API Q1, 9th edition – Risks, Contingency Plans and MOC

QUESTION:
From: Darcy K.
Sent: May 10, 2014
To: ATCS – QBlog, Ask The Experts
Subject: API Q1, 9th edition, Risks, Contingency Plans and MOC
In regard to MOC Process, in your opinion, would it be effective to tie this into corrective and preventative actions? Any corrective or preventative actions that require changes to the QMS also require MOC, and risk assessment as well and furthermore, tying in any contingency plans that require QMS changes into the corrective and preventative action procedures?

RESPONSE:
From: Bill Aston, ATCS – QBlog, Ask The Experts
Sent: May 13, 2014
To: Darcy K.
Subject: API Q1, 9th edition, Risks, Contingency Plans and MOC

Hello Darcy,
Thanks for contacting ATCS’s QBlog.
In addition to including the management of change (MOC) to your organization’s corrective and preventive action procedures, also consider making the MOC process an integral part of any other QMS procedures that are associated with processes that could potentially introduce the need for change.  As an example, MOC should be an essential part of the design and development procedure (element 5.4).

In my opinion, preventive action has always been a form of risk management.  So including risk management as a part of the preventive action procedure is a suitable location to add this requirement as well as contingency planning.  Risk assessment and contingency planning are interconnected activities.  Contingency planning can’t effectively be performed without conducting a risk assessment.

As you know, risk assessments are used to identify potential risk, the impact of a risk and the probability of the occurrence of the risk.  Contingency planning should be performed based on the impact and probability of risk occurrence as identified by the risk assessment results.   The purpose of contingency planning is to minimize the impact of the risk, or to mitigate the likelihood of occurrence.

Another important activity to consider is establishment of key risk indicators (KRIs).  The KRI should be used to trigger an action to further assess a risk once an established level of acceptable risk (risk appetite) has been exceeded.  As an example, if an organization determined their risk appetite to be 2% (KRI) for late delivery of product.  Their delivery performance (KPI) statistical analysis identifies on-time deliveries have dropped from as 98% to 90%.

This should trigger a review of the past risk assessment and contingency planning to determine any additional actions required to prevent this negative trend.  Note, KPI and KRI are not interchangeable terms.   Risk assessments should be treated living documents that are periodically reviewed based upon KRI or other results to determine the need for contingency planning changes.

MOC is used to minimize or to control the impact of introducing change that may affect the QMS, its processes or product quality.  A robust MOC process ensures that management is informed of the advantages as and well as the disadvantages of a proposed change, so they are capable of making informed decisions that will benefit the organization, customers, employees and other stakeholders.  An effective MOC process will ensure that changes are identified, responsibility for change is assigned and a schedule for implementation is established.

I hope this helps.

Best regards,
Bill

This entry was posted in 9th Edition, API Q1, API Q2, Auditing, QMS Basics, QMS Requirements and tagged , , , , , , , , , , , . Bookmark the permalink.

Comments are closed.