API Spec Q1 (Clause 18.104.22.168.a): Identification of critical products, components or activities (A simple interpretation on query raised during audit)
During audits, it has been observed that manufactures are questioned by auditors on providing explanations or basis for identification of critical products, components or activities. Sometime auditors themselves identify critical products or components which manufacturer has not included in its list of critical products, components or services and raise the audit non-conformance. Now the question is; does this audit non-conformance is valid.
No, it is not the intent of the API Spec Q1; that an auditor identify the critical product, component or service. API Spec Q1, Section 22.214.171.124.a Addendum 2 simply specify that; the manufacturer or organisation (not the auditor) shall identify the critical products, components and services. For that organizations can make reference to definition 3.1.6 (critical). However, manufacturer is responsible to ensure that controls are effectively implemented, and the auditor is responsible to audit the effectiveness of the established controls.
Disclaimer: This interpretation is given only for guidance and is solely based on the author’s learning experience in API eco system. Before making any judgment, readers are advised to use their own understanding based on their own organisation’s requirements.
Note: API doesn’t endorse this interpretation as a part or in totality.