Professional Documents
Culture Documents
1.0 4-Jan-14 Risk assessment and treatment report initial copy API Q1 Core Team
Page 1 of 4
FORMAT NO.SH-QM-5.3.1
SOTL
RISK ASSESMENT SUMMARY Rev: 00
Date : 01.04.2014
Purpose The purpose of the Risk Assessment is to identify and control risk related to impact on quality & delivery of our
product.Risk assessment helps in implementing effective measures for the QMS so as to identify the risks &
mitigate them. Risk assessment als
Scope The scope of the Risk Assessment is limited to entire operations of SOTL
Risk Assessment Technique The Risk Assessment was based on the Industry-standard Risk Assessment methods like the Risk
Management Guide for Quality Management Sytems. The Risk Assessment was done in following phases.
1. Facility / Equipment Model: This was done by studying the existing documentation, interviewing the
concerned people, and then drawing up a Model which shows the criticality of the Risk based on severity,
detection methods and probability of occurence ratings.
2. Reviewing Facility architecture: The mechanisms and technologies in place were reviewed and areas of
improvement were identified.
3. Understanding Supply Chain: An indepth understanding of the supply chain mechanism of the company
was understood to evaluate the risks related to the faulty performance of the vendors based on severity,
detection methods and probability of occurence
4. Vulnerability assessment: This exercise was carried out to identify the vulnerabilities associated with
QMS that includes facility/equipment availability, maintenance, supplier performance, delivery of non-
conforming product, availability of competant personnel etc.
5. Risk analysis: This was done by gathering and analyzing information collected from above phases,
identifying threat probabilities and combining these with Risks and vulnerability levels.
Description of Risk Scales To identify the Current Risk level, we have to evaluate the:
A = Risk Severity
B = Occurrence Probability
C = Duration
For mathematical evalution, numeric values are assigned to all the parameters, as follows
Very High - 4 ( For Duration Between 6 months to 1 year )
High - 3 ( For Duration Between 3-6 months )
Medium - 2 ( For Duration Between 1-3 months )
Low -1 ( For Duration Between 1 day to 1 month )
Graphical Summary
4
High 4 Risk Assessment
Medium 29
Low 4
High
Low 10%
10% High
Medium
Low
Medium
71%
Page 2 of 4
FORMAT NO.SH-QM-5.3.1
SOTL
RISK ASSESMENT SUMMARY Rev: 00
Date : 01.04.2014
SCALES USED
Asset Value The value of the asset in terms of its criticality towards the organization's ability to provide its services
in a timely, adequate, and secure manner. The asset values have been derived from "List of Information
Assets.doc"
Very High A compromise on the confidentiality, integrity or availability or a combination of these of the asset would result
in extermely high financial impact on the organization.
High A compromise on the confidentiality, integrity or availability or a combination of these of the asset would result
in a very high financial impact on the organization.
Medium A compromise on the confidentiality, integrity or availability or a combination of these of the asset would result
in a significant financial impact on the organization.
Low A compromise on the confidentiality, integrity or availability or a combination of these of the asset would result
in a low or negligible financial impact on the organization
Vulnerability Criticality The level of impact on the asset if an attack occurred which exploited this specific vulnerability. The
vulnerability criticality values have been derived from the "Vulnerability Assessment Report.doc"
Very High Very High Criticality indicates that the attack would allow the attacker to gain complete control of the system
AND/OR lead to total degradation/stoppage of customer service. This is an attack that allows the attacker to
gain full super-user privileges o
High High Criticality indicates that the attack would allow the attacker to gain complete control of the system
AND/OR lead to severe or substantial degradation/stoppage of customer service. This is an attack that
allows the attacker to gain full super-user p
Medium Medium Criticality indicates that the attack would allow the attacker to gain some sort of access to the system,
AND/OR lead to some degradation of customer services. This is usually an attack that allows the attacker to
login with non-super user privileg
Low Low Criticality indicates that the attack would only reveal some information that may then be used to gain
further access, but the attack itself would not allow any significant access to the system. This is usually an
information disclosure or banner-grab
Threat Probability The probability that such an attack would occur, given compensating controls, availability of tools for
the attack, and knowledge level that the attacker should have.
Very High Very High Likelihood of occurrence. Threat source is very highly motivated and extremely capable. Other
compensating controls do not exist, or are very weak.
High High Likelihood of occurrence. Threat source is highly motivated and extremely capable. Other compensating
controls do not exist or are weak.
Medium Medium Likelihood of occurrence. Threat source is adequately motivated and sufficiently capable. Other
commpensating controls are not strong enough.
Low Very Low Likelihood of occurrence. Threat source is neither motivated nor capable. Other compensating
controls are adequately strong
Page 3 of 4
Format No.: SH-QM-5.3.1
;Rev.:00
SOTL+A1:Q6 RISK ASSESMENT PLAN FOR DESIGN Effective Date:09/03/2018
Sr. API Q1 Severity Probability Duration Risk Proposed Revised Revised Residual Risk Management
No Job/Activity Risk Why this Impact Clause A B C Value Existing Control Action Severity Probability Duration Risk Accecptable Approval
No Value (Y/N) (Y/N)
Setting tool or BP/CR parts swing 1. Improper clamping and test Test procedure for holding the
4 or fly off during test methods 4 2 1 8 assembly during the test to be 4 1 1 4 y Y
discussed
Material certificate to be
5 Brass screw doesn’t shear may be due to invalid material 1 1 1 1 checked before test 1 1 1 1 y Y
12 Ball doesn’t seat on the ball seat May be due to the position of 3 1 1 3 Consider right ball seat design 3 1 1 3 y Y
and fail the tool the tool and m/c tilting
Wrong parameter readings of by Equipment and display system Calibration and its
13 machine not caliberated 3 2 1 6 documentation regularly per 3 1 1 3 y Y
the plan
The tool may shear at wrong May be due to the inadequate The design validation to be
14 place (threads, or at low material design considerations 3 2 1 6 done prior to prototype build 3 1 1 3 y Y
necks)