Quality management systems help organizations consistently deliver reliable products and services. One way this is achieved is by providing tools and techniques to maintain business continuity during or after a disruptive event.

Business continuity – whether through implementing risk assessments, contingency planning or management of change – are core tenets embedded throughout API Specifications Q1 and Q2.

API Q1, Specification for Quality Management System Requirements for

Manufacturing Organizations for the Petroleum and Natural Gas Industry, is a quality management system for manufacturers that supply products under a product specification for use in the petroleum and natural gas industry. API Q1 meets many of the ISO 9001 requirements, plus additional elements considered essential by the natural gas and oil industry.

Its sister specification, API Q2, Quality Management System Requirements for Service Supply Organizations for the Petroleum and Natural Gas Industries, applies to upstream service supply organizations and is the first international quality management system standard for service exploration and production service providers. The industry-written specification applies to critical activities such as well construction, intervention, production, abandonment, well servicing, equipment repair and maintenance, and inspection activities.

API Q1 and Q2 establish an array of minimum quality management system requirements for organizations in the natural gas and oil industry, allowing these organizations to demonstrate their ability to consistently provide reliable products, manufacturing-related processes or services that meet customer and legal requirements.

Organizations that implement API Q1 and Q2 have an overall strategic approach to mitigate and respond to adverse disruptions, as well as protect a company’s image and business operations. By implementing API Q1 and Q2, organizations show they employ risk assessments, contingency planning and management of change that promote business continuity.

Reinforcing the industry-leading quality management specifications are the API Monogram and API Quality Registrar Programs (APIQR). API Monogram and APIQR are voluntary certification programs that recognize organizations that conform with quality management specifications and/or  product standards and specifications. The Monogram program licenses against more than 70 standards and specifications and requires program participants to comply with API Q1. Under APIQR, program participants can be registered against API Q1, Q2 and other management system standards. Organizations are certified after demonstrating through on-site audits that that they comply with program and specification requirements. 

More than 4,100 organizations around the world are authorized to use the API Monogram and APIQR marks, demonstrating that they have a quality management system that is compliant with the specifications.

Risk Assessment and Management

Under API Q1, organizations are required to maintain documented procedures to identify and control risks that may impact the delivery and quality of products. Risk assessment takes into consideration the severity and probability of a disruptive event, whether that be a natural disaster, pandemic, war or something else impacting an organization directly or indirectly through an exposed contractor/supplier. In the case of product delivery, risk assessments are required to address facility or equipment availability, maintenance, supplier performance and material supply.

API Q2 requires the establishment of a documented procedure to control risk throughout the execution of a service. These procedures address the identification, communication and management of risks associated with services and critical service-related products, work environment, and risk management tools and techniques. Also required is the implementation of mitigation measures to reduce or prevent risk and giving notification to customers that may be impacted.

Contingency Planning

API Q1 and Q2 allow for risk assessments to inform the development of contingency plans. Contingency planning outlines proactive policies and procedures in place in the event of disruption based on assessed risk.

API Q1 requires that an organization maintain a documented procedure for contingency planning based on assessed risk that includes incident and disruption prevention and mitigation measures that may impact the delivery and quality of a product. The contingency plan must include actions required in response to significant risk scenarios to mitigate effects of disruptive incidents; identification and assignment of responsibilities and authorities among all parts of an organization; and the establishment of internal and external communication processes.

Similarly, API Q2 requires an organization to maintain a documented procedure for contingency planning that includes incident and disruption prevention and mitigation measures throughout services and supporting processes of the organization, its suppliers and the customer. Such contingency planning must be documented and communicated to the relevant personnel and updated as necessary to minimize the likelihood or duration of a disruption to service. At a minimum, the contingency plan includes actions required in response to an assessed risk; actions required to reduce effects of incidents causing service disruptions; identification and assignment of resources, responsibilities, and authorities; and similar internal and external communications processes as API Q1. 

Management of Change

Organizational, production or supply changes can impact risk associated with operations. Quality management systems such as API Q1 and Q2 therefore require management of change (MOC) processes to address new risks associated with changes in an organization.

API Q1 outlines an MOC process for an array of changes that may negatively impact the quality of the product. This includes changes in the organizational structure; changes in key or essential personnel; changes in suppliers of critical products, components, or activities; and changes to the management system procedures, including changes resulting from corrective and preventive actions. To ensure changes are properly known by all stakeholders, API Q1 requires an organization to notify relevant personnel and customers, when required by contract, of the change and new risk created by changes that have either been initiated by the organization or requested by the customer.

For its part, API Q2 requires service providers maintain a documented procedure for the MOC process to ensure that the integrity of the quality management system is maintained when changes are made. For the MOC, the organization is required to identify potential risks associated with the change and any required approvals prior to the introduction of such changes.

In addition, an organization following API Q2 must use the MOC process for a number of changes that may negatively impact the execution of a service, including changes or proposed changes in the organizational structure; changes in key or essential personnel; changes in critical suppliers; changes to quality management procedures; changes to the original equipment manufacturer’s specifications, applications, and software for service-related products; changes in approved design; changes including legal, industry, and other applicable requirements; deviations from applicable procedures or requirements on a temporary basis to address a specific situation; and changes in the work environment.

API Monogram and APIQR Certifications

API Monogram licensees are authorized to use the API Monogram Mark and organizations that are registered for API Q1 and API Q2 are authorized to use the APIQR marks to show they meet industry-written standards and globally-accepted quality management system specifications.

By complying with API Q1 and Q2, organizations demonstrate not only an ability to maintain business continuity, but also that they have quality management systems in place to control all operational processes, deliver consistent products or services, manage change and risk effectively and continually improve operations and customer satisfaction.

To learn more about API Q1 and Q2 or become an API Monogram and APIQR licensee/registrant, visit the API website.