API TR 18TR2 pdf download Guidance to API Specification Q2
This document provides guidance on the intent and use of API Specification Q2 (APIQ2).This document is notintended to provide training on the development and implementation of a quality management system (QMS).
This document will not provide guidance to each section of the APIQ2.
2 Terms, Definition, Acronyms and Abbreviations2.1Terms and Definitions
For the purposes of this document, the terms and definitions given in API Q2 apply.2.2Acronyms and Abbreviations
management of change
preventive maintenance, inspection and test program
quality management system
service quality plan
testing. measuring, monitoring, and detection equipment
NOTEParagraph numlbering aligns with the sections of APiI Q2.
5.3Risk Assessment and Management
Risk assessments create an awareness of situations, processes, environments, etc. that may cause or contribute todisru ptions, lincidents, problems,failures, delays , or loss.
Risk assessments are conducted by an individual or team who is competent (see section 22.214.171.124)in the methodology,operational and environmental conditions, and the intended service and service-related product (SRP).
Risk assessments may be incorporated into other management system processes,procedures, documents andrecords.
There are numerous industry tools and standards that can provide guidance for risk assessments. Athough tools andtechniques are required to be identfied in the procedure, the specific tools and techniques used for risk managementare identified by the service supply organization.
NOTE ISO 31010 provides examples of various techniques for risk management.
The primary goal of risk mitigation is to lower the risk exposure to within acceptable threshold limits identified by theorganization.For risks that exceed the identiied risk threshold, mitigating actions are identified by the organization.5.5Contingency Planning
Contingency plans are not limited to emergency response or business continuity plans.
Contingency planning is the process by which the organization identifies backup plans in the event that the risk whichimpacts service delivery materializes. Contingency planning does not change the probability of the event ocuring.but can change its impact.
Developing a contingency plan involves making decisions in advance about the management of services and SRPs,coordination and communication procedures, and awareness of a range of technical and logistical responses.
Risk mitigation and contingency planning are two strategies that are used in the management of risk. Both are closelyrelated to one another as they are sequential, complementary steps used in the risk assessment process.
Every contingency plan requires a risk assessment (see section 5.5.2); however,some risks may be deemedacceptable by the organization without further mitigation or contingency planning.
5.6.1 Purchasing Control
Requirements established in section 5.6.1 a)-e) are applicable to purchasing control of critical and non-criticalservices,and SRPs. The difference between the requirements for critical and non-critical services is that theorganization performs an on-site assessment of the critical service or service-related product supplier prior to initiationof the purchase agreement. The purpose of the assessment is to verify the supplier’s ability to meet the specifiedscope of work, and that the supplier’s QMS meets the requirements specified by the purchasing organization.Fornon-critical service or service-related product suppliers, the organization has the option of performing one or more ofmethods identified in section 5.6.1 (i. iiili).
lt is the organization’s responsibility to determine and define what is critical, and non-critical, as it relates to SRPs orservices,and the evaluation process is defined in section 5.6. The product or service being supplied and theassociated risk are used to determine QMS requirements.
NOTE See further clarifications in Section 1 Scope and Application.5.6.2 Purchasing lnformation
Requirements established in section 5.6.2 a) e) are applicable to purchasing information for critical and non-criticalservices and SRPs. Each requirement is applied “where appropriate” for the type of service to be performed andorSRPto be provided.
Examples of where this information could be captured or referenced include, but are not limited to: purchase order,master service agreement, master purchasing agreement, contracts, addendums, statement of requirement, etc.
5.7.2Service Quality Plan
A Service Quality Plan(SQP)is a requirement for all services. The organization is responsible for determining how tobuild a SQP that will be effective, usable and compliant to all requirements listed in 5.7.2.The SQP is not intended tobe a bridging document between multiple management systems. lt is possible to employ one document or acombination of documents to achieve this. The SQP can be standard, job specific,service specific, or customerspecific—-as long as it meets the specific requirements of APIQ2.
“External parties” is a general term that can describe customers, regulators,suppliers,contractors, subcontractorsand other parties external to the organization that impact the delivery of the service. In other parts of APl Q2 wherethe standard mentions subcontractors andlor suppliers,there are specific requirements that are applied to thoseexternal parties.