AS9120 7.5.3.2 Control of Documented Information - Audit Nonconformance

QualityStandardsGirl

Starting to get Involved
#1
Got a non conformance for 7.5.3.2 Control of Documented information for The organization has not fully defined the protection processes (e.g., protection from loss, unauthorized changes, unintended alteration, corruption, physical damage). is managed electronically, when documented information is managed electronically. With the objective evidence as The document control procedure does not define the process for managing electronic document protection.

In our Quality Manual it states - All documents are posted electronically; a master list is not required. The electronic control is sufficient to preclude use of invalid or obsolete documents and to protect documentation from loss, unauthorized changes, unintended alteration or physical damage. Documented information necessary for (company) OMS system and applicable standards are readily available and suitable for use when and where needed; this will be through the use of electronic media.
Changes to documents will be subject to the same review and approval process as was performed for their original release unless specifically designated otherwise. These changes when directly affecting our customer’s contracts and/or regulatory authorities will be properly coordinated with them. Authorized individuals will be supplied adequate information to base their review and approval upon.

Is this not sufficient to fulfill this requirement of the standard or do we have to specifically spell out what procedures IT has in place to manage the protection of these documents???
 
Elsmar Forum Sponsor

Al Rosen

Holed-up in a Hotel in South Florida
Staff member
Super Moderator
#2
Got a non conformance for 7.5.3.2 Control of Documented information for The organization has not fully defined the protection processes (e.g., protection from loss, unauthorized changes, unintended alteration, corruption, physical damage). is managed electronically, when documented information is managed electronically. With the objective evidence as The document control procedure does not define the process for managing electronic document protection.

In our Quality Manual it states - All documents are posted electronically; a master list is not required. The electronic control is sufficient to preclude use of invalid or obsolete documents and to protect documentation from loss, unauthorized changes, unintended alteration or physical damage. Documented information necessary for (company) OMS system and applicable standards are readily available and suitable for use when and where needed; this will be through the use of electronic media.
Changes to documents will be subject to the same review and approval process as was performed for their original release unless specifically designated otherwise. These changes when directly affecting our customer’s contracts and/or regulatory authorities will be properly coordinated with them. Authorized individuals will be supplied adequate information to base their review and approval upon.

Is this not sufficient to fulfill this requirement of the standard or do we have to specifically spell out what procedures IT has in place to manage the protection of these documents???
Yes, you need to describe it.
AS9100D said:
When documented information is managed electronically, data protection processes shall be defined (e.g., protection from loss, unauthorized changes, unintended alteration, corruption, physical damage).
 

Kronos147

Trusted Information Resource
#4
Is it possible to put both the statement of non-conformance and the objective evidence for more effective feedback?
 

QualityStandardsGirl

Starting to get Involved
#5
Statement of Nonconformity
  • The organization has not fully defined the protection processes (e.g., protection from loss, unauthorized changes, unintended alteration, corruption, physical damage). is managed electronically, when documented information is managed electronically.

Objective Evidence
  • The document control procedure does not define the process for managing electronic document protection
 

Big Jim

Trusted Information Resource
#6
Yes, you need to describe it.
Interesting.

Written procedures are not required anymore. Procedures aren't even mentioned in the standard, not even where the AS enhancements require written procedures for control of nonconforming product and corrective actions use different terminology. "The organizations nonconformity control process shall be maintained as documented information . . . " "The organization shall maintain documented information that defines the nonconformity and corrective action management process."

Do you find similar wording about document control? I don't. Does "define" mean document if the requirement to document isn't included with the shall? I don't think so.

It does mean that you need to explain yourself, but it doesn't mean document.

I suspect the auditor doesn't understand this either.
 

QualityStandardsGirl

Starting to get Involved
#7
Interesting.

Written procedures are not required anymore. Procedures aren't even mentioned in the standard, not even where the AS enhancements require written procedures for control of nonconforming product and corrective actions use different terminology. "The organizations nonconformity control process shall be maintained as documented information . . . " "The organization shall maintain documented information that defines the nonconformity and corrective action management process."

Do you find similar wording about document control? I don't. Does "define" mean document if the requirement to document isn't included with the shall? I don't think so.

It does mean that you need to explain yourself, but it doesn't mean document.

I suspect the auditor doesn't understand this either.
But then I will ask the question how do you define it? Is it just verbally known? To me I would think documented information means that it has to be documented somewhere which would mean document would it not?
 

Al Rosen

Holed-up in a Hotel in South Florida
Staff member
Super Moderator
#8
Interesting.

Written procedures are not required anymore. Procedures aren't even mentioned in the standard, not even where the AS enhancements require written procedures for control of nonconforming product and corrective actions use different terminology. "The organizations nonconformity control process shall be maintained as documented information . . . " "The organization shall maintain documented information that defines the nonconformity and corrective action management process."

Do you find similar wording about document control? I don't. Does "define" mean document if the requirement to document isn't included with the shall? I don't think so.

It does mean that you need to explain yourself, but it doesn't mean document.

I suspect the auditor doesn't understand this either.
I believe if you have a documented procedure the control of electronic data needs to be defined in the procedure. If there is no documented procedure, you must be prepared to describe the controls.
 

Big Jim

Trusted Information Resource
#9
But then I will ask the question how do you define it? Is it just verbally known? To me I would think documented information means that it has to be documented somewhere which would mean document would it not?
Document control does not require a written procedure (does not require that you maintain documented information that describes how you do it). The only two topics that require written procedures are control of nonconforming outputs and preventive actions.

I might question if what you have in you manual is a written procedure or if it is just an explanation.

To satisfy the auditor I would suggest that you revise your manual so that you show what you are doing addresses all of the shalls for document control line by line. State the requirement and show how your method addresses it.

I suggest doing this reluctantly, as I believe what you have is probably adequate and you are only doing it to satisfy the auditor, not to satisfy the requirements of the standard.
 

Big Jim

Trusted Information Resource
#10
I believe if you have a documented procedure the control of electronic data needs to be defined in the procedure. If there is no documented procedure, you must be prepared to describe the controls.
I'm not sure that what is in the manual is a procedure. Are you? Either way it would be very beneficial to be ready to explain in greater detail how each document control requirement is being met.
 
Thread starter Similar threads Forum Replies Date
N From 0 to AS9120 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 0
T Was Just told we could ONLY buy material for AS9100 customers if the DISTRIBUTION house is AS9100 / AS9120 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 2
Q AS9120 Vendor of ESD Monitoring Equipment needs to be in the Approved Supplier List? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 8
A AS9120 External Provider Registry Scope of Approvals AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 0
howste AS9120 Rev B has been released and is available for purchase - November 2016 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 0
B AS9120 Internal Audit Scheduling & Planning AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 6
M Does AS9120 (aerospace first article inspection) apply to all customers AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 2
H AS9120 stockist now able to work with Airbus sub contractors? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 2
G AS9120 Purchase Department Performance Requirements AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3
G AS9120 - What should we be expecting once we set forth into becoming certified? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 11
TrivialSublime TUV Rheinland voluntarily suspending their ANAB accreditation to AS9100/AS9120. Registrars and Notified Bodies 19
N Do I need to certify to AS9100 or AS9120? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 6
J Verification of AC0056A requirement during AS9120 audit AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
P Parts Salvage, Overhaul and Resale - AS9120 Registration question AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 10
L Registration to AS9120 Rev. A timeline AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
C As9120 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
M Purchasing Process - AS9120 Clause 7.4.1 - What do they want?! AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 8
Sidney Vianna AS9120 Revision A has been released AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 14
M AS9120 Requirements for for Freight Forwarders (eg no batch splitting) AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
M AS9120 Certification Process AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 14
A New AS9120 Questions - Distributor - Is 7.5.1 applicable? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 14
F Should I remove references to AS9120 / ISO 9001 from my Quality Manual and QMS? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 7
S AS9120 Request AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 2
V Interesting quiz, case studies or exercises for AS9120 needed AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
V Has AS9120:2002 been replaced by AS9120:2005? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 10
V What Training is Required to be a Qualified AS9120 Internal Auditor AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 14
Sidney Vianna AS9120 - Should planning of product realization be excluded? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
A Upgrading from ISO9001:2000 to AS9120 - Difficulties? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 17
V Can anyone explain the extra requirements of AS9120 vs. AS9100? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 10
Marc AS9120 - Designed for aerospace suppliers known as "stockist distributors" Design and Development of Products and Processes 3
P EN/AS9100 vs. EN/AS9120 - Can we be both? EN/AS9100 Requirements Exceed EN/AS9120? AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
Sidney Vianna AS9003 and AS9120 - First Accredited Registrars for AS9003 and AS9120. Various Other Specifications, Standards, and related Requirements 5
Sidney Vianna AS/EN/SJAC AS9120 - Aerospace Requirements for Stockist Distributors - Now available AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 1
A What is the difference between Design Process, Process Design and Design Control? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
A Beginners help with ISO3951-2 Combined control s-method n>5 what is Phi ?? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
C Corrective action for failure in documents control ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
B Control chart and sample time Statistical Analysis Tools, Techniques and SPC 1
DuncanGibbons Manufacturing Plan vs Material Specification vs Control Plan Manufacturing and Related Processes 4
J Control chart for huge sample size Statistical Analysis Tools, Techniques and SPC 9
K Contamination Control - Class Is medical devices (Clause 6.4.2 ISO 13485:2016 (E)) ISO 13485:2016 - Medical Device Quality Management Systems 11
J 510(k) for a control kit for an external IVD test kit 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
T Assessing Hazard-Related Use Scenarios where control measures exist through standards IEC 62366 - Medical Device Usability Engineering 14
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 4
T Design Control Procedures later in the Development Process ISO 13485:2016 - Medical Device Quality Management Systems 6
L AS5553 Clause 3.1.7 e "Control packaging material ..................reused" AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 0
T Attributes SPC study - Attributive control (Go gage) Statistical Analysis Tools, Techniques and SPC 5
K Process Mapping - Inputs/Outputs/Detail Activities/Control points/Measurement? Process Maps, Process Mapping and Turtle Diagrams 4
S Should safety checks be included in the Control Plan? IATF 16949 - Automotive Quality Systems Standard 5
D Infrastructure: Equipment, Work Environment and Contamination Control ISO 13485:2016 - Medical Device Quality Management Systems 4
Q Relabeler for patent expired product - design control responsibilities? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
Similar threads


















































Top Bottom