1.2 Risk assessment & management of change

In a manufacturing environment, routine stability is inherently safe, but unplanned change is dangerous. In modern high-tech facilities, a significant percentage of major failures—spanning electrical fires, uncontrolled chemical releases, and large-scale quality issues—can be traced directly back to either an unmanaged physical engineering change or an incomplete risk assessment. This chapter defines the engineering protocol for our two most critical facility defenses: Risk Assessment, which is the systematic identification of hazards, and Management of Change (MOC), which acts as the control gate to prevent self-inflicted problems.

Hazard identification and risk assessment (HIRA)

A Risk Assessment should never be treated as just a bureaucratic form designed to appease an auditor; it is a rigorous, predictive failure analysis. Crucially, it yields the best results when performed at the actual point of work by the technicians directly engaging in the task, rather than by a distant safety officer working from an outdated floor plan.

When analyzing core risks, the established Hierarchy of Controls should be applied to determine the necessary engineering barrier between the worker and the hazard:

• High Voltage (>50V): A hard engineering control, such as a physical interlock or a grounded enclosure, should be applied. Personal Protective Equipment (PPE) should not be relied upon as the primary electrical defense.
• Chemical Fumes: Source extraction via Local Exhaust Ventilation (LEV) should be deployed. Relying on respirators represents a fundamental engineering failure and should remain the absolute last resort.
• Kinetic Energy (Moving Parts): It should be verified that machine guarding is securely bolted in place and electronically interlocked directly back to the machine’s primary power.

Because static documents become outdated quickly and real-world factory conditions can change by the minute, Dynamic Risk Assessment (DRA) is a practical necessity. Before starting any non-routine maintenance task (e.g., repairing a jam inside a hot reflow oven), the technician should perform a brief “Take 5” situational review. If the physical environment suddenly changes—due to a liquid spill, an unexpected power fluctuation, or a missing tool—the technician must be empowered to stop work immediately and re-assess the new state.

Risk Area

Ambiguous phrases like “Be Careful” should be eliminated from formal risk assessments and standard operating procedures. “Be Careful” is an emotion, not an engineering control measure. Specific actions should be defined instead, such as “Stand 1 meter back” or “Apply LOTO before removing the panel.”

Management of change (MOC)

The MOC process acts as the ultimate Change Control Board for the entire facility infrastructure. It is the administrative mechanism that prevents well-intentioned “improvements” from instantly becoming root causes for failure.

It is important to clearly distinguish between a standard Replacement-in-Kind (RIK) and a fundamental Change:

• Replacement-in-Kind (No MOC Required): Replacing a burnt-out 10A fuse with a brand-new 10A fuse of the exact same make and model.
• Fundamental Change (MOC Required): Replacing a 10A fuse with a 15A fuse “because it keeps blowing.” This action alters the engineered electrical protection curve and creates a fire risk; it requires formal review.
• Vendor Swap (MOC Required): Switching cleaning solvent from Vendor A to Vendor B, even if both share an identical CAS number. Engineering needs to verify undocumented chemical impurities, exact flashpoints, and long-term chemical compatibility with our specific enclosure plastics.

The formal MOC workflow involves a cross-functional review across departments. The process owner describes the proposed physical change and the engineering reason driving it. This triggers an impact analysis:

• EHS Team: Determines if the new process creates undocumented toxic fumes or hazardous waste.
• Facilities: Verifies the actual availability of required chilled water flow or electrical panel capacity.
• Quality Assurance: Evaluates whether the physical modification will inadvertently alter thermal profiles during reflow soldering or compromise ESD compliance limits.

Key stakeholders must sign off on the approval. After the change is implemented, it is a best practice for QA to perform a post-implementation verification to ensure the change works exactly as intended, with no unintended side effects.

Critical change triggers

Specific, high-risk changes require the highest level of engineering scrutiny.

High-Risk Change	Primary Hazard	Required Approval / Mitigation
Bypassing Machine Interlocks	Amputation or immediate death.	Sign-off at the Plant Manager or CEO level.
Introducing New Chemicals	Fire or toxic reactions.	Formal SDS review and physical material compatibility test.
Facility Software Patching	Complete HVAC or power shutdown.	Must undergo an offline virtual simulation first.
Structural Building Mods	Roof collapse or increased fire load.	Review by an independent Professional Engineer (PE).

Process Optimization

“Temporary” engineering fixes often have a habit of becoming permanent. If a Temporary MOC must be approved simply to keep production running, a firm expiry date, such as 7 days, must be set. If a permanent engineered fix is not fully implemented by that exact time, the equipment must be addressed immediately.

---

Recap: Risk Assessment and Management of Change Triggers

Parameter / Trigger	Requirement / Control Measure	Criterion / Value	Action / Process
High Voltage	Hard engineering control (interlock, grounded enclosure).	>50 V	Apply via Risk Assessment; PPE is not primary defense.
Chemical Fumes	Source extraction (Local Exhaust Ventilation).	Any chemical fume generation	Deploy LEV; respirators are last resort.
Kinetic Energy (Moving Parts)	Physical guarding, securely bolted and electronically interlocked.	All moving parts	Verify interlock to primary power.
Non-Routine Task / Dynamic Change	Immediate work stoppage and re-assessment.	Environmental change (spill, power fluctuation, missing tool)	Perform Dynamic Risk Assessment (“Take 5”).
Component / Material Change	Formal cross-functional review and impact analysis.	Not a Replacement-in-Kind (RIK)	Initiate Management of Change (MOC) process.
Bypassing Machine Interlocks	Highest-level management approval.	Any modification to protective device	Require Plant Manager or CEO sign-off via MOC.
Introducing New Chemicals	SDS review and physical material compatibility test.	New supplier or composition	Formal EHS review via MOC.
Facility Software Patching	Offline virtual simulation.	Any patch affecting HVAC or power	Simulate before implementation via MOC.
Structural Building Modifications	Independent professional engineering review.	Any structural change	Review by licensed Professional Engineer (PE) via MOC.
Temporary Engineering Fix	Firm expiry date and permanent solution plan.	Any temporary MOC approval	Set expiry (e.g., 7 days); implement permanent fix or stop equipment.