6.1 - Operational planning and control
Galp shall ensure compliance with the requirements and expectations of the interested parties by planning, implementing and controlling the processes that support said compliance.
To that end, it shall:
- identify the requirements of the interested parties throughout the life cycle;
- establish criteria and implement controls to comply with those requirements;
- determine the necessary resources to obtain compliance with those requirements;
- determine, maintain and retain documented information to guarantee that the processes were controlled and undertaken in order to achieve the planned results.
Galp shall control the planned changes (see 3.3) and review the consequences of unwanted changes, undertaking, as required, actions to mitigate any adverse effects (risks) and capture any positive effects (opportunities).
Galp shall ensure the control of the subcontracted processes (see 6.3).
Framing
In any Organisation, it is essential to plan, schedule and control what is produced and what is provided. Good and effective operational planning and control supports management at times of decision-making.
Operational planning and control includes all Galp's value chain operations. This planning should take into account all manufacturing processes and service supply.
With operational planning and control it intends to integrate the company's activity management, analysing and evaluating the various factors that influence the performance of the processes. What will be done, by whom, how, why, with what resources, where and when must be defined.
This RSIG category contributes to answer the following requirements:
| Standard | Requirements |
|---|---|
| ISO 9001 | 8.1 |
| ISO 14001 | 8.1 |
| ISO 22301 | 8.1; 8.4 |
| ISO 50001 | 4.4.1; 4.4.6; 4.5.5 |
| Standard | Requirements |
|---|---|
| NP 4397 | 4.4.6 |
| NP 4469-1 | 3.6.6 |
| SGSPAG | 4.6 |
| G+ | Element 07; 15; 16 |
Documented information/Evidence
- Management system processes network
- Flows and characterisation of processes (objectives, ERCI matrix, controls, risks, indicators)
- Product/service data sheets (evidence of product/service requirements definition and acceptance criteria) [For example: Internal specification data sheets]
- Operations planning (Examples: Production plans, manufacturing plans, operational availability projection, marketing plans, stock management plans)
- Inspection and test plans (product)
- Control plans (process)
- Controls performed, with evidence of results, their analysis and subsequent actions
- Definition of responsibilities for operational activities
- Business continuity plans for operational activities
- Customer requests, business proposals and their reviews
- Company, sectorial or specific standards in force at Galp
6.2 - Design and development of products, services and assets
Galp shall establish, implement and maintain a process of design and development that is appropriate to ensure compliance with this framework. It shall retain documented information of the inputs, activities, outputs and changes to design and development.
Framing
This category applies to the design and development of products, services and assets in Galp and intends to ensure that it is under controlled conditions and is supported by appropriate planning. That is, the entire internal and external environment must be taken into account as a planning exercise, and must be adapted to the complexity of the project. Design and development reduces the likelihood of error in later stages to ensure customer and other interested parties satisfaction as well as internal efficiency.
This category does not apply to products/services/assets whose implementation processes are previously defined or in which no new specifications are created. In this case, the amendments follow the provisions of category 3.3.
This RSIG category contributes to answer the following requirements:
| Standard | Requirements |
|---|---|
| ISO 9001 | 8.3 |
| ISO 14001 | - |
| ISO 22301 | - |
| ISO 50001 | 4.5.6 |
| Standard | Requirements |
|---|---|
| NP 4397 | - |
| NP 4469-1 | - |
| SGSPAG | - |
| G+ | - |
Practical Application
In order to comply with this RSIG category, Galp must ensure that all "new projects" go through the phases indicated in the following figure.
To this end, Galp must:
Documented information/Evidence
- Project identification (Examples: construction of distribution networks; client facilities; loyalty cards; new means of payment)
- Project specifications
- Design and Development planning
- Design and Development reviews
- Final project
- Design and Development verification
- Design and Development validation (can include, for example, prototype testing, simulator testing, actual use, monitoring the commercialisation of a new product, monitoring the operation of a new unit, etc.)
- Launch of the new product (E.g.: availability in the market, communication activities)
- Changes to the project (may occur during or after the project)
- Company, sectorial or specific standards in force at Galp
6.3 - Externally provided supplies and services
Framing
Suppliers can be divided into two major groups:
- External Suppliers -> external suppliers are considered to be all entities and individuals operating processes or parts thereof or that provide products and services directly to Galp or indirectly to customers on their behalf.
- Internal Suppliers -> the clear definition of the scope and boundaries of the management system allows an unambiguous identification of the internal suppliers, these are all areas of Galp that are involved in the process but are not part of the system’s scope.
Partner is an outside party to the Organisation with which a working relationship has been strategically established in order to achieve common goals and benefits for both parties. Partners may include, for example, suppliers, distributors, and educational entities. For the purpose of applying the RSIG, they are considered external suppliers.
A strategic vision should be adopted regarding the management of the relationship with external suppliers. This vision is all the more important insofar as this relationship will introduce (for both parties) costs (disadvantages) and benefits (advantages) not only short but mainly medium and long term.
This RSIG category contributes to answer the following requirements:
| Standard | Requirements |
|---|---|
| ISO 9001 | 8.4 |
| ISO 14001 | 8.1 |
| ISO 22301 | 8.1 |
| ISO 50001 | 4.5.7 |
| Standard | Requirements |
|---|---|
| NP 4397 | 4.4.6 |
| NP 4469-1 | 3.6.3 |
| SGSPAG | 4.6 |
| G+ | Element 14 |
Documented information/ Evidence
- External supplier qualification criteria
- Evidence of qualification (Example: questionnaires, commitments, supplier certificates)
- Technical notebook / proposal with the explicit requirements
- Supplier proposals
- Proposals analysis (evaluation according to defined criteria)
- Training records, where applicable
- Suppliers contracts /orders/delivery order
- Delivery controls, results, actions and measures implemented, where applicable
- Payment/invoice from the supplier
- Evaluation of external suppliers
- Identification of internal suppliers
- Evidence of internal suppliers’ compliance with legal and safety requirements
- Company, sectorial or specific standards in force at Galp
6.4 - Production and service provision
Framing
This category includes all the operations that Galp carries out in its day-to-day operations to produce and deliver products and services that satisfy its customers and other interested parties.
Organisations must ensure that they have the products and services’ requirements defined and that they are able to comply with them.
It is intended for organisations to have a special focus when results cannot be checked through subsequent monitoring and measurement as well as when they have "custody" ownership of customers or suppliers.
This RSIG macro category contributes to answer the following requirements:
| Standard | Requirements |
|---|---|
| ISO 9001 | 8.2; 8.5; 8.6 |
| ISO 14001 | 8.1 |
| ISO 22301 | 8.2.2; 8.4.4 |
| ISO 50001 | 4.4.3; 4.4.4 |
| Standard | Requirements |
|---|---|
| NP 4397 | 4.4.6 |
| NP 4469-1 | 3.6.6 |
| SGSPAG | 4.6 |
| G+ | Element 07; 16; 17; 19 |
Documented information/Evidence
- Infrastructures, equipment and devices registers (E.g.: list of critical items, asset management software systems)
- Maintenance/Inspection plans and records (infrastructures and equipment) and their monitoring
- Verification /calibration Plans
- Evidence of Verifications / Calibration Certificates
- Acceptance of Verifications /Calibrations
- Product/service data sheets (evidence of product/service requirements definition and acceptance criteria)
- Inspection and test plans (product)
- Controls performed, with evidence of results, their analysis and subsequent actions
- Technical notebook / proposal with the explicit requirements
- Customer requests, business proposals and their reviews
- Operation Manuals
- Control Plans
- Energy assessment criteria
- Energy and operational objectives and targets
- Energy management action plans
- Production records
- Final inspections
- Quality Certificates / Declarations of Conformity
- Safety Data Sheet
- Business continuity plans for operational activities
- Delivery notes and shipping guides
- Invoices and/or Receipts
- Stock management records
- Customer contracts
- Company, sectorial or specific standards in force at Galp
6.5 - Emergency management
Framing
In the planning phase (see 3) a set of risks and emergency situations are identified. These situations must be managed to ensure that the Organisation is prepared, has adequate resilience and is able to respond and react when necessary, minimising adverse consequences and recovering critical processes as soon as possible.
There are factors, such as terrorist attacks, natural phenomena, hardware or software failures, corrupted data, power failures, fires, sabotage, vandalism, theft, human error, cyber-attacks, viruses, epidemic or pandemic crises, major industrial accidents, supply disruptions to the market, etc. that, when they occur, can produce significant crises for the business and for the Organisation. To respond to these events, companies must have a Business Continuity Plan developed, implemented and trained.
Business Continuity Management (BCM) is a cyclical management process that identifies potential threats with impact on the company and provides a reaction plan and response to disruptive events (Business Continuity Plan), safeguarding all interests, be they financial, image, brand, or any others.
This RSIG macro category contributes to answer the following requirements:
| Standard | Requirements |
|---|---|
| ISO 9001 | - |
| ISO 14001 | 8.2 |
| ISO 22301 | 8.4; 8.5 |
| ISO 50001 | - |
| Standard | Requirements |
|---|---|
| NP 4397 | 4.4.7 |
| NP 4469-1 | 3.6.7 |
| SGSPAG | 4.3; 4.8; 4.9 |
| G+ | Element 22 |
Documented information/Evidence
- Management system processes network
- Training records
- Communication plans (identification of what, who, when and how) according to different situations/scenarios
- Identification of potential emergency and disruptive scenarios
- Identification of major accident hazards
- Impact analysis of the processes/activities in the business
- Risk assessment of business processes
- Definition of RTO (Recovery Time Objectives)
- Definition of RPO (Recovery Point Objectives)
- Business continuity strategies (for each activity to be recovered)
- Business continuity plans (for each activity to be recovered)
- Emergency plans
- Contingency plans
- Definition of responsibilities for the activation of emergency, contingency or business continuity plans
- Records of the performance of emergency tests/exercises
- Actions resulting from the drills/exercises
- Actions following real emergencies or disruptive situations
- Company, sectorial or specific standards in force at Galp