Help me understand the ISO section 7.5.2 from API Q1 perspective

N

NHopkins

Need some guidance here, I'm routing my question through ISO due to the overwhelming amount of experience in it and will translate that over to API requirements after. Thanks in advance for any assistance.

ISO 7.5.2, Validation of processes.

In this section it states:
7.5.2 Validation of processes for production and service provision
The organization shall validate any processes for production and service provision where the resulting output
cannot be verified by subsequent monitoring or measurement and, as a consequence, deficiencies become
apparent only after the product is in use or the service has been delivered.
Validation shall demonstrate the ability of these processes to achieve planned results.
The organization shall establish arrangements for these processes including, as applicable,
a) defined criteria for review and approval of the processes,
b) approval of equipment and qualification of personnel,
c) use of specific methods and procedures

My auditor is telling me that this (which is basically the same in API Q1) means that I should be referencing all of my critical suppliers procedures (our critical suppliers being fabrication/machining/paint/NDE/Calibration services) on my purchase orders...Is that accurate? We send a quality plan and or a specification to work to along with the purchase order and the PO references all of that info. Seems allot of time would be invested in getting the supplier to tell you what internal procedure they're going to use...

Thanks again,

N
 

Jim Wynne

Leader
Admin
Re: ISO 7.5.2

I think your auditor might be confused. 4.1 of ISO 9001:2008 says in part:

Where an organization chooses to outsource any process that affects product conformity to requirements, the organization shall ensure control over such processes. The type and extent of control to be applied to these outsourced processes shall be defined within the quality management system.

If you have suppliers that are responsible for "special" processes, you need to have those processes identifed, along with the controls expected of the supplier(s). If your suppliers are ISO 9001 certified, the requirements for validation of special processes already exist in their systems. You have some responsibility for confirmation. If you reference anything in a PO, it would suffice, imo, to cite the 7.5.2 requirements.
 

somashekar

Leader
Admin
Here is a good example of interaction of processes.
The interaction of process validation with outsourced process control.
Critical suppliers >>> Have any processes done for you that requires validation >>> Has it been identified and validated >>> Are you satisfied with the outputs coming out of such processes >>> How are you ensuring that this controlled process is ongoing.
My auditor is telling me that this (which is basically the same in API Q1) means that I should be referencing all of my critical suppliers procedures (our critical suppliers being fabrication/machining/paint/NDE/Calibration services) on my purchase orders...Is that accurate?
He is talking his opinion. Putting stuff like that on a PO is no control over processes. You need better evidence and records to assure yourself that such processes that are outsourced are happening in validated and controlled conditions.
 

Sidney Vianna

Post Responsibly
Leader
Admin
I'm routing my question through ISO due to the overwhelming amount of experience in it and will translate that over to API requirements after. SNIP...
My auditor is telling me that this (which is basically the same in API Q1) means that I should be referencing all of my critical suppliers procedures (our critical suppliers being fabrication/machining/paint/NDE/Calibration services) on my purchase orders...Is that accurate? We send a quality plan and or a specification to work to along with the purchase order and the PO references all of that info. Seems allot of time would be invested in getting the supplier to tell you what internal procedure they're going to use..
You have to be careful about mixing ISO 9001:2008 and API Q1:2013. For example, API Q1 requires
5.6.1.6 Outsourcing
Where an organization chooses to outsource any activity within the scope of its quality management system, the organization shall ensure that all applicable elements of its quality management system are satisfied and shall maintain responsibility for product conformance to specified requirements, including applicable API product specifications, associated with product realization. Records of outsourced activities shall be maintained (see 4.5).

5.6.2 Purchasing Information
The organization shall ensure the adequacy of specified purchasing information prior to their communication to the supplier. Purchasing information provided to the supplier shall be documented and adequately describe the product or activity to be purchased, including acceptance criteria, and where appropriate:
a) requirements for approval of supplier?s procedures, processes, and equipment;

b) applicable version of specifications, drawings, process requirements, inspection instructions, traceability, and other relevant technical data;
c) requirements for qualification of supplier?s personnel; and
SNIP
While it does not seem to require that you would list the supplier's procedures in your PO's, API Q1's expectations and, more importantly, the auditors performing conformity assessment audits against API Q1's might have been trained to treat procurement of critical supplies, including outsourced special process, very tightly.

So, I don't think is advisable simply to "translate ISO 9001 requirements and the conformity assessment practices" into API Q1 territory. There is a reason for the document not following ISO 9001:2008 as a baseline and the limitation of whom is qualified to certify organizations against API Q1.
 
N

NHopkins

You have to be careful about mixing ISO 9001:2008 and API Q1:2013. For example, API Q1 requires
While it does not seem to require that you would list the supplier's procedures in your PO's, API Q1's expectations and, more importantly, the auditors performing conformity assessment audits against API Q1's might have been trained to treat procurement of critical supplies, including outsourced special process, very tightly.

So, I don't think is advisable simply to "translate ISO 9001 requirements and the conformity assessment practices" into API Q1 territory. There is a reason for the document not following ISO 9001:2008 as a baseline and the limitation of whom is qualified to certify organizations against API Q1.

Sidney, thanks much for the cautionary advice. I'm banging my head on this one, caught between doing what the consultant asks and arguing with an auditor that there's little to no value add in calling out my suppliers procedures if I'm doing my job and auditing them properly and insuring that their procedures satisfy applicable specifications and my requirements. With 9th ed being so new and no one really knowing what to expect from the auditors it's going to be hit or miss. From what I understand we'll be one of the first companies audited to 9th ed, so I'll definitely share the results here for those of you who are going to go through it.
 
Top Bottom