Company: Facility Name/ID: Date:: Instructions

Instructions FM-190 | Rev 3.
0 | 7/15/21
Company: Please provide a Tier 1 (Quality Manual) reference and/or a Tier 2 (Procedure/Work Instruction)
Facility Name/ID: reference where each requirement has been addressed in your Quality Management System
Documentation. If you are applying for exclusions to your QMS, please indicate “Excluded” in the
Date: Tier 1/Tier 2 boxes for each requirement being excluded. See Section 1 of Q2 for a list of allowable
Reference: API Spec Q2 2nd Ed exclusions.
Paragraph Reference Requirement Tier 1 (Quality Manual) Tier 2 (Procedure/Work Tier 3 (Procedure/Work
Number Document Number/ID, Instruction) Instruction)
Revision Level, Document Document Number/ID, Document Number/ID,
Description Revision Level, Document Revision Level, Document
Description Description
4 Quality Management System Requirements

4.1 General
4.1.1 Quality The organization shall establish, document, implement, and
Management maintain at all times a quality management system
System for services and service-related product provided for use in the
petroleum and natural gas industry. The
organization shall measure the effectiveness and improve upon
the quality management system in accordance
with the requirements of this specification.
4.1.2 Quality Policy The organization’s policy for its commitment to quality shall be
defined, documented, and approved by top
management. The organization’s top management shall review
the quality policy (see 6.5.1) to ensure that it
is appropriate to the organization, is the basis for the
development of quality objectives (see 4.1.3), and is
communicated, understood, implemented and maintained at all
relevant functions and levels within the
organization. The quality policy shall be available externally, as
appropriate. The policy shall include a
commitment to conform to requirements and continually
improve the effectiveness of the QMS
4.1.3 Quality Objectives Management, with approval from top management, shall
ensure that quality objectives required for service
and service-related product (SRP) are established at relevant
functions and levels within the organization. At
a minimum the organization shall consider the output from
Analysis of Data (6.3) when establishing the quality
objectives. The quality objectives shall be measurable,
communicated, and consistent with the quality policy.
4.1.4 Planning of the When planning the quality management system,
Quality management shall ensure that:
Management a) criteria and methods needed for the operation and control of
System all QMS processes are determined, managed
and effective;
b) the planning of the QMS is carried out in order to meet the
requirements of this specification;
c) the integrity of the QMS is maintained while changes are
implemented; and
d) the planning to achieve quality objectives includes actions,
resources, responsibilities, timeframe, and how
results will be evaluated.
4.1.5 Communication
4.1.5.1 Internal Management shall ensure that appropriate communication
processes are established and implemented within
the organization and the effectiveness of the QMS is
communicated
The organization shall establish processes to ensure that:
a) importance of meeting customer, legal, and other applicable

requirements is communicated to relevant
functions within the organization; and
b) results of analysis of data, including nonconforming services
and SRP, (see 6.3) are communicated to
relevant functions within the organization.
Page 1 of 20 9623-0b9d-a247-dfd6
Instructions FM-190 | Rev 3.0 | 7/15/21
4.1.5.2 External The organization shall establish and implement a process for
communicating with external organizations to
ensure requirements are understood throughout service
execution. The communication process shall address,
as applicable:
a) execution of inquiries, contracts, or order handling and

amendments (see 5.1);
b) control of service and SRP information, including service-
related nonconformities (see 5.10);
c) service quality plans (SQPs) and subsequent changes (see
5.7.2);
d) feedback and complaints (see 6.2.1); and
e) communication of residual risk (see 5.3).
4.2 Management Responsibility
4.2.1 Organization Top management shall ensure the availability of resources
Structure essential to establish, implement, maintain, and
improve the QMS.
Management shall provide evidence of its commitment to the
development and implementation of the QMS
and continually improving its effectiveness by:
a) ensuring that quality objectives are established including key
performance indicators for use in data
analysis, and
b) conducting management reviews (see 6.5).
4.2.2 Responsibility and Roles, responsibilities, authorities, and accountabilities of
Authority personnel within the scope of this specification shall
be defined, documented, assigned, and communicated
throughout the organization.
4.2.3 Management The organization's management shall appoint a member(s) of
Representative the organization’s management who,
irrespective of other responsibilities, shall have defined roles,
responsibility and authority that includes:
a) ensuring that the quality management system meets the
requirements of this specification;
b) ensuring that processes needed for the quality management
system are established, implemented,
and maintained;
c) reporting to top management on the performance of the
quality management system and any need for
improvement;
d) ensuring initiation of action(s) to minimize the likelihood of
the occurrence of nonconformities; and
e) ensuring the promotion of awareness of customer
requirements throughout the organization.
4.3 Organization Capability
4.3.1 Provision of The organization shall determine and provide the resources
Resources needed to establish, implement, maintain, and
improve the effectiveness of the QMS.
4.3.2 Human Resources
Page 2 of 20 9623-0b9d-a247-dfd6
4.3.2.1 Personnel The organization’s personnel whose responsibilities fall within

Competence the scope of the quality management system
shall be competent. Competency shall be achieved by
education, training, skills, or experience. The
organization shall maintain a documented procedure
addressing personnel competence.
The procedure shall address:
a) identification and documentation of required competencies
and methods for achievement
b) Criteria and methods for assessing and if applicable re-
assessing required competencies;
c) evaluation of effectiveness of training or actions taken to
acquire the necessary competencies
d) How required competencies are maintained; and
e) Personnel responsible for assessing competency
The organization shall maintain records of personnel
competence. (see 4.5).
4.3.2.2 Training and The organization shall provide for QMS training and for job
Awareness training of the organization’s personnel who affect
execution of service or provision of SRP and shall ensure:
a) that customer-specified training and/or customer-provided

training, when required, is included in the
training program;
b) that the frequency and content of training is identified and
complies with legal and other applicable
requirements;
c) that personnel are aware of the relevance and importance of
their activities and how they contribute to the
achievement of the quality objectives; and
d) that appropriate records of education, training, skills, and

experience are maintained (see 4.5).
4.3.3 Work The organization shall determine, provide, manage, and
Environment maintain the work environment needed to achieve
conformity to applicable service or SRP requirements. Work
environment shall include, as applicable:
a) buildings, workspace and associated utilities;
b) process equipment (both hardware and software);
c) supporting services (such as transport or communication or
information systems); and
d) conditions under which work is performed including physical,
environmental and other factors.
4.4 Document Requirements
4.4.1 General The QMS documentation shall include:
a) statements of quality policy and quality objectives;
b) a quality manual or other documentation that addresses the
scope of the QMS, each requirement of this
document and includes the identification and justifications of
allowable exclusions
c) documented procedures established, implemented, and

maintained for the QMS;
d) documents and records to ensure the effective planning,
operation, and control of its processes, and
conformance with specified requirements; and
Page 3 of 20 9623-0b9d-a247-dfd6
e) identification of legal and other applicable requirements to

which the organization claims compliance which
are needed to achieve service and SRP conformity.
4.4.2 Control of The organization shall maintain a documented procedure for

Documents the identification, distribution and control of
documents required by the QMS and this specification,
including required documents of an origin external to
the organization.
The procedure shall identify responsibilities for approval and re-

approval and the controls needed to ensure
that documents, including relevant revisions, translations, and
updates:
a) are reviewed and approved for adequacy prior to issue and
use;
b) identify changes that are made;
c) remain legible and readily identifiable; and
d) are available where the activity is being performed.
Obsolete documents shall be removed from all points of issue
or use, or otherwise identified to prevent
unintended use if they are retained for any purpose.
A master list or equivalent shall be established to identify the
current revision status of documents.
4.5 Control of Records The organization shall maintain a documented procedure to
define the controls and responsibilities needed for
the identification, collection, alteration, storage, protection,
retrieval, retention time and disposition of records.
Records, including those originating from outsourced activities

(see 5.6.1.6), shall be established and
controlled to provide evidence of conformity to requirements
and the organization’s quality management
system.
Records shall remain legible, identifiable, and readily

retrievable. Records required by this specification shall
be retained for a minimum of five years or as required by
customer, legal and other applicable requirements,
whichever is longer.
5 Realization of Service and Service-related Product
5.1 Contract Review
5.1.1 General The organization shall maintain a documented procedure for
the review of requirements related to the
execution of services or provision of SRPs.
5.1.2 Determination of The organization shall determine:
Requirements a) requirements specified by the customer;
b) legal and other applicable requirements; and
c) requirements not stated by the customer but considered
necessary by the organization for the execution
of service and provision of SRP.
Page 4 of 20 9623-0b9d-a247-dfd6
Where the customer provides no documented statement of the

requirements, the customer requirements shall
be confirmed by the organization and records maintained (see
4.5)
5.1.3 Review of The organization shall review the requirements related to

Requirements execution of the service or provision of SRPs. This
review shall be conducted prior to the organization‘s
commitment to provide a service and/or SRP to the
customer and shall ensure that:
a) requirements are defined and documented;
b) requirements differing from those previously identified are
resolved; and
c) the organization has the capability and resources to meet the
documented requirements.
Where contract requirements are changed, the organization
shall ensure that relevant documents are
amended and that relevant personnel are made aware of the
changed requirements.
Records of the results of the review, including resulting actions,
shall be maintained (see 4.5).
5.2 Planning The organization shall identify and plan the processes and
documents needed for service and SRP realization.
In planning, the organization shall address the following
a) required resources and work environment management (see
4.3);
b) customer-specified requirements (see 5.1), including critical
success factors (CSFs);
c) legal and other applicable requirements;
d) initial risk assessment (see 5.3);
e) contingency planning (see 5.5);
f) service design and provisions of SRP (see 5.4)
g) key performance indicators;
h) required verification, validation, monitoring, measurement,
inspection, and test activities, including suitable
TMMDE is utilized, specific to the service and SRP and the
criteria for acceptance;
i) management of interfaces with other party’s SRP;

j) management of change (see 5.11); and
k) records needed to provide evidence that the realization
processes meet requirements (see 4.5).
The output of planning shall be documented and updated as
changes occur. The plans shall be maintained
in a structure suitable for the organization‘s method of
operations.
5.3 Risk Assessment The organization shall maintain a documented procedure to
and Management control risk throughout the execution of a service.
The procedure shall address the identification, communication,

and management of:
a) risks associated with services and SRPs;
b) work environment;
c) risk management tools and techniques;
Page 5 of 20 9623-0b9d-a247-dfd6
d) implementation of the mitigation or preventive control

measures to reduce or avoid exposure to loss; and
e) notification to the customer of residual risks that may impact

the service.
Records of risk assessment and actions taken shall be
maintained (see 4.5).
5.4 Design and Development of Service
5.4.1 Design and The organization shall maintain a documented procedure to
Development plan and control the design and development of the service,
Planning including the use of service-related products.
The procedure shall identify:

a) the design and development stages;
b) the activities required for completion, review and
verification of each stage;
c) the interfaces between different groups involved in design
and development; and
d) the responsibilities and authorities for the design and
development activities.
When design and development are outsourced, the
organization shall ensure the supplier meets the
requirements of 5.4 and provide objective evidence that the
supplier has met these requirements.
5.4.2 Design and Inputs relating to design of the service shall be determined and
Development records maintained (see 4.5). These inputs
Inputs shall include:
a) customer-specified requirements (see 5.1);

b) legal requirements; and
c) other applicable requirements, including:
1) requirements provided from an external source
2) SRP, including its functional and technical requirements;
3) environmental and operational conditions,

4) results from risk assessments (see 5.3), and
5) historical performance and other information derived from
previous similar service designs.
5.4.3 Design and The outputs of design and development shall be documented to
Development allow verification against the design and
Outputs development input requirements.
Design and development outputs shall:
a) meet the input requirements for design and development;
b) provide information for purchasing of any required SRP;
c) provide controls for the execution of the service, including

allowable variations in the service execution
parameters;
d) include or reference acceptance criteria for the completion of
the service;
e) identify critical SRPs; and
f) specify the characteristics of the SRP that are essential for
execution of service.
Page 6 of 20 9623-0b9d-a247-dfd6
5.4.4 Design and Verification of the design of the service shall be performed in
Development accordance with planned arrangements (see
Verification 5.4.1) to ensure that the design and development outputs have
met the design and development input
requirements. Records of the results of the verification shall be
maintained (see 4.5).
5.4.5 Design and A final design and development review and approval shall be
Development conducted and documented. Competent
Final Review and individual(s) other than the person or persons who developed
Approval the design shall review and approve the final
design and development outputs.
Records of the results of the final review, including the closure
of any necessary actions, and approval shall
be maintained (see 4.5).
5.4.6 Design and Design and development changes, including changes to design
Development documents, shall require the same controls as
Changes the original design and development.
5.5 Contingency planning
contingency planning. The procedure shall
include incident and disruption prevention and mitigation
measures. Contingency planning shall be integrated
into services and supporting processes of the organization, its
suppliers, and the customer.
5.5.2 Planning Output Contingency planning output shall be documented and

communicated to the relevant personnel and updated
as required to minimize the likelihood or duration of disruption
of execution of service. The contingency plan
shall be based on assessed risks (see 5.3) and shall include, at a
minimum:
a) actions required in response to significant risk scenarios (See
5.3);
b) actions required to reduce effects of incidents causing service
disruptions;
c) identification and assignment of resources, responsibilities,
and authorities; and
d) internal and external communications controls (see 4.1.5).
5.6 Purchasing
5.6.1 Purchasing Control
5.6.1.1 Procedure The organization shall maintain a documented procedure to
ensure that SRP and outsourced services conform
to specified requirements.
The procedure shall address:

a) the determination and identification of critical services and
SRPs;
b) evaluation and selection of suppliers based on their ability to
supply services and SRP in accordance with
the organization‘s requirements;
c) the type and extent of control applied to the supply chain for
services and SRPs, based on the criticality of
the service and SRP;
Page 7 of 20 9623-0b9d-a247-dfd6
d) criteria, scope, frequency, and methods for re-evaluation of

suppliers; and
e) maintaining a listing of approved suppliers and scope of
approval.
5.6.1.2 Initial Supplier For critical services or SRP, the criteria for the initial evaluation
Evaluation – and selection of suppliers by the organization
Critical Purchases shall include the following prior to initiation of the purchase
agreement:
a) on-site assessment of the supplier’s activities to ensure their
capability to meet the organization’s
purchasing requirements;
b) verification that the supplier’s QMS conforms to the quality
system requirements specified for suppliers by
the organization; and
c) verification of the type and extent of control applied by the
supplier, internally and to their supply chain, in
order to meet the organization's requirements.
5.6.1.3 Initial Supplier For the initial evaluation of suppliers for non-critical services or
Evaluation – SRP by the organization, one or more of the
Noncritical following shall apply:
Purchases
a) verification that the supplier’s QMS conforms to the quality
system requirements specified for suppliers by
the organization;
b) assessment of the supplier to meet the organization’s
purchasing requirements;
c) assessment of the supplier upon delivery of the product or
service.
5.6.1.4 Supplier Re- The organization shall determine the supplier re-evaluation
evaluation frequency based on supplier risk and quality
performance.
Re-evaluation of suppliers of critical services and/or SRP, shall
include:
a) verification of the supplier’s quality management system
implementation and conformity to the quality
system requirements specified for suppliers by the
organization;
b) verification of the type and extent of control applied by the
supplier, internally and to their supply
chain, in order to meet the organization’s requirements (see
5.6.1.1.c); and
c) evaluation method of the supplier’s continued capability to
meet the organization’s specified
requirements.
The evaluation method shall be based on risk and quality
performance using by one or both of the
following:
1) performing an assessment to verify that relevant service-
related processes are in
accordance with process controls, and are effective in achieving
conformity to service or
SRP requirements or;
2) performing inspection, function testing or verification of
relevant characteristics of product,
component or activity as applicable, (see 5.6.3)
Page 8 of 20 9623-0b9d-a247-dfd6
When limited by proprietary, legal, and/or contractual

arrangements, the organization shall identify how the supplied
service-related processes and/or SRP conforms to stated
requirements.
For the re-evaluation of suppliers of noncritical services and/or

SRP, the requirements of 5.6.1.3 shall apply.
5.6.1.5 Supplier Records of the results of evaluations and any necessary actions
Evaluation – arising from these evaluations (see 6.4.2)
Records shall be maintained (see 4.5).
5.6.1.6 Where an organization chooses to outsource a process or
activity of its quality management system, the
organization shall ensure that applicable elements of its quality
management system are satisfied.
Where an organization chooses to outsource a service or
service-related product or activity, the organization
shall maintain responsibility for service or service-related
product conformance to specified requirements,
including applicable industry specifications.
Records of outsourced activities shall be maintained (see 4.5),
including evidence of conformity (see 5.6.3).
5.6.2 Purchasing Purchasing information provided to the supplier shall be
Information documented and describe the services or SRP to be
purchased, including where appropriate:
a) requirements for acceptance criteria of service and SRP;
b) requirements for approval of supplier’s procedures,

processes and/or equipment;
c) applicable version of specifications, drawings, process
requirements, inspection instructions and other
relevant technical data;
d) requirements for qualification of supplier’s personnel; and
e) QMS requirements.
5.6.3 Verification of The organization shall maintain a documented procedure for
Purchased defining the verification criteria and other activities
Services and SRP necessary for ensuring that purchased service and SRP meets
specified purchase requirements. The
organization shall maintain records of verification activities (see
4.5).
The organization shall ensure and provide evidence that

outsourced services and SRPs conform to specified
requirements.
5.7 Execution of Service
5.7.1 Control of Service Execution
5.7.1.1 General The organization shall maintain a documented procedure that
describes the integration of the following, as a
minimum, into the development of a SQP (see 5.7.2):
a) personnel training and competence (see 4.3.2);

b) defined contract requirements (see 5.1);
c) risk assessment and management (see 5.3);
d) information that describes the characteristics of the service
and SRPs and ensuring design requirements
are satisfied (see 5.4); and
Page 9 of 20 9623-0b9d-a247-dfd6
e) identification of testing, measuring, monitoring, and

detection equipment (TMMDE) (see 5.8).
5.7.1.2 Documentation Controls for execution of the service shall be documented and
include requirements for verifying conformance
with quality plans, procedures, and applicable standards/codes.
The control documents shall include or
reference instructions and acceptance criteria for processes,
tests, inspections, and customer’s inspection hold
or witness points.
5.7.2 Service Quality Plan

5.7.2.1 General The organization shall develop a SQP that controls the
execution of services and use of SRPs.
5.7.2.2 Plan Content The service quality plan shall address each of the following:
a) required activities and documentation for compliance with

customer and legal requirements;
b) identification of responsible functions for each activity,
including external parties;
c) identification and reference to controls for outsourcing
activities critical to execution of service;
d) identification of the relevant procedure, specification or
other document referenced or used in each activity;
e) identification of the requirements to perform acceptance
inspection for each activity, including hold, witness,
monitor and document review points for representatives of the
organization and the customer;
f) identification of required testing, measuring, monitoring and

detection equipment (TMMDE) (see 5.8);
g) identification and controls of risk (see 5.3);
h) identification of critical services and critical SRP, including
where these are outsourced;
i) identification of the required deliverables; and
j) identification of the required records (see 4.5).
The SQP shall be updated when any of the plan content
changes.
5.7.2.3 Plan Approval SQPs and any revisions to them shall be documented and
approved by the organization.
When required by contract, the SQP and revisions shall be
communicated to the customer.
5.7.3 Identification and The organization shall maintain a documented procedure for
Traceability identification and traceability of SRP. The
procedure shall include identification controls at all stages of
delivery, installation, repair, and redress as
required by the organization and the customer. The procedure
shall include requirements for maintenance or
replacement of identification and traceability marks.
SRP shall be identified. Critical SRP shall be identified and

traceable to the Preventative Maintenance,
Inspection, and Test Program (PMITP) records (see 4.5 and
5.7.8) and the original manufacturer.
Page 10 of 20 9623-0b9d-a247-dfd6
Records (see 4.5) of identification and traceability shall be

maintained.
5.7.4 SRP Status The organization shall maintain a documented procedure for
the identification of SRP status at all stages of
service execution.
5.7.5 Customer The organization shall maintain a documented procedure to

Property identify, verify, store and safeguard customer
property provided for use in the service and/or with the SRP
while under control of the organization. Customer
property shall include customer-derived intellectual property
and customer-specific data. Control of customer
property shall include the controls required for reporting to the
customer any loss, damage, or unsuitable use
of customer property.
Records for the organization’s control and disposition of

customer property shall be maintained (see 4.5).
5.7.6 Preservation of The organization shall maintain a documented procedure
SRP describing the methods used to preserve the SRP
during internal processing through execution of service. As
applicable, preservation shall include identification
and traceability, transportation, handling, packaging, storage,
and protection. Preservation shall also apply to
the constituent parts of the SRP.
In order to detect deterioration, the condition of the SRP or

constituent parts in stock shall be assessed at
intervals specified in the procedure.
5.7.7 Validation of SRP SRP shall be validated to the extent needed to confirm
capability to meet planned service requirements prior
to execution of service. The validation shall be appropriate to
the criticality of the SRP. Records of the
validations and validation results shall be maintained (see 4.5).
5.7.8 Preventive The organization shall maintain a documented procedure for

Maintenance, the PMITP. The procedure shall address
Inspection and inspection, maintenance, redress, repair, make-up, testing and
Test Program acceptance criteria for SRP.
(PMITP) As a minimum, the PMITP shall include:
a) actions which address corrective maintenance;
b) actions which address preventive or predictive maintenance;
c) reports that document usage history, repairs or redress,

modifications, remanufacturing, inspection, and
test activities that allow direct verification for reuse of product;
d) list of critical spare parts requirements by the customer

and/or technical requirements considering those
recommended by the original equipment manufacturer;
Page 11 of 20 9623-0b9d-a247-dfd6
e) controls that ensure SRP integrity to the organization’s

defined performance requirements and design
acceptance criteria are maintained for SRP and constituent
components; and
f) frequency or condition that requires maintenance, inspection

and/or testing.
Records of PMITP shall be maintained (see 4.5).
Defined performance requirements that cannot be met shall
undergo the MOC process (see 5.11) for continued
use.
5.8 Control of Testing, The organization shall determine the required testing,
Measuring, measurement, monitoring and detection equipment
Monitoring and (TMMDE) to be controlled and necessary to provide evidence
Detection that service or SRP meets specified
Equipment requirements.
(TMMDE) Calibrations shall be in accordance with an international or
national recognized standard; where no such
standards exist, the basis used for calibration shall be recorded
(see 4.5).
The organization shall maintain a documented procedure to
ensure that TMMDE is identified, calibrated and
maintained for the execution of the service or in the provision
of the SRP. The procedure shall include
requirements for the specific equipment type that addresses:
a) unique identifier;
b) calibration status;
c) traceability to international or national measurement
standards; where no such standards exist, the basis
used for calibration or verification shall be recorded (see 4.5);
d) frequency of calibration, at specific intervals or prior to use;
e) calibration, verification or both methods, including

adjustments and readjustments, as necessary;
f) confirmation of TMMDE accuracy additional to the required
calibration, if required by the organization or
product specification;
g) acceptance criteria;
h) control of equipment identified as out-of-calibration, or not
in-service, in order to prevent unintended use;
and
i) when the equipment is found to be out of calibration, an
assessment of the validity of the previous
measurements shall be confirmed and the customer shall be
notified of potential impact to services or
SRP.
TMMDE shall:
1) be calibrated or verified, or both, against measurement
standards;
2) have the calibration or TMMDE verification status identifiable
by the user for the activities being performed
at all times;
Page 12 of 20 9623-0b9d-a247-dfd6
3) be safeguarded from adjustments that would invalidate the

measurement result or the calibration status;
4) be protected from damage and deterioration during

handling, maintenance, and storage; and
5) be used under environmental conditions that are suitable for
the calibrations, inspections, measurements
and tests being carried out.
When used in the testing, measuring, monitoring, and detection
of specified requirements, the ability of
computer software to satisfy the intended application shall be
confirmed prior to initial use and reconfirmed, as
necessary.
When testing, measuring, monitoring, and detection equipment

is externally provided the organization shall
verify that the equipment is suitable to provide evidence of
conformity of service or SRP to specified
requirements.
The organization shall maintain a registry of the required
testing, measurement, monitoring and detection
equipment that includes a unique identification, specific to each
piece of equipment.
Records of the results of calibration shall be maintained (see
4.5).
5.9 Service The organization shall maintain a documented procedure to
Performance validate the execution of the service performance
Validation to confirm that requirements were achieved.
This shall be carried out at appropriate stages during the

execution of the service in accordance with design
requirements (see 5.4) and the SQP (see 5.7.2). Evidence of
conformity with established acceptance criteria,
including KPIs and CSFs that are part of Service Execution, shall
be maintained.
Records of the service performance validation shall be
maintained, including identification of the person(s)
accepting the results (see 4.5).
5.10 Control of Nonconformities
5.10.1 General The organization shall maintain a documented procedure to
define the controls for identifying, documenting,
and reporting nonconforming service execution and SRP during
all phases of service execution, including
nonconformances discovered after validation of the service (see
5.9). The level of response shall be
proportionate to the severity of the nonconformity and its
effect on the execution of the service. The
procedure shall include identification of related responsibilities
and authorities for addressing the
nonconformances.
5.10.2 Nonconforming The organization shall address nonconforming service execution

Service Execution or SRP by the following sequence of
and SRP activities:
a) by taking action to correct the nonconformity; or
Page 13 of 20 9623-0b9d-a247-dfd6
b) when 5.10.2.a) is not possible or appropriate, by taking

action to identify and preclude the use of SRP from
its intended use or application; or
c) when 5.10.2.a) and 5.10.2.b) are not appropriate, by

authorizing release or acceptance under concession
by a relevant authority and/or by the customer.
For nonconforming service execution or SRP, the organization
shall take corrective action in accordance with
6.4.2 that is appropriate to the effects, or potential effects, of
the nonconformity.
5.10.3 Verification When nonconforming services and/or SRP are corrected they
shall be subject to verification to demonstrate
conformity to the requirements.
5.10.4 Customer The organization shall notify customers in the event that the
Notification service execution does not conform to service
design requirements or when nonconforming SRP has been
delivered or used in the execution of the service.
The organization shall maintain records of such notifications
(see 4.5)
5.10.5 Records of nonconformities shall be maintained (see 4.5). Such
records shall include the description of the
nonconformity, subsequent actions taken, including
concessions obtained, and relevant authority.
5.11 Management of Change (MOC)
the MOC process, to ensure that the integrity of
the QMS is maintained when changes to the QMS occur (See
5.11.2). For the MOC, the organization shall
identify the potential risks (see 5.3) associated with the change
and any required approvals prior to the
introduction of such changes. The organization shall maintain
records (see 4.5) of MOC activities.
5.11.2 MOC The organization shall use the MOC process for any of the
Implementation following that may negatively impact the execution
of a service:
a) changes or proposed changes in the organizational structure;
b) changes in key or essential personnel;

c) changes in critical suppliers;
d) changes to the QMS procedures, including temporary
changes and improvements resulting from corrective
actions (see 6.4);
e) changes to original equipment manufacturer’s specifications,
applications and/or software for SRP;
f) changes in approved design (see 5.4) including those that
were originally agreed upon by the customer;
g) changes including legal, industry and other applicable
requirements;
h) deviations from applicable procedures or requirements on a
temporary basis to address a specific
situation; and
i) changes in the work environment.
Page 14 of 20 9623-0b9d-a247-dfd6
5.11.3 MOC Evaluation, The organization shall notify relevant personnel, including the
Notification and customer, of the change and residual or new
Controls risk due to changes that have either been initiated by the
organization or requested by the customer.
The organization shall ensure that relevant documents are

amended.
6 QMS Monitoring, Measurement, Analysis and Improvement
6.1 General The organization shall plan and implement the monitoring,
measurement, analysis, and improvement
processes needed to ensure conformity of the QMS, and to
continually improve its effectiveness.
QMS monitoring, measurement, analysis, and improvement
shall include determination of applicable methods,
including techniques for the analysis of data, and the extent of
their use.
6.2 Monitoring, Measuring and Improving

6.2.1 Customer The organization shall maintain a documented procedure to
Satisfaction monitor customer satisfaction. The procedure shall
address the frequency and methods of obtaining customer
feedback, key performance indicators (KPIs), and
other information that the organization monitors to determine
whether the organization has met customer
requirements. Records of the results of customer satisfaction
information shall be maintained (see 4.5).
6.2.2 Internal Audit

6.2.2.1 General The organization shall maintain a documented procedure to
define responsibilities for planning, conducting,
and documenting internal audits. Audits shall verify that the
QMS is effectively implemented, maintained, and
conforms to the requirements of this specification. The planning
of internal audits shall take into consideration
the results of previous audits, criticality of the process being
audited, and applicable changes affecting the
QMS (see 5.11.2).
The organization shall identify the audit criteria, scope,

frequency and methods to ensure that all processes of
the QMS for the organization claiming conformity to the
requirements of this specification are audited at least
every 12 months.
Audit techniques shall include observation of the execution of
inspection, assembly, testing, and maintenance
processes.
Outsourced activities that impact the quality of services or SRP

performed at the organization’s facility or
worksite, shall be included as part of the internal audit of the
organization.
Page 15 of 20 9623-0b9d-a247-dfd6
6.2.2.2 Performance of Audits shall be performed by competent personnel (see 4.3.2.2)

Internal Audit independent of those who performed or
directly supervised the activity being audited to ensure
objectivity and impartiality of the audit process. The
audit shall apply suitable observation and evaluation methods
to ensure the effectiveness of the area or
process being audited.
An audit of all elements of the QMS shall be conducted prior to
claiming conformance to the requirements of
this specification.
6.2.2.3 Audit Review and The organization shall identify response times for addressing
Closure detected nonconformities. The management
responsible for the area being audited shall ensure that any
necessary corrections and corrective actions are
taken to eliminate detected nonconformities and their causes.
Follow-up activities shall include the verification
of the actions taken (see 6.4.2).
Records of the internal audits shall be maintained (see 4.5).
6.3 Analysis of Data

6.3 Analysis of Data The organization shall maintain a documented procedure for
the identification and use of the techniques for
the analysis of data. The organization shall determine, collect,
and analyze appropriate data to demonstrate
the suitability and effectiveness of the QMS and to evaluate
where continual improvement of the effectiveness
of the QMS can be made. This shall include data generated from
monitoring and measurement, internal audits
(see 6.2.2), external audits, management reviews (see 6.5) and
from other relevant sources.
The data analysis output shall provide information, including

trends, relating to:
a) customer satisfaction (see 6.2.1);
b) nonconformity to service design requirements (see 5.4);
c) service execution and SRP performance (see 5.10, 6.4.2,);
d) supplier performance (see 5.6); and

e) KPIs, CSFs, and quality objectives (see 4.1.3).
The organization shall use data to evaluate where continual
improvement of the effectiveness of the QMS can
be made.
6.4 Improvement
6.4.1 General The organization shall continually improve the effectiveness of
the QMS through the use of, quality objectives,
assessment and management of risks, MOC, audit results,
analysis of data, corrective actions and
management review.
Page 16 of 20 9623-0b9d-a247-dfd6
The organization shall also consider improvement to service

execution to meet customer requirements and
improve customer satisfaction.
6.4.2 Corrective Action The organization shall maintain a documented procedure to

correct nonconformities and to take corrective
actions, both internally and with suppliers, to eliminate the
causes of nonconformities in order to minimize the
likelihood of their recurrence.
The procedure shall define requirements for:

a) reviewing nonconformities (including customer complaints);
b) determining and implementing corrections;

c) identifying the root cause of the nonconformity and
evaluating the need for corrective action;
d) implementing corrective action to reduce the likelihood that
nonconformities recur;
e) identifying the timeframe and responsible person(s) for
making corrections and taking corrective action;
f) verification of the effectiveness of the corrections and
corrective action taken; and
g) evaluating similar, potential nonconformities and
implementing action to reduce the likelihood of
occurrence, as appropriate.
Where corrective action identifies the need for new or changed
controls that may negatively impact execution
of service, the procedure shall require that the MOC process
(see 5.11) be applied to the proposed action.
Records of corrective actions shall be maintained (see 4.5).
Records shall identify the activities performed to
verify effectiveness of the corrective actions taken.
6.5 Management Review
6.5.1 General The organization‘s QMS shall be reviewed at least every 12
months by the organization’s management to
evaluate the QMS’s continuing suitability, adequacy and
effectiveness. This review shall include assessing
opportunities for improvement and the need for changes to the
QMS, including the quality policy, KPIs, CSFs
and quality objectives.
6.5.2 Input The input to management review shall include, but not be
Requirements limited to;
a) status and effectiveness of actions resulting from previous
management reviews;
b) results of audits (see 6.2.2);
c) changes that could affect the QMS, including legal and other
applicable requirements;
d) analysis of customer satisfaction, including customer
feedback (see 6.2.1);
e) feedback from relevant interested parties;
f) process effectiveness;
g) results of risk assessment (see 5.3);
h) status of corrective actions (see 6.4.2);
i) analysis of supplier performance (see 6.3d and 5.6));
Page 17 of 20 9623-0b9d-a247-dfd6
j) review and analysis of failures in service and/or SRPs (see

5.10); and
k) recommendations for improvement (see 6.3)
6.5.3 Output The output from the management review shall include a
Requirements summary assessment of the effectiveness of the QMS.
The assessment shall include any required changes to the
processes and any decisions and actions, required
resources and improvement of service and SRPs in meeting
customer requirements.
Top management shall review and approve the output of
management reviews.
Management reviews shall be documented and communicated
to the organization. Records of these
reviews shall be maintained (see 4.5).
Page 18 of 20 9623-0b9d-a247-dfd6
Paragraph ISO 9001:2008 Reference Requirement Quality Manual
Number Reference Doc. No., Rev. Level,
Doc. Description &
Paragraph Identifier
Procedure/Work
Instruction
Doc. No., Rev. Level,
Doc. Description &

Company: Facility Name/ID: Date:: Instructions

Uploaded by

Copyright:

Available Formats

Company: Facility Name/ID: Date:: Instructions

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Company: Facility Name/ID: Date:: Instructions

Uploaded by

Copyright:

Available Formats

Instructions FM-190 | Rev 3.

4 Quality Management System Requirements

The organization shall establish processes to ensure that:

a) importance of meeting customer, legal, and other applicable

a) execution of inquiries, contracts, or order handling and

4.3.2 Human Resources

4.3.2.1 Personnel The organization’s personnel whose responsibilities fall within

a) that customer-specified training and/or customer-provided

d) that appropriate records of education, training, skills, and

c) documented procedures established, implemented, and

e) identification of legal and other applicable requirements to

4.4.2 Control of The organization shall maintain a documented procedure for

The procedure shall identify responsibilities for approval and re-

Records, including those originating from outsourced activities

Records shall remain legible, identifiable, and readily

Where the customer provides no documented statement of the

5.1.3 Review of The organization shall review the requirements related to

i) management of interfaces with other party’s SRP;

The procedure shall address the identification, communication,

d) implementation of the mitigation or preventive control

e) notification to the customer of residual risks that may impact

The procedure shall identify:

a) customer-specified requirements (see 5.1);

3) environmental and operational conditions,

b) provide information for purchasing of any required SRP;

c) provide controls for the execution of the service, including

5.5.2 Planning Output Contingency planning output shall be documented and

The procedure shall address:

d) criteria, scope, frequency, and methods for re-evaluation of

When limited by proprietary, legal, and/or contractual

For the re-evaluation of suppliers of noncritical services and/or

b) requirements for approval of supplier’s procedures,

The organization shall ensure and provide evidence that

a) personnel training and competence (see 4.3.2);

e) identification of testing, measuring, monitoring, and

5.7.2 Service Quality Plan

a) required activities and documentation for compliance with

f) identification of required testing, measuring, monitoring and

SRP shall be identified. Critical SRP shall be identified and

Records (see 4.5) of identification and traceability shall be

5.7.5 Customer The organization shall maintain a documented procedure to

Records for the organization’s control and disposition of

In order to detect deterioration, the condition of the SRP or

5.7.8 Preventive The organization shall maintain a documented procedure for

c) reports that document usage history, repairs or redress,

d) list of critical spare parts requirements by the customer

e) controls that ensure SRP integrity to the organization’s

f) frequency or condition that requires maintenance, inspection

d) frequency of calibration, at specific intervals or prior to use;

e) calibration, verification or both methods, including

3) be safeguarded from adjustments that would invalidate the

4) be protected from damage and deterioration during

When testing, measuring, monitoring, and detection equipment

This shall be carried out at appropriate stages during the

5.10.2 Nonconforming The organization shall address nonconforming service execution

b) when 5.10.2.a) is not possible or appropriate, by taking

c) when 5.10.2.a) and 5.10.2.b) are not appropriate, by

b) changes in key or essential personnel;

The organization shall ensure that relevant documents are