Trust but Verify – Managing Supply Chain Risks

Abstract

Abstract The oil and gas sector operates within a complex environment of operational and process safety requirements, regulatory and social license obligations. This complexity and the resultant risks and opportunities cascades throughout the sector's supply chain. It is standard practice for organizations in the sector to require their products and services suppliers to operate quality management systems. This paper demonstrates the value of aligning and standardizing customer quality management requirements through the adoption of standards such as ISO 29001:2020 to realize and protect value and to limit the uncertainty and supplier cost and schedule contingencies applied to bespoke customer quality requirements and intervention in supplier operations. ISO /TS 29001:2010 and comparable standards such as API Specification Q1 were developed to supplement the generic aspects of ISO 9001 with sector specific requirements tailored to address the context and associated risks of the sector. ISO 9001:2015 introduced a step change in the way quality management systems are implemented across all industries. Organizations are required to place emphasis on the identification and management of risks associated with their activities, processes, output products and services. Quality management systems must include appropriate processes for risk management and opportunity realization. ISO 29001:2020 supplements ISO 9001:2015 with requirements and guidance to manage risks associated with the oil and gas sector and to provide a framework for aligning requirements with complementary standards, such as API Specifications Q1 and Q2 employed within the sector. Recognizing that there is a vast scope of supply in the sector, from standard to specialized materials, equipment, and services, it is important that relevant risk-based approaches are taken when specifying and evaluating quality management system requirements. This strategy ensures that both supplier and customer resources are deployed to facilitate and verify conformance with requirements based on service risk and supplier capabilities. The paper overviews the methodology and implementation strategies for performing risk assessments, assessing supply chain capability and for specifying and verifying quality requirements provided in Annex C of ISO 29001:2020. The paper introduces case studies demonstrating the potential value of implementing ISO 29001:2020 and the methodology prescribed in Annex C. It also provides observations and draws conclusions on the prerequisites and barriers to the successful implementation of the standard. This paper will also demonstrate how the sector specific quality requirements provided in ISO 29001:2020 complement the introduction of innovative technologies. Examples include virtual communication, data collection, analysis, identification and traceability applications to validate conformance and enable innovation and learning organizations.