Introduction

In June 2018, the American Petroleum Institute (API), issued Addendum 2 for API Spec Q1, Quality Management System Requirements for Manufacturing Organizations for the Petroleum and Natural Gas Industries, Ninth Edition. Addendum 2 went into full effect on June 1, 2019. Addendum 2 is the most significant change to API Spec Q1, since the release of API Spec Q1: Ninth Edition in June 2013, which was released after the Deepwater Horizon Oil Spill, which occurred on April 20, 2010 that resulted in 11 fatalities and 4.9 billion barrels of oil spilled into the Gulf of Mexico. Organizations that operate in compliance to or that are certified to API Spec Q1 must work to put even more emphasis on their supply chain. In this article, I will explain several of the major changes introduced by Addendum 2 and how they may impact your organization.

More Emphasis on Supply Chain

API defines supply chain as, Suppliers and associated sub-supplier(s) required for product realization. This means your suppliers and your suppliers’ suppliers that they use for your product realization. Most organizations only focus on the first level of their supply chain, which are their direct suppliers, but don’t drill down to the second level of the supply chain, your suppliers’ suppliers. Organizations must consider the first and second level of their supply chain. Your first level supplier may be doing a great job, but the risk to the quality of what they provide you may be in the second level supplier. Addendum 2 is focused on ensuring organizations have a strong supply chain by focusing on both levels of the supply chain.

Products, Components and/or Activities

Addendum 2 will require several updates to your API Spec Q1 documentation. One of the overriding changes is the inclusion of the phrase products, components and/or activities. This phrase is used in API Spec Q1:Ninth Edition, but Addendum 2 adds it in several other clauses. The purpose of this change is for organizations not to simply focus on the products that you purchase from your suppliers, but the components that make up the product you purchase from them. This may involve organizations really breaking down products they purchase to the component level, so that the necessary controls can be applied not to just the overall product, but to the components of the product(s). In addition, the term activities has been added. The addition of activities would apply to services that you purchase to produce your product.  This may include coating, welding, inspections, etc. The sections impacted due to this statement includes: 5.4.3, 5.6.1.1, 5.6.1.2, 5.6.1.3, 5.6.1.4, 5.6.3 and 5.5.11.2.c.  Check these sections and ensure they have been added.

5.6.1.1 Purchasing Control Procedure

Addendum 2 requires that organizations identify which products, components or activities are deemed critical. Prior to this the specification only required determination of critical activities or products. An organization can determine criticality, but not identify criticality. Identification can easily be done by updating your product, components and activities (services) register or list with an identification of their criticality. This may be something as simple as 1-Very Critical, 2-Critical and 3-Not Critical for each product, component or activity purchased.  When it comes to the extent of control applied to suppliers, Addendum 2 now focuses on the extent and controls your organization applies to its entire supply chain.  Remember this includes the extent and controls that your suppliers place on their suppliers.

5.6.1.2 Initial Supplier Evaluation-Critical Purchases

As part of the initial supplier evaluation, organizations must now verify the type and extent of control placed on the organization’s suppliers internally and the type and extent of controls that their suppliers’ have on their supply chain. This could be a bit tricky as the requirement is stating that your organization not only has to implement controls to its first level suppliers, but verify what controls are in place for the second level suppliers. This requirement could be met easily by having your suppliers provide a documented verification statement of how they control their suppliers. If you really want to meet the requirement, have your suppliers provide evidence, such as the API, ISO or other certifications for the applicable suppliers within their supply chain. A copy of the supplier audit they performed would also be a good form of objective evidence.

5.6.1.4 Supplier Reevaluation

For supplier reevaluations, organizations must now determine the reevaluation frequency based on the individual supplier risk and quality performance. It’s no longer good enough to simply state that you will evaluate all of your suppliers once per year. To meet this requirements, organization must perform a risk assessment for each supplier. This may take some time, but its very important, as your organization may determine that some suppliers are riskier than others and should be reevaluated more often.

In addition to the supplier risk assessment, each suppliers’ quality performance should also be considered when establishing their reevaluation frequency. What if a certain supplier starts to have quality performance issues? Would you want to only reevaluate them once per year? Depending on how significant or frequent the quality issues are, you may decide to reevaluate them bi-annually, until performance is improved. In my opinion, these two additions are the most important additions to Addendum 2 and should really help organizations improve the performance of their supply chains.

5.6.3 Verification of Purchased Products or Activities

5.6.3 has been revised to require organizations to review the documentation that they require from suppliers. This could be certificates of authenticity, material traceability reports, laboratory test reports, etc. In addition to identifying the required documentation, organizations must now verify that the most current versions of specifications, drawings, process requirements, inspection instructions, traceability and other relevant technical data are specified. This means that when your organization specifies requirements, you must verify that you are using the latest version. For example if your organization is specifying a requirement to a supplier based upon API Spec Q1, you must verify that you making reference to API Spec Q1:Ninth Edition, Addendum 2.

This requirement could be met by listing the required documentation and referencing the latest version of the reference document on the purchase order. The ISO 9001 Group has designed a document we refer to as Purchased Product or Service Requirements. This document is somewhat of a profile for each product or service purchased. It can be utilized to list the documentation required and reference to the latest reference documents. Once completed it becomes a controlled document, which you would distribute to the applicable supplier(s) of the product or service.

Organizations must also specify the requirements for testing, inspection methods, frequency and who’s responsible for these activities. The requirements must be based on the risk associated with the supplier product quality. This first means that the organization should have performed a risk assessment for each supplier and determine the suppliers’ product quality, which we introduced earlier in 5.6.1.4 Supplier Reevaluation. For example, if you purchase a raw material which poses a major risk to your product, its important that your organization specify the testing, inspection methods, frequency and who’s responsible for the raw material prior to it being delivered to your facility.

5.7.1.5 Validation of Processes for Production and Servicing

5.7.1.5 now requires that the coating and plating processes be validated, if applicable to your product(s). Validation starts with your organization specifying the coating and plating specification and standard(s) that the supplier should follow. Furthermore, the organization should request the applicable supplier(s) to provide the specifications and standards they utilized when performing coating and plating on your product(s). Validation for coating and plating may involve the supplier providing you with their data and inspection reports regarding the coating and plating that was applied to your product.

6.4.2 Corrective Action and 6.4.3 Preventive Action

A minor change was made in sections 6.4.2 and 6.4.3. The change involved replacing the word supply chain with supplier. This change forces the corrective or preventive action to be focused on a specific supplier(s) as opposed to the broad supply chain.

Conclusion

Overall Addendum 2 introduces some additional controls around the area of your organization’s suppliers and your suppliers’ suppliers. These changes will require some minor adjustments to your documentation. In addition to documentation changes, organizations must conduct a risk assessment for each individual supplier, which will drive the frequency of the reevaluation period. Simply submitting a purchase order is no longer sufficient. More focus must be placed on defining, verifying and validating the specifications, standards, etc. that the supplier(s) shall use when providing product, components or activities to your organization. Addendum 2 should provide tighter controls over your supply chain, which means less risk for your organization.

Author Biography

Oscar Combs, Senior Consultant of The ISO 9001 Group, a management consulting, auditing and training firm based in Houston, Texas.  Oscar has over 24 years of experience working with management systems.  Oscar has worked with clients throughout North America, South America, Europe, The Middle East, Asia and Africa helping companies manage risk and improve their business operations.  Oscar holds an MBA from the University of Houston.  He is certified by Exemplar Global as a Principal Management Consultant and Lead Auditor. Oscar is also a Senior Member of the American Society for Quality and has served as the Programs Committee Chair for ASQ’s Houston Chapter 1405.