1.2 Risk assessment & management of change (MOC)

In a manufacturing environment, routine stability is inherently safe, but unplanned change is dangerous. In modern high-tech facilities, a significant percentage of catastrophic failures—spanning electrical fires, uncontrolled chemical releases, and massive quality excursions—trace directly back to either an unmanaged physical engineering change or an incomplete risk assessment. This chapter defines the engineering protocol for our two most critical facility defenses: Risk Assessment, which is the systematic identification of the hazard, and Management of Change (MOC), which acts as the control gate to prevent self-inflicted wounds.

Hazard identification and risk assessment (HIRA)

A Risk Assessment should never be treated as just a bureaucratic form designed to appease a visiting auditor; it is a rigorous, predictive failure analysis. Crucially, it yields the best results when performed at the actual point of work by the technicians directly engaging in the task, rather than by a distant safety officer looking at an outdated floor plan.

When analyzing core risks, apply the established Hierarchy of Controls to determine the necessary engineering barrier between the worker and the hazard:

High Voltage (>50V): Apply a hard engineering control, such as a physical interlock or a grounded enclosure. PPE should not be relied upon as the primary electrical defense.
Chemical Fumes: Deploy source extraction via Local Exhaust Ventilation (LEV). Relying on respirators represents a fundamental engineering failure and must remain the absolute last resort.
Kinetic Energy (Moving Parts): Verify that machine guarding is securely bolted in place and electronically interlocked directly back to the machine’s primary power.

Because static documents become outdated quickly and real-world factory conditions change by the minute, Dynamic Risk Assessment (DRA) is a practical necessity. Before starting any non-routine maintenance task (e.g. repairing a jam inside a hot reflow oven), the technician should perform a brief “Take 5” situational review. If the physical environment suddenly changes—due to a liquid spill, an unexpected power fluctuation, or a missing tool—the technician must be empowered to stop work immediately and re-assess the new state.

Pro-Tip: Try to eliminate ambiguous phrases like “Be Careful” from formal risk assessments and standard operating procedures. “Be Careful” is an emotion, not an engineering control measure. Dictate specific actions instead, such as “Stand 1 meter back” or “Apply LOTO before removing the panel.”

Management of change (MOC)

The MOC process acts as the ultimate Change Control Board for the entire facility infrastructure. It is the administrative mechanism that prevents well-intentioned “improvements” from instantly becoming disastrous root causes for failure.

It is important to clearly distinguish between a standard Replacement-in-Kind (RIK) and a fundamental Change:

Replacement-in-Kind (No MOC Required): Replacing a burnt-out 10A fuse with a brand-new 10A fuse of the exact same make and model.
Fundamental Change (MOC Required): Replacing a 10A fuse with a 15A fuse “because it keeps blowing.” This action alters the engineered electrical protection curve and creates a fire risk; it requires formal review.
Vendor Swap (MOC Required): Switching cleaning solvent from Vendor A to Vendor B, even if both share an identical CAS number. Engineering needs to verify undocumented chemical impurities, exact flashpoints, and long-term chemical compatibility with our specific enclosure plastics.

The formal MOC workflow involves a cross-functional review across departments. The process owner describes the proposed physical change and the engineering reason driving it. This triggers an impact analysis:

EHS Team: Determines if the new process creates undocumented toxic fumes or hazardous waste.
Facilities: Verifies the actual availability of required chilled water flow or electrical panel capacity.
Quality Assurance: Evaluates whether the physical modification will inadvertently alter thermal soldering profiles or compromise ESD compliance limits.

Key stakeholders must sign off on the approval. After the change is implemented, it is a best practice for QA to perform a post-implementation verification to ensure the change works exactly as intended, with no unintended side effects.

Critical change triggers

Specific, high-risk changes require the highest level of engineering scrutiny.

High-Risk Change	Primary Hazard	Required Approval / Mitigation
Bypassing Machine Interlocks	Amputation or immediate death.	Sign-off at the Plant Manager or CEO level.
Introducing New Chemicals	Fire or toxic reactions.	Formal SDS review and physical material compatibility test.
Facility Software Patching	Complete HVAC or power shutdown.	Must undergo an offline virtual simulation first.
Structural Building Mods	Roof collapse or increased fire load.	Review by an independent Professional Engineer (PE).

Pro-Tip: “Temporary” engineering fixes often have a habit of becoming permanent. If you must approve a Temporary MOC simply to keep production running, set a firm expiry date, such as 7 days. If a permanent engineered fix is not fully implemented by that exact time, the equipment needs to be addressed immediately.

Final Checkout: Risk assessment & management of change (MOC)

Control Point	Requirement	Critical Validation State
Risk Assessments	Must be reviewed annually or immediately upon any physical change.	Treated as a Live Document, not an archive.
General MOC Log	Must be Centralized & Traceable across all departments.	100% Audit Ready at all times.
Temporary MOCs	Must constitute < 5% of total active total MOCs.	Actively Managed / Officially Closed.
HIRA Quality	Specific, measurable Controls must be explicitly defined.	Absolutely zero use of the phrase “Be Careful”.
Change Validation	A mandatory post-installation physical inspection.	Formally marked as Pass / Fail.