1.2 Risk Assessment & Management of Change (MOC)
Stability is safe; change is dangerous. In a high-tech manufacturing environment, 70% of catastrophic failures (fires, chemical releases, quality excursions) trace back to an unmanaged change or a generic, "copy-paste" risk assessment.
This chapter defines the engineering protocol for two critical defenses: Risk Assessment (identifying the enemy) and Management of Change (MOC) (controlling the gate).
Risk Assessment (HIRA)
A Risk Assessment is not a form to satisfy an auditor; it is a predictive failure analysis. It must be performed at the point of work by the people doing the work, not by a safety officer in a distant office.
The Risk Logic
Do not rely on gut feeling. Use the Hierarchy of Controls to determine the necessary engineering barrier.
- If hazard is High Voltage (> 50V) -> Then Apply Engineering Control (Interlock/Enclosure). PPE is not enough.
- If hazard is Chemical Fume -> Then Apply Source Extraction (LEV). Respirators are the last resort.
- If hazard is Kinetic (Moving Parts) -> Then Verify Guarding is fixed and interlocked.
Dynamic Risk Assessment (DRA)
Static documents rot. Conditions change.
- Before starting any non-routine task (e.g., repairing a reflow oven), the technician must perform a "Take 5" DRA.
- Trigger: If the environment changes (e.g., rain, spill, power fluctuation) -> Stop and re-assess.
Pro-Tip: Ban the phrase "Be Careful" from risk assessments. It is not a control measure. Be specific: "Stand 1 meter back" or "Use insulated tools."
Management of Change (MOC)
The MOC process is the Change Control Board for the facility infrastructure. It prevents "improvements" from becoming disasters.
When is MOC Required?
Do not clog the system with trivialities. Distinguish between Replacement-in-Kind and Change.
- Scenario A: Replacing a burnt-out 10A fuse with a new 10A fuse.
- Action: No MOC. Standard Maintenance.
- Scenario B: Replacing a 10A fuse with a 15A fuse because "it keeps blowing."
- Action: STOP. MOC Required. This alters the electrical protection curve and risks fire.
- Scenario C: Switching cleaning solvents from Vendor A to Vendor B (same CAS number).
- Action: MOC Required. Verify impurities, flashpoint, and plastic compatibility.
The MOC Workflow
- Request: Owner describes the change and the reason.
- Impact Analysis (The "Kill Chain"):
- EHS: Does this create new fumes/waste?
- Facilities: Do we have the power/cooling capacity?
- Quality: Will this affect ESD compliance or soldering profiles?
- Approval: All stakeholders must sign off. One Veto = No Go.
- Verification: After implementation, inspect to ensure the change works as intended and introduced no side effects.
Critical Change Triggers
Apply strict scrutiny to these high-risk changes:
Change Type | Engineering Risk | Required Validation |
Bypassing Interlocks | Amputation / Death | CEO/Plant Mgr Sign-off ONLY |
New Chemical Intro | Fire / Health / Reaction | SDS Review + Compat. Test |
Software Patch (Facility) | HVAC/Power Shutdown | Offline Simulation First |
Structural Mod | Roof Collapse / Fire Load | PE (Professional Engineer) Review |
Pro-Tip: "Temporary" fixes have a half-life of forever. If you approve a Temporary MOC, set a hard expiry date (e.g., 7 days). If it’s not fixed by then, the equipment must be shut down.
Final Checklist
Control Point | Requirement | Critical State |
Risk Assessment | Review annually or on change | Live Document |
MOC Log | Centralized & Traceable | Audit Ready |
Temp MOCs | < 5% of total active MOCs | Managed / Closed |
HIRA Quality | Specific Controls defined | No "Be Careful" |
Change Validation | Post-install inspection | Pass / Fail |