requirements that they are mandated to comply with.

(e) Contingency Planning
Based on the customer requirements for manufacturing of product, the organization shall identify the contingency plans for the identified risk found in the initial risk assessment to reduce and or eliminate the risk through identified process or back-up planning as well as developed employee competencies to manage the identified risk.

(f) Contingency Planning Based on Risks
Planning must include the initial risk assessments so that the risks can be mitigated.

(g) Design and Development Requirements
When planning under section 5.2 Planning, organizations must take into account section
5.4 Design and Development.

• 5.4.1 Design and Development Planning
• 5.4.2 Design and Development Inputs
• 5.4.3 Design and Development Outputs
• 5.4.4 Design and Development Review
• 5.4.5 Design and Development Verification and Final Review
• 5.4.6 Design and Development Validation and Approval
• 5.4.7 Design and Development Changes.

(h) Verification, Validation & Test
Organization must address the following for product acceptance:

• Verification
• Validation
• Monitoring
• Measurement
• Inspection
• Test activities

(i) Management of Change
Change is in manufacturing product. When things go wrong, or something unplanned occurs, the organization can refer to the contingency plan, which is still part of . However, when changes fall outside the scope of the contingency plan, an MOC is required. If changes initiated by the organization or the customer result in risks, the organization must notify the customer through the MOC process, as previously discussed.

(j) Records
Records needed to provide evidence that the product realization processes meet requirements. This links to the following API Q1 elements:

• 5.7.7 Inspection and testing : Maintaining Records
• 5.9 Product release : Maintaining Records

5.3 Risk Assessment and Management

The organization must establish a documented procedure to identify and control risk associated with impact on delivery and quality of product. The procedure must identify the techniques and tools to be applied for risk identification, assessment, and mitigation . Risk assessment must include availability of facilities, availability of equipment. It must also include the maintenance of facilities and equipment. The supplier performance should be part of the risk assessment which must also include supply/availability of material. Availability of competent personal and delivery of nonconforming product must also be included. Record of Risk assessment and the management of risk should be available. Contingency plan may be developed as a result of risk assessment. Corrective action and /or preventive action can be taken as a result of risk assessment. Risk assessment includes consideration of severity, detection methods, and probability of occurrence.

The purpose of the procedure is to outline your organization’s risk management framework and the activities within. The risk management framework defines the current risk management process, which includes; methodology, risk appetite, methods for training and reporting. Risk Assessment and Management is fundamental to API Spec Q1, 9th edition success as well as aiding the organization to eliminate loss associated with its manufacturing products, processes and services. The API Spec Q1, 9th edition’s foundation is about understanding and mitigating risks associated with its manufacturing processes, products and services. By design, this Specification does not detail the organization’s procedure for Risk Assessment and Management. Since there are many different methods and applications available to organizations, it will be up to the manufacturing or servicing providers to decide which procedure best fits their needs. Risk Based Management is the identification, assessment, and prioritization of risks followed by coordinated and economical application of resources to minimize, monitor, and control the probability and/or impact of unfortunate events or to maximize the realization of opportunities.

1.Identify the Risks
A lot will go into the identification of potential risks for a company. There are two distinct kinds of risk that a company may encounter: external and internal. External risk is risk incurred from the environment in which the company operates. These can be legal, regulatory, financial, and cultural risks. Internal risk is risk incurred from within an organization. This can be caused by an organization’s structure, resource deficiencies or allocation, and hierarchy. Risk need to be determined within the context of the business, something that will lead to different definitions of each term for different organizations.

2 Plan Your Response
As with any other part of the standard, companies are required to develop a plan for addressing the risk and opportunities they’ve identified. A company will need to do an in-depth assessment of the possible risks for this part. How likely are these risks? How disruptive would they be if they were to happen? What amount of resources is your company willing to dedicate to mitigating these risks? Can their likelihood be increased while mitigating the risk? Is the potential risk worth incurring for a chance at capitalizing on the opportunity? Once these assessments have been made, an organization can develop a plan for addressing the risks based on their stated strategies. Without properly assessing their appetite for risk, an organization cannot properly plan to either mitigate it or capitalize on the opportunities it presents. These plans need to be clearly laid out, with a plan for documenting the process and keep clear records on it.

3 Integrate the Response into Your QMS
This step requires a company to insert the plan they’ve developed for addressing risk and opportunity into the greater framework of the QMS that they already have in place. This step is critical, in that the plan needs to allow for the rest of a company’s QMS to remain seamless. As a standard that emphasizes universal application, the nature will require that the process developed for addressing risk be compatible with all other procedures in the company. For this reason, keeping a company’s QMS in mind as it goes through the process of developing a plan for addressing risk and opportunity can prove to be helpful. Developing a plan only to find that it doesn’t integrate well into the larger process means time and energy has been wasted.

4 Evaluate Effectiveness
As with any other procedure in a company , proper documentation and record keeping processes will need to be put in place. This is where a company can record the outcomes and measure the effectiveness of their efforts. This stage in the process is also why it is crucial to develop a comprehensive assessment of the company’s willingness to take on risk and pursue potential opportunities. Without a detailed understanding of the company’s aims in regards to both risk and opportunity, it will be all but impossible to properly assess the effectiveness of the process that’s been implemented. As with any procedure , this step allows for the constant scanning of potential inefficiencies that can be improved upon. It should be noted that context is also a key factor in any risk assessment process. Risk at one juncture of the process might look different than the same risk at another juncture. This is why having a comprehensive strategy for risk assessment is critical. Preparing for and thinking about all the possibilities will help better prepare your company.

5.4 Development

5.4.1 Design and Development Planning

The organization must maintain a documented procedure to plan and control the design and development of the product. The organization’s procedures is to identify:
o Design and development plans and plan updates
o The design and development stages
o The resources, responsibilities, authorities, and their interfaces to ensure effective communication
o The review, verification, and validation activities necessary to complete each design and development stage
o The requirements for a final review of the design

The procedure must ensure that all the requirements of design and development as given in clause 5.4 are met even when design and development activities are performed at different locations within the same organization. The procedure must include the requirements of outsourcing as given in clause 5.6.1.6

Design and development for products will vary greatly in complexity. Some products present low risks while others may present significant risk, based upon their design and application. All product in the Petroleum, Oil and Gas Industry is expected to meet the requirements of 5.4 Design & Development. The organization shall maintain a documented procedure to plan and control the design and development of the product.

• Plans and Updates: Plan and control procedure must include the design and development plans and plan updates.
• D&D Stages: Under this Subpart, organizations are required to identify the D&D stage in its plan and control procedure.
• Resources, Responsibilities & Authorities: Plan and control procedures must include the resources, responsibilities, authorities and their interfaces to ensure effective communication for the D&D activities
• Review Activities: In addition to identifying the different D&D stages in the plan and control procedure, organizations must include the review, verification, and validation activities necessary to complete each design and development stage.
• Final Review: The plan and control procedure the requirements for a final review of the design.

Design planning must specify the design and development stages, activities and tasks; responsibilities; timeline and resources; specific tests, validations and reviews; and outcomes. There are many tools available for planning ranging from a simple checklist to complex software. Control product design and development planning activities including:

1. Scope of the design e.g. customer requirements design rationale, design assumptions, objectives, complexity, size, detail, timescales, criticality, constraints, risks, producibility, accessibility, maintainability;
2. Stages of the design process, distinct activities and review e.g. work breakdown structure, work packages (tasks, resources, responsibilities, content, inputs/outputs), concept design, preliminary design, detail design, design review gates preliminary design review, detail design review, critical design review);
3. Verification and validation activities comprising checks, trials, tests, simulations, demonstrations required to ensure requirements are met;
4. Assignment of responsibilities and authorities e.g. job profiles, CVs, accountability statements, delegation of authority, levels of approval, register of authority and approvals, authorized signatories;
5. Internal and external resources such as knowledge acquisition, people, competency, investment, funding, facilities, equipment, innovation, technology, interested parties (customers, external providers, research establishments), information (principles, standards, rules, codes of practice);
6. Organizational interfaces such as personnel and functions e.g. sales, project management, production, procurement, quality, finance, customers, end users;
7. Levels of control required or implied by interested parties (customers, regulators, end users etc.) e.g. customer acceptance, safety checks, risk management, verification/validation activity, product certification;
8. Required documented information e.g. design plan, design reviews, design outputs (specifications, schemes, drawings, models, data, reports), control plans, certificates.

The design management plan typically includes specific quality practices, assessment methodology, record-keeping, documentation requirements, resources, etc., and usually reference the sequence of activities relevant to a particular design or design category. The design management plan references applicable codes, standards, regulations and specifications. and describe the interfaces with different groups or activities that provide, or result in, an input to the design and development process. Each design activity is planned, divided into phases, and tasks assigned to competent and skilled design personnel equipped with adequate tools and resources. Design management plans are documented and updated as the design evolves. As required, at the commencement of a design package, the Design Manager is required to complete a Design Management Plan (DMP) which will include at a minimum:

1. Confirmation of the standards baseline used for the work being undertaken and an explanation of how compliance to this baseline will be demonstrated;
2. An organisation chart with defined responsibilities for all staff with direct involvement in design or with a potential impact on safety;
3. Skills matrix to define the competence of individuals with ‘prepare’, ‘check’ and ‘approval’ duties;
4. Scope definition and interface identification including key issues and operational requirements;
5. Projected output, timelines, milestones, and defined deliverables;
6. Stated processes and procedures to ensure acceptable quality assurance will be demonstrated and records maintained (specifically the formal Assurance Gates);
7. Processes and procedures to be used to ensure compliance with the engineering safety management;
8. The design review process, both single (SDR) and multi-design consultant (IDR) reviews and stakeholder intervention, prior to the Assurance Gate Reviews at 20%, 60% & 100% design completion stages;
9. Explanation of how compliance with input requirements will be demonstrated.

5.4.2 Design and Development Inputs

The organization must identify the D&D Inputs and review them for adequacy, completeness, and lack of conflict. The functional and technical requirements of D&D Inputs can be customer-specified requirements , requirements provided from external sources, including API product specifications, environmental and operational conditions, methodology, assumptions, and formulae documentations, historical performance and other information derived from previous similar designs, legal requirements and results from risk assessments . The design inputs must be recorded.

Define which design and development inputs are required to carry out the design and development process. The inputs should be determined according to the design and development activities. For example, which employees are required or what information is required for every step of the development process. When determining design input requirements, ensure the retention of documented information such as:

• Statutory and regulatory requirements e.g. legislation, regulation, directives;
• Standards or codes of practice e.g. policies, standards, specifications, rules and aids, protocols, guidance, industry codes
• Functional and performance requirements informed by customer requirements, operational and performance charateristics, usability, reliability, availability, maintainability, and safety (e.g. Human factors and RAMS);
• Knowledge exchange from other, similar proven designs, lessons-learned, performance data, in-service data, customer feedback, external feeback, best practice, benchmarking;
• Design assumptions and associated risks;
• Methods of validation and verification;
• Adequacy of inputs e.g. clear, complete, unambiguous, and authorized;
• Conflicting inputs are resolved by communicating with interested parties/contract amendments.

Conceptual Design Statement (CDS)

The Conceptual Design Statement (CDS) includes a design statement that declares the inputs to be used in the design and the proposed design solution. A design statement illustrates the principles concepts and input data relevant to the design and allows relevant stakeholders to understand the thinking behind any chosen design solution. The Design Team will normally produce a Conceptual Design Statement that states the standards and requirements against which the design is to be developed, the processes to be applied and the level of independent checking to be carried out (if any) that is proportionate to the level of risk. The design activities are then carried out by the Design Team using the CDS as the basis. Design and development inputs are documented and controlled. Design and development inputs can be in any form, including data sheets, customer drawings and specifications, photographs, samples, references to standards, etc.

Design standards baseline

All designs are based on a list of approved design standards, referred to as the Standards Baseline. This list is owned and managed by the Engineering Manager. The Standards Baseline is made up of a combination of National and International Standards, National Engineering Specifications, and Approved Codes of Practice. The Standards Baseline should be reviewed monthly and any changes are controlled by the Engineering Manager. At the commencement of any given design package, the Design Team is required to specify the Standards Baseline that will be used in the design. The Engineering Manager should be responsible for checking that the correct design standards have been specified and for verifying that the design output complies with these standards and design requirements. Due to the continuous review and updating of standards, the baseline between different design instructions may vary so a strict configuration control is maintained and only agreed changes are used in the assurance process. Once a design package has been instructed, the baseline for that element of work becomes fixed and will not reflect any subsequent changes in standards.

Design assumptions

Assumptions will normally be statements to fill uncertainties in available information. They are generated by the Design Team in order to allow designs to continue in the early stages. The anticipation is that assumptions are temporary and are closed out either by obtaining data or updating documents to confirm or change the assumption. Assumptions have the potential to be incorrect, and are therefore a source of risk, that require management. Any associated risk is identified and raised through the Risk Register. The assumption management activity is coordinated by Design Manager, with input from the Design Team. Assumptions regarding domain knowledge include facts about the application of the end product or service that allow requirements to be developed in a particular context. The assumptions are normally traceable to gaps or inconsistencies in the design inputs e.g. incomplete or conflicting functional requirements, inconsistencies between the applicable Standards, unclear scope of work, or demarcation issues. The Responsible Body; which might be another company, organisation, person, or team against which an assumption has been made or who are responsible for providing a feature or undertaking an action to resolve an assumption agreed by them. Qualifying criteria for design assumptions are based on the following:

• Assumptions on scope and allocation;
• Assumption regarding gap or conflict in the stated capabilities, systems or operational aspects;
• Conflict between standards;
• Assumptions due to missing design data;
• Assumptions regarding a design decision;
• Assumptions relating to interface issues.

Assumptions must not be raised on programme and cost related matters. The requirements or the design statement will be verifiable against the raised assumption or the origin of the assumption. Assumptions are accepted by the Resolving Body; they may be turned into design requirements or project risks. The process for managing design assumptions is summarised as follows:

• Assumptions are managed using an Assumptions Register;
• The Design Team propose an assumption to fill an uncertainty;
• The Engineering Manager reviews the suitability of the assumption against the criteria;
• Once agreed with the Resolving Body, the Design Team updates the assumption register;
• Action owner closes out assumption by agreed date, this could be done either by establishing additional data or confirming a decision;
• The Engineering Manager monitors that action owners are closing out assumptions and takes action to expedite if necessary;
• Any assumption remaining at the end of the design phase must be clearly recorded in the Assumptions Register and transferred to the Risk Register.

Assumptions are considered closed when they are successfully resolved i.e. accepted by the Resolving Body and the Resolving Body has taken an action that is documented in a resolving document. This resolving document must be properly reviewed, verified and issued before the closure of an assumption is accepted. The respective Gate Review Authority are the final authority to accept or reject the closure of an assumption. The confirmation of closure is noted in the Assumptions Register and a reference to the resolving document with the relevant clause is provided for verification purposes.

Design requirements

The design management process is geared towards meeting customer requirements, while providing a product cost, which enables organizations to have a satisfactory return on investment. The physical and performance requirements of a product used as a basis for product design and development; includes user requirements, regulatory requirements, and system requirements. The customer and user requirements are translated into design requirements and may either be hardware or software (according to intended use) and included in the design specifications and other design documents.

The requirements are reviewed for adequacy by a cross functional, multidisciplinary team involving Design, Engineering, Sales, Manufacturing, Procurement, Sales and Quality to ensure the requirements are complete, unambiguous and not in conflict with each other. The Design Team notifies Engineering Manager if the requirements are ambiguous or conflict with each other. The Design Team produces evidence of the capture of and compliance with the requirements. This evidence is presented in the Requirements Register. The Design Team should provide compliance matrices and verification reports to demonstrate how the designs meet the requirements, supported by the compliance rationale, evidence, models and analysis as required, whilst ensuring that:

• All requirements are traceable to the identifier, author, rationale, source, requirement owner, allocation and stakeholder;
• All requirements have been validated and approved by identified personnel;
• All requirements set been reviewed and agreed with the customer;
• Are requirements are recorded into the project applicable database;
• All allocated requirements are understood and accepted by all the recipients.

In order to progress their close-out and acceptance, compliance statements are prepared and allocated to each requirement, commensurate to the design stage e.g. Gate 1, 2, or 3. Links and references to supporting drawings and documents are provided as the design progresses.

Customer supplied user requirements are transferred to the Requirements Review Checklist and additional requirements are addressed with the customer. The Marketing Manager and the Sales Manager should identify and document the markets’ need for new solutions in a requirement statement which serves as the input for design and development work. The requirement statement includes the following:

• What is required (features/functions, etc.);
• Why it is needed (customer demand);
• When it is needed;
• Assumptions needed to progress the design;
• Risk and opportunity, and hazard analysis;
• Requirements for performance, reliability, safety, statutory and regulatory, etc.;
• Pricing targets and design project milestones.

When a product is designed or modified to meet specific customer requirements, the Engineering Manager receives from Marketing Manager and the Sales Manager an outline design order with customer requirements and specifications. The Design Team translates the needs and expectations from the requirements and design statements to technical specifications for materials, products, services and processes.

Design interfaces

Where necessary, the Design Team should form working groups to develop interface control documents and record agreements for interfacing stakeholders in order to elicit their requirements and to provide feedback that may be important to your designs. Their emphasis should be on the identification and co-ordination of the important characteristics, parameters and configurations that need to be developed to deliver effective interface designs. The level of detail documented must be proportionate with the level of detail being developed in the design outputs.

1. Identify, specify and manage interfaces;
2. Assist in the resolution of interface issues relating to commercial or contractual issues;
3. Assist in the production of and agree interface documents with interfacing parties;
4. Ensure that the process of interface management is fully supported during the development of detailed designs;
5. Review and monitor the development of interface identification.

Design documentation

The established document numbering system must be used by the Design Team. All documents produced to support the design and the design assurance process should be listed in the Master Design Document List, which is a list of all plans, processes and procedures to be used to control the safety, quality and efficiency of the design output.

All design documents must follow the ‘Prepare’, ‘Check’, and ‘Approve’ process, evidenced by the signatures of competent individuals. All design documents should be signed off in the three categories:

1. Prepared – by a competent person who produces the design document, checking their own work complies with codes and standards governing that work.
2. Checked – by a competent person able to undertake a formal detailed check/review of design methods, codes and standards used, deliverables, calculations, drawings and specifications produced by another member of the Design Team. This role is undertaken by a competent person of the same discipline, not the Preparer, but can be a member of the same team.
3. Approved – by a competent person of the same discipline, but not a member of the same team, able to undertake a review of the design output after detail checking has taken place to validate that the design is consistent with requirements, is fully integrated and satisfies interface requirements.

Design and development reference materials (e.g. standards, catalogues, etc.) should be available and maintained by the Engineering Manager. Only current issues and revisions of reference material must be used. All documents produced to support the design and the design assurance process must be listed in the Master Design Documents List.

5.4.3 Design and Development Outputs

The outputs of Design and Development should meet the input requirements for design and development. It must provide appropriate information for purchasing, production, and servicing. It must identify or must design acceptance criteria (DAC). It must identify or refer to products and/or components which are critical to the design. It must include results of applicable calculations and must specify the characteristics of the product that are essential for its safe and proper use. The organization must document its D & D outputs for verification against the design and development input requirements. The design output must be recorded. Identification of criticality of products and/or components can be maintained outside of the design and development process.

The design and development output is the result of design and development process. The output is a clear description of the product, containing detailed information for production. The organization’s design and development outputs reconcile with its design and development inputs by:

1. Ensuring outputs meet input requirements e.g. checklists, design review records, authorization to proceed, customer acceptance, and product certification;
2. Ensuring outputs are adequate for product and service provision e.g. standards, specifications, schemes, drawings, models, part lists, materials, methods, manufacturing instructions, technical packages, tooling, machine programs, preservation, handling, packaging, specialist training, user instructions, service manuals, repair schemes, and external provision;
3. Reference to monitoring and measuring equipment e.g. inspection equipment, gages, instruments, environment;
4. Acceptance criteria e.g. product/service specification, limits, tolerances, and quality acceptance standards;
5. Product/service characteristics e.g. key characteristics, customer critical features, interface features, inspections, service intervals, and operating characteristics;
6. Critical items such as identification, key characteristics, special handling, service intervals, component lifing, cyclic life, life management plans, source and method change, and traceability;
7. Outputs are approved prior to release e.g. scope of authorization, authorized persons, levels of authorization, method of authorization and documented information is retained.

Outputs of the detailed design are the final technical documents used for purchasing, production, installation, inspection and testing, and servicing. Design output includes production specifications as well as descriptive materials which define and characterize the finished design and include drawings and documents used to procure components, fabricate, test, inspect, install, maintain, and service the product. Design and development outputs are in the form of documented information that defines the product, including its characteristics that affect safety, fitness for use, performance, and reliability are provided for the manufacturing phase:

1. Schematics, assembly drawings and wiring diagrams.
2. Component and material specifications.
3. Production and process specifications.
4. Software design specifications.
5. Bills of materials.
6. User operation and maintenance instructions.
7. Results of risk analysis and transfer of residual risk.
8. Software source code and software machine code.
9. Results of verification and validation activities.
10. Quality assurance specifications and procedures.
11. Installation and servicing procedures.
12. Packaging and labeling specifications, including methods and processes.
13. Details of new or revised procedures, work instructions, or processes.
14. Applicable workmanship standards.
15. Inspection and test criteria.

Specifications and procedures for product packaging and labeling are also part of the design and development output. Support documentation (e.g. calculations, risk analysis, test results, verification and validation reports, etc.) is also part of the design and development output. The transfer of a design to production typically involves review and approval of specifications and procedures and, where applicable, the proving of the adequacy of the specification, methods and procedures through process validation including the testing of finished product under actual or simulated use conditions. The design transfer phase ensures that the design is correctly translated into production specifications, such as assembly drawings, component procurement specifications, workmanship standards, manufacturing instructions, and inspection and test specifications. They may also be:

1. Documentation (in electronic format as well as paper);
2. Training materials (e.g. manufacturing processes, assembly, and test and inspection methods);
3. Digital data files (e.g. computer-aided manufacturing (CAM) programming files);
4. Manufacturing jigs and other aids (e.g. molds or templates).

The Engineering Manager should ensure that the design transfer process addresses the following basic elements by:

1. Undertaking a qualitative assessment of the completeness and adequacy of the production specifications;
2. Ensuring that all documents and articles that constitute the production specifications are reviewed and approved;
3. Ensuring that only approved specifications are used for manufacture and production.

Prior to execution of a work transfer, analysis of any regulatory or contractual requirements are reviewed and flowed down through the supply chain to ensure compliance of any established requirements.Outputs may also include product preservation methods, identification, packaging, service requirements, etc. as appropriate.

5.4.4 Design and Development Review

Periodically at suitable stages of D & D , the organization must review its Design and Development. The review is performed to identify any problems and take necessary actions. The organization must evaluate the suitability, adequacy, and effectiveness of the results of design and development stages to meet specified requirements. Representatives of concerned functions should be part of the review. The result of review and any necessary action should be recorded.

Design reviews should be carried out after the initial concept stage and again after the detailed design stage and finally, before the design is released. The design review function is carried out at various stages of the design process in order to check that the design solution is in accordance with the original design inputs and objectives and includes identification of concerns, issues and potential problems with the design. Design review meetings should be held at pre-defined points during the development process, with reviews held on an as-needed basis, depending upon the complexity of the design. Participants of design review meetings are competent to evaluate the design stage and discipline under review to permit them to examine the design and its implications.

Assurance reviews: The Design Manager should ensure that design reviews are carried out in accordance with the Design Management Plan when the design has progressed by 20%, 60% and 100%. A cross functional, multidisciplinary team (including at least one individual who does not have direct responsibility for the design stage under review) undertake a documented, comprehensive, systematic examination of the design to evaluate its adequacy, to determines the capability of the design to meet the requirements, and to identify problems, whilst ensuring that:

1. The input for the Design Reviews is captured from all stakeholders;
2. All open actions from previous Design Reviews are tracked through to closure;
3. All areas of concern are highlighted for further discussion and risk mitigation;
4. All design reviews are documented and shared with stakeholders in a timely manner.

The following elements are considered during design reviews:

1. Customer needs and expectations versus technical specifications;
2. Ability to perform under expected conditions of use and environment;
3. Safety and potential liability during unintended use and misuse;
4. Safety and environmental considerations;
5. Compliance with applicable regulatory requirements, national, and international standards;
6. Comparison with similar designs for analysis of previous quality problems and possible recurrence;
7. Reliability, serviceability, and maintainability;
8. Product acceptance/rejection criteria, aesthetic specifications and acceptance criteria;
9. Ease of assembly, installation, and safety factors;
10. Packaging, handling, storage, shelf life, and disposability;
11. Failure modes and effects analysis;
12. Ability to diagnose and correct problems;
13. Identification, warnings, labelling, traceability, and user instructions;
14. Manufacturability, including special processes;
15. Capability to inspect and test;
16. Materials and components specifications;
17. Review and use of standard parts.

The reviewers are responsible for raising any comments, while the Design Manager should be responsible for capturing comments using the Design Review Meeting Minutes. Conclusions drawn during design reviews are considered and implemented as appropriate. Not all identified concerns result in corrective actions, the Engineering Manager should decide whether the issue is relevant, or the issue is erroneous or immaterial. In most cases, however, resolution involves a design change, a change in requirements, or a combination of the two. Records of design review meetings are retained and identify those present at the meeting and the decisions reached.

Single-consultant Design Review (SDR): The Single-consultant Design Review (SDR) is a presentation of the design to relevant stakeholders. These reviews are carried out by the Design Manager when the design has progressed by 20%, 60% and 100%. The purpose of the review is to present evidence at each of these stages to confirm that the design is compliant with the standards and requirements defined in the Conceptual Design Statement. The reviewers are responsible for raising any comments, while the Design Manager should be responsible for capturing comments using the Design Review Meeting Minutes, and referencing the document upon which they are commenting along with their name. If a reviewer cannot attend a session it is their responsibility to ensure adequate cover or to issue their comments the Design Manager for inclusion. The minutes of SDR meetings are recorded. Meeting minutes include a detailed listing of all the documents that have provided the basis of the review. Issues raised may be addressed in the following design stage. Any outstanding issues are recorded in the Design Issues Log (or similar), presented at the Assurance Gate Review meeting as issues for the next design stage and subsequently confirmed as being closed out at the subsequent Gate.

Inter-consultant Design Review (IDR): The Inter-consultant Design Review (IDR) is a presentation of the design of a work package or packages to interfacing Design Teams. These are carried out by the Design Manager when the design has progressed by 20%, 60% and 100%. Its primary purpose is to seek evidence that all interfaces have been agreed and that the design integrates to deliver the requirements. At each IDR an Inter-consultant Design Review Certificate is produced to evidence that all interfacing Design Teams are satisfied with the design under consideration. It should be signed by accepted representatives of the interfacing Design Teams and contain a list of any actions required to close out any exceptions raised but not deemed a bar to acceptance. The reviewers are responsible for issuing any comments in writing using the Design Review Meeting Minutes, and referencing the document upon which they are commenting along with their name. If a reviewer cannot attend a session it is their responsibility to ensure adequate cover. The minutes of IDR meetings are recorded and include a detailed listing of all the documents that have provided the basis of the review. Issues raised may be addressed in the following design stage. Any outstanding issues are recorded in the Design Issues Log (or similar), presented at the Assurance Gate Review Meeting as issues for the next design stage and subsequently confirmed as being closed out at the subsequent Gate. Other instances of design reviews may be required when the Engineering Manager has identified significant design change that requires a review to revalidate the design.

Assurance gate reviews: The Assurance Gate Reviews 1 to 3 are the primary control mechanism that provides progressive assurance when evidence is reviewed at defined stages to confirm that the designs produced meet the design project’s objectives, requirements, obligations and that the risks associated with the engineering are identified and fully understood.

1. Gate 1 – (Initial concept (20% complete) The details will be outline only but will define the character, limit and form of manufacture, fabrication or construction.
2. Gate 2 – (Functional design (60% complete) At this stage the design has progressed to an intermediate position (progress check at 60% complete) This Gate is a check point at about the mid-point between Gate 1 and the final design. At the outset of a design project, the target deliverables at Gate 2 are clearly defined so that it provides an interim way point to confirm progress.
3. Gate 3 – (Detailed design ready for manufacture, fabrication or construction (100% complete) At this stage the design is complete and ready to be issued for manufacture, fabrication, or construction. Design details are finalised and fully integrated with other interfaces.

The purpose of the Assurance Gate Review process is to provide progressive assurance during the design stage that the objectives of the design intent can be achieved and that the design can progress successfully to the next stage. The next stage of the design process can only proceed when the Assurance Gate Review is successfully passed. If the evidence submitted at the Assurance Gate Review demonstrates that the design meets the objectives, it will be approved. If the Gate Review Panel decides that the submitted deliverables fall short of the requirements, the design will not pass through the Assurance Gate Review and is therefore prevented from proceeding to the next stage. The Gate Review Panel also known as the ‘Approval Authority’ has the responsibility to make the appropriate decision at each Assurance Gate Review. The Gate Review Panel is a multi-discipline committee formed of members from various departments and stakeholders throughout the organization. The Gate Review Panel members should be selected based on perceived risks, applicable regulatory or legal requirements, technical complexity, financial repercussions and criticality of the product. Department representation should include: Quality, Manufacturing, Engineering, Sales, Planning, Purchasing, Business Development, Contract, Legal, or others as deemed necessary. Formal, documented design and development Assurance Gate Reviews should be held at appropriate stages of the design and development cycle and include representatives from all concerned functions and stakeholders. Each Assurance Gate Review focuses on assessing whether the design deliverables meet all the objectives and appropriate criteria. The minimum approval criteria used for determining whether the design meets the intent are set out below. In addition to these minimum requirements, the Engineering Manager may specify further criteria at the outset of each design stage. The Gate Review Panel is responsible for managing the Gates Review process thereby ensuring that:

1. The design progress and the design status has successfully reached a stage of development appropriate to the Gate being assessed;
2. Cost and programme issues have been agreed and align with budget constraints;
3. The assurance evidence presented to the panel is sufficient to support the Gate requirements;
4. The risks are either designed out, have appropriate mitigation or have been clearly identified and agreed that they can proceed to the next stage;
5. All the necessary deliverables and other legal have been identified, complied with and that the design is compliant with any including undertakings and assurances;
6. At the conclusion of the Gate Review Panel and the Gates Chair Person a shall confer, taking full account of the views of the other Panel Members, and decide whether or not the design submission and presentation meets the Assurance Gate Review objectives and consequently can be given a pass or is prevented from passing the Gate.
7. If the Gates Chair Person decides that missing deliverables or evidence do not impact on the ability of the project to proceed, then a conditional pass may be given, subject to the remaining deliverables being completed within a specified time.
8. The conditions and timescales are conveyed to the Design Manager at the Review;
9. Where conditions are raised that are potentially of a significant risk, consideration shall be given to inclusion of the conditions;
10. The Gate Review Panel’s findings and decisions are recorded, together with any supporting data.

The Design Review Meeting Minutes should capture the results of the Gate Review Panel’s review. It serves as a record of the review and summaries the findings. The key aspects of the report are recording the evidence presented to satisfy the approval criteria and using this to support the decision regarding pass or re submission. It is the Design Manager’s responsibility to assemble and present to the Gate Review Panel sufficient evidence, see table of deliverables below, when the design has progressed to 20%, 60% and 100%, to enable the Gate Review Panel to discharge their duties. Key design deliverables that are associated with the Assurance Gate Review are provided to the Gate Review Panel at least 5 working days prior to the scheduled review date

5.4.5 Design and Development Verification and Final Review

In accordance with planned arrangements the design and development verification and a final review must be conducted and documented to ensure that the design and development outputs meets the design and development input requirements. Design and development verification and the final review must be recorded.

Design verification is confirmation by examination and provision of objective evidence that the specified input requirements have been fulfilled. Any approach which establishes conformance with a design input requirement is an acceptable means of verifying the design with respect to that requirement. Complex designs require more and different types of verification activities. The nature of verification activities varies according to the type of design output. Design verification is carried out to check that the outputs from each design phase meet the stated requirements for the phase. Requirements traceability verification is undertaken to ensure that the design fulfills the design concept, while expressing the necessary functional and technical requirements. This process verified throughout the Assurance Gate Reviews. In most cases, verification activities are completed prior to each design review, and the verification results are submitted to the reviewers along with the other design deliverables to be reviewed. The results of the design verification, including identification of the design, method(s), the date, and the individual performing the verification, shall be documented and retained.

5.4.6 Design and Development Validation and Approval

Design and development validation shall be performed in accordance with planned arrangements to ensure that the resulting product is capable of meeting the specified requirements. Validation shall be completed prior to the delivery of the product, when possible. The completed design shall be approved after validation. Competent individual other than the person or persons who developed the design shall approve the final design. Records of the design and development validation, approval, and any necessary actions shall be maintained .

Design and development validation shall be performed in accordance with planned arrangements to ensure that the resulting product is capable of meeting the specified requirements. Validation shall be completed prior to the delivery of the product, when possible. Design validation is similar to verification, except this time you should check the designed product under conditions of actual use. If you are designing dune buggies, you might take your creation for a spin on the beach. If you are making beverages, you might conduct a consumer taste test. Verification is a documentary review while validation is a real-world test. Perform design and development validation by ensuring the product meets the specified requirements. Maintain records of validation activities and approvals. Design validation follows successful verification, and ensures, by examination and provision of objective evidence, that each requirement for a particular use is fulfilled. The performance characteristics that are to be assessed are identified, and validation methods and acceptance criteria are established . At the commencement of the design project, the requirements received from the previous design phase form the initial baseline. During design reviews, the requirements are considered to ensure that the right requirements and any assumptions have been captured, to identify missing requirements and ensure that the design intent will meet those requirements. The results of the design validation, including identification of the design, method, the date, and the individual(s) performing the validation, should be documented and retained. The organization shall have records that the product designed will meet defined user needs prior to delivery of the product to the customer, as appropriate. Methods of validation could include simulation techniques, proto-type build and evaluation, comparison to similar proven designs, beta testing, field evaluations, etc. Irrespective of the methods used, the validation activity should be planned, executed with records maintained as defined in the planning activity. Retain documented information to demonstrate that the any test plans and test procedures have been observed, and that their criteria have been met, and that the design meets the specified requirements for all identified operational conditions e.g. reports, calculations, test results, data, and reviews.

5.4.7 Design and Development Changes

Any changes for Design and Development must be identified, reviewed, verified, and validated, as appropriate, and approved before implementation. The review of design and development changes includes evaluation of the effect of the changes on product and/or their constituent parts already delivered. Design and development changes must have all the controls as with the original design and development. This includes change in the design documents. The design and development changes, their review and any necessary action must be recorded.

It is important to control design changes throughout the design and development process and it should be clear how these changes are handled and what affects they have on the product. The organization has retained documented information concerning:

• Design and development changes;
• The results of reviews;
• The authorization of changes;
• Actions taken to prevent adverse impacts.

The organization should begin identifying, reviewing and controlling of design changes including the implementation of a process to notify the customer when changes affect the customer requirement e.g. customer communication, notifications of change, requests for deviation, and contract amendments. The Engineering Manager in conjunction with the Design Manager is responsible for evaluating the risks and the impact of design changes against the criteria. The Engineering Manager logs all change requests in the Design Change Request Log, performs an evaluation and either approves or denies the request. Major changes are also evaluated by any affected stakeholders. All change requests serve as design and development inputs for design and development changes. Design documentation is updated to accurately reflect the revised design.

It is as important to control design changes throughout the design and development process and it should be clear how these changes are handled and what effects they have on the product. Ensure control over design and development changes, design changes must be:

• Identified.
• Recorded.
• Reviewed.
• Verified.
• Validated.
• Approved.

Configuration control can be managed via alteration requests, notice of change, amendments, deviations, waivers, concessions, part revision changes, part number changes, change categories, service bulletins, modification bulletins, airworthiness directives, engineering communication notice, product change boards. Design and development changes (after the original verification and validation) have to be ‘verified and validated as appropriate’ (as well as reviewed) and to ‘include evaluation of the effect of changes on constituent parts and products already delivered’. If the organization chooses not to perform re-verification and re-validation on every design change, then the auditor should expect to see some very well-defined criteria as to when the activity needs to occur. Retain documented information that includes design change history, evaluation of change results, authorization of change and actions taken in relation to subsequent activities that are impacted by the change.

5.5 Contingency Planning

5.5.1 General

The organization must maintain a documented procedure for contingency planning needed to address risk associated with impact on delivery and quality of product. Contingency planning must be based on assessed risks, and output to be documented and communicated to the relevant personnel and updated as required.

While contingency has been applied by the industry for years, application has been inconsistent and has overlooked critical information to mitigate risks. The standard mandates that a documented procedure for contingency planning must be available. This requirement for the procedure will include risk mitigation for delivery and quality of product. Contingency planning needed to address risk associated with the impact on:

• Delivery and Product Quality.
• Based on assessed risk
• Communicated to relevant personnel.

5.5.2 Planning Output

The contingency plan is to include, at a minimum actions required in response to significant risk scenarios to mitigate effects of disruptive incidents, identification and assignment of responsibilities and authorities and internal and external communication controls .

Contingency planning output must be documented and communicated to the relevant operational personnel and updated as required to minimize the likelihood or duration of disruption of manufacturing. The outputs of the contingency planning must be based on assessed risks that were discussed in section 5.3 of this specification. As mentioned in the dictation under 5.5.1, the better the Risk Assessment, the less disruption and the smaller the likelihood of an incident. If an incident does occur, it is more likely to be contained or controlled through contingency planning, thereby minimizing loss.

The contingency plan shall include, at a minimum:

• Actions required in response to significant risk scenarios to mitigate effects of disruptive incidents;
• Identification and assignment of responsibilities and authorities, and
• Internal and external communications controls

Actions Required in Response to Significant Risks covers actions required in response to significant risk scenarios to mitigate effects of disruptive incidents. This is obvious and is what most manufactures often think of when doing contingency planning. This is how we prevent or mitigate the “Incident” we discussed in 5.5.1 of the specification. Here, the manufacture must review different real and potential risk scenarios and do the proper assessments to understand the in order to prevent and/or mitigate the loss. Most manufactures do this as it relates to HSE. However, API Spec Q1 requires this to be done to include delivery and product quality related incidents as well                                     ,                                              

The basic contingency planning process includes

1. Map out essential processes.

What processes are essential to your business and safely delivering your product or service to customers? If you’re a manufacturing company that ships directly to consumers, a simplified process list might look something like this:

• Getting raw materials from suppliers
• Manufacturing process
• Freight and shipping
• Packaging and warehousing
• Last-mile delivery

Looking at this list, you can see how vulnerable it is to natural disasters or even minor human errors.

2.Create a list of risks for each process.
Once the process list is created, consider what might disrupt business continuity. What can go wrong with each of these critical processes? Let’s look at an example of what could go wrong with “last-mile delivery”

• The driver can deliver single or multiple packages to the wrong address.
• The package can be damaged during delivery.
• The package could get lost at a distribution center.
• A truck full of packages could be involved in an accident.
• A flood could cripple the road system in a specific area.
• The driver could get delayed because a moose wants to lick salt splatter off the car (seriously, it’s a thing).
• And that’s only a preliminary list. Once you start thinking about it, you’ll realize how many things you rely on to avoid going wrong, even for fundamental processes.

Every business process is vulnerable to some sort of emergency or human error.

3. Evaluate the potential impact and likelihood of each risk.
Once the risks are identified, it’s essential to determine how they could impact your business. Are they likely to happen? How large will the impact on your business if they do occur? Most companies use “qualitative risk assessment” to do this.

4. Calculate costs and contingency reserves, and identify issues to mitigate.

The quantitative risk assessment approach is to assess the potential cost of each risk. This means you can make an educated decision when budgeting contingency reserves into project plans and yearly budgets. During the risk analysis, estimate the potential costs of the adverse event.

5. Create a response plan for prioritized events.

Create a response plan for events by exploring the following questions:

• What can be done ahead of time to minimize any adverse effects on the event? For example, backing up data, carrying extra stock, or having more employees on call.
• What can be done immediately after the event to minimize the impact? For example, ordering more from a secondary supplier, rerouting another vehicle, or bringing in on-call staff.

The specifics depend on your company’s unique processes and situation.

5.6 Purchasing

5.6.1 Purchasing Control

5.6.1.1 Procedure

Procurement and the controls of materials, products and suppliers is one of the most critical elements of API Q1. The organization must maintain a documented procedure to ensure that purchased product or outsourced activities conform to specified requirements and must address:
a) the determination of the criticality of activities or products as they are applicable to conformance to product or customer specifications
b) Initial evaluation and selection of suppliers based on their ability to supply products or activities in accordance with the organization’s requirements
c) type and extent of control applied to the supplier based on the criticality of product or activity
d) criteria, scope, frequency, and methods for reassessment of suppliers
e) maintaining a list of approved suppliers and scope of approval, and
f) type and extent of control applied to outsourced activities

a) Determination of Criticality: The determination of the criticality of the activities or products as they are applicable to conformance to product or customer specifications. This is an important requirement to both ensure that all incoming raw materials, components and finished product(s) meet specification. It is also important factor for determining which suppliers may or may not be critical as well.
b) Initial Evaluation of Suppliers: Initial evaluation and selection of suppliers based on their ability to supply products or activities in accordance with the organization’s requirements
Some things to consider here include:
o Suppliers ability to meet the organizational requirements
o Suppliers ability to meet customer requirements
o The supplier’s actual capacity and capability of meeting organization requirements.
c) Applied Control: This mandates that organizations include in the procedures, the type and extent of control applied to the supplier and activities or products based on the of the activities or products. The term “criticality” is important. The criticality of the activities or products as well as the supplier’s risks, determines the type and extent of controls that the organization provides for the supplier, activities or products.
d) Reassessment of Suppliers: The procedure shall address:
o Criteria
o Scope
o Frequency
o For supplier reassessments
e) Approved Supplier Listing: The procedure shall address:
o List of approved suppliers
o Scope of approval
f) Control Over Outsourced Activities: The procedure shall address the type and extent of control to be applied to outsourced activities. The amount of control normally takes the suppliers performance into account. Some performance criteria include:

1. Quality of product and service
2. On time delivery
3. Reporting & documentation
4. Budget
5. Risk(s)

Supplier approval
Approved suppliers must have satisfactorily demonstrated their ability to meet your business’s requirements, as well as customer and legal requirements, as determined and evidenced by the initial supplier evaluation process. Suppliers are often approved, or not approved, on the basis of financial standing, preferred cost, product expertise, past performance, technology, logistics, supply chain integrity, business risk, and any known significant environmental, or health and safety compliance issues. If the supplier is acceptable, they should be added to your approved supplier list. Signed approval must be given by an authorized representative, typically the Quality Manager or Contracts Manager have the authority sign off on supplier approvals. The approval status of each supplier must be clearly authorized on your approved supplier list.

5.6.1.2 Initial Supplier Evaluation—Critical Purchases

For purchases of critical products, components or activities, the criteria for the initial evaluation of suppliers by the organization shall be site-specific for each supplier. For purchases of critical products, components or activities, the criteria for the initial evaluation of suppliers by the organization shall be site-specific for each supplier and shall include verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization. Assessment of the supplier to ensure its capability to meet the organization’s purchasing requirements by performing an on-site evaluation of relevant activities, or performing first article inspection to ensure conformance to stated requirements, or identifying how the supplied product conforms to stated requirements when limited by proprietary, legal, and/or contractual arrangements.

A critical vendor is one that you rely on heavily to support the most important activities within your organization – oftentimes called ‘critical activities’. While critical activities will differ between organizations, examples of critical vendors might include those who:

Inspection Companies– Non Destructive Testing, Magnetic Particle Inspection, thread inspection, etc. 3rd party inspection companies could be considered a critical supplier.
Calibration Companies – The organization requires certificates published from the 3rd party vendors. This makes calibration companies a critical supplier.
Material –Product and Raw Material Supplier– The Supplier for material would be considered a critical supplier to our needs since many of the products are supplied because if we would stop buying from them our operation would simply crumble
Trucking and delivery – These are suppliers are crucial to the end result as we depend on them to get it to the rigs, so they would definitely be considered critical.
O-rings, seals, and gasket suppliers – Anytime product requires O-rings, seals and gaskets they can be classified as critical.

Defining your critical vendors begins with being clear about your own critical activities. A good place to start is with your company’s business continuity/disaster recovery plan, which defines critical activities within your own operations. Knowing those activities will help you determine which vendors support those critical operational areas. Here are a few things you should do to get started to identify critical vendors:

• Inquire of your Procurement department if they maintain a listing of all vendor contracts.
• Review your user listings to critical systems. You should already perform periodic user access reviews, but doing so will give you an understanding of what vendors have access to your network or sensitive data.
• Once you have performed these tasks, you may be able to better categorize your critical vendors, according to the following classifications and how they rate within your own organization:
  • Vendor type
  • Regulatory requirements
  • Specific services provided
  • Business disruption factors
  • Data type and volume

5.6.1.3 Initial Supplier Evaluation—Noncritical Purchases

Even for purchase of noncritical products, components, or activities that impact product realization or the final product, the criteria for evaluation of suppliers by the organization must either meet the requirements of criteria of evaluation of critical suppliers or satisfy verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization or assessment of the supplier to meet the organization’s purchasing requirements or assessment of the product upon delivery or activity upon completion.

A non-critical vendor is one that does not undergo the same level of examination as critical vendors. Non-critical vendors simply offer support to the operations that allow employees to do their jobs efficiently, effectively and in comfort. They do not, however, have any impact on the final product or service. These vendors may affect productivity but they do not affect the product or service provided itself. The main difference in treatment between a critical and non-critical vendor lies in the frequency between reviews and assessments. Critical vendors generally undergo reviews once a year while non-critical vendors only face reviews once every two-to-three years.

5.6.1.4 Supplier Reevaluation

For re-evaluation of all suppliers weather critical or noncritical, the requirements of 5.6.1.3 shall apply. The criteria for re-evaluation of suppliers by the organization must either meet the requirements of criteria of evaluation of critical suppliers or satisfy verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization or assessment of the supplier to meet the organization’s purchasing requirements or assessment of the product upon delivery or activity upon completion

A typical supplier evaluation and reevaluation might include:

• Gathering and analysis of data (such as technological and operational capabilities, logistics, quality, technical risks) about the supplier.
• An on-site assessment of the quality system or compliance review by your Audit staff.
• Completing and signing a quality agreement or contract.
• Businesses often assess the supplier’s facilities, quality system, and process controls to determine if there is potential impact on their own manufacturing or service provision processes.
• Assign risk levels on parts/materials, as appropriate:
  • Determine if there is potential product or regulatory risk.
  • Confirm the capability of the supplier to supply or manufacture to requirements.

5.6.1.5 Supplier Evaluation Records

Records of the results of all evaluations and any necessary actions arising from the evaluations shall be maintained.

All suppliers should be given an overall performance rating between 0-100%. Set the minimum performance threshold or benchmark to 95% for example. The resulting performance rating is an indication of a supplier’s performance ability and their ability to meet your requirements. Retain records of supplier evaluations and the related actions.

5.6.1.6 Outsourcing

When an organization choose to outsource any activity within the scope of its quality management system, the organization shall ensure that all applicable elements of its quality management system are satisfied and shall maintain responsibility for product conformance to specified requirements, including applicable API product specifications associated with product realization. Records of outsourced activities shall be maintained.

Monitoring Outsourcing performance
The performance of outsource processes must be consistently monitored by the Quality Manager or Contracts Manager. Various ways include the review of measures, targets, KPIs, score cards, dash-boards, scored ratings, or survey results. The ongoing monitoring of commonly use some of the following criteria to rate performance:

• An assessment of the quality and quantity of products, services or materials provided.
• On-time delivery performance.
• responsiveness/communication.
• Total number of corrective actions.
• response time.
• Defective parts per million (PPM).
• Total cost.
• A review of receiving records, inspection records, or acceptance records.

Organization should periodically communicate these results to their vendors as appropriate. On-site audits and process audits at the vendor’s premises is deemed necessary by the Quality Manager and the Purchasing, or Contracts Manager. Issues or conditions which might initiate a vendor’s audit include quality issues, engineering changes, process changes, plant location changes or the criticality of the part or service. When an audit is necessary, you should contact the vendor and schedule an on-site visit and confirm the agenda.

5.6.2 Purchasing Information

The organization must ensure prior to communicating with the supplier the adequacy of the purchasing information must be adequate and documented. Purchasing information must describe the product or activity to be purchased, including acceptance criteria, and where appropriate requirements for approval of supplier’s procedures, processes, equipment,applicable version of specifications, drawings, process requirements, inspection instructions, traceability, and other relevant technical data. It must also describe if any supplier personnel’s qualification and QMS requirements.

Purchase orders for items that are essential to fulfill customer requirements and directly affect the quality of your products and services should only be raised by the Purchasing Manager, or the Accounts Department (at the request of the Purchasing Manager). Purchase orders may be raised by the use of the computerized purchasing system or soft backed purchase order books. Purchase orders should contain:

• Supplier;
• Originator;
• Date;
• Purchase Order Number;
• Items required;
• Quantities;
• Required delivery date;
• Quoted prices where applicable or known;
• Any other information deemed critical for the supply of the material should also be noted.

Ensure that purchase orders or purchasing specifications include, where appropriate the requirements for the approval and acceptance of products, services, procedures, processes or equipment. Purchasing documentation should also define the requirements for approval of the supplier’s personnel, verification arrangements, or quality management system requirements as necessary. All purchase orders or purchasing specifications must be reviewed and approved before they are released to the supplier. Where appropriate, ensure the requirements for certification, inspection reports, statistical data, approval of samples, etc. are included in purchasing documents. Some purchasing documents may include an agreement obligating your suppliers to give notification of changes to their product or service. When notification is received, the Quality Manager and the Purchasing, or Contracts Manager should evaluate how, and whether the changes affect the quality of your completed products or services.

The organization must where appropriate, communicated not just the products or services they wish to receive but also any processes they want the external provider to undertake on their behalf. To ensure adequacy of specified purchasing information prior to their communication to the supplier, the supplier is usually requested to quote on price and availability. All pertinent purchasing information, as determined by your organization and customer requirements; should be included in the request for a quote (RfQ). The purchase order should be created after the review and acceptance of a supplier’s quote, and must contain the same content as the request for a quote. Describe the product to be purchased by:

• Defining product approval requirements, e.g.; certificate of conformity;
• Defining intended verification arrangements, e.g.; witness testing or certification;
• Defining personnel qualifications and quality, environmental, and safety requirements;
• Maintaining records.

Where activities are wholly outsourced, or subcontracted; your organization maintains responsibility for product conformance to all specified requirements. Purchasing information should include acceptance criteria, and where appropriate, state the requirements for the approval of supplier’s procedures, processes, and equipment. Applicable versions of specifications, drawings, process requirements, inspection instructions, traceability, relevant technical data, and requirements for qualification/competence of the supplier’s personnel, and quality management system must be specified and communicated.

5.6.3 Verification of Purchased Products or Activities

The organization must establish a documented procedure for the verification or other activities necessary for ensuring that purchased products or activities meet specified purchase requirements. Where the organization or its customer intends to perform verification at the supplier‘s premises, the organization shall state the intended verification arrangements and method of product release in the purchasing information. The organization must ensure and provide evidence that purchased products and activities conform to specified requirements. The organization shall maintain records of verification activities.

The documented procedure must ensure that items, which are essential to fulfilling customer requirements and which directly affect the quality of products and services, are verified upon product receipt or service delivery to verify they conform to:

• QMS requirements;
• Competency of external personnel;
• Purchase orders;
• Purchasing specification;
• Purchasing agreements;
• Delivery notes;
• Release certificates;
• Certificates of conformity;
• Inspection and acceptance tests;
• Product specifications;
• National or international standards.
• Receiving inspection

On receipt of incoming materials, the receiving personnel must identify and inspect the items, goods and materials and match them against the delivery note. The delivery note is compared to the corresponding purchase order and any related documentation. This inspection should include but not be limited to:

• Confirmation of identification using purchase order number, drawing numbers, material markings etc.;
• Confirmation of adherence to delivery schedule;
• Confirmation of conformance to purchase order requirements;
• Confirmation of correct quantities;
• Visual examination for obvious defects;
• Measurement comparison to drawings where required;
• Specified certification/documentation as required.

For large numbers of identical items, visual and dimensional checks should be undertaken on a minimum of 5% of the total quantity. No material is released for further processing until receiving inspection has been completed and goods accepted. All accepted materials passing immediate inspection can be allocated a storage area. Any non-compliant goods must be placed in a separate area, and clearly identified. Further investigating should determine whether the items, materials or goods are to be:

• Scrapped;
• Returned to Supplier;
• Reworked to a useable condition.

When inspecting materials that include specified certification or documentation should only be accepted when such certification and documentation has been viewed and approved by the Quality Manager or the Purchasing Manager.

5.7 Production and Servicing Provision

5.7.1 Control of Production and Servicing

5.7.1.1 Production

The organization must establish a documented procedure that describes controls associated with the production of products. The procedure shall address the availability of information that describes the characteristics of the product, when applicable implementation of the product quality plan, when applicable ensuring design requirements and related changes are satisfied, when applicable, the availability and use of suitable production, testing, monitoring, and measurement equipment,when applicable the availability of work instructions, process control documents, implementation of monitoring and measurement activities, and implementation of product release including applicable delivery and post-delivery activities.

• The procedure shall address the following the availability of information that describes the characteristics of the product. A product characteristic is an attributes or property of the product that describes the product’s ability to satisfy its purpose in a larger system.Examples of product characteristics are size, shape, weight, color, quality, hardness, etc. The list of product characteristics depends on your product and how its functional design requirements have been defined. Some product characteristics are more significant that others in terms of reliability, quality and safety. Thus, it can be important to identify those that are most critical.
• The procedure shall address the following implementation of the product quality plan, when applicable.
• The procedure shall address ensuring design requirements and related changes are satisfied, when applicable. Changes to the Product Quality Plan design requirements and related changes may affect the application or other risk associated with the changes therefore a review of the Design and Development process is required to ensure associated with the changes related to product quality, delivery and meeting customer requirements are affected.
• The availability and use of suitable Production, Testing, Monitoring and Measurement Equipment. Manufacturing in the process must ensure that production equipment required for the manufacturing process is available, based on capacity and suitability for the application required as well as having properly calibrated TMME suitable for monitoring the manufacturing process to ensure the product meets the stated specifications.
• The availability of work instructions, when applicable. While not stated in the specification, processes especially critical processes should have work instructions describing critical steps and include what risks to Quality, Health & Safety that could affect product quality/delivery and where employee’s health and safety are at risk. This is linked to their competencies
• The procedure shall address process control documents. Process control documents includes those documents demonstrating to the stated requirements (Customer, API, product standards/ codes etc.) and listed within the product quality plans, if applicable. These documents include routing, travelers, checklists, process sheets, or equivalent controls required by the company.
• The procedure shall address the implementation of monitoring and measurement activities.
• The procedure shall address the implementation of product release, including applicable delivery and post-delivery activities. Product release cannot proceed until the product meets the agreed upon planned arrangement or approved by a relevant authority and, where applicable, by the customer.

5.7.1.2 Servicing

The organization must establish a documented procedure that describes controls associated with the servicing of products. The procedure shall address the review and implementation of the organization’s, customer-specific, product servicing, and other servicing requirements, the availability and use of suitable servicing, testing, monitoring, and measurement equipment, the availability of work instructions, when applicable, ensuring identification and traceability requirements are maintained throughout the servicing process, the implementation of monitoring and measurement activities, process control documents and requirements for release of the product that was serviced.

• The procedure shall address review and implementation of the organization’s customer-specific, product servicing, and other servicing requirements. The documented controls in the procedure addressing these servicing requirements are critical to ensure that both the product being serviced meets requirements and to ensure that it stays within the scope of API Q1.
• The procedure shall address the availability and use of suitable Servicing, Testing, Monitoring and Measurement Equipment. Calibration has been replaced with Testing, Monitoring and Measurement Equipment. Monitoring also includes verification . This includes equipment that is both critical to the process while having the possibility of presenting significant risk to person, such as H2S monitors, other gas monitors, confined space monitors, etc.
• The procedure shall address the availability of work instructions, when applicable.
• During servicing, (related to returning SRP back to OEM specification) especially critical service-related product and the processes associated with the servicing of those within the manufacturing scope should have work instructions.
• The procedure shall ensure identification & traceability requirements are maintained throughout the servicing process.
• The implementation of monitoring and measurement activities.
• During servicing, manufacturing must ensure that all product (critical) has the proper controls by using the appropriate monitoring and measurement devices and activities. These activities are documented using the proper
• Process control documents includes those documents demonstrating conformance to the stated requirements (Customer, API, product standards/ codes etc.) and listed within the product quality plans if applicable. These documents include routing, travelers, checklists, process sheets, or equivalent controls required by the company.
• The procedure shall address the requirements for release of the product that was serviced.

5.7.1.3 Process Control Documents

Process controls are be documented in routing, travelers, checklists, process sheets, or equivalent controls as required by the organization including requirements for verifying conformance with applicable product quality plans , API product specifications, customer requirements, and/or other applicable product standards/codes. The process control documents also include or have reference to instructions and acceptance criteria for processes, tests, inspections, and required customer’s inspection hold or witness points.

Process control is about monitoring and controlling all aspects of a manufacturer’s production and operation. It’s part of the larger supply chain management and it works in conjunction with other operation management functions such as inventory control and quality control. The purpose of production control is to balance the output of a facility to guarantee that the specifications of the products being produced are met. It does this by applying specific actions and making insightful decisions to predict, plan and schedule work. Some of the activities that are regulated in production control include labor, the availability of materials and any restrictions on capacity and cost. The end result of production control is to achieve the expected quality and demanded quantity while monitoring the production schedule to ensure that the production plan is being met. he production control process varies from industry to industry and even business to business. That said, there are some fundamental steps that are common in any production control process. They are as follows.

Routing: The first step of any production control process is the definition of your operation, from beginning to end. This includes what raw materials you’ll need for production, other resources, such as labor and equipment, the needed quantity, quality expectations and where the production will take place. This process is to determine the most efficient and cost-effective step-by-step manufacturing process through scheduling.

Traveler: It is a document that contains all of the details about the materials and processes that went into the production of a given item. When a manufacturer receives an order, they create a work order to begin the production process. In addition to the work order, a traveler is created and moves along with the product as it flows through the production facilities. The traveler contains information about what items are necessary for the given product, what tools will be needed, and what steps the product will need to go through to be assembled.

Checklist for Manufacturing: A control checklist for manufacturing includes all the requirements for a product, both visual and physical. It is a beneficial tool to ensure all parties are on the same page about the demands for the parts, materials, and final product. It outlines the standards your suppliers and manufacturers should meet and describes the “ideal” product that your customer expects from you. You can think of a checklist as guidelines for all teams to follow when making and selling your products. It streamlines the cooperation process and helps eliminate any possible errors occurring along your entire manufacturing workflow.

Process sheet: A process sheet is a document that provides all the steps for manufacturing products.Process sheets are also processed records, production documents, or shop orders. A process sheet consists of manufacturing instructions for a specific batch, lot, or run. It describes the operating parameters and settings for the equipment and facilities used and associated tooling or supplies. It contains part information, routing information, and operation detail information.A process sheet is a set of instructions that can be followed to achieve the desired goal.

5.7.1.4 Product Realization Capability Documentation

The organization must documentation the product realization plans (see 5.2) and records of review/verification, validation, monitoring, measurement, inspection, and test activities, including criteria for product acceptance to demonstrates the capability of the organization to satisfy specified product and/or servicing requirements. Product realization documentation is evidence of the capability of the organization to manufacture products or families of products and does not extend to every work order or individual product manufactured.

5.7.1.5 Validation for Production & Servicing

This section reviews the validation of process for production and servicing. All those process of production and servicing has to be validated where the resulting output cannot be verified by subsequent monitoring or measurement, and as a consequence, deficiencies become apparent only after the product is in use or the servicing has been delivered. The organization shall maintain a documented procedure to address methods for review and approval of the processes including:

o Required equipment
o Qualification of personnel
o Use of specific methods
o Identification of acceptance criteria
o Requirements for records
o Re-validation

The organization shall validate those processes identified by the applicable product specification as requiring validation. If these processes are not identified, or there is no product specification involved, the processes requiring validation shall include, as a minimum, nondestructive examination, welding, and heat treating, if applicable to the product.

Process validation is the act of controlling a process and actually performing the necessary tests to ensure that the process can, in fact, perform according to the requirements it is designed to meet. The monitoring and measuring of the characteristic of the been designed, implemented and executed in a way that enables fulfillment of the planned results. Each organization with the implemented quality management system need validate each of their production and delivery services processes where these processes operate without exhaustive monitoring or measurement.

A process needs to be validated if you will not be able to check if the product or service is compliant with input requirements. An example might be a soldering process or welding process where you cannot check the strength of every weld during your regular production without damaging or destroying the parts. Not every process is required to undergo a validation so if you have a process where validation is not required you can still choose to validate the process. For instance, you may want to validate a process in order to reduce a complex or costly inspection of the product or service after the process, even if you could check that the outputs meet the input requirements. Which processes you validate is determined by you and your needs.

5.7.2 Product Quality Plans

The organization must develop a product quality plan [ can also be called as quality plan (QP), inspection and test plan (ITP), manufacturing process specification (MPS), process control plan (PCP), and quality activity plan (QAP)] which specifies the processes of QMS including the product realization process and resources to be applied to products when required by contract. The product quality plan must description of the product to be manufactured, required processes and documentation, including required inspections, tests, and records, for conformance with requirements, identification and reference to control of outsourced activities, identification of each procedure, specification, or other document referenced or used in each activity and identification of the required hold, witness, monitor, and document review points. These product quality plans must ensure customer requirements are met and must be communicated to customer. The product quality plans and any revisions must be approved by the organization and documented. A product quality plan may be comprised of one or several different documents. A product quality plan often makes references to parts of the quality manual or to procedure documents.

A Product Quality Plan (PQP) is a tool that will allow you to effectively communicate what you expect from your suppliers, your in-house workforce, or external contractors. It covers all areas of the production process from first concepts to the finished product. A Product quality plan is a document that specifies quality standards, practices, resources, specifications, and the sequence of activities relevant to a particular product.  An example of this can be a manufacturing company that machines metal parts. Its quality plan consists of applicable procedures, applicable workmanship standards, the measurement tolerances acceptable, the description of the material standards, and so forth. These may all be separate documents. Work orders specify the machine setups and tolerances, operations to be performed, tests, inspections, handling, storing, packaging, and delivery steps to be followed. An operating-level quality plan translates the customer requirements into actions required to produce the desired outcome and couples this with applicable procedures, standards, practices, and protocols to specify precisely what is needed, who will do it, and how it will be done. Product Quality Plan shows the techniques and procedures for controlling the product. Product Quality Plan need to consider the goals of reliability and quality. Reliability goals are established based on the needs and expectations of end users. Quality goals should be based on metrics that are gained from company production or past experience. The Product Quality Plan may be as simplistic as a one-page document or as complex as a 5” binder document set. The complexity of an Product Quality Plan varies depending on the complexity of the product.

5.7.3 Identification and Traceability

The organization must establish a documented procedure for identification and traceability while the product is under control of the organization as required by the organization, the customer, and/or the applicable product specifications throughout the product realization process, including applicable delivery and post-delivery activities. The procedure shall include requirements for maintenance or replacement of identification and/or traceability marks. Identification and traceability must be recorded.

Where traceability is a requirement, the organization should control and records the unique identity of the product throughout the production process to ensure that only products that have passed the required inspections and tests are utilized. The process for the identification and traceability of outputs, in terms of the monitoring and measurement requirements at all stages of production, to enable the demonstration of conformity to requirements, e.g. physical part marking, labeling, tags, bar codes, signage, visual indicators, part segregation, lay down areas, storage racks. There are several ways of identifying products to prevent them becoming mixed with other parts, components, or orders. The most obvious is using tags or stickers with a unique traceability identifier, such as a lot or batch number included on the product labels. The identification may be engraved in the product itself, or the product may simply be marked by a color. Establish and implement a procedure to identify the product through the design, development, manufacture and delivery stages. The established a traceability system should track components from raw material through inspection, test, and final release operations, including rework:

1. Establish the identity and status of products;
2. Maintain the identity and status of products;
3. Maintain records of serial or batch numbers.

5.7.4 Product Inspection/Test Status

The organization must establish a documented procedure for the identification of product inspection and/or test status throughout the product realization process that indicates the conformity or nonconformity of product with respect to inspections and/or tests performed. The organization shall ensure that only product that meets requirements or that is authorized under concession is released.

Product inspection & test status are conducted for the product identification, and all the quality requirements managed in it. Product inspection and test status documentation is managed to recording information of the quality inspection and quality test that conducted, progress of the test and its status records are managed in the documents, the quality inspection and test status is maintained for the product identification. The documentation of the Product inspection & test status are maintained each process stages that required for the manufacturing, producing materials with quality as per customer requirements. The documents covered materials and its identification method that used to product realization with detailed information is managed in the quality inspection and test status. Management of the quality concern issues and its concern methods are also maintained in details. The stages of the product management are conducted incoming materials to final product and its concern information that used for the product identification. The documentation for inspection and test status is the part of the product identification, and the records are managed by quality manager, and quality manager is responsible for the managing records and its concern activities that help to determine actions for improvement for particular stages and its methods that handled during the process.

5.7.5 Customer-supplied Property

The organization must a documented procedure for the identification, verification, safeguarding, preservation, maintenance, and control of customer-supplied property, including intellectual property and data, while under control of the organization. The procedure includes requirements for reporting to the customer any loss, damage, or unsuitability for use of customer-supplied property. The control and disposition of customer-supplied property must be recorded.

This contains the requirement for organizations to have documented procedures for the identification, verification, safeguarding, preservation, maintenance, and control of customer supplied property. Check that your organization communicates with its customers in regard to the handling and treatment of their property. You should also check that contingency plans and, where relevant, actions are undertaken when non-conformities occur with customer property. Good sources of information often include the following examples:

• Goods returned by the customer;
• Warranty claims;
• Revised invoices;
• Credit notes;
• Articles in the media;
• Consumer websites;
• Direct observation of, or communication with, the customer.

If there are any products, materials, or tools on your organization’s premises that are owned by a customer, all employees must exercise care with this property. This means they must ensure that the product is not lost or damaged. If customer property is lost or damaged, this needs to be recorded and the customer needs to be notified. Establish and implement a process to manage property supplied by customers:

• Establish the identity and status of customer supplied product;
• Maintaining records.

5.7.6 Preservation of Product

5.7.6.1 General

The organization must establish a documented procedure for preservation of product and its constituent parts, It must describe the methods used to preservation throughout product realization and delivery to the intended destination in order to maintain conformity to requirements. It must include identification and traceability marks, transportation, handling, packaging, and protection as applicable.

The preservation process must include packaging, storage and other product specific handling methods.

1. Identification and traceability– Ensure that products are properly identified and do not become mixed with other orders. You should expect to see that all products are clearly identified. This is relative to identification and traceability however for preservation of product it is a requirement and not ‘as applicable’;
2. Handling – This may include bulk handing using moving equipment or physical contact where handling may influence product conformity. You should verify that suitable handling methods are implemented throughout the processes.
3. Packaging – Ensure that labeling and marking of shipped products are sufficient to enable adequate identification and traceability back through your QMS. This should include ensuring that labeling and marking maintains its integrity and remains affixed throughout the shipping process. You should expect to see that methods have been established for packaging the product to preserve its integrity. Package products appropriately for shipping in order to preserve the product’s integrity throughout the shipping process;
4. Protection – Raw materials, in-process materials, inspected product, nonconforming product and product ready for shipping should also be identified with its status and protected from any unintended alteration. You should verify that appropriate measures are in place to protect product. This will vary depending on the product.

5.7.6.2 Storage and Assessment

The procedure must also identify the requirements for storage and assessment of the and its constituent parts . There must be designated storage areas or stock rooms to prevent damage or deterioration of product before its use or delivery. To check for deterioration, the condition of product or constituent parts in stock has to be assessed at specified intervals . The interval will be appropriate to the products or constituent parts being assessed.

The organization must use designated storage areas or stock rooms to prevent damage or deterioration of product, pending use or delivery. Appropriate methods for authorizing receipt to and dispatch from such areas shall be stipulated. The storage facilities, should not only be physical security but also the environmental conditions (e.g., temperature and humidity). In order to detect deterioration, the condition of product in stock shall be assessed at appropriate intervals. It may be appropriate to check periodically items in storage to detect possible deterioration. The methods for marking and labeling should give legible, durable information in accordance with the specifications. Consideration may need to be given to administrative procedures for expiration dates, and stock rotation and lot segregation.

5.7.7 Inspection and Testing

5.7.7.1 General

The organization must establish a documented procedure for inspection and testing to verify that product requirements have been met. It includes in-process and final inspection and testing. The inspection and testing results must be recorded

5.7.7.2  In-process Inspection and Testing

The organization must inspect and test the product at planned stages as per the product quality plan, process control documents , and/or documented procedures. Evidence of conformity with the acceptance criteria must be maintained.

5.7.7.3 Final Inspection and Testing

The organization must perform all final inspection and testing as per the product quality plan and/or documented procedures to validate and document conformity of the finished product to the specified requirements. Personnel who has not performed or directly supervised the production must conduct final acceptance inspection.  For single step manufacturing processes (e.g. threading), in-process and final inspection and testing may be same.

A product inspection is the process of examining your goods against a list of pre-set criteria to ensure they meet your quality standards. The process might include packaging and labeling checks, visual examination, functionality checks, and measurement taking.Product testing typically involves using advanced equipment in a laboratory setting to verify product safety, compliance, or performance. You might test your products to check for harmful chemicals, comply with regulations, or simulate repeated use.The key differences between inspection and testing in manufacturing are:

• Inspections typically take place at the factory where the goods are produced, while testing occurs in a specialized lab.
• Inspections typically use basic equipment that an inspector can carry with them, while testing involves advanced equipment.
• Inspections are typically focused on maintaining quality standards, while testing is focused on regulatory compliance and performance standards.

Types of inspection / verification:

• Quantity
• Description: size, weight, diameter, length
• 100% or sampling
• Visual inspection
• Gaging
• Dimensional inspection
• Nondestructive examination
• Hardness testing
• Positive material identification
• Document review (inspection reports, material test reports)

In-process Inspection
In-process inspections seek to examine workflow with the goal of reducing cycle time and Work-in-Process (WIP), while increasing capacity. Resources are evaluated to ensure proper training. Environmental factors are taken into consideration and products are inspected directly on the shop floor. The inspections can be performed by both manufacturing and inspection personnel.

Final Inspection
Final inspections take place when production is complete. The overall product is measured against engineering, customer requirements, and standards. Final inspections and device approvals play an integral role in the decision to move items to stock or shipment. An inspection report is run prior to final device approval to ensure there are no open items. A final inspection report will validate that all required operations are complete, all non-conformances have been resolved, and required traceability has been recorded.

Usually, the Quality Manager determines the scope of the inspection and testing. This will be thoroughly communicated to all personnel. This procedure usually includes

• Holding back products until all inspections have been finalized
• The work order is reviewed to ensure all first part inspections, processes, and specifies operations have been completed—the relevant supervisor signs off the sheet
• Check that all documents are traceable to each product and made available for inspection
• Do a visual inspection to verify all specified operations have been completed. This is also done to detect any visible damage or defects
• Goods are released for packaging and shipping after the final inspection has been completed

5.7.8 Preventive Maintenance

The organization must establish a documented procedure for preventive maintenance for equipment used in product realization. The procedure shall identify type of equipment to be maintained, frequency and personnel responsible for preventive maintenance. Record for Preventive maintenance must be maintained . Preventive maintenance can be based on risk, system reliability, usage history, experience, industry recommended practices, relevant codes and standards, original equipment manufacturer’s guidelines, or other applicable requirements.

Preventive maintenance consists of regular, scheduled maintenance activities that are performed on equipment to reduce the chance of failure and extend up-time. Preventive maintenance can be defined as being the “systematic inspection, detection, correction, and prevention of incipient failures, before they become actual or major failures.”

a) This specification requires that the type of equipment used in the process realization process be identified and maintained.

(b) Frequency Identifying the frequency of the preventive maintenance to be performed. This may include:

• Daily/weekly
• Monthly/Quarterly
• Semi-Annually
• Annually

(c) Identifying the responsible personnel to perform the preventive maintenance. This may include:

• Operator
• Maintenance Personnel
• Manufacture/ 3rd Party

5.8 Control of Testing, Measuring, Monitoring Equipment

The organization must determine the testing, monitoring, and measurement required and the associated equipment needed to provide evidence of conformity to those requirements. The organization must establish a documented procedure for maintenance and calibration of the testing, measurement, and monitoring equipment and that the equipment is used as per the monitoring and measurement requirements. The procedure shall include unique identifier, calibration status, equipment traceability to international or national measurement standards. If no such standards exist, the basis used for calibration or verification must be recorded. It must also include frequency of calibration prior to use and also at specific intervals. The calibration or verification method, including adjustments and readjustments as necessary, the acceptance criteria and control of equipment identified as out-of-calibration in order to prevent unintended use should be included in the procedure. When the equipment is found to be out of calibration, an assessment of the validity of previous measurements must be undertaken. Actions to be taken on the equipment and product. If any suspect product has been shipped, there must be evidence of notification to the customer. Records must be maintained. Testing, measuring, and monitoring equipment (TMME) must be calibrated or verified, or both, against measurement standards. Verification against identified acceptance criteria is performed on nonadjustable equipment. TMME must have the calibration status identifiable by the user for the activities being performed at all times. It must be safeguarded from adjustments that would invalidate the measurement result or the calibration status. It must be protected from damage and deterioration during handling, maintenance, and storage. It must be used under environmental conditions that are suitable for the calibrations, inspections, measurements, and tests being carried out. When used in the testing, monitoring, or measurement of specified requirements, the ability of computer software to satisfy the intended application must be confirmed prior to initial use and reconfirmed as necessary. When the equipment is provided from either third-party, proprietary, employee- and customer-owned equipment, the organization must verify that the equipment is suitable and provide evidence of conformity to the requirements. The organization must maintain a registry of the required TMME which must include a unique identification, specific to each piece of equipment. Record of results calibration and verification must be maintained.

TMME are subject to the following controls:

• Devices are calibrated at intervals or prior to use, based on recognized standards;
• Devices are adjusted as necessary in accordance with manufacturer’s instructions;
• Devices are identified to enable calibration status to be determined;
• Devices are safeguarded from adjustment, which may invalidate results;
• Devices are protected from damage during handling, maintenance or storage;
• The validity of results from a non-confirming device are re-checked with a conforming device;
• Devices are calibrated by external providers certified to ISO 17025;
• Records of calibration and verification are maintained;
• Computer software which is used for monitoring/measuring is validated prior to initial use;
• Computer software used for monitoring and measuring is re-validated where necessary.

If measurement traceability is not required, verify that those monitoring and measuring resources used by your organization are suitable. You should ensure that record is maintained in order to demonstrate suitability of monitoring and measuring equipment. While this is not required, all equipment requiring calibration must be identified and must be:

1. Calibrated or verified at specific intervals, or prior to being used. Equipment must be calibrated using measurement standards traceable to international or national measurement standards. Where there is no standard available for the device the basis for calibration or verification must be recorded. A Certification Auditor would expect to see that traceable standards are used and where applicable have not expired. Where calibration is completed by an outsourced process i.e. vendor, the records of traceability must be reviewed.
2. Adjusted or readjusted as necessary. There must be evidence that equipment found to be out of calibration are adjusted/re-adjusted by qualified personnel and the validity of the previous measuring results are accessed when equipment is found to be out of calibration and appropriate action is taken (may include recall of product). A process must be in place to provide traceability of each piece of equipment to the process/product that the equipment was used on. The results of calibration and verification are required to be maintained as quality records.
3. Identified to show calibration status. Each piece of equipment must be identified in such a way that the user can determine that the device has current calibration, this may be accomplished by the equipment unique serial number traceable to the calibration record however, the calibration status label is a good practice. Other methods may be used however must clearly identify the calibration status. Where the environment is not conducive to the use of stickers, status may be identified by color-coding, identification number with associated calibration record, and/or calibrated prior to every use.
4. Safeguarded from adjustment. A process must be in place to ensure that users outside the calibration process do not adjust equipment. Equipment may be verified prior to use however any adjustments made to equipment must meet all requirements of this section. Methods to safeguard may include; locking materials for setscrews, tamper-proof seals, limited entrance to calibration areas, and other methods.
5. Protected from damage during handling, maintenance and storage. The measuring equipment must be handled and stored in a manner to protect the equipment from damage.

5.9 Release of Product

The organization must establish a documented procedure to ensure release of product to the customer shall not proceed until all the planned arrangements have been satisfactorily completed, unless otherwise approved by a relevant authority and, where applicable, by the customer. Records to enable identification of the individual releasing the product must be maintained

The release of product must not be completed until the planned requirements have been met. The release of product may include, according to product planning and the verification stages; release to the next operation, release to an internal customer, or release to final customer, etc. Planned arrangements can include design verification and design validation, which can involve modelling, simulations, experiments, trials, prototypes, functional testing, performance testing; inspections comprising, in-process, first article and final inspection; thorough examination through destructive and non-destructive testing; customer acceptance testing, product certification/qualification, third party qualification from a regulator, recognized society, or independent testing body etc. For product release , the planning requirements may be waived, but must be approved by relevant authority and by the customer as appropriate. Monitor and measure product characteristics to ensure they are able to demonstrate:

1. Product characteristics are continually met;
2. Evidence of conformity with product requirements.

Retain records to provide evidence that acceptance criteria have been met might include: e.g. certificate of conformity, release certificate, regulatory certificate. Ensure traceability to the person(s) authorizing the release such as name, authorized signatories, user identification, stamp impression etc., including their authority status (release signatory, certifying staff, scope of authorization etc.).

5.10 Control of Nonconforming Product

5.10.1 General

The organization must establish a documented procedure to identify the controls including the responsibilities and authorities for nonconforming product. The procedure for nonconforming product identified during product realization must includes controls for product identification to prevent unintended use or delivery, address the detected nonconformity, take action to preclude its original intended use or delivery and authorizing its use, release, or acceptance under concession by relevant authority and, where applicable, by the customer.

The procedure for nonconforming product identified after delivery must include identifying, documenting, and reporting nonconformances or product failure identified after delivery. It must ensure the analysis of product nonconformance or failure, provided the product or documented evidence supporting the nonconformity is available to facilitate the determination of the cause. It must take action appropriate to the effects, or potential effects, of the nonconformance when nonconforming product is detected after delivery.

5.10.2 Nonconforming Product

The organization shall address nonconforming product by repair or rework with subsequent inspection to meet specified requirements; and /or re-grade for alternative applications; release under concession and/or reject or scrap.

5.10.3 Release of Nonconforming Product Under Concession

The evaluation and release under concession of nonconforming product that does not satisfy manufacturing acceptance criteria (MAC) can be permitted when the organization’s relevant authority and the customer (where applicable) have authorized the release provided that products continue to satisfy the applicable Design acceptance criteria (DAC) and/or customer criteria; or the violated MAC are categorized as unnecessary to satisfy the applicable DAC and/or customer criteria or the DAC are changed and the products satisfy the revised DAC and associated MAC requirements.

5.10.4 Customer Notification

The organization shall notify customers of product not conforming to DAC or contract requirements, that has been delivered. The organization shall maintain records of such notifications .

5.10.5 Records

The nature of nonconformities and any subsequent actions taken, including concessions obtained, must be recorded.

The organization must keep records of each nonconformance or defect and how it was dealt with. Records of product nonconformity should be periodically reviewed to determine if a chronic problem exists with the production process. The product should then be subject to further inspection to verify that it is now correct. As for records, if you documented the nonconforming product there should normally be somewhere to verify that you successfully (or not) cured the problem and that it is now conforming. Re-verification simply means that you cannot assume that because someone tells you they have corrected the problem then it is ok. The clause is asking you to re-verify by whatever means you originally chose. If you used inspection as a method of verification then re-inspect in the same method. If not, use whatever method suits you (or your customer). Just make sure it is ok before it leaves. The re-verification after remedial work might involve testing as well as inspection. The reason is not just to verify that the defect has been removed, but also to assure that fresh defects have not been introduced by the rework. Records would be as appropriate for the re-inspection or re-testing performed. Re-verification is equivalent to re-inspection and records could include a signature of approval or a more formal test report. Whichever format is chosen, it must be defined in the nonconformity procedure. You may need to supply new evidence of conformance to your customer along with corrective action documentation if requested. The method that you use in either of these situations should be defined in your procedures, that way you relieve yourself and your auditor from guessing how you would address them. Where necessary, any product or process outputs that do not conform to specified requirements should be properly identified and controlled to prevent unintended use or delivery. Improvements are then implemented to ensure the nonconformance does not reoccur. Control defective products by:

• Defining how nonconforming products and processes are identified;
• Defining how nonconforming products and processes are dealt with;
• Removing or correcting nonconformities;
• Preventing the delivery or use of nonconforming products and processes;
• Verifying how nonconforming products and processes were corrected;
• Providing evidence that corrected products and processes now conform to requirements;
• Keeping records that catalogue nonconforming products and processes.

There may be instances where it is impossible to completely eliminate the cause of the nonconformity, so in these instances, the best you can do is to reduce the likelihood or the consequences of a similar problem happening again in order to reduce the risk to an acceptable level. Where applicable any corrective action taken and controls implemented to eliminate the cause of nonconformity should be applied to other similar processes and products.

Handling Nonconforming Products
Documented procedure should indicate the plan of action for controlling products. Nonconforming product is identified and separated from other conforming products. Nonconforming product must be reviewed and approved before release. Details of nonconformity must be documented. If nonconformity is identified after delivery, separate actions taken. Re-processed nonconforming products should be re-validated before release. When it comes to controlling and handling non conforming products , there is a specific procedure that must be carefully followed to ensure that the wrong product is not given out to consumers. First and foremost, the organization should already have a documented procedure that indicates the method they will use or plan of action that will be taken in order to control the products in question.

Upon the removal of the non conforming products , the organization will ensure that it does not get mixed up with the quality products that are on their way to be distributed to the masses. Once the product has been effectively identified and removed from the others, it must be properly reviewed and approved before it can be released. The release of a nonconforming product can be made under concession by an authorized person. Any release of this kind should be properly documented after it has been completed. The other details of the nonconformity must also be documented in detail. This should include the exact non-conforming characteristics that were identified, as well as the procedures that were followed in order to get rid of it and prevent it from happening in the future. From the documentation of the nonconforming product, all company personnel should be able to understand the nature of the event, why the product did not conform to the specified standards, and what was done to eliminate the issue. In the event that a nonconforming product is identified after it has already been distributed or delivered, there will be a separate set of actions that must be taken to solve the problem at hand. These actions will depend on the severity of the nonconformity, and will be determined by the discretion of the company leaders. When a nonconforming product has been identified and a plan of action has been established to solve the problem, it can either be permanently removed or possibly altered in order to fit the guidelines and be considered a qualifying product. When any nonconforming product is reprocessed, it must go through a revalidation process by someone of proper authority in order to be approved for release.

5.11 Management of Change (MOC)

5.11.1 General

A process for Management of Change(MOC) must be established. The integrity of the quality management system must be maintained when changes to the quality management system are planned and implemented. For MOC, the organization must identify the potential risks associated with the change and any required approvals prior to the introduction of such changes. MOC activities must be recorded.

5.11.2 MOC Implementation

Management of change process are to implemented when there are changes in the organizational structure , changes in key or essential personnel, changes in critical suppliers and/or changes to the management system procedures, including changes resulting from corrective and preventive actions and these changes may negatively impact the quality of the product.

5.11.3 MOC Notification

The organization must notify relevant personnel, including the customer when required by contract, of the change and residual or new risk due to changes that have either been initiated by the organization or requested by the customer.

Changes are intended to be beneficial but they need to be carried out when determined by your organization as relevant and achievable. In addition, consideration of newly introduced risks and opportunities should also be taken into account. To achieve the benefits associated with changes, your organization should consider all types of change that may occur. These changes may be generated, for example, in:

1. Processes and procedures;
2. Quality manual;
3. Documented information;
4. Infrastructure;
5. Tooling;
6. Process equipment;
7. Employee training;
8. Supplier evaluation;
9. Stakeholder management;
10. Interested party requirements.

Whenever quality management system changes are planned, Top management should ensure that all personnel are made aware of any changes which affect their process, and that subsequent monitoring is undertaken to ensure that QMS changes are effectively implemented. The organization must consider

• The purpose of the changes and their potential risk and opportunities.
• The integrity of the management system.
• The availability of resources.
• The allocation or reallocation of responsibilities and authorities

Decide on Disposition Option
This is the step where you decide what to do with the non-conforming products. There are several options that you can choose from:

1. Eliminate the non-conformance: By applying rework to the product , you can bring it back to fully meeting the requirements. The main difference between a rework and a repair is that the non-conformance is fully eliminated to be compliant with a rework, but it is only eliminated enough to make it usable with a repair. Finding a bracket with holes that were too small and drilling them bigger to meet a drawing would be an example of a rework.
2. Authorizing use: If there is a concession from the requirements and the product or service is useable, although not fully compliant, then you can accept to use the product or service as is. Sometimes a repair to the product will be required to change the product enough to make it usable, although it will not fully meet the requirements. If a bracket has holes out of position, you could make the holes into slots so that the part fits in place. This would be an example of a repair.
3. Preclude original use: This is when you decide to either scrap the product or to re-grade the product or service (such as product sold as seconds).
4. Correct per Disposition: This is simply doing the actions you decided to do . If you are accepting the product or service as is, then allow it to continue. If you are reworking or repairing something, have the steps carried out to do so as planned (and make sure it is re-verified afterwards). If you are using the unit to sell as a second, how do you identify it so that it ends up being used properly at the end of the process?
5. Corrective Action: Finally, after deciding how to fix the product , take a look at why the non-conformance happened, and try to find and fix the cause so that it doesn’t happen again. If there is an error in the instructions that caused the problem, get the instructions fixed. If a program bug caused a service error, fix the program. If you have found that a part of the machine is wearing out, implementing a preventive maintenance check on that machine could go a long way toward helping prevent similar problems in the future. If this is a recurring problem, then maybe switching the investigation over to the Corrective Action process would allow for greater improvements. Often, the Non-conforming Product process is the biggest input to the Corrective Action process.