3.4 Control plan + reaction plan: stop/contain/release rules
The Control Plan is intended to be the practical operational guide for the manufacturing floor. While the PFMEA predicts theoretical risks, the Control Plan defines the actual, physical controls put in place to manage those risks day-to-day. It acts as the single source of truth that translates engineering intent (such as GD&T limits and material specs) into the daily reality for operators (such as which gauges to use, what checks to perform, and how to react to anomalies).
A helpful reality check: If a specific process step or inspection point is not explicitly documented in the Control Plan, it does not officially exist. When an operator performs an “informal check” based purely on experience, they unknowingly introduce uncontrolled variance into the system.
The golden thread: lineage of logic
Section titled “The golden thread: lineage of logic”A well-written Control Plan should be the final link in a clear data chain. Direct traceability back to the original risk assessment must be demonstrable:
- DFMEA (Design Risk) defines the Key Product Characteristics (KPCs).
- Example: The “Shaft Diameter” is critical for the final bearing fit.
- PFMEA (Process Risk) defines the Key Process Characteristics (KCCs).
- Example: The “Machine Spindle Speed” is the input that actively controls that Shaft Diameter.
- Control Plan defines How the KCC is checked to protect the KPC.
- Action: The Spindle Speed must be measured every hour; the Shaft Diameter must be measured every 5 parts.
The Guiding Principle: Every high-risk item identified in the PFMEA should have a corresponding detection or prevention line item clearly listed in the Control Plan.
Anatomy of a control line item
Section titled “Anatomy of a control line item”Ambiguity in the Control Plan often leads directly to operator error. To prevent confusion, each entry should define five specific parameters.
1. Characteristics (what)
Section titled “1. Characteristics (what)”Care must be taken to distinguish between the Product (The Output) and the Process (The Input).
- Poor: “Check the solder.”
- Good: “Verify Solder Paste Height” (Process) and “Inspect Fillet Wetting Angle” (Product).
2. Specification / tolerance (the standard)
Section titled “2. Specification / tolerance (the standard)”The tolerance in the Control Plan must match the engineering print exactly.
- If the print states 10.0 ± 0.1 mm, the Control Plan should clearly list the acceptable range as 9.9 – 10.1 mm.
3. Evaluation technique (the tool)
Section titled “3. Evaluation technique (the tool)”The exact Measurement System to be used must be clearly defined.
- Hardware: It must be specified if a Caliper, a CMM, or a Go/No-Go Fixture is needed (and the specific Gauge ID quoted).
- Validation: The Gauge listed should have a passing Gauge R&R (MSA) study on file to prove it is capable of the required precision.
4. Frequency (the rhythm)
Section titled “4. Frequency (the rhythm)”Inspection frequency should generally be driven by Process Capability (Cₚₖ), rather than just “what we’ve always done.”
- If the Cₚₖ is < 1.33 (meaning the process is relatively unstable), 100% Inspection is usually needed.
- If the Cₚₖ is > 1.67 (meaning the process is highly capable), a safe transition to sampling can be made, such as inspecting 1 piece every 4 hours.
- If the characteristic is Safety Critical, physical Mistake Proofing (Poka-Yoke) should be aimed for or a 100% automated check implemented.
5. Reaction plan (the consequence)
Section titled “5. Reaction plan (the consequence)”This is the most critical part: It tells the operator exactly what to do when a check fails.
- Poor: “Notify Supervisor.” (This is vague and usually leads to scrap while the operator waits).
- Good: “Stop the line. Segregate the last 2 hours of production. Adjust the Tool Offset by +0.02mm, and re-measure.”
The reaction plan: the “OCAP”
Section titled “The reaction plan: the “OCAP””The Reaction Plan is often called the Out of Control Action Plan (OCAP). It provides a prescribed, calm, and effective algorithm for the team.
The “Stop-Call-Wait” Syndrome:
Writing “Call Quality Engineer” as the primary reaction should be avoided; if written, the line will instinctively stop and wait, losing valuable uptime. A good Reaction Plan empowers the operator or lead to safely Contain and Correct the issue autonomously whenever possible.
Suggested Reaction Logic Levels:
- Level 1 (Operator): The reading must be re-measured to confirm. If the failure is confirmed, the machine must be stopped and the part firmly tagged as “Reject.”
- Level 2 (Setter/Lead): The process parameters must be adjusted (within the pre-approved limits stated in the Control Plan) or the tool changed. The first piece must be re-verified after the adjustment.
- Level 3 (Escalation): If Level 2 fails to fix the issue, Engineering must be called and a formal Non-Conformance Report (NCR) initiated.
Stop / contain / release rules
Section titled “Stop / contain / release rules”To maintain discipline, clear criteria must be defined for stopping the line—and more importantly, the rigorous criteria required for restarting it.
1. Stop rules (when to halt)
Section titled “1. Stop rules (when to halt)”- Safety Breach: Any failure of a safety curtain, physical interlock, or E-stop requires an immediate hard stop.
- Consecutive Rejects: Finding three (3) consecutive parts failing the same parameter is a clear sign the process has drifted.
- Setup Verification Fail: A failure during the initial First Article Inspection (FAI).
- Trend Violation (SPC): Observing seven consecutive points on one side of the mean (indicating a Shift) or finding points completely outside the Control Limits.
2. Containment rules (the “bucket” protocol)
Section titled “2. Containment rules (the “bucket” protocol)”Whenever a defect is found, it must be safely assumed that all parts produced since the last “Good” check are now suspect.
- Traceback: The exact time of the last successful, documented inspection must be identified.
- Quarantine: 100% of the WIP (Work in Progress) produced between that “Last Good Check” and “Now” must be isolated.
- Screening: Every single unit in that suspect window must be inspected for the specific defect in question.
- Clean Point: A clear “Clean Point” (using a Serial Number or Time Stamp) must be established where known good production can confidently resume.
3. Release rules (restart criteria)
Section titled “3. Release rules (restart criteria)”A stopped process requires formal validation before it can restart safely.
- Correction Verified: The root cause (such as a broken tool or wrong setting) must be corrected.
- Setup Verification: A new First Article Inspection (FAI) must be conducted. It should measure at nominal (centered securely within the spec), not just barely “in spec.”
- Sign-Off: For Safety or Critical Characteristic failures, the Quality Manager or Process Engineer should sign a “Restart Authorization” document.
The three phases of control
Section titled “The three phases of control”It must be kept in mind that the Control Plan naturally evolves as the manufacturing process matures over time.
Prototype Control Plan:
- Method: Relies heavily on 100% Inspection and manual data logging.
- Goal: To validate the raw design intent.
Pre-Launch (Safe Launch) Plan:
- Method: Utilizes an Increased Frequency of checks (e.g. 200% of the normal, steady-state sampling).
- Goal: To securely contain any “Infant Mortality” issues. A common exit criteria might be producing 3000 defect-free units.
Production Control Plan:
- Method: Transitions to Statistical Sampling based reliably on the historical Cₚₖ.
- Goal: To monitor for slow, long-term process drift.
Recap: Control Plan and Reaction Plan Implementation
Section titled “Recap: Control Plan and Reaction Plan Implementation”| Parameter Type | Specification / Tolerance | Evaluation Technique (Gauge ID) | Frequency (Based on Cₚₖ) | Reaction Plan (OCAP) |
|---|---|---|---|---|
| Key Process Characteristic (KCC) | Per engineering drawing (e.g., 9.9 – 10.1 mm) | Validated MSA tool (e.g., Caliper, Gauge ID) | Cₚₖ < 1.33: 100% inspection. Cₚₖ > 1.67: Sampling (e.g., 1/4hr). Safety Critical: 100% or Poka-Yoke. | 1. Confirm failure, stop line, tag reject. 2. Adjust parameter/tool per plan, verify first piece. 3. Escalate to Engineering, initiate NCR. |
| Key Product Characteristic (KPC) | Per engineering drawing or defined standard (e.g., Limit Sample ID) | Specified tool (e.g., CMM, Go/No-Go Fixture, Gauge ID) | As defined for linked KCC. Safety Critical: 100% or Poka-Yoke. | 1. Confirm failure, stop line, tag reject. 2. Adjust linked process parameter, verify first piece. 3. Escalate to Engineering, initiate NCR. |
| Stop Rule | Containment Rule | Release Rule | ||
| Safety breach, 3 consecutive rejects, FAI fail, SPC rule violation (7 pts shift / out of control limits). | Quarantine 100% of WIP since last good check. Screen all suspect units. Establish a Clean Point. | Root cause corrected. New FAI passed (nominal). For safety/critical: Quality Manager/Process Engineer sign-off required. |