5629 FM 1960 Road West, Suite 200

Houston, TX 77069
Tel: 832-326-9796
Fax: 281-607-2035
email: [email protected]
www.conformancemanager.com

Stronger Supply Chain with API Spec Q1 Addendum 2

Author: Oscar Combs, Sr. Consultant
July 8, 2019

Introduction

In June 2018, the American Petroleum Institute (API), issued Addendum 2 for API Spec Q1, Quality
Management System Requirements for Manufacturing Organizations for the Petroleum and Natural Gas
Industries, Ninth Edition. Addendum 2 went into full effect on June 1, 2019. Addendum 2 is the most
significant change to API Spec Q1, since the release of API Spec Q1: Ninth Edition in June 2013, which
was released after the Deepwater Horizon Oil Spill, which occurred on April 20, 2010 that resulted in 11
fatalities and 4.9 billion barrels of oil spilled into the Gulf of Mexico. Organizations that operate in
compliance to or that are certified to API Spec Q1 must work to put even more emphasis on their supply
chain. In this article, I will explain several of the major changes introduced by Addendum 2 and how they
may impact your organization.

More Emphasis on Supply Chain

API defines supply chain as, Suppliers and associated sub-supplier(s) required for product
realization. This means your suppliers and your suppliers’ suppliers that they use for your product
realization. Most organizations only focus on the first level of their supply chain, which are their
direct suppliers, but don’t drill down to the second level of the supply chain, your suppliers’
suppliers. Organizations must consider the first and second level of their supply chain. Your first
level supplier may be doing a great job, but the risk to the quality of what they provide you may be
in the second level supplier. Addendum 2 is focused on ensuring organizations have a strong
supply chain by focusing on both levels of the supply chain.

Products, Components and/or Activities

Addendum 2 will require several updates to your API Spec Q1 documentation. One of the
overriding changes is the inclusion of the phrase products, components and/or activities. This
phrase is used in API Spec Q1:Ninth Edition, but Addendum 2 adds it in several other clauses. The
purpose of this change is for organizations not to simply focus on the products that you purchase
from your suppliers, but the components that make up the product you purchase from them. This
may involve organizations really breaking down products they purchase to the component level, so
that the necessary controls can be applied not to just the overall product, but to the components
of the product(s). In addition, the term activities has been added. The addition of activities would
apply to services that you purchase to produce your product. This may include coating, welding,
inspections, etc. The sections impacted due to this statement includes: 5.4.3, 5.6.1.1, 5.6.1.2,
5.6.1.3, 5.6.1.4, 5.6.3 and 5.5.11.2.c. Check these sections and ensure they have been added.

© The ISO 9001 Group. All rights reserved. Page 1 of 4

 5629 FM 1960 Road West, Suite 200
Houston, TX 77069
Tel: 832-326-9796
Fax: 281-607-2035
email: [email protected]
www.conformancemanager.com

5.6.1.1 Purchasing Control Procedure

Addendum 2 requires that organizations identify which products, components or activities are
deemed critical. Prior to this the specification only required determination of critical activities or
products. An organization can determine criticality, but not identify criticality. Identification can
easily be done by updating your product, components and activities (services) register or list with
an identification of their criticality. This may be something as simple as 1-Very Critical, 2-Critical
and 3-Not Critical for each product, component or activity purchased. When it comes to the extent
of control applied to suppliers, Addendum 2 now focuses on the extent and controls your
organization applies to its entire supply chain. Remember this includes the extent and controls
that your suppliers place on their suppliers.

5.6.1.2 Initial Supplier Evaluation-Critical Purchases

As part of the initial supplier evaluation, organizations must now verify the type and extent of
control placed on the organization’s suppliers internally and the type and extent of controls that
their suppliers’ have on their supply chain. This could be a bit tricky as the requirement is stating
that your organization not only has to implement controls to its first level suppliers, but verify
what controls are in place for the second level suppliers. This requirement could be met easily by
having your suppliers provide a documented verification statement of how they control their
suppliers. If you really want to meet the requirement, have your suppliers provide evidence, such
as the API, ISO or other certifications for the applicable suppliers within their supply chain. A copy
of the supplier audit they performed would also be a good form of objective evidence.

5.6.1.4 Supplier Reevaluation

For supplier reevaluations, organizations must now determine the reevaluation frequency based
on the individual supplier risk and quality performance. It’s no longer good enough to simply state
that you will evaluate all of your suppliers once per year. To meet this requirements, organization
must perform a risk assessment for each supplier. This may take some time, but its very important,
as your organization may determine that some suppliers are riskier than others and should be
reevaluated more often.

In addition to the supplier risk assessment, each suppliers’ quality performance should also be
considered when establishing their reevaluation frequency. What if a certain supplier starts to
have quality performance issues? Would you want to only reevaluate them once per year?
Depending on how significant or frequent the quality issues are, you may decide to reevaluate
them bi-annually, until performance is improved. In my opinion, these two additions are the most
important additions to Addendum 2 and should really help organizations improve the performance
of their supply chains.

© The ISO 9001 Group. All rights reserved. Page 2 of 4

 5629 FM 1960 Road West, Suite 200
Houston, TX 77069
Tel: 832-326-9796
Fax: 281-607-2035
email: [email protected]
www.conformancemanager.com

5.6.3 Verification of Purchased Products or Activities

5.6.3 has been revised to require organizations to review the documentation that they require
from suppliers. This could be certificates of authenticity, material traceability reports, laboratory
test reports, etc. In addition to identifying the required documentation, organizations must now
verify that the most current versions of specifications, drawings, process requirements, inspection
instructions, traceability and other relevant technical data are specified. This means that when
your organization specifies requirements, you must verify that you are using the latest version. For
example if your organization is specifying a requirement to a supplier based upon API Spec Q1, you
must verify that you making reference to API Spec Q1:Ninth Edition, Addendum 2.

This requirement could be met by listing the required documentation and referencing the latest
version of the reference document on the purchase order. The ISO 9001 Group has designed a
document we refer to as Purchased Product or Service Requirements. This document is somewhat
of a profile for each product or service purchased. It can be utilized to list the documentation
required and reference to the latest reference documents. Once completed it becomes a
controlled document, which you would distribute to the applicable supplier(s) of the product or
service.

Organizations must also specify the requirements for testing, inspection methods, frequency and
who’s responsible for these activities. The requirements must be based on the risk associated with
the supplier product quality. This first means that the organization should have performed a risk
assessment for each supplier and determine the suppliers’ product quality, which we introduced
earlier in 5.6.1.4 Supplier Reevaluation. For example, if you purchase a raw material which poses a
major risk to your product, its important that your organization specify the testing, inspection
methods, frequency and who’s responsible for the raw material prior to it being delivered to your
facility.

5.7.1.5 Validation of Processes for Production and Servicing

5.7.1.5 now requires that the coating and plating processes be validated, if applicable to your
product(s). Validation starts with your organization specifying the coating and plating specification
and standard(s) that the supplier should follow. Furthermore, the organization should request the
applicable supplier(s) to provide the specifications and standards they utilized when performing
coating and plating on your product(s). Validation for coating and plating may involve the supplier
providing you with their data and inspection reports regarding the coating and plating that was
applied to your product.

6.4.2 Corrective Action and 6.4.3 Preventive Action

A minor change was made in sections 6.4.2 and 6.4.3. The change involved replacing the word
supply chain with supplier. This change forces the corrective or preventive action to be focused on
a specific supplier(s) as opposed to the broad supply chain.

© The ISO 9001 Group. All rights reserved. Page 3 of 4

 5629 FM 1960 Road West, Suite 200
Houston, TX 77069
Tel: 832-326-9796
Fax: 281-607-2035
email: [email protected]
www.conformancemanager.com

Conclusion

Overall Addendum 2 introduces some additional controls around the area of your organization’s
suppliers and your suppliers’ suppliers. These changes will require some minor adjustments to your
documentation. In addition to documentation changes, organizations must conduct a risk
assessment for each individual supplier, which will drive the frequency of the reevaluation period.
Simply submitting a purchase order is no longer sufficient. More focus must be placed on defining,
verifying and validating the specifications, standards, etc. that the supplier(s) shall use when
providing product, components or activities to your organization. Addendum 2 should provide
tighter controls over your supply chain, which means less risk for your organization.

Author Biography

Oscar Combs, Senior Consultant of The ISO 9001 Group, a management consulting,
auditing and training firm based in Houston, Texas. Oscar has over 24 years of experience
working with management systems. Oscar has worked with clients throughout North
America, South America, Europe, The Middle East, Asia and Africa helping companies
manage risk and improve their business operations. Oscar holds an MBA from the
University of Houston. He is certified by Exemplar Global as a Principal Management
Consultant and Lead Auditor. Oscar is also a Senior Member of the American Society for Quality and has
served as the Programs Committee Chair for ASQ’s Houston Chapter 1405.

© The ISO 9001 Group. All rights reserved. Page 4 of 4