Hi,

Our company with about 200 employees works basically simultanously on two physically separated networks. Some employees have two computers in order to have access to both networks (files are transferree back and forth by e-mail), but most have only access to one or the other network.

Now, to have 2 separated networks is a customer requirement and ISO 9001 surely appreciates that we take this into account :-) However, the ISO requirements regarding document control gives me some headache. Along a project, people from "both network worlds" are involved at some point.

Some documents are sometimes used/needed on both networks. So, on an on-need basis people just transfer the needed documents back and forth between the two networks, save them here and there. When a new version of a controlled document is released to a controlled location, who will remember that he/she transferred an old version of that document half a year ago to a lcoation on the other network.

Hence, with the current system I cannot guarantee that the latest version of documents are available at the point of use and that obsolete documents are removed.

Any advice on how to proceed with this? Currently we don't comply with the ISO 9001 requirements regarding control of documents, on the other side ISO 9001 also says that we must ensure customer requirements (2 networks in this case). I made several proposals how to overcome this (e.g. replicated doc library database) but they were all rejected.

Thanks!

Welcome to the Cove Babel :bigwave:Now, to have 2 separated networks is a customer requirement...What on earth??? Why? Could you expand a bit on that before we proceed?

/Claes

Welcome to the Cove Babel.

Do you mean you map 2 different drives/servers on your computers or are they completely separate systems? Can you access both sets of documents from the same computer?

I think the solution could be to establish a third "server/drive" in which your controlled documents are stored. This will preserve the confidentiality of the customer defined drive while still giving access to the needed documents. All documents would have to be stored "read only" with change authority given only to the document administrator. All changes, notes, etc. would be made in "red-line" only until approved then all documents would be revised at the same time.

I agree with Claes, a better description of what you are currently doing would be helpful.

Dave

Hi,

Thanks for your answers and for welcoming me :-)

The two separated networks are a security requirement by one of our major customers. Unfortunately I am not given more details regarding the technical setup :-(

I have also suggested a third server which can be accessed from both networks. Unfortunately this suggestion was rejected.

Basically, something that is on one network must not be accessible from the other network and vice-versa, which is a problem because in the course of a project the usage of the network shifts:

Pre-production: mainly data/docs from network 1 needed
Production: mainly data/docs from network 2 needed
Post-production: data/docs from both networks needed

Naturally, the border line between the different stages can be fluent... Although not very efficient, we have managed so far. But while driving toward ISO 9001 compliance I discovered so many duplicated/outdated documents which occured because the 2 networks (people copying them back and forth). So, I am wondering if we can actually ever reach ISO 9001 compliance with the current setup...

Babel

Sounds like an attempt at a forced configuration management process to me.

You could designate a CM lead person who would have sole authority for moving documents from the pre-production server to the production server and then on to the legacy server, etc. You could control this via the CM person’s (and everyone else’s) access rights for the network.

Sounds fairly simple to me……………am I seeing the whole picture?

In actuality, your servers are not separate. They have a manual, slow and cumbersome connection called e-mail (or flash drives, CDs and so on). I would think this already violates whatever the intent of the "requirement" is.

I would:
1. Check to make sure this is a real customer requirement. I know automotive customers require that team members working on Customer A's project don't have access to Customer's B's data. This is handled with folder level security, NOT two servers. It could be that your situation was somebody's interpretation years ago and now a case of "the customer says we have to do it this way". If it is not really a customer requirement, get rid of the two server setup and all of the extra overhead it creates.

2. If it really is mandated by the customer that way, see if you can negotiate it away. If so, proceed with getting rid of the second server.

3. Try again for common server #3 to house these documents. If not...

4. If you really have to have two and only two servers, look at an automated mirror type setup - like many internet sites will do to avoid having to pull documents all over the world. Set it to synchronize every night and you are all set.

Hi,

I have also suggested a third server which can be accessed from both networks. Unfortunately this suggestion was rejected.


You don't need a third server; just a network disk drive, containing only the controlled documentation, that can be mapped from both networks. If your IT people do this properly, applying the requisite security policies, the integrity of the two systems can still be maintained.

The two separated networks are a security requirement by one of our major customers.

I worked in a similar environment a few years ago where there was a contractual agreement with a client that there would be no physical connection between two networks. We overcame the problem by installing two physical backbones and putting two network cards into each computer. Staff then selected a network at login and could log in and out of either network during the day. At the highest technical level the two networks were connected via a single switch with high level firewall and some encryption, then designated a very few specifically qualified people to access both networks at the same time. In this scenario, we replicated the QS on both networks and the tech did the document transfers.

Later, we proposed a higher level of network security which satisfied the client's requirements and joined the two networks into one.

I may sound simplistic, but we in India work with simplistic solutions within available resourses and the constraints that go with them.

In your situation, I would simply declare all printed copies, except those stamped and released by the controller as 'Uncontrolled'. - This would ensure that only official prints would be recognised as 'Controlled'.

Put print controls on all documents not 'belonging' to the system. - This would ensure that obsolete documents wont get printed by unauthorised sources.

Colour the terminals of the two systems differently - say black and white. Put watermarks on the documents saying "Up to date document if viewed on BLACK terminal".

Name the document files to reflect the system they belong to. Periodically clean the systems at administrator level, of all documents that dont belong to the system. Or do it whenever a document is revised. Whoever needs it may copy it afresh.

I think that should take care of your problems. Any further issues can be solved equally simply. Its routine for us here.

Hi all!

Thanks a lot for you help - and sorry for my late reply! I put several of your ideas forward to your IT Manager and he agreed to have a look into the possibility of having a separate drive for document storage which could be accessed from both networks. That would help a lot.

Let's see what happens over the next few weeks!

Babel