4.2.3.f states,"Has a documented procedure been established to define the control need to ensure that documents of external origin and their distribution controlled". I could not find anywhere in any documents that list the specific documents of External Original (EO).

In the scope of the Document and data Control Operating Procedure, it says " This procedure covers all controlled documents or technical specs that originated from a customer, vendor or any regulatory agency". It does not mention what documents of EO are. The company says that they meet the ISO requirement. I believe there is a N/C because :

1) Documents of EO is not list anywhere in the QMS documents.
2) The company claims that most/all document of external origin have been listed. These are examples of documents of EO are not listed that should be controlled by a department:
Example 1- Machine shop machine owners manual and Preventive maintenance manual
Example 2- Equipment (Compressor) owners and preventive maintenance manuals and others.

What do you think?

2) The company claims that most/all document of external origin have been listed. These are examples of documents of EO are not listed that should be controlled by a department:
Example 1- Machine shop machine owners manual and Preventive maintenance manual
Example 2- Equipment (Compressor) owners and preventive maintenance manuals and others.

What do you think?If you go this path, you will expect the company to control the yellow pages, suppliers catalogs, etc... In my view point this is a non-value added NC. How will "controlling" Equipment (Compressor) owners and preventive maintenance manuals improve this organization performance? There are many types of documents of external origin that can have a significant impact in an organization's quality management. The examples you listed don't fall in that category, IMO.

is an important Document of External Origin because it is related to production. Companies use it to set up PM to prolong the life of equipment and reduce down time for improved productivity. I am a consultant for a company setting up their QMS. I have to review their Equipment Preventive Maintenance (PM) manual to set up their PM schedule on some machines.
There are very specific timetable to clean pre-filters every week and replace them every six month. The compressor oil has to be the correct type and you have to bleed the line and the list goes on. The PM manuals were lost on some French made machines and they have no way to replace them because they are not new.
You can't compare it to a phone book ,which it is not product or production related.

The standard 4.2.3.f is very specific- Has a document procedure been established to ensure that documents of external orginal are identified ...... show me that you comply to this requirement.

The standard 4.2.3.f is very specific- Has a document procedure been established to ensure that documents of external orginal are identified ...... show me that you comply to this requirement.This type of dogmatic approach to implementation and auditing leads no non value added "solutions", in my experience.
Imagine for a second that the company has created a list with these operators, owners and maintenance manuals. How has this list improved the organization?

You asked for ideas and I shared mine with you. If you are only asking for concurrence with your ideas, then your post was not clear.

Good question, but to me it evolves around impact. Have they identified and controlled documentation that will have impact? Drawings, specifications, change control documents, etc.

A line needs to be made, IMO, on this. The control is necessary when not controlling the external document could have adverse impact.

Have you identified documents that could impact their quality that are not controlled?

Good question, but to me it evolves around impact. Have they identified and controlled documentation that will have impact? Drawings, specifications, change control documents, etc.

A line needs to be made, IMO, on this. The control is necessary when not controlling the external document could have adverse impact.

Have you identified documents that could impact their quality that are not controlled?

This is a FAA repair station. I know for a fact that Preventive Maintenance and machine manuals have not been identified as doc of EO. They are also 14000 certified, so there may be a whole bunch of other documents of EO. The company is starting to design and build expensive FAA test stations too. They are purchasing new equipments and the manuals needs to be controlled......There may be other doc that I am not aware of that may have an impact.

Sidney has pretty much said it as has Brad. It pretty much boils down to those doc's related to product realization, infastructure and your ability to achieve customer satisfaction.

This type of dogmatic approach to implementation and auditing leads no non value added "solutions", in my experience.
Imagine for a second that the company has created a list with these operators, owners and maintenance manuals. How has this list improved the organization?

You asked for ideas and I shared mine with you. If you are only asking for concurrence with your ideas, then your post was not clear.

I worked for a company with 5,000 employees. Our D/C Operating Procedure lists almost every doc of External origin and where they are kept. EG- the Machine manuals are kept in the company library and copies are scanned and stored in the company network system folder XXXX\XXX\XXX. Mil specs can be downloaded from a website and the web address and access information is available in the OP. It is very helpful and definitely value added.

If you don't agree with this N/C, tell me why and just don't say that it is a non value added "solutions". Since it is an ISO requirement, it may mean something.

I worked for a company with 5,000 employees. Our D/C Operating Procedure lists almost every doc of External origin and where they are kept. EG- the Machine manuals are kept in the company library and copies are scanned and stored in the company network system folder XXXX\XXX\XXX. Mil specs can be downloaded from a website and the web address and access information is available in the OP. It is very helpful and definitely value added.

If you don't agree with this N/C, tell me why and just don't say that it is a non value added "solutions". Since it is an ISO requirement, it may mean something.

I think what everyone is trying to say is that you can give an NC for the situation you described, it´s YOUR management system.... heck, you can give yourself an NC for the tone of the wall color interfering with the production... what everyone is trying to say is that is isn´t necessary to go that deep.... you may be creating difficulties for yourself...extra work that just may not be worthwhile....

How mature is your QMS? I´m sure your company would gain much more ($$) if you concentrated efforts on your KPI and their results.... that´s where the Big Boss is going to look and see the yield and then maybe say "Hey, this ISO thing really does pay off ! "

If you don't agree with this N/C, tell me why and just don't say that it is a non value added "solutions". Since it is an ISO requirement, it may mean something.TY, In my early days of auditing, me too, had the approach of: if it is a requirement, you better comply. As I matured and seasoned as an auditor, my take on things changed. Compliance with requirements is very important, but adding value is much more important. As Brad says, you have to draw lines when you audit. In this specific issue, PM is very important. Having a "controlled list" of maintenance manuals is useless, IMO. Are you going to expect them to have a list of customer POs as EO documents? POs are documents coming from the customers that are revised from time to time. So, they fit your definition of EO documents that must be controlled. Still, I don't know of a single organization that controls customer POs as part of 4.2.3.

Good luck in your audits.

I'll go with the majority. If you want to write it up, do it, but it probably won't add much value. You control documents to keep people from (accidently, or on purpose) making changes that will affect the process. It is pretty hard to make a change to an owner's manual without being able to spot it, after all, isn't it obvious if you cross something out and write over it? If it is something you can pull off a website any ol' time, it is not controlled at the source, so why would you control it? (i.e. the specs you were talking about...just say we go to the web and look it up.)

The fact that you worked in a company of 5,000 means absolutely nothing. Control is control, 1, 5, 10 or 10,000. The fact that the company chose to do what it did does not mean that it is the only way things can be done. Quality systems have evolved since the first ISO systems were put into place.

Insanity is not doing the same things over and over, it is doing the same things over and over again and expecting a different result (improvement within the system).

TY, In my early days of auditing, me too, had the approach of: if it is a requirement, you better comply. As I matured and seasoned as an auditor, my take on things changed. Compliance with requirements is very important, but adding value is much more important. As Brad says, you have to draw lines when you audit. In this specific issue, PM is very important. Having a "controlled list" of maintenance manuals is useless, IMO. Are you going to expect them to have a list of customer POs as EO documents? POs are documents coming from the customers that are revised from time to time. So, they fit your definition of EO documents that must be controlled. Still, I don't know of a single organization that controls customer POs as part of 4.2.3.

Good luck in your audits.

Well put! That segregates the 'boys' from the 'man'. Who wants to be audited by 'boys'?? :lol: :lol:

This type of dogmatic approach to implementation and auditing leads no non value added "solutions", in my experience.
Imagine for a second that the company has created a list with these operators, owners and maintenance manuals. How has this list improved the organization?

You asked for ideas and I shared mine with you. If you are only asking for concurrence with your ideas, then your post was not clear.

I agree, We focus on controling documents that are critical to our organization and adds value e.g. External customer drawings, specifications, Mil-Specs, etc.

I would not pursue this N/C because it doesn't add value to the audit or the organization.

Best Regards,

al40

I worked for a company with 5,000 employees. Our D/C Operating Procedure lists almost every doc of External origin and where they are kept. EG- the Machine manuals are kept in the company library and copies are scanned and stored in the company network system folder XXXX\XXX\XXX. Mil specs can be downloaded from a website and the web address and access information is available in the OP. It is very helpful and definitely value added.

If you don't agree with this N/C, tell me why and just don't say that it is a non value added "solutions". Since it is an ISO requirement, it may mean something.


I'm inclined to agree with Sidney. As we gain experience in auditing, it tends to focus the efforts toward the more important things. Even the standards committees are going in this direction.

Many newer auditors tend to really focus on doc control. It is important, and I certainly make sure my clients control their docs appropriately. However, we are not the doc police, and doc control is only a means to an end.

To clarify, I describe doc control as a series of concentric circles - like a bull-eye target. The most important documents are closest to the middle and must be controlled pretty carefully. As documents decline in importance, or the risk of changing goes down, put them more in the outer rings. The further out the rings are, the less critical it is to control the documents formally. Some can be controlled with just date revisions, and maybe a signature.

Please remember why doc control is important in the first place.

I'm a little late to this thread, but I just had an auditor write up a non-conformance for an injection machine maintenance manual that was not controlled. Here is the stance I intend to take with this NC:

Nowhere in my Quality Manual or procedures do I say that maintenance activities; preventive, predictive, reactive, or otherwise are carried out in accordance with the manufacturer's manual. Therefore these documents are used "For Reference Only," and are not subject to our procedure for control of external documents.

As soon as you make a statement like the one described above, not only for maintenance, the referenced manual(s) become a part of the quality system and must be controlled to ensure you have the latest and greatest. If the manufacturer's recommendations are taken from a manual and put into say, a preventive maintenance schedule, then the schedule is then what needs to be controlled and not the manual.

I do not know how this will fly with the auditor, but it makes perfect sense to me.

Here is the stance I intend to take with this NC:....I do not know how this will fly with the auditor, but it makes perfect sense to me.You can use this as a test to see if your auditor understands the concept of added value.

You ask the auditor what is required to consider the PM manual "controlled". Chances are, the answer you are going to get is: It has to be listed in a list of documents of external origin. Then you ask. Assume I do that, how will that make my organization any better? And the fun begins...

I'm a little late to this thread, but I just had an auditor write up a non-conformance for an injection machine maintenance manual that was not controlled. Here is the stance I intend to take with this NC:

Nowhere in my Quality Manual or procedures do I say that maintenance activities; preventive, predictive, reactive, or otherwise are carried out in accordance with the manufacturer's manual. Therefore these documents are used "For Reference Only," and are not subject to our procedure for control of external documents.

As soon as you make a statement like the one described above, not only for maintenance, the referenced manual(s) become a part of the quality system and must be controlled to ensure you have the latest and greatest. If the manufacturer's recommendations are taken from a manual and put into say, a preventive maintenance schedule, then the schedule is then what needs to be controlled and not the manual.

I do not know how this will fly with the auditor, but it makes perfect sense to me.

Hello Steve,

During my career, I have been involved with many document discussions such as the ones in this thread. Documents, document control, valid and invalid nonconformities, etc., Here is a simple question I always ask: "Is there value in maintaining this (hard-copy and/or electronic) document?" If yes, then I ask the following question: "Can you afford to lose this document?" If no, my response is: "Control it!"

It's that simple. Often, we get too wrapped up in (emotional) discussions without considering the purpose of documentation in the first place. We need to start looking at all this from a business perspective rather than beating ourselves up with standards and auditors.

Sorry, it's Friday, I know.....:yes:

Hope this helps a little.

Stijloor.

I'm a little late to this thread, but I just had an auditor write up a non-conformance for an injection machine maintenance manual that was not controlled. Here is the stance I intend to take with this NC:

Nowhere in my Quality Manual or procedures do I say that maintenance activities; preventive, predictive, reactive, or otherwise are carried out in accordance with the manufacturer's manual. Therefore these documents are used "For Reference Only," and are not subject to our procedure for control of external documents.

As soon as you make a statement like the one described above, not only for maintenance, the referenced manual(s) become a part of the quality system and must be controlled to ensure you have the latest and greatest. If the manufacturer's recommendations are taken from a manual and put into say, a preventive maintenance schedule, then the schedule is then what needs to be controlled and not the manual.

I do not know how this will fly with the auditor, but it makes perfect sense to me.

Where was the manual found by the auditor? Is it true that the manual isn't used? If so, throw it out, and tell the auditor that it doesn't need to be controlled because it's gone. While Sidney makes a good point, if the manual is used, even occasionally, it probably should be referenced in your documentation. Keep in mind that warranties will probably be voided if you don't follow the manufacturer's maintenance requirements, and have records as evidence of maintenance.

Hello Steve,

During my career, I have been involved with many document discussions such as the ones in this thread. Documents, document control, valid and invalid nonconformities, etc., Here is a simple question I always ask: "Is there value in maintaining this (hard-copy and/or electronic) document?" If yes, then I ask the following question: "Can you afford to lose this document?" If no, my response is: "Control it!"

It's that simple. Often, we get too wrapped up in (emotional) discussions without considering the purpose of documentation in the first place. We need to start looking at all this from a business perspective rather than beating ourselves up with standards and auditors.

Sorry, it's Friday, I know.....:yes:

Hope this helps a little.

Stijloor.


There's another consideration when we talk about control of documents, and that's control of processes. If there is a requirement to maintain a machine in accordance with the manufacturer's guidelines (or requirements for keeping a warranty in force), then the documents needed to carry out those requirements should probably be controlled, regardless of origin.

WOW, I must say I am a little bit surprised. Hands down you have a legitimate and a value adding nonconformance. I don't see any room at all for wavering even.

As we mature as auditors rather than become more accepting to breaches of the standard we should get even less accepting. I wanteed to quote at least one thing from almost every post but I figured that wouold just take too long (not value added).

In trying to make an approach brief let's start with maintenance schedules.
Q: How often do you conduct maintenance on this piece of key equipment?
A: Once every three months
Q: Have you ever had anything wrong during scheduled maintenace?
A: Oh yeah, we've had to change certain things and so on.
Q: Where did you come up with your every three month schedule?
A: Its recommended through the owners manual
Q: May I see the owner's manual?
A1: Well we don't have it any more
A2: I don't know where it is right now
A3: I loaned it out to a company that has the same machine
A4: Sure, here it is
Q: The manual is dated 1963
A: That's when we bought the equipment
Q: Have there been any changes to the equipment?
A: Oh sure, we rebuilt the gearbox, we added the frim fram and removed the flammer. The cfompany had a required re-call on the safety mechanism, and on and on.
Q: Do you have a new owners manual for the changes?
A: No.
Nonconformance

This is a made up scenario bu based entirely on fact. It isn't even outrageous - it is very common.

Document control touches so many areas of our documents. One of the key areas is "...to ensure that relevant versions of applicable documents..."

So many maintenance plans, schedules, directions, instructions, methods and so on come from owners manuals. Would you settle for the 1993 issue of the Chilton or Haynes repair manual for a 1984 Mustang if you owned a 1985 Corvette?

Find 'em, list 'em and control 'em. Write the NC and hold them to it. Of course there is value added. They may end up with a legitimate collection of maintenance information.

"Can you afford to lose this document?" If no, my response is: "Control it!"

Well put! Excellent. To the point and makes a great deal of sense.

I'm a little late to this thread, but I just had an auditor write up a non-conformance for an injection machine maintenance manual that was not controlled. Here is the stance I intend to take with this NC:

Nowhere in my Quality Manual or procedures do I say that maintenance activities; preventive, predictive, reactive, or otherwise are carried out in accordance with the manufacturer's manual. Therefore these documents are used "For Reference Only," and are not subject to our procedure for control of external documents.

As soon as you make a statement like the one described above, not only for maintenance, the referenced manual(s) become a part of the quality system and must be controlled to ensure you have the latest and greatest. If the manufacturer's recommendations are taken from a manual and put into say, a preventive maintenance schedule, then the schedule is then what needs to be controlled and not the manual.

I do not know how this will fly with the auditor, but it makes perfect sense to me.

I think you are correct.

It is common for less experienced auditors to make an issue of this. But, we tend to either outgrow it, or a more seasoned auditor shows the error of our thinking. (One more reason why auditors should get a little more experience before being designated as Lead Auditor).

However, here is a better ISO argument:

The manuals are somewhat important, so it could appear logical to control them. However, as you said, you use the manual for reference and build the important information into your work instructions. The only benefit to controlling them is to ensure that future revisions are propoerly reviewed and distributed. However, equipment manuals generally do NOT get revised, so you would never have to recall and replace the manual copies.

Thus, as Sidney asked, what difference would it make?

WOW, I must say I am a little bit surprised. .... It isn't even outrageous - it is very common.




Wow, Gary... To be this passionate on such a tiny issue, I am indeed surprised.

I have performed a little over a 1000 3rd party audits. Somewhere back in the first 50 or so, I might have agreed, but, I moved on very early.

You have to be kidding. The OP even stated he does not follow the maintenance in the manual. He used it as a starting point.

You may review my other comment in this thread, to see my reasoning...

I am late joining this one as well. However, I was written up on this by a very seasoned auditor during an audit.

Why? Because the manual outlines exactly how to replace blades, tools, etc. It also outlines what type/make of cutting tools the machine will accept.

Are the proper tools for the machine critical in ensuring product conformity? You bet!

Does following the proper procedure for replacing worn tools/blades ensure safe operation and product conformity? You bet! (btw, we are also starting the consolidation of 9001 and 18001).

I didn't argue with him on this one. If he just wanted me to list them and this type of information wasn't in the manual...I would have thrown him in the nearest snowbank! (our audit was during the one of the biggest snowstorms of the winter!). He was trying to help us ensure our system was robust enough to ensure that all operators followed the same protocol; thereby, ensuring a safe environment and product that conforms to requirements (and of course, happy customers).

John

The manuals are somewhat important, so it could appear logical to control them. However, as you said, you use the manual for reference and build the important information into your work instructions.
What does "used for reference" mean? Does it mean that the manual is referred to when doing maintenance?

The only benefit to controlling them is to ensure that future revisions are propoerly reviewed and distributed.

Not true, at least not always. There's always a lot of talk around here about documents being "useful," meaning documents being regularly used in the operation of processes. This overlooks another important function of QMS documents, namely process design and control. When we design processes, one of the goals should be to establish a proven method for obtaining the desired results. In many, possibly most, cases, the process must be operated as designed in order for the outcome to be predictable. In such cases, QMS documentation serves as a primary source for process operation. It may be that operators can be trained in accordance with the proven method, and never have to look at a work instruction. On the other hand, if someone comes along and says, I think we should do x instead of what we have been doing, the document provides a point of reference for the established requirements, and should serve to notify everyone that they should do x at their own peril.

A document doesn't have to be constantly read in order to be useful.

However, equipment manuals generally do NOT get revised, so you would never have to recall and replace the manual copies.

It's not uncommon at all for errata sheets to be published, and for previously undocumented safety issues to be addressed by equipment manufacturers. In point of fact, maintenance and operation documents do get updated.

"Can you afford to lose this document?" If no, my response is: "Control it!"
Find 'em, list 'em and control 'em. Write the NC and hold them to it. Of course there is value added. Can someone enlighten me and explain what would be required to consider an external maintenance manual "controlled"?

I am late joining this one as well. However, I was written up on this by a very seasoned auditor during an audit.

Why? Because the manual outlines exactly how to replace blades, tools, etc. It also outlines what type/make of cutting tools the machine will accept.

Are the proper tools for the machine critical in ensuring product conformity? You bet!

Does following the proper procedure for replacing worn tools/blades ensure safe operation and product conformity? You bet! (btw, we are also starting the consolidation of 9001 and 18001).

I didn't argue with him on this one. If he just wanted me to list them and this type of information wasn't in the manual...I would have thrown him in the nearest snowbank! (our audit was during the one of the biggest snowstorms of the winter!). He was trying to help us ensure our system was robust enough to ensure that all operators followed the same protocol; thereby, ensuring a safe environment and product that conforms to requirements (and of course, happy customers).

John


1. If your operators refer to the manual as a work instruction to tell them what tools to use, it needs to be controlled.

2. If you choose to put it in the doc control system, then it needs to be controlled.

I am a fan of doc control, but if neither of these rules apply, then it does not have to be controlled.

Remember, ISO allows you to decide what documents are needed to ensure control over your processes (cl 4.2.1.d). Most companies I know, decide these manuals do not need to be "controlled" because they do not change. But, if you want to control them, that is fine.

Can someone enlighten me and explain what would be required to consider an external maintenance manual "controlled"?

Although I don't agree with Gary's premise, control is an issue when a document--regardless of origin--is to be used as a standard. It probably doesn't apply to the case at hand, but if a maintenance or operation manual is considered a "bible," then it should be referred to as such in the process documentation, which is a form of control. As I pointed out in another response in this thread, it's not unusual at all for such manuals to be updated, especially when new safety issues are discovered.

Can someone enlighten me and explain what would be required to consider an external maintenance manual "controlled"?

Identify it as being in your inventory. Know where you have all copies. Occassionally verify whether there have been revisions to the manual or not.

1. Most companies I know, decide these manuals do not need to be "controlled" because they do not change.

The fact that a document's contents can change shouldn't be the only deciding factor for control. There is also the concern about where is it? Who has copies? Is it still legible and in readable condition? Can it be easily accessed? These are all a part of document control.

Identify it as being in your inventory. Know where you have all copies. Occassionally verify whether there have been revisions to the manual or not.

Ditto.

Stijloor.

Identify it as being in your inventory. Know where you have all copies. Occassionally verify whether there have been revisions to the manual or not.Thanks. I think my take on this is just different. If we focus on the case brought up today which re-started this thread, we know that the manual is in our inventory, because the external auditor found it. Ironically, had the company hidden or trashed or recycled their maintenance manuals, the auditor would have nothing to write up...:frust:

If you benefit from having a list that tells you where the maintenance manuals are located, good. Most organizations that I know would consider that an unnecessary bureaucracy. Hopefully people doing the maintenance will have access to the manuals. Unless they have all been hidden, so the external auditors have less ammunition for write ups.:tg:
Occasionally calling the OEM and asking if the manual has been revised. Not a bad idea. I wonder how many organizations do that...Or if I don't do it, I must be violating an ISO 9001 requirement...which one....I am not sure.

Thanks. I think my take on this is just different. If we focus on the case brought up today which re-started this thread, we know that the manual is in our inventory, because the external auditor found it. Ironically, had the company hidden or trashed or recycled their maintenance manuals, the auditor would have nothing to write up...:frust:

If you benefit from having a list that tells you where the maintenance manuals are located, good. Most organizations that I know would consider that an unnecessary bureaucracy. Hopefully people doing the maintenance will have access to the manuals. Unless they have all been hidden, so the external auditors have less ammunition for write ups.:tg:
Occasionally calling the OEM and asking if the manual has been revised. Not a bad idea. I wonder how many organizations do that...Or if I don't do it, I must be violating an ISO 9001 requirement...which one....I am not sure.

Hello Sidney,

Is it fair to say (I use this example quite a bit), that document control is pretty similar to maintaining a library of useful and value-added information? Knowing what you have, knowing where it is, knowing who "owns" it, etc?

I am always concerned (see my earlier post in this thread) that it becomes a "legal/requirements" battle rather than determining what makes good sense for supporting the business and its processes.

Stijloor.

We do use the manuals as "bible"s. In fact, they are maintained with the corresponding machine so they are easily available to the operator should he/she require it.

In fact, when I called the manufacturer about a particular manual as it had been damaged. They faxed me 3 erratas that had been released for other manuals that we had.

In this case, the control of these manuals was critical to ensuring the process was followed as I noted in an earlier post (replacement of tools, and proper tools to use)

John

...Or if I don't do it, I must be violating an ISO 9001 requirement...which one....I am not sure.

You may be - depends upon the auditor of course.

4.2.3.d tells us to have relevant versions of applicable documents available at the point of use.

If a maintenance man says "I use the owners manual." Then that has become an applicable document. It should be available to the maintenance man and the revision should be relevant, or apropo to the version of equipment he is working on.

I have written a nonconformity on this situation and I am sure I will again.

I have written a nonconformity on this situation and I am sure I will again.So, you write a company up if they don't have a process which by they "occasionally call the equipment OEMs" to enquire if they have revised the maintenance manual?

So, you write a company up if they don't have a process which by they "occasionally call the equipment OEMs" to enquire if they have revised the maintenance manual?

No, not exactly, I write them up if they do not have their external documents clearly identified and controlled. To determine control it is really rather easy to simply call the OEM and inquire as to the latest. And yes, I have done this on several occassions during audits. So far in all cases things have been just fine but it is a quck and easy verifcation.

I drive a 2002 Impala. I come from the old school where oil must be changed every 3000 miles. My experience with this Impala has changed my way of thinking. I don't have to change the oil until the message light tells me to. That may be 4000, 5000 or even 6 or 7 thousand miles. The longest interval so far has been about 7500 miles. I would not have known this had I depended on the 1998 Impala owners manual. I may have saved several hundred dollars so far with that knowledge.

It's just the relevant version thing is all. It really isn't difficult, it isn't expensive, it isn't painful but it can very well be value added.

No, not exactly, I write them up if they do not have their external documents clearly identified and controlled. To determine control it is really rather easy to simply call the OEM and inquire as to the latest. And yes, I have done this on several occasions during audits. So far in all cases things have been just fine but it is a quick and easy verification.I don't understand. In a previous post you said that "occasionally" calling the OEM and verifying that the maintenance manual is still up to date is part of "controlling" maintenance manuals. So, you must expect the organizations you audit to have such process in place. Otherwise, how do they ensure that their maintenance manuals are "controlled"?

There's a lot of discussion about value added/not value added, necessary/unnecessary, etc., and the debate can (and probably will) go on forever with very good points on both sides. Each company will have to decide what best suits them. Obviously from my initial post, I do not think that there is enough value added in controlling the, literally hundreds, of maintenance manuals residing in our Maintenance department.

However, strictly from a compliance standpoint, I believe I am on solid ground when I tell my auditor that I have not made these manuals a part of my quality system, and we choose not to control them.

Does anybody know of a requirement of the ISO standard that specifically does not allow me to take this stance?

Hello Steve,

Your quote: I do not think that there is enough value added in controlling the, literally hundreds, of maintenance manuals residing in our Maintenance department.

Why not getting rid of them? If not, include them in your electronic "rolodex", and voila! You know you have them, they can be consulted when necessary, etc. Make it easy and user-friendly. I have worked with a company - perhaps similar to yours - where hundreds of operator, maintenance, and programming manuals were maintained. It was not really a big deal.

Concluding...

Good and meaningful dialogue though...thank you all guys!

BTW: That's what makes The Cove a great forum!

Have a great and safe weekend.

Stijloor.

Wow, Gary... To be this passionate on such a tiny issue, I am indeed surprised.

I have performed a little over a 1000 3rd party audits. Somewhere back in the first 50 or so, I might have agreed, but, I moved on very early.

You have to be kidding. The OP even stated he does not follow the maintenance in the manual. He used it as a starting point.

You may review my other comment in this thread, to see my reasoning...

Some things just get to ya. My passion stems from I guess having seen so many problems in the control area. It may seem tiny but without the right information, or worse yet, with the wrong information, you have big potential for big problems.

Yes, he used the manual for a starting point. But that is not my reasoning for controlling the manual. I try to equate every ISO / TS related situation to real life; you know every day things. I buy a new printer for my office I file the owner's manual in a three ring binder with all the other manuals. I may never look at it again but on that occassion I do need it I do know where it is.

Certainly not to use myself as an example but I have the manual for every piece of equipment in my tiny olittle company. I reference some of them periodically and others never but still others almost all the time. The manual for my Visa / Mastercard machine is already dog-eared; %$#@@#& 6%$#@. The machine is a monster! I am so glad I have kept the manual. I am so thankful I keep it available right there by the machine. And I am happy I laminated the pages I use the most.

I am at a company right now where we are trying to figure out the capabilities of each piece of equipment. Not statistical but output wise. Fortunately, one of the operators said "Here you go, I have every manual right here." What a savings of valuable time.

However, if the manual has disappeared and things are still running just fine that means they really do not need it. So, just as in an earlier post; if I can take it away and not bring it back and you won't cry about it then no, it does not have to be controlled. But if you want it back then control it.

I don't understand. In a previous post you said that "occasionally" calling the OEM and verifying that the maintenance manual is still up to date is part of "controlling" maintenance manuals. So, you must expect the organizations you audit to have such process in place. Otherwise, how do they ensure that their maintenance manuals are "controlled"?

That post you reference is a list of "suggested methods." There really is no criteria for what method is to be used, those I listed could be used but do not have to be. Back in the days of Targets for Excellence GM auditors expected such a program to be in place. I learned from their expectation and discovered that it could be a good thing so I do use it as a suggestion but I don't mandate it.

Now, in the case where a certain piece of equipment's maintenance manual has become an applicable document because it is used for instruction and guidance, yes I would expect something in place whereby the organization pro-actively determines the relevancy of the version of document they have. They can be as creative as they want I just want a good answer to;

"How do you know ths is the relevant version?" ISO 4.2.3.d

If we allow ourselves, as a group of auditors, to ignore individual requrements based upon our own 'better judgement' or what we would like to see in place we are contributing to the breakown of the overall international system. It really doesn't matter if I care whether they control their documents or not. Until ISO quits making document control a part of the standard I will expect all 'relevant' documents to be controlled in accordance with the requiremets of the standard.:)

If we allow ourselves, as a group of auditors, to ignore individual requrements based upon our own 'better judgement' or what we would like to see in place we are contributing to the breakown of the overall international system. It really doesn't matter if I care whether they control their documents or not. Until ISO quits making document control a part of the standard I will expect all 'relevant' documents to be controlled in accordance with the requiremets of the standard.:)I really don't think that bringing the How to Add Value during the audit process (http://isotc.iso.org/livelink/livelink/3553372/APG-HowtoAddValue.doc?func=doc.Fetch&nodeid=3553372) document to your attention will give you another epiphany (http://elsmar.com/Forums/showpost.php?p=205567&postcount=39)but others might see the light when they realize the need for a change of approach to auditing. Even the ISO TC 176 believes that auditors need a change of direction when they provide advice such as:
Adopt a “holistic” approach to evidence gathering throughout the audit, instead of focusing on individual clauses of ISO 9001:2000. So, you keep on auditing to make sure that all requirements are covered, but remember: Frankenstein had all the body parts in place.

I really don't think that bringing the How to Add Value during the audit process (http://isotc.iso.org/livelink/livelink/3553372/APG-HowtoAddValue.doc?func=doc.Fetch&nodeid=3553372) document to your attention will give you another epiphany (http://elsmar.com/Forums/showpost.php?p=205567&postcount=39)

No, you were right about the epiphany thing (but I do still thank you for the other one you provided - I am still digesting) Still, this document"How To Add Value During The Audit Process", refers to "Conforming to ISO 9001:2000, often, very often. Some quotes from this document;

"Conformity to ISO 9001:2000 relates to the ... extent to which the QMS meets the requirements of ISO 9000:2000"
"It is important that all identified non-conformities are reported..."
"...what needs to be done...to meet the requirements of ISO 9001:2000"
"...failing to report all detected nonconformities...adds no value..."

One very interesting statement; regarding writing even the most minor NC

"In these situations, the auditor might be accused of being pedantic or even bureaucratic, so it is important to be able to demonstrate the relevance of the non-conformities that are being raised."

Absolutely, that is one of the reasons I don't write it if I cannot relate it to either their own system or to the standards.

I appreciate you providing the link to this paper. It was a good read and I can actually use it in future auditor classes to enforce the
"write 'em if they got'em"

approach I already present.

A change of approach to auditing - yes but a change to not writing NCs - no. The approach to auditing has always been the difficult part. It really isn't too hard to find things that do not comply, it's how you go about it.:agree1:



So, you keep on auditing to make sure that all requirements are covered, but remember: Frankenstein had all the body parts in place.[/SIZE] [/FONT][/FONT]

I have no retort just that I like the comparison:lol:

[quote=Gary E MacLean;206387]
...this document"How To Add Value During The Audit Process", refers to "Conforming to ISO 9001:2000, often, very often. Some quotes from this document;

....One very interesting statement; regarding writing even the most minor NC

"In these situations, the auditor might be accused of being pedantic or even bureaucratic, so it is important to be able to demonstrate the relevance of the non-conformities that are being raised."

Absolutely, that is one of the reasons I don't write it if I cannot relate it to either their own system or to the standards.




I think somehow we are speaking at each other, not with each other.

Of course we have to conform to the requirements.

And, of course we have to write up nonconformities. We are debating what constitutes a valid nonconformitiy.

None of us are correct all the time. I am sure I write some NC's that my clients think are insignificant, but I try to continually calibrate so I can be better. I don't want to cram anything down their throats.

The purpose of doc control is to ensure documents and information are accurate and up to date. The manuals don't get revisions over time (unless there is a major safety recall) therefore they are by default meeting the requirement. But, as I said previously, if they become a formal part of their system, then they may reach the point of needing to be officially controlled. Owner's manuals often don't reach that level and truly are reference documents.



I appreciate you providing the link to this paper. It was a good read and I can actually use it in future auditor classes to enforce the
"write 'em if they got'em"

approach I already present.

A change of approach to auditing - yes but a change to not writing NCs - no. The approach to auditing has always been the difficult part. It really isn't too hard to find things that do not comply, it's how you go about it.


If there is an NC, it has to be written. Where we disagree is what constitutes an NC in the first place. Some judgement is necessary, sometimes.

If you are teaching other auditors, I would encourage you to seriously evaluate whether it is time to modify your approach. Some reading of articles and books written by the writers of the ISO 9001 2000 version might be enlightening. Remember, the USA ISO TAG group voted against TS-16949 acceptance largely over this very issue about doc control.

You are a smart guy, Gary, but don't ever get set in your ways. We must always strive for continual improvement.

...If we allow ourselves, as a group of auditors, to ignore individual requrements based upon our own 'better judgement' or what we would like to see in place we are contributing to the breakown of the overall international system. It really doesn't matter if I care whether they control their documents or not. Until ISO quits making document control a part of the standard I will expect all 'relevant' documents to be controlled in accordance with the requiremets of the standard.:)

I don't think any of us advocated "ignor(ing) individual requrements based upon our own 'better judgement" because that would clearly be a violation of our accreditation. So, let's put that out there VERY CLEARLY!

However, applying a little common sense and judgement as to what is relevant, and understanding where the ISO standards are going, IS CLEARLY part of our charter and training.

I think you and I both clearly understand there is a difference there.

[quote]
And, of course we have to write up nonconformities. We are debating what constitutes a valid nonconformitiy.

Unfortunately, you are right. Unfortunately we do not have a long list of conditions that dictate a NC. Unfortunately the decision is left up to a myriad of auditors - each with a different view on what must be and what cannot be. Hopefully, eventually, views and opinions can come together and we, as a group, can at least agree on the fundamentals of "is it or isn't it."

[quote]
None of us are correct all the time. I am sure I write some NC's that my clients think are insignificant, but I try to continually calibrate so I can be better. I don't want to cram anything down their throats.

As do I. I have changed so significantly over the ten years of being independent it almost shocks me. Things I would never have tolerated years ago now seem to go unnoticed. But this is in the big picture. This thread originally centered on the identification and control of external documents. If we go back to that premise, external documents means more than just equipment manuals; ISO standards, AIAG Reference Manuals, Drawings, prints, specs, ASTM, SAE, and on and on. Somewhere in there, there is still a need to clearly identify and control these things.

[quote]
The purpose of doc control is to ensure documents and information are accurate and up to date. The manuals don't get revisions over time (unless there is a major safety recall) therefore they are by default meeting the requirement.

Perhaps the written document doesn't get changed but the equipment often does; removal of safety devices, changing direction of output, changing method of material delivery, I have seen all of these changes and more. Suddenly, the equipment no longer matches the manual. So something has to be fixed. If the manual is not controlled though it will not get the attention it needs.


[quote]
But, as I said previously, if they become a formal part of their system, then they may reach the point of needing to be officially controlled. Owner's manuals often don't reach that level and truly are reference documents.

This really is the key. ONLY if the subject external document is a part of the system does it need to be controlled. As I stated in an earlier post "...if that manual becomes an applicable document then it needs to adhere to all ISO requirements..."




[quote]
If there is an NC, it has to be written. Where we disagree is what constitutes an NC in the first place. Some judgement is necessary, sometimes.

I actually think we are closer to thinking alike than either of us realize. The "applicable document" concern brings everything back down to a workable level.

[quote]
Remember, the USA ISO TAG group voted against TS-16949 acceptance largely over this very issue about doc control.

Yes, I know. This is another thing that bothers me. ISO 9000:2000 is not the only standard in the system. Trainers, auditors, consultants, all of us have to be prepared for TS16949, AS 9100, OFI 9000, and all the other hybrids, whether they are exactly alike or not.

[quote]
You are a smart guy, Gary,

OK, that's the last word. That's what I was waiting for:lmao: Just a little conceptual validation:lol:
[quote]
but don't ever get set in your ways. We must always strive for continual improvement.

I have changed dramatically but I do have the tendency to get bogged down with one idea. But you, with one reference, have changed my thinking entirely on what those six document references really are. So I can still change at the drop of a hat - that's a good sign.:yes:

Thanks for a healthy exchange - I've enjoyed it and probably will continue to do so.:agree1:

Thanks for a healthy exchange - I've enjoyed it and probably will continue to do so.:agree1:Me too. I want to mention that as auditors we have been brainwashed trained to audit for conformance. The underlying idea was: if the system conforms to ISO 9001, it will perform adequately. However, tremendous amount of anecdotal evidence show that many conforming systems do not perform adequately. Because of that, some are attempting to change the way third party assessments are conducted. While conformance is important, performance is much more.
Auditing for performance is not easy. The status quo is too strong against it. The paradigms are too ingrained. The whole system is built around conformance. I have a feeling that if we were to poll the Cove membership if they wanted their external auditors to perform assessments on conformance vs. performance, conformance would win 3 to 1. But that is OK. A large chunk of ASQC members were against dropping the C.

And PS. In this discussion, I was focusing strictly on maintenance manuals, not documents of external origin, in general.

You guys enjoy your weekend.:bigwave:

And, of course we have to write up nonconformities. We are debating what constitutes a valid nonconformitiy.

If there is an NC, it has to be written. Where we disagree is what constitutes an NC in the first place. Some judgement is necessary, sometimes.


Unfortunately, you are right. Unfortunately we do not have a long list of conditions that dictate a NC. Unfortunately the decision is left up to a myriad of auditors - each with a different view on what must be and what cannot be. Hopefully, eventually, views and opinions can come together and we, as a group, can at least agree on the fundamentals of "is it or isn't it."

What's missing is the idea of a third-party audit being a sort of collaboration with the auditee, rather than a police action. In the present instance, the OP has made what he feels to be a rational decision regarding control of external documents, and the auditor has formed a different opinion. What's needed is for the two parties to sit down and consider what's best for the system, putting egos aside as much as possible. No matter how well the standards are written, there are still going to be subjective decisions, or "judgement calls" as they say in baseball. My own opinion is that there should be a special category of nonconformance, perhaps called "nonconforming but not systemic." There's no value added by writing up outliers, but there is good reason to call attention to them.

What's missing is the idea of a third-party audit being a sort of collaboration with the auditee, rather than a police action. In the present instance, the OP has made what he feels to be a rational decision regarding control of external documents, and the auditor has formed a different opinion. What's needed is for the two parties to sit down and consider what's best for the system, putting egos aside as much as possible. No matter how well the standards are written, there are still going to be subjective decisions, or "judgement calls" as they say in baseball. My own opinion is that there should be a special category of nonconformance, perhaps called "nonconforming but not systemic." There's no value added by writing up outliers, but there is good reason to call attention to them.


Excellent discussion. That category used to be somewhat addressed by "Opportunity for Improvement" but the AB's are really crunching down on using that in a practical way. Clear NC's have to be written of course, but outliers could be handled that way.

If the standard is unclear on something, the auditor should not take it upon himself to add "normative" text to it.

I can see why AB's have clamped down on the use of 'observations', in place of non-conformities. In many cases, the auditor was simply lazy and just reported the symptom, not taking time to investigate further.

There is a mechanism to report an 'outlier' - the summary report from the audit. It's good 'CYA' for the auditor and it's there for the client to note, ignore or action, as they see fit.

Of course, although I'm not trying to hi-jack the thread, the idea of making a non-conformity of external documentation controls seems a bit lame, since the company either had one, when they got registered or they didn't. If there's a couple of documents not in the system, if the system exists, then that's hardly a non-conformity. It should have been pointed out to the client, when found, recorded in the summary and they should be given the opportunity to address it.

I can see why AB's have clamped down on the use of 'observations', in place of non-conformities. In many cases, the auditor was simply lazy and just reported the symptom, not taking time to investigate further.

There is a mechanism to report an 'outlier' - the summary report from the audit. It's good 'CYA' for the auditor and it's there for the client to note, ignore or action, as they see fit.

Of course, although I'm not trying to hi-jack the thread, the idea of making a non-conformity of external documentation controls seems a bit lame, since the company either had one, when they got registered or they didn't. If there's a couple of documents not in the system, if the system exists, then that's hardly a non-conformity. It should have been pointed out to the client, when found, recorded in the summary and they should be given the opportunity to address it.

Andy, your answers are not quite what I said.

If it is a nonconformity it has to been written as such. And, we have discussed the external docs topic enough. If there are docs which must be controlled, then certainly they must be. I have written that NC many times.

However, Jim's point, that there are occasional grey issues which don't clearly make an NC because the standard is not clear. They can't be written as an NC, unless there is clear evidence the situation is not effective. There are grey areas. Usually, we don't wrute those. But, it is risky to list things in an audit report like that. Some witness auditor will take it as his duty to determine whether it should have been an NC and issue findings. It is risky for 3rd party auditors to do that.

I either write an NC, or a clear-cut OFI, or the rest is verbal and left to the client to address. Not my preferred way to do it, but apparently what the AB's want.

I understand Helmut. My comments were based on my experience as a third party auditor and related to the procedures the CB had for dealing with 'observations' - they tried not to present them on forms which 'looked like' an NC, but were a 'heads up' that there may be something brewing, as it were........

I took a look at the OP and it seems a stretch to be listing OE manuals etc as required documents of external origin and then making that kind of thing a non-conformity. My belief is that an auditor could investigate the situation to determine if there has been an issue which leads to downtime, extended periods of equipment non-availability as a result of not having such documents. Without that evidence of ineffectiveness (or similar) then it's thin ice we're treading on.

In some of the examples given in this thread, I believe Sidney is totally correct in his assertion that people would end up controlling yellow pages etc. You don't have to have the OE workshop manual to perform maintenance on your car, especially if you already are qualified to work on automobiles, for example.

It certainly is a difficult call for an external auditor to determine the effect of not having a system to identify and control such external documents, given the time constraints of their type of audit. IMHO, I wouldn't have spent much time on it at all, since a document control issue such as this isn't going to be on management's radar screen (even if we can all agree it's necessary) as something affecting business performance, customers' satisfaction. There are bigger fish to fry, in most cases.

I took a look at the OP and it seems a stretch to be listing OE manuals etc as required documents of external origin and then making that kind of thing a non-conformity. My belief is that an auditor could investigate the situation to determine if there has been an issue which leads to downtime, extended periods of equipment non-availability as a result of not having such documents. Without that evidence of ineffectiveness (or similar) then it's thin ice we're treading on.

I think that we need to consider how documents are used. If there is a library of maintenance manuals and no one ever looks at them, but maintenance is being conscientiously performed, then there's no issue. On the other hand, if as I said earlier, there is a requirement to use the manufacturer's maintenance instructions, and the manuals are referred to for that purpose, then it's a different story. Somehow the authority of the maintenance manuals has to be made unambiguously normative.

The suggestion that auditors look for evidence that contradicts an auditee's contentions is a good one, I think. I've always thought that when an auditee contends that everything is in control, and provides evidence to support the contention, that the burden of proof to the contrary is on the auditor.

A point of clarification regarding an earlier statement I made which might have been misunderstood: there are times when a clear nonconformance exists (i.e., there is some condition which is unambiguously not in accordance with the standard), but there is no evidence that the NC is systemic. In such cases, I was suggesting a different category of finding, one related to, but different from, an NC requiring corrective action. There is nothing to be gained by requiring corrective action for an outlier, but in the current paradigm auditors are required to document such instances and require CA. If unsure, auditors should always err on the side of caution, imo, but there are cases where auditors will find issues that really don't require formal CA.

What's missing is the idea of a third-party audit being a sort of collaboration with the auditee, rather than a police action. Jim, some CB's promote a "partnership approach" with their clients, where both organizations understand that the system has to work for the certified company, while providing assurance to the registrant's customers about the system's ability in delivering customer satisfaction.

A conflict exists as the primary users of an organization ISO 9001 certificate are, as mentioned above, not the organization itself, but their customers. Nevertheless, it is up to the organization to select their own CB. Many times, the criteria for CB selection is very dysfunctional. Many people deliberately avoid selecting a CB that will make them "work for the cert". The "path of least resistance" is attractive to many.

I wish I had found this thread sooner. I've been having some thoughts about control of external documents myself.

It seems the original question had to do with the need to list, or otherwise control, equipment manuals.

Let's just stipulate, for a moment, that equipment manuals can be critically important. I know some may not think so, but bear with me. Let's also admit that they can go missing or be damaged.

Will a list of manuals prevent their loss? No. Will a documented control procedure prevent loss? No. A documented procedure may help, if it contains the right words and if manual users are trained on the procedure and if they take it to heart.

That seems like a lot of ifs to me. Wouldn't you be better off spending your time motivating people to care for the manuals properly?

I guess my point is that you do not have an infinite amount of time. Why spend it futzing around with control procedures that don't amount to a bucket of spit? (Okay, I got carried away. They DO amount to a bucket of spit. Joke, joke.)

It's the people that will take care of the manuals, and that's where you need to be working.

Cliff Kachinske