3.4 Control plan + reaction plan (stop/contain/release rules)

The Control Plan is intended to be the practical operational guide for the manufacturing floor. While the PFMEA predicts theoretical risks, the Control Plan defines the actual, physical controls we put in place to manage those risks day-to-day. It acts as the single source of truth that translates our engineering intent (such as GD&T limits and material specs) into the daily reality for our operators (such as which gauges to use, what checks to perform, and how to react to anomalies).

A helpful reality check: If a specific process step or inspection point is not explicitly documented in the Control Plan, it does not officially exist. When an operator performs an “informal check” based purely on experience, they unknowingly introduce uncontrolled variance into the system.

The golden thread: lineage of logic

A well-written Control Plan should be the final link in a clear data chain. You need to be able to demonstrate direct traceability back to the original risk assessment:

DFMEA (Design Risk) defines the Key Product Characteristics (KPCs).
- Example: The “Shaft Diameter” is critical for the final bearing fit.
PFMEA (Process Risk) defines the Key Process Characteristics (KCCs).
- Example: The “Machine Spindle Speed” is the input that actively controls that Shaft Diameter.
Control Plan defines How we check the KCC to protect the KPC.
- Action: Measure the Spindle Speed every hour; measure the Shaft Diameter every 5 parts.

The Guiding Principle: Every high-risk item identified in the PFMEA should have a corresponding detection or prevention line item clearly listed in the Control Plan.

Anatomy of a control line item

Ambiguity in the Control Plan often leads directly to operator error. To prevent confusion, each entry should define five specific parameters.

1. Characteristics (what)

Be careful to distinguish between the Product (The Output) and the Process (The Input).

Poor: “Check the solder.”
Good: “Verify Solder Paste Height” (Process) and “Inspect Fillet Wetting Angle” (Product).

2. Specification / tolerance (the standard)

The tolerance in the Control Plan must match the engineering print exactly.

If the print states 10.0 ± 0.1 mm, the Control Plan should clearly list the acceptable range as 9.9 – 10.1 mm.
Pro-Tip: Try to avoid using “Visual OK” as a specification. It is much better to state something like “No burrs visible at 4x magnification” or, even better, reference a specific physical Limit Sample ID.

3. Evaluation technique (the tool)

Clearly define the exact Measurement System to be used.

Hardware: Specify if they need a Caliper, a CMM, or a Go/No-Go Fixture (and quote the specific Gauge ID).
Validation: The Gauge listed should have a passing Gauge R&R (MSA) study on file to prove it is capable of the required precision.

4. Frequency (the rhythm)

Inspection frequency should generally be driven by Process Capability (Cₚₖ), rather than just “what we’ve always done.”

If the Cₚₖ is < 1.33 (meaning the process is relatively unstable), you usually need 100% Inspection.
If the Cₚₖ is > 1.67 (meaning the process is highly capable), you can safely transition to sampling, such as inspecting 1 piece every 4 hours.
If the characteristic is Safety Critical, you should aim for physical Mistake Proofing (Poka-Yoke) or implement a 100% automated check.

5. Reaction plan (the consequence)

This is the most critical part: It tells the operator exactly what to do when a check fails.

Poor: “Notify Supervisor.” (This is vague and usually leads to scrap while the operator waits).
Good: “Stop the line. Segregate the last 2 hours of production. Adjust the Tool Offset by +0.02mm, and re-measure.”

The reaction plan: the “OCAP”

The Reaction Plan is often called the Out of Control Action Plan (OCAP). It provides a prescribed, calm, and effective algorithm for the team.

The “Stop-Call-Wait” Syndrome:

Try not to write “Call Quality Engineer” as the primary reaction; if you do, the line will instinctively stop and wait for you, losing valuable uptime. A good Reaction Plan empowers the operator or lead to safely Contain and Correct the issue autonomously whenever possible.

Suggested Reaction Logic Levels:

Level 1 (Operator): Re-measure to confirm the reading. If the failure is confirmed, stop the machine and firmly tag the part as “Reject.”
Level 2 (Setter/Lead): Adjust the process parameters (within the pre-approved limits stated in the Control Plan) or change the tool. Re-verify the first piece after the adjustment.
Level 3 (Escalation): If Level 2 fails to fix the issue, then call Engineering and initiate a formal Non-Conformance Report (NCR).

Stop / contain / release rules

To maintain discipline, you should define clear criteria for stopping the line—and more importantly, the rigorous criteria required for restarting it.

1. Stop rules (when to halt)

Safety Breach: Any failure of a safety curtain, physical interlock, or E-stop requires an immediate hard stop.
Consecutive Rejects: Finding three (3) consecutive parts failing the same parameter is a clear sign the process has drifted.
Setup Verification Fail: A failure during the initial First Article Inspection (FAI).
Trend Violation (SPC): Observing seven consecutive points on one side of the mean (indicating a Shift) or finding points completely outside the Control Limits.

2. Containment rules (the “bucket” protocol)

Whenever a defect is found, you must safely assume that all parts produced since the last “Good” check are now suspect.

Traceback: Identify the exact time of the last successful, documented inspection.
Quarantine: Isolate 100% of the WIP (Work in Progress) produced between that “Last Good Check” and “Now.”
Screening: The team must inspect every single unit in that suspect window for the specific defect in question.
Clean Point: Establish a clear “Clean Point” (using a Serial Number or Time Stamp) where known good production can confidently resume.

3. Release rules (restart criteria)

A stopped process requires formal validation before it can restart safely.

Correction Verified: The root cause (such as a broken tool or wrong setting) must be corrected.
Setup Verification: Run a new First Piece. It should measure at nominal (centered securely within the spec), not just barely “in spec.”
Sign-Off: For Safety or Critical Characteristic failures, the Quality Manager or Process Engineer should sign a “Restart Authorization” document.

The three phases of control

Keep in mind that the Control Plan naturally evolves as the manufacturing process matures over time.

Prototype Control Plan:

Method: Relies heavily on 100% Inspection and manual data logging.
Goal: To validate the raw design intent.

Pre-Launch (Safe Launch) Plan:

Method: Utilizes an Increased Frequency of checks (e.g. 200% of the normal, steady-state sampling).
Goal: To securely contain any “Infant Mortality” issues. A common exit criteria might be producing 3000 defect-free units.

Production Control Plan:

Method: Transitions to Statistical Sampling based reliably on the historical Cₚₖ.
Goal: To monitor for slow, long-term process drift.

Final Checkout: Control plan + reaction plan (stop/contain/release rules)

Control Point	Guiding Principle
Traceability	High RPN features in the PFMEA should have a specific corresponding check in the Control Plan.
Spec Alignment	Ensure the Control Plan Specs match the Engineering Drawing 1:1 to avoid floor confusion.
Reaction Plan	Explicitly state the required Stop, Contain, and Correct actions for the operators.
Containment	Remember that the “Suspect window” spans all parts built since the Last Good Check.
Restart	Clearly define who has the authority to authorize a restart after a Critical Failure.
Safe Launch	Ensure new lines run rigorous Pre-Launch controls before they are fully released to standard Production.
Gauge Validity	Verify that every physical tool listed has a valid Calibration Sticker and a passing MSA Study.