AS9100 7.5.3 - Manual Document Control

[dpenbert]

I have a scenario below that I would like to seek advice in order to check compliance to AS9100 7.5.3 for process document control.

1. A secure windows network folder location houses the latest approved work instruction documents and only approved personnel are allowed edit access to these documents.
2. The document update process is manual and requires a review and approval process before making any document changes.
3. Since the document update process is manual, one of the approved personnel could go into a folder, open a document, make changes to a document and save it without any approval. Not saying they would but they could.

AS9100 7.5.3.2 lists "When documented information is managed electronically, data protection processes shall be defined (e.g., protection from loss, unauthorized changes, unintended alteration, corruption, physical damage).

The documents are managed electronically in network folders, however, multiple personnel could change and save the documents (these personnel are trained and granted access by the document control coordinator). This process depends on multiple personnel not making unauthorized changes. Though with any manual process, there is a documented process to follow and we trust our trained/approved personnel to follow.

Perhaps the best practice would be to create an electronic document control with a system that controls who can make changes, who approves and documents and secures all files. However, when only using network folders, manual change management can we still meet AS9100 requirements?

Thank you for your input, David

 

[Randall Beck]

I have some of the same issues and I certainly believe it is possible to meet the requirements of AS9100 procedurally as long as they are followed by everyone. Some employees do feel the need change documents quickly either accidentally or because they are in a rush and don't want to take the time to do so properly.

In my shared folders that all employees can access I convert all Excel and Word files, Work instructions, Procedures and other documents to PDF form so they cannot be changed. Only the document owners have control and access to the editable Microsoft files. This has worked for me in the past.

Depending on your IT or Server configuration permissions can be granted or denied based on login user names as well.

Someday I hope we will be able to integrate into some type of ERP system to consolidate all the spreadsheets, PO's, documents, quotes, training and logs. I know there are many out there but the good ones are pricey.

 

[Kronos147]

Consider that if the organization has an IT department or similar that backs up to a physical media, and keeps a catalog of past backups, there are prior revisions backed up if a change were discovered or made in error.

You may also consider keeping the documents to edit in another folder, and having a controlled process to migrate approved, and remove obsolete documented.

 

[Tagin]

Make a simple table - requirements on left, how you address them on right. E.g.:

• protection from loss - RAID array, daily backups, offsite backups
• unauthorized changes - restricted access by username/pwd to authorized personnel only
• unintended alteration (this refers to alteration of retained records) - final documents are moved to a read-only folder for record retention.
• corruption - Hard drive RAID array uses error-correcting RAID6 design
• physical damage - server is in locked room with key access restricted to authorized IT personnel

 

[FRA 2 FDA]

You may also consider keeping the documents to edit in another folder, and having a controlled process to migrate approved, and remove obsolete documented.[/QUOTE]

This is how I maintain control of our documents (we are not AS9100 but I think this is still useful). I as the document controller have all of our QMS docs and work instructions locked as read-only for everyone. When someone initiates the document change process, I place unlocked copies for editing in separate folders designated for this purpose. Once changes are approved, part of my procedure for closing the change process is to replace the obsloeted revisions with the newly approved revisions in the folders for current approved documents and lock them again. This way, as long as I am following our document change procedure, our documents are controlled and I am trained to do so and very familiar with the process and there are minimal fingers in the pot and therefore minimal opportunities for error.

 

[Mike S.]

I require an email or digital signature showing approval by the cognizant document owner. I sign digitally (in Acrobat). This prevents someone from accidentally saving a revised version and will prevent most mischief.

 

[Prashant G]

Hi All,

I do have same practice in our organization, what I have done is, all editable formats like (Excel/Word) are kept in a separate folder which is having a lock key on the server and that can only be accessed by me being MR for an organiation.
With that, I can prevent unauthorized changes in documents. I think you can do the same with help of your IT person.
I hope this will hep you.