Version 1

RART Date : 01.04.2014

Date of Next Review : 30.09.2014
List of changes

Version Date Description Authors

1.0 4-Jan-14 Risk assessment and treatment report initial copy API Q1 Core Team

Page 1 of 4
 FORMAT NO.SH-QM-5.3.1
SOTL
RISK ASSESMENT SUMMARY Rev: 00
Date : 01.04.2014

RISK ASSESSMENT PROCEDURE

Purpose The purpose of the Risk Assessment is to identify and control risk related to impact on quality & delivery of our
product.Risk assessment helps in implementing effective measures for the QMS so as to identify the risks &
mitigate them. Risk assessment als

Scope The scope of the Risk Assessment is limited to entire operations of SOTL

Risk Assessment Technique The Risk Assessment was based on the Industry-standard Risk Assessment methods like the Risk
Management Guide for Quality Management Sytems. The Risk Assessment was done in following phases.
1. Facility / Equipment Model: This was done by studying the existing documentation, interviewing the
concerned people, and then drawing up a Model which shows the criticality of the Risk based on severity,
detection methods and probability of occurence ratings.
2. Reviewing Facility architecture: The mechanisms and technologies in place were reviewed and areas of
improvement were identified.
3. Understanding Supply Chain: An indepth understanding of the supply chain mechanism of the company
was understood to evaluate the risks related to the faulty performance of the vendors based on severity,
detection methods and probability of occurence
4. Vulnerability assessment: This exercise was carried out to identify the vulnerabilities associated with
QMS that includes facility/equipment availability, maintenance, supplier performance, delivery of non-
conforming product, availability of competant personnel etc.
5. Risk analysis: This was done by gathering and analyzing information collected from above phases,
identifying threat probabilities and combining these with Risks and vulnerability levels.

Description of Risk Scales To identify the Current Risk level, we have to evaluate the:
A = Risk Severity
B = Occurrence Probability
C = Duration
For mathematical evalution, numeric values are assigned to all the parameters, as follows
Very High - 4 ( For Duration Between 6 months to 1 year )
High - 3 ( For Duration Between 3-6 months )
Medium - 2 ( For Duration Between 1-3 months )
Low -1 ( For Duration Between 1 day to 1 month )

Graphical Summary
4
High 4 Risk Assessment
Medium 29
Low 4

High
Low 10%
10% High
Medium
Low
Medium
71%

Page 2 of 4
 FORMAT NO.SH-QM-5.3.1
SOTL
RISK ASSESMENT SUMMARY Rev: 00
Date : 01.04.2014

SCALES USED
Asset Value The value of the asset in terms of its criticality towards the organization's ability to provide its services
in a timely, adequate, and secure manner. The asset values have been derived from "List of Information
Assets.doc"
Very High A compromise on the confidentiality, integrity or availability or a combination of these of the asset would result
in extermely high financial impact on the organization.
High A compromise on the confidentiality, integrity or availability or a combination of these of the asset would result
in a very high financial impact on the organization.
Medium A compromise on the confidentiality, integrity or availability or a combination of these of the asset would result
in a significant financial impact on the organization.
Low A compromise on the confidentiality, integrity or availability or a combination of these of the asset would result
in a low or negligible financial impact on the organization

Vulnerability Criticality The level of impact on the asset if an attack occurred which exploited this specific vulnerability. The
vulnerability criticality values have been derived from the "Vulnerability Assessment Report.doc"

Very High Very High Criticality indicates that the attack would allow the attacker to gain complete control of the system
AND/OR lead to total degradation/stoppage of customer service. This is an attack that allows the attacker to
gain full super-user privileges o
High High Criticality indicates that the attack would allow the attacker to gain complete control of the system
AND/OR lead to severe or substantial degradation/stoppage of customer service. This is an attack that
allows the attacker to gain full super-user p
Medium Medium Criticality indicates that the attack would allow the attacker to gain some sort of access to the system,
AND/OR lead to some degradation of customer services. This is usually an attack that allows the attacker to
login with non-super user privileg
Low Low Criticality indicates that the attack would only reveal some information that may then be used to gain
further access, but the attack itself would not allow any significant access to the system. This is usually an
information disclosure or banner-grab

Threat Probability The probability that such an attack would occur, given compensating controls, availability of tools for
the attack, and knowledge level that the attacker should have.
Very High Very High Likelihood of occurrence. Threat source is very highly motivated and extremely capable. Other
compensating controls do not exist, or are very weak.
High High Likelihood of occurrence. Threat source is highly motivated and extremely capable. Other compensating
controls do not exist or are weak.
Medium Medium Likelihood of occurrence. Threat source is adequately motivated and sufficiently capable. Other
commpensating controls are not strong enough.
Low Very Low Likelihood of occurrence. Threat source is neither motivated nor capable. Other compensating
controls are adequately strong

RISK TREATMENT PLAN

Asset The asset that is affected by this particular vulnerability
Vulnerability Vulnerabilities on the mentioned assets that can be exploited
Risk Rating The risk calculated from the Risk Assessment Report
Action The brief recommendation to address the vulnerability
Ranking of Risk The status of the task - Treat, Transfer, Terminate, Tolerate
Treatment Methodology Risk Treatment is carried out for Risks which are over 16 in numerical value and fall under the category
MEDIUM. These risks are treated and proper corrective measures for the same are initiated to ensure that the
risk level remains LOW. If after the Risk

Page 3 of 4
 Format No.: SH-QM-5.3.1
;Rev.:00
SOTL+A1:Q6 RISK ASSESMENT PLAN FOR DESIGN Effective Date:09/03/2018

Sr. API Q1 Severity Probability Duration Risk Proposed Revised Revised Residual Risk Management
No Job/Activity Risk Why this Impact Clause A B C Value Existing Control Action Severity Probability Duration Risk Accecptable Approval
No Value (Y/N) (Y/N)

Trained personnel, correct

ergonomics, adequate design
May be due to the unskillful controls, safety measures, PPEs,
1 Personnel injury, property personnel, inadequate 4 2 1 8 prejob meetings, Risk analysis, 4 1 1 4 y Y
damage, Environmental pollution precautions, wrong hand tools inspections and follow up of
and design considerations the procedures and
documentation.

1. Failure of hydraulic system. 1. Discuss with team & and

2 The test bench M/C may fail to 2. Cracks, leaks or physical break 4 2 1 8 freeze the design and working 4 1 1 4 y Y
work down of the test bench before being
3. deployed for use.

1. Over clamping force. Plan the clamping force and

3 Casing buckling or collapse 2. Excess axial load on the 4 2 1 8 axial loads based on casing size 4 1 1 4 y Y
during clamping or testing casing and strenght and test loads

Setting tool or BP/CR parts swing 1. Improper clamping and test Test procedure for holding the
4 or fly off during test methods 4 2 1 8 assembly during the test to be 4 1 1 4 y Y
discussed
Material certificate to be
5 Brass screw doesn’t shear may be due to invalid material 1 1 1 1 checked before test 1 1 1 1 y Y

the working pressure to be

6 setting tool or BP/CR burst / Excess pressure shoot up and 4 2 1 8 verified and not to exceed 80% 4 1 1 4 y Y
collapse excess clamping force of the tool yield strength
Bridge Plug /
Cement Retainer The RAM of the machine may
& Setting tool give impact jerks after the steel may be due to the loose fit or The design and manufacturing
7 unable to withstand the impact 4 2 1 8 4 1 1 4 y Y
stud is sheared and parts may fly load by the machine validation to be confirmed
off and cause injury

personnel to be trained and

8 Spill of hot oil on Equipment, Overlook of the personnel and 4 2 1 8 design validation to be 4 1 1 4 y Y
floor, PLCs, Personnel tool failure considered for enough draining
of the spilled oil
The casing may get expanded The casing strength may not be
9 radially due to expansion of the adequate 3 2 1 6 Need to be checked during test 3 1 1 3 y Y
BP/CR in the ID
Adequate safety measures to
10 Fall of water in the PLC or May cause electric short circuit 4 2 1 8 be taken, right type of fire 4 1 1 4 y Y
electrical panel of the test M/C and fire extinguishers, PPEs, trained
personnel, etc

The parts and the tools to be

Wear and tear of the element, Improper storage and redressed regularly and stored
11 damaged to the BP/CR tool parts maintenance 2 1 1 2 2 1 1 2 y Y
in proper ambience condtions

12 Ball doesn’t seat on the ball seat May be due to the position of 3 1 1 3 Consider right ball seat design 3 1 1 3 y Y
and fail the tool the tool and m/c tilting

Wrong parameter readings of by Equipment and display system Calibration and its
13 machine not caliberated 3 2 1 6 documentation regularly per 3 1 1 3 y Y
the plan
The tool may shear at wrong May be due to the inadequate The design validation to be
14 place (threads, or at low material design considerations 3 2 1 6 done prior to prototype build 3 1 1 3 y Y
necks)

Note: NO Contigency Planning is required

Date:23/01/2017 Authorised Sign