AS9100B - 4.3 Configuration Management - What do I do?

[Cari Spears]

Split from ISO 10007 - Configuration Management Requirements by request.

We manufacture products in accordance with someone else's configuration management plan - we're not design responsible. So I think our procedures need to address cmp's as they pertain to us - like change control/contract review and document control, etc. In the same manner that we control and use technical orders and repair manuals given to us by some of our customers (customer specific requirements).

I'm also not sure about configuration audits - who does them? The design responsible function who created the CMP? Or is it our final product inspection? 10007 says "A CA may be required for the formal acceptance of a configuration item."

Well, I'm glad I did a search. I forgot I posted this last year - I almost started a new thread asking exactly the same thing. Anyway - Here's what I think:

ISO10007 gives guidelines to ensure that a complex product continues to function when components are changed individually. Since we are not a design responsible organization, our procedures will address configuration management only as pertains to us - such as change control and document control.

But the standard specifically requires:
AS9100 - 4.3 Configuration Management: The organizatioin shall establish, document and maintain a configuration management process appropriate to the product.

What do I do? Can I just put a couple of sentences in our policy manual that direct the reader to the various procedures that address configuration management stuff?

Or - because of the requirement to clearly show the relationship between our documented procedures and requirements in the standard, I've added a column to my list of Level II procedures where I've x-referenced the AS elements - I've already got 4.3 noted next to our procedures for Advanced Product Quality Planning, Contract Review, Control of Engineering Drawings, Control of Customer Specific Requirements and Preservation of Product. Think I could just leave it like that?

I do not want to write a procedure specifically for Configuration Management - it's not really its own process here. It's a part of many processes.

 

[waterdog]

Cari,
Hi, I am a bit of a rookie in the AS9100 world, but I can tell you what our registrar auditor told me. He said that if you don't design, don't bother to read ISO10007 as it will just confuse you. In our case we added a couple of sentences to our manual referencing Inspection Records, Document Control, etc and this was satisfactory. It sounds like you are on the right track. Hope this helps!

 

[Raptorwild]

But the standard specifically requires:
AS9100 - 4.3 Configuration Management: The organizatioin shall establish, document and maintain a configuration management process appropriate to the product.

What do I do? Can I just put a couple of sentences in our policy manual that direct the reader to the various procedures that address configuration management stuff?

Cari,
I know you are a busy woman and I would hate to see you create more work for yourself. IMO your first instinct is the best...let the Auditor do the work. If you state in your policy manual that various procedures address configuration management throughout your company, then that is good enough. The Auditor will be able to trace that statement to plenty of objective evidence to prove you have established, documented and maintain a configuration management system appropriate to your products!
You do it anyway, don't make it harder than you have to. I have had a similar statement in our Quality System Manual since the begining of our ISO/AS relationship and have had 3 different Auditors, and not one has had a problem with it.
Good Luck!
Paula

 

[lrsiyer]

Cari,

I think if you are not responsible for design forget about ISO 10007 and 4.3. Just address in your manual about the way the design changes are being handled in your company. that is it!!!!!!!!!!!

Shankar

 

[Cari Spears]

Thanks, lrsiyer. That is what we did and all is well.

Welcome to the cove!!

 

[AS_QualityEngineer]

Cari,

I think if you are not responsible for design forget about ISO 10007 and 4.3. Just address in your manual about the way the design changes are being handled in your company. that is it!!!!!!!!!!!

Shankar

Hello Mr.Shankar ,

I have one question.

We are an aerospace engineering services company and we do design activities based on customer requirements and specifications using software’s like CATIA, Nastran etc. But We do not hold any pattern rights for the design.So we exclude clause 7.3 and also we are not manufacture any parts or components.

so company like us using COTS for development work, should develop configuration management process or we should get it from our customer ?

Thanks in advance.

 

[kiwisfly]

Hi All
Just a quick note from an auditor. 4.3 is an additional clause from ISO 9001 for a very good reason so I wouldn't be so quick to exclude your way out of it or minimise it in any way. The clause specifically states "the organizatioin shall establish, document and maintain a configuration management process appropriate to the product." In the aerospace industry, configuration management is an essential part of being in the sector and it's importance is recognised by its inclusion in the standard. Note, that it is not in Section 7 so it can not be excluded.

I encourage the companies I audit to demonstrate their understanding of Configuration Management and how it applies to them through the documentation of their policies and procedures to meet the requirement of 4.3. If the company can not tell me what the configuration items are they have some control over and how the controls are applied then I am unlikely to be convinced they actually know what configuration management means.

Far too many aircraft accidents have been caused by organisations not maintaining the correct configuration of products they design, make, repair or sell. I believe the writers of the AS 9100 family of standards recognise this as well and have included this specific requirement to ensure that all companies achieving AS 9100 / AS9110 / AS9120 certification/registration understand their responsibilities with respect to configuration management and have the necessary controls in place.

Evidence from this thread suggests that this might not be the case, and even worse from some approved AS9100 auditors! I encourage you to impress your auditors with your implicit understanding of configuration management, what the configuration items are you deal with, examples of configuration documentation you control and what happens when you find configuration problems and how they're dealt with. I believe this is the intent of the clause.

Just my 2 cents worth. I'll get off my high horse now!!

 

[lrsiyer]

Dear AS Quality Engineer,

One side you are telling you are in to design activities. Other side you are telling your activities are as per customer specifications and you are excluding 7.3 also. Not very clear about the processes of your organisation. I may need some more information.

Any how, since the organisation is into desging of product,4.3 the configuration management and 7.3 design and development is applicable.

 

[AS_QualityEngineer]

Dear AS Quality Engineer,

One side you are telling you are in to design activities. Other side you are telling your activities are as per customer specifications and you are excluding 7.3 also. Not very clear about the processes of your organisation. I may need some more information.

Any how, since the organisation is into desging of product,4.3 the configuration management and 7.3 design and development is applicable.

Thanks Mr.Shankar,

We are the company offering engineering services to Tier 2 suppliers. So are not having any rights to hold the pattern rights for the design. That’s the reason we excluded 7.3 and we should address 7.5 (Service provision).

Our nature of business is getting the work package from our customers (Time and Material based Programs).Doing the design work based on their specification and requirements and sent it back to the customers.

so company like us using COTS for development work( ie Services to our customer), should develop configuration management process or customer will advice about CMP?

 

[lrsiyer]

Hi Kiwisfly,

1oo% agreed. dilution and dilution led us to think like this. design applicable or not actually we need to think about CM. we should have CA also.
thanks.
Iyer