Bud Weightman
Published: Wednesday, May 6, 2015 - 10:49 The fifth edition of ISO 9001, which is slated for publication in late 2015, has some good ideas regarding improvement and harmonization with other management system standards such as ISO 14001. However, ISO/Draft International Standard (DIS) 9001:2015 has taken away prescriptive language for a documented quality manual and documented procedures, and has minimized several important requirements that were in ISO 9001:2008. This lessening of requirements will put additional pressure on service companies, manufacturers, and supply chain and quality organizations in the oil and gas industry. For example, if determining an organization’s level of conformance to a standard is placed into the hands of certification auditors, there will be inconsistencies. The variance between auditors and certification companies is not standardized. Purchasers will be motivated to institute additional controls such as: Suppliers to the oil and gas industry should consider implementing the American Petroleum Institute (API) Specification Q1 because it has prescriptive language for an organization to document and implement a quality manual and a minimum amount of QMS procedures. Once implemented, the documented QMS will correlate to API product specifications when there is a requirement for a documented procedure, and for purchasers’ technical contractual requirements. ISO/DIS 9001:2015 proposes to eliminate the need for a quality manual. The loss of a “required” quality manual may seem irrelevant, but this affects how customers place a supplier on their approved suppliers list, and it increases the due diligence necessary to ensure a robust QMS is in place and being used. The quality manual is essential for: I am curious as to why ISO/DIS 9001:2015 proposes to eliminate the need for the management representative’s position. Most oil and gas industry suppliers tend to have a quality assurance department. The management representative position ensures that a supplier has delegated one of its own managers with the responsibility and accountability for quality. For the oil and gas industry, it’s astounding to think that ISO 9001 has been moving from a conformity model to a trust-based model and has been shedding requirements for documented procedures since the ISO 9001:1994 edition, which had approximately 21 requirements for documented procedures. In contrast, the ISO 9001:2008 edition has six requirements for documented procedures, and now, ISO/DIS 9001:2015 has removed any need for documented procedures. Figure 1 provides an overview of the requirements in API Specification Q1 9th edition compared to the 1994, 2000, and 2008 editions of ISO 9001. A trust-based system will better facilitate many different business types serving a wide variety of industries; however, it’s contrary to the direction of the oil and gas industry. Imagine a trust-based system for operation and safety procedures where oil and gas are produced with: Although some may feel the inclusion of risk to ISO/DIS 9001:2015 is a positive indication, it is more of an expansion of the preventive action clause in ISO 9001:2008 (which is no longer available). ISO/DIS 9001:2015 does not focus specifically on risk associated with quality and delivery of product. It’s left up to the organization to determine the degree of formality and applicability that risk has to the QMS and its processes and activities. The real risk associated with the ISO/DIS 9001:2015 is the systematic elimination of the requirements discussed in this article. Oil and gas companies should evaluate how these changes will affect their current contracts, suppliers, subcontractors, and contractors alike. The oil and gas industry changes have increased risk, liabilities, and regulatory requirements; now is not the time for a trust-based system. In fact, the opposite is more appropriate. A “risk-based” quality management system is needed to prepare the oil and gas industry for its future and the mitigation of systemic risk. As mentioned by one of the pioneers of quality, W. Edwards Deming: “In God we trust; all others bring data.” This appears to best counter the ISO/DIS 9001:2015 changes for critical materials, parts, components, equipment, and equipment packages for the oil and gas industry. Bud Weightman is president of Qualified Specialists International, a consulting, training, and management systems technology company that specializes in The American Petroleum Institute (API) Spec. Q1 and Q2 conformity, API product specifications, and industry nonproductive time. Weightman has been active in regulatory compliance and management systems for more than 35 years. He is an RABQSI Skill examiner, a Center for Offshore Safety lead auditor, a trainer and lecturer, and holds numerous other certifications. Weightman is also the chairman of API SC 18 Task Group 6, Welding Requirements, and has worked on numerous other API task groups and work groups.
Standards Potential Risks of ISO/DIS 9001:2015 to the Oil and Gas Industry
Imagine a trust-based system for operation and safety procedures where oil and gas are produced
• Reviews of the supplier’s quality manual and procedures
• On-site audits of quality management systems (QMS)
• On-site surveillance and final inspections
• Formalized quality plans and inspection as well as test plans will be required
• More contractual audits will be scheduled, particularly for oil and gas projects, to verify a supplier’s technical conformity abilities
• Gaining a high-level understanding of a supplier’s degree of QMS competence and understanding
• Providing a customer a level of assurance that a supplier understands basic QMS requirements
• Allowing the QMS requirements to flow cross-functionally throughout a supplier’s organization
Figure 1: API Specification Q1 9th edition requirements compared to the 1994, 2000, and 2008 editions of ISO 9001. Click here for larger image.
• Extreme high and low processing temperatures
• Extreme geographical temperatures, from deserts to locations near the north and south poles
• Internal system pressures up to 30,000 psi
• Subsea pressures operating at 10,000 feet or more
• Environments containing hydrogen sulfide gas
About The Author
Bud Weightman
© 2023 Quality Digest. Copyright on content held by Quality Digest or by individual authors. Contact Quality Digest for reprint information.
“Quality Digest" is a trademark owned by Quality Circle Institute, Inc.
Comments
Oil and Gas & API
In the oil and gas industry, a conversation about which standard is "better" or has more merit isn't really applicable.
One thing API has done well, is convince the large companies (Shell, Exxon, BP, etc.) that their API Q1/Q2 are valuable. These companies then pass the requirement down to their suppliers who pass them down to their suppliers, etc.
Regardless of which specification has more merit, if you are in the oil and gas industry and your company's QMS is not at least API Q1 or Q2 compliant then you will be in for some audit findings from your customers. My specific experience is in the US, so international experience may vary.
ISO Changes
The author is full of gas on this one. He must be connected to API somehow to have this kind of slanted "journalism". Not truthful and not objective at all.
Rebuttal to a few points
I think we need to bring out some actual facts here regarding the 9001:2015 DIS and correct some issues that have appeared to been spun a bit or maybe just inaccurate.
First, "taken away prescriptive language for a documented quality manual and documented procedures".
Fact: There are at least 34 areas within the DIS that have "prescriptive language" regarding required documented information which include very key areas such as measurements and metrics, scope training and competence, documented information of external origin... and it goes on.
The standard specifically states:”
"The organization shall maintain documented information to the extent necessary to support the operation of processes and retain documented information to the extent necessary to have confidence that the processes are being carried out as planned".
Section 7.5 is dedicated to Documented Information. It also notes (realizing there is no "one size fits all" QMS) that:
The organization’s quality management system shall include
a) documented information required by this International Standard (those 34 areas I mentioned)
b) documented information determined by the organization as being necessary for the effectiveness of the quality management system.
NOTE The extent of documented information for a quality management system can differ from one organization to another due to:
a) the size of organization and its type of activities, processes, products and services;
b) the complexity of processes and their interactions;
c) the competence of persons.
The new standard supports organizations reviewing their QMS and eliminating redundant useless documentation, forms, procedures and the like that the thousands of audits have shown to have just served as dust collectors.
As far as the quality manual is concerned, again, there is no "requirement" but organizations can keep it if they feel it serves a purpose or may be required by a customer or regulatory requirement. Reality is most organizations QM is a re-write of the standard with additional language stating that they do these things and serve as a cross-walk to the policies and procedures that cover the specific section of the standard. That can be accomplished in many ways other than a formal QM.
If you can't describe what you are doing as a process, you don't know what you're doing. ~Deming~
Your statement "if determining an organization’s level of conformance to a standard is placed into the hands of certification auditors" makes no sense and has no substance. The role of Certified Bodies has always been to 1.) Provide third party verification and validation that the organization meets the requirements of the standard (including internal, regulatory and customer/industry requirements) and 2.) Validate that the QMS is working as specified and is effective. That has always been the idea behind certification so purchasers do not have to implement additional checks as you specify.
You forgot to mention that the new standard now requires organizations re-visit their scope by reviewing the "Context" of the organization to "Determine relevant external and internal issues that affect the ability to achieve the intended outcome(s)" including identifying the interested parties and addressing the needs of those interested parties.
You forgot to mention that the new standard requires extensive rigor around ensuring the Leadership of the organization is hands on involved with planning, rolling out and managing the QMS at an enterprise level not just giving lip service. They must show how they ensure the QMS is in line with the organizational objectives and "integrate the management system requirements into the organization’s business processes". How they provide proper resources and communicate the importance of effective management and of conforming to requirements? How they ensure the management system achieves its intended outcome(s)?
You say that (API) Specification Q1 has "prescriptive language for an organization to document and implement a quality manual and a minimum amount of QMS procedures. Once implemented, the documented QMS will correlate to API product specifications when there is a requirement for a documented procedure and for purchasers’ technical contractual requirements". You just said you have a problem with the reduced requirement for documentation in the new standard yet specifically point out that API Q1 requires "a minimum amount of QMS procedures". A bit of a contradiction. Secondly, the standard covers product specifications under 8.2.2 Determination of requirements related to products and services and then under 8.2.3 Review of requirements related to products and services which is very specific and detailed around the requirements. It even states that "where the customer does not provide a documented statement of their requirements, the customer, requirements shall be confirmed by the organization before acceptance". Oh yes, let's not forget that requirement for a change management system.
Management Representative: The logic behind eliminating the formal title of Management Representative is to instil ownership of quality to everyone within the organization, not just the quality department as you state. Are you serious in suggesting that the accountability for the success or failure of a QMS should sit with one person? Reality is (if you read the standard) that management "must assign responsibility and authority for ensuring that the management system conforms to the requirements of the International Standard reporting on the performance of the management system to top management". So yes there will still be someone coordinating the efforts, but the responsibility for the success of the QMS and the organization as a whole, lies with every employee. Deming stated that "Quality is everyone’s responsibility" .
Risk: Your statement that "ISO/DIS 9001:2015 does not focus specifically on risk associated with quality and delivery of product. It’s left up to the organization to determine the degree of formality and applicability that risk has to the QMS and its processes and activities" is totally wrong. Again, read the standard. It is very specific:
Consider the issues referred to in 4.1* and the requirements referred to in 4.2** and determine the risks and opportunities that need to be addressed to:
prevent, or reduce, undesired effects; (mitigate)
achieve continual improvement
*4.1 Understanding the organization and its context
**4.2 Understanding the needs and expectations of interested parties
The organization must then plan actions to address these risks and opportunities and integrate and implement the actions into its management system processes and show how they evaluate the effectiveness of these actions.
Does the ISO 9001:2015 rely totally on trust as you say? I think my "data" has just proven that there is a level of trust is within every management system ISO or not. But trust and verify is the key. As Deming said "You don't inspect in quality, it is already there".
The changes to the international standard are to ensure that the issue of quality is now in the board room not a bottom up process. It is there to ensure the culture of the organization is always customer focused. It is there to ensure that mitigating risks to the organization and customers are addressed up front rather than reacting to failures. There is no reason to re-create the wheel when the current standard allows and specifies organizations must address industry, customer and regulatory specific requirements as part of the overall QMS. The new changes are aimed not only at increasing quality, top management involvement and survival of the organization, but reducing costs by eliminating waste. What you are suggesting is a very prescriptive cost heavy process that has already been proven to add no value, just reduce the bottom line.
While we are quoting Deming, how about this one: "It's not necessary to change. Survival is not mandatory".
This is just to bring out all the facts so people can assess this issue from a more educated view point.
NOTE: These comments and views are my own and not necessisarily those of my organization or it's mangement.
The organization shall maintain documented information to the extent necessary to support the
987 operation of processes and retain documented information to the extent necessary to have confidence
988 that the processes are being carried out as planned.