API Q1 9th ed Addendum 2 - Vendor Assessment for critical products

[anhchuong1111]

Hi everyone,

I have a question and wish to get advice from you
Section 5.6.1.2, API Q1 9th edition, Addendum 2 specified that:
For purchase of critical products, components or activities, the initial evaluation of suppliers by the organization shall be site-specific for each supplier and shall include the following:

a) verification that the supplier’s quality management system conforms to the quality system requirements specified for suppliers by the organization;​

b) verification of the type and extent of control applied by the supplier, internally and to their supply chain, in order to meet the organization’s requirements; and.​

CASE: We want to buy sheet steel from A (manufacturer), but with 10 sheets, they do not retail. Therefore, we are forced to buy from Company B (Distributor). Does the Company B have to be critical assessment? This means that they must provide the Quality Management System certificate and the supplier management policy to satisfy items a) and b) of the above clause. Because most Distributors in my country do not have a quality management system, it is very difficult to comply with this clause.

Moreover, clause 8.3.1 in API 5L specified:

8.3.1 The supplying steel and rolling mill(s) shall have a documented quality management system.​

Does this mean that distributors and manufacturers must have a quality management system?

 

[Eredhel]

...This means that they must provide the Quality Management System certificate and the supplier management policy to satisfy items a) and b) of the above clause.

Moreover, clause 8.3.1 in API 5L specified:

8.3.1 The supplying steel and rolling mill(s) shall have a documented quality management system.​

Does this mean that distributors and manufacturers must have a quality management system?

5.6.1.2 a) and b) don't call out a requirement for a cert and/or policy. a) says "requirements specified...by the organization (you specify)" and b) gives you three options to choose from, an on-site of relevant, OR perform FAI, OR identify how it conforms to requirements "...when limited by..."

Unfortunately I'm not familiar with API 5L and don't have a copy of it.

 

[Eredhel]

I just noticed your b) is different than mine. Can you double check the revision you are using? I have:

"b) assessment of the supplier to ensure its capability to meet the organization’s purchasing
requirements by:" And then the 3 "OR" I mentioned above.

 

[Eredhel]

I just did a quick search and found a copy of API 5L but it doesn't have the language you quoted. What version of that are you using?

 

[jmech]

Does this mean that distributors and manufacturers must have a quality management system?

Yes.
Note that the distributor's quality management system only has to conform to the quality system requirements specified for suppliers by your organization. The supplier does not necessarily have to meet API Q1 or ISO 9001 or any other standard (there isn't even a requirement for their quality system to be documented); it is up to your organization to specify the quality system requirements for the supplier.

 

[Sidney Vianna]

it is up to your organization to specify the quality system requirements for the supplier.

We have to be careful here. The case in this thread that the organization is forced to purchase steel plates from a distributor, due to limited volume purchased. Distributors can mess up the quality BIG TIME. Louzy distributors lose traceability of plates, commingle different grades of plates, etc... So, just because you have to buy from a distributor, it does not mean that you should not expect the distributor to have a proper QMS.

Let's not keep promoting the flawed notion that the organization can reduce QMS expectations of suppliers just to "make it easier" for them to find cheap local convenient suppliers. Supplier QMS robustness needs to be commensurate with the risks. That's why API Spec Q1 introduces the term critical. Risk. Based. Let's think.

 

[jmech]

We have to be careful here. The case in this thread that the organization is forced to purchase steel plates from a distributor, due to limited volume purchased. Distributors can mess up the quality BIG TIME. Louzy distributors lose traceability of plates, commingle different grades of plates, etc... So, just because you have to buy from a distributor, it does not mean that you should not expect the distributor to have a proper QMS.

Let's not keep promoting the flawed notion that the organization can reduce QMS expectations of suppliers just to "make it easier" for them to find cheap local convenient suppliers. Supplier QMS robustness needs to be commensurate with the risks. That's why API Spec Q1 introduces the term critical. Risk. Based. Let's think.

I wasn't promoting any notions; I was explaining the requirements of the standard. I believe I did so accurately. If anything was inaccurate, please explain.

I agree that distributors can mess up quality, especially if they lose traceability. Therefore, the main QMS requirements that I would have for a steel plate distributor would relate to material traceability. However, especially if the distributor is a minor, infrequently used supplier, I wouldn't care about their COTO, interested parties, management review, etc., as long as they maintain material traceability.

The organization's QMS expectations of suppliers should be realistic and appropriate for the risks. There is nothing wrong with reducing QMS expectations of suppliers to make it easier to find cheap/local/convenient suppliers as long as the associated risks are appropriately addressed and the relevant API Q1 requirements are met.

 

[Sidney Vianna]

I believe I did so accurately. If anything was inaccurate, please explain.

I don't know how long you have been involved with this, but, starting in the late 90's and surviving to this day, the saying that ISO 9001 is nothing more than "do-what-you-say-say-what-you-do" permeates around us; in other words, lower the bar as much as you want it because, as long as you document that's how you do it, you are in compliance with ISO 9001. Whoever created that flawed notion made the biggest disservice to people implementing ISO 9001.

So, in your first post in this thread, when you mentioned

it is up to your organization to specify the quality system requirements for the supplier.

some uninformed soul might think along those lines and stipulate that they can do business with whatever supplier is listed in Yellow Pages (ouch! showing my age!); don't laugh, I've seen it as an auditor. On your subsequent post, you clarified and mentioned risks of supplier selection.

My point is: when we say things such as It is up to you to define the requirements, uneducated people might take it literally and devise nonsensical requirements which just make their lives easier, but do nothing to mitigate risks related to product conformity and customer satisfaction. Yes, it is up to each organization to devise their means of selection, approval and monitoring of suppliers, but whatever criteria they use must take into account that the goal is to minimize the chances of nonconforming incoming products, what includes late deliveries.

 

[Neeraj]

5.6.1.2 a) and b) don't call out a requirement for a cert and/or policy. a) says "requirements specified...by the organization (you specify)" and b) gives you three options to choose from, an on-site of relevant, OR perform FAI, OR identify how it conforms to requirements "...when limited by..."

Unfortunately I'm not familiar with API 5L and don't have a copy of it.

Dear Mr. Eredhel, This is Neeraj, working in Oil & Gas based company as a Quality Control. I have a same issue in regards to assessement of critical vendors According to API Q1 section 5.6.1.2 addendum 2, we have to follow section a, b & c . According to section C : 1) Performing an on site evaluation of relevant activities, ( we never do ) OR, 2) Performing first article inspection ...... (we perform on just few materials because for many materials it's not possible , for example: steel bar, API Dope, protectors , copper plating/ Zn / Mn chemicals...etc), 3) identifying how the supplied product, component or activities confirms to stated requirements when limited by proprietary, legal and or contractual arrangement. (for almost materials we just follow section 3 by confirming materials against material COC, MSDS, certificates and other legal documents). Recently one of our customer audit interrupted us and ask to follow either section C.1 or C.2 only, not C.3 (because according to auditor section C.3 not applicable for us) . Please help me to explain section C.3 to clear my doubt . Sincerely Thanks

 

[Neeraj]

5.6.1.2 a) and b) don't call out a requirement for a cert and/or policy. a) says "requirements specified...by the organization (you specify)" and b) gives you three options to choose from, an on-site of relevant, OR perform FAI, OR identify how it conforms to requirements "...when limited by..."

Unfortunately I'm not familiar with API 5L and don't have a copy of it.

Dear Mr. Eredhel, Good Morning.
Is it possible to do assessement of critical vendors according to section 5.6.1.2 . C.3 as stated below?
C.3) identifying how the supplied product, component or activities confirms to stated requirements when limited by proprietary, legal and or contractual arrangement.
If yes the how to carry out assessment? Can we just do by confirming materials against material COC, MSDS, certificates and other legal documents.
Would be much appriciated to help me to clear this point as i got stuck on this far 1 week. Thank You so much