Document Control Defined? Determining what documents must be controlled

[HillaryLynn]

We are currently putting together a team to "DEFINE" what criteria to use to determine what documents should be controlled and what doesn't need to be controlled. So if it meets this....controlled, if it doesn't meet this...doesn't need to be controlled. My personal opinion is that if an organization has a process that is critical to the end result customer (building something, contracts etc) it should be documented. Thoughts?

 

[Jim Wynne]

Re: Document Control Defined?

We are currently putting together a team to "DEFINE" what criteria to use to determine what documents should be controlled and what doesn't need to be controlled. So if it meets this....controlled, if it doesn't meet this...doesn't need to be controlled. My personal opinion is that if an organization has a process that is critical to the end result customer (building something, contracts etc) it should be documented. Thoughts?

Just because something is documented doesn't necessarily mean that the document should or must be controlled.

What you have to consider is the risk of not controlling a given document, thus the benefits of control are revealed. Some questions to consider:

• Who can change the document?
• How is the document to be approved?
• What might happen if someone uses a superseded version?
• Can everyone who might need the document access it when it's needed?

There are other considerations, but you get the idea. Try to figure out what the liabilities might be when a document isn't controlled.

 

[Geoff Withnell]

Re: Document Control Defined?

Just because something is documented doesn't necessarily mean that the document should or must be controlled.

What you have to consider is the risk of not controlling a given document, thus the benefits of control are revealed. Some questions to consider:

• Who can change the document?
• How is the document to be approved?
• What might happen if someone uses a superseded version?
• Can everyone who might need the document access it when it's needed?

There are other considerations, but you get the idea. Try to figure out what the liabilities might be when a document isn't controlled.

Wow, Jim and I agree! A document should be controlled if it is important that those who need the information in the document can access it and that they have the correct information. if it isn't important, the question then becomes "Why do we have this document?" But that is another story.

Geoff Withnell

 

[qusys]

We are currently putting together a team to "DEFINE" what criteria to use to determine what documents should be controlled and what doesn't need to be controlled. So if it meets this....controlled, if it doesn't meet this...doesn't need to be controlled. My personal opinion is that if an organization has a process that is critical to the end result customer (building something, contracts etc) it should be documented. Thoughts?

Agree with the other expert Covers.
ANother suggestion for criteria is to have a clear understanding of what documents really impacts your QMS and the other management systems ( environment, safety, security and so on).
Some example could be operative procedures, quality plans, maintenance plans, customer requirements documentation, PPAP, FMEA, control plan overall all that you assess that can have impact on your operativity.
This is up to the organization and you can state this in your document control procedure

 

[Hodgy Hotsauce]

Hillary,

No mention is made of the specific industry to which the question applies. I must approach the question as one coming from the aerospace industry. The minimum requirements for document control will be defined by first the contracts that have been drawn up by the manufacturer and customers and the applicable ISO, MIL, ANSI, FDA, etc. standards. For any company to become a valued supplier there must be full-up traceability to the processes and materials employed and the revision level of those processes and materials. When setting up document control one must think like an auditor or ISO assessor. Document control at all levels is imperative. This includes material specs, process procedures, design, personnel training, sub-tier supplier documentation, facility/equipment modifications (i.e.; everything that goes into producing the product or providing the services requested).

 

[Wes Bucey]

Hillary,

No mention is made of the specific industry to which the question applies. I must approach the question as one coming from the aerospace industry. The minimum requirements for document control will be defined by first the contracts that have been drawn up by the manufacturer and customers and the applicable ISO, MIL, ANSI, FDA, etc. standards. For any company to become a valued supplier there must be full-up traceability to the processes and materials employed and the revision level of those processes and materials. When setting up document control one must think like an auditor or ISO assessor. Document control at all levels is imperative. This includes material specs, process procedures, design, personnel training, sub-tier supplier documentation, facility/equipment modifications (i.e.; everything that goes into producing the product or providing the services requested).

All true, but these things you mention are just subsets of the basic elements of control Jim W has laid out. Too many folks, it seems to me, are getting all involved in mission creep when it comes to document "control" and are trying to instill security factors to EVERY document in a system. Those unnecessary security factors escalate the cost of document management with no added value to the organization. Clearly, "some" organizations may require high security for "some" documents, but most of us will never have dealings with an organization where EVERY document needs high security, so it makes sense that a control process should probably include a way to identify and segregate documents which DO need high security and thus keep document management costs down. Geoff alludes to "appropriateness" of controls when he writes

if it isn't important, the question then becomes "Why do we have this document?" But that is another story.

I dealt in aerospace with sensitive documents, but the nature of our operation was such that we did not need locks on the filing cabinets which held those documents because no unauthorized persons had access to a file cabinet. Traceability is critical, but traceability is just a matter of acquiring and managing the records which provide that traceability. The point being no aerospace manufacturer would even buy, let alone use, even a simple fastener unless it had traceability documents.




Evidence of "training" is not as important as evidence of "competence." I'm sure many folks have come across workers who had been through "training," but were still incompetent at the task to which they were assigned.

 

[kgott]

A good rule of thumb is "documents which are subject to revision are controlled documents."

 

[Wes Bucey]

A good rule of thumb is "documents which are subject to revision are controlled documents."

Records need to be controlled to protect against accidental or purposeful deletion or alteration. Records are not subject to "revision" (i.e. the "history" cannot be altered, but it can be updated [like a production log] to reflect new data.)

 

[kgott]

Thats right Wes, I forgot to mention that there is a wider context of the meaning of the word controlled, good point.

 

[Jim Wynne]

A good rule of thumb is "documents which are subject to revision are controlled documents."

In addition to Wes's point regarding records, there can be forms that are not controlled but still might get changed from time to time. The rule should be "Documents that need to be controlled must be controlled" with need determined by the requirements of the standard(s) and rational judgment.