Control of Duplicate Documents - Limited Scope (long)

[BlackHeart]

Hello, Covers! Long time listener, first time caller.

First of all, many thanks for the help you guys have (unknowingly) given me over the years. You have been a light in the darkness. I was thrown unprepared into the ISO realm, and I leaned on this forum frequently to survive.

My situation: I am helping my old company transition to the 9001: 2015 version. They do light assembly, kitting, rework, etc., nothing too technical. They have over 100 customers and only 2 of them mandate an ISO certification. Management has decided they want to limit the scope of the QMS to just the areas that involve those 2 customers, and call the rest of the operation “ISO Compliant”. I have found a registrar who will do this.

I don’t want to start a discussion as to the validity of this approach. FWIW, I see this as a bastardization of the ISO intentions, and, in a way, this is “cheating”. I imagine most of you do too. However, this company has no chance of passing an audit of the entire operation, and limiting the scope is their only hope. I’m just trying to do the job they are paying me to do.

I now have 2 sets of documents: one is the exiting set, that will be kept for the “Compliant” areas, and one for the 2 auditable areas. Some documents will be exactly the same for both areas, while some will have slight tweaks, and some are completely new.

I have gotten myself confused on documentation.

1. I am thinking of renaming the auditable set of docs, with the prefix LS (Limited Scope), to set them apart. They would each have their own table of contents on the company intranet. Should I rename the docs that are the same in both systems?

2. Revison history. For instance, the Quality Manual has a revison level of M. If I rename it LS – Quality Manual, and call it an Original Issue, should I wipe out the revison history, even though that doc has been changed several times over the years? How would I handle new revisons if I keep the same history for both?

3. Are there other issues am I not seeing? Am I overthinking the whole thing?

Thanks in advance, and sorry for the length of this post. As I said, I have been left alone in this task, and sometimes my logic gets circular with no one to bounce things off of.

 

[howste]

That sounds pretty complicated. It seems like if you do that you'll be doing extra work instead of doing less work.

A simpler way may be to make addendums to the existing procedures that only apply to the "certifiable" processes. For example you could have a quality manual (QM) that you use for all processes, and then an addendum to it (QMA) that adds additional or changed requirements for the areas within the ISO 9001 scope. You could have a control of nonconforming material procedure (procedure XXXX) and an addendum (procedure XXXA) that adds or changes requirements. Each document could then be controlled separately with its own revision number and history.

I don’t want to start a discussion as to the validity of this approach. FWIW, I see this as a bastardization of the ISO intentions, and, in a way, this is “cheating”. I imagine most of you do too. However, this company has no chance of passing an audit of the entire operation, and limiting the scope is their only hope. I’m just trying to do the job they are paying me to do.

IMO calling the other processes "ISO compliant" would be a blatant lie. And since, to me, the basic requirements of the standard are meant to help the company and for the most part just make business sense, the company may be shooting itself in the foot. It's possible that after the limited areas achieve certification they may start to outperform the other areas (if the implementation is done well). If so, then leadership may decide to go all in for the other areas as well.

 

[Golfman25]

I'll agree with Howtse. Seems like you're creating more work. Two sets of documents will lead to problems. It's not like ISO is all that hard to comply with. Have done a gap analysis and verified that your non-compliant areas are actually non-compliant? Could you tweak what you do where necessary?

 

[BlackHeart]

Thanks, howste. Addendums are interesting, but I'm still creating extra work for myself, just by having 2 systems, am I not? I can't see a way around it.

More background (at the risk of thread creep): this company has been certified for 11 years, for all processes. But, because they had the same shoddy external auditor for 10 years -a guy who came in, chatted about the weather, and then signed off on the certification - they have gotten lazy and now don't have the stomach to do the QMS the right way. Thus the decision to back it down to the 2 mandated areas. Since I really expect the "compliant" docs to wither and die, without the threat of an audit, I am trying to get the auditable docs to stand on their own.

Sorry for the cynicism. Again, this is my old company - I had reasons for leaving.

 

[howste]

Ouch. I guess you can take their money, but without hope for real change.

Just keep the documents that are already there then. And when the "noncompliant" processes decide to do something different state, state that in the procedure:
"Nonconforming material for customers A and B will be reworked, repaired with customer permission, or segregated/scrapped. Nonconforming material for all other customers will be regraded and sold on eBay to the highest bidder."

 

[RoxaneB]

Call me crazy, but why can't your "ISO compliant" areas also use the documentation for the areas that are within scope of your registration?

It's like the difference between being a certified Internal Auditor versus just an Internal Auditor. Both follow the auditing procedures within the organizaiton, but one has actually gone on a course outside of the organization.

If you think about, being ISO compliant means following the documentation developed as part of your registered QMS, it's just they haven't gone through th full process of becoming registered.