SBS - The best value in QMS software

AS9120 7.5.3.2 Control of Documented Information - Audit Nonconformance

QualityStandardsGirl

Starting to get Involved
#1
Got a non conformance for 7.5.3.2 Control of Documented information for The organization has not fully defined the protection processes (e.g., protection from loss, unauthorized changes, unintended alteration, corruption, physical damage). is managed electronically, when documented information is managed electronically. With the objective evidence as The document control procedure does not define the process for managing electronic document protection.

In our Quality Manual it states - All documents are posted electronically; a master list is not required. The electronic control is sufficient to preclude use of invalid or obsolete documents and to protect documentation from loss, unauthorized changes, unintended alteration or physical damage. Documented information necessary for (company) OMS system and applicable standards are readily available and suitable for use when and where needed; this will be through the use of electronic media.
Changes to documents will be subject to the same review and approval process as was performed for their original release unless specifically designated otherwise. These changes when directly affecting our customer’s contracts and/or regulatory authorities will be properly coordinated with them. Authorized individuals will be supplied adequate information to base their review and approval upon.

Is this not sufficient to fulfill this requirement of the standard or do we have to specifically spell out what procedures IT has in place to manage the protection of these documents???
 
Elsmar Forum Sponsor

Al Rosen

Staff member
Super Moderator
#2
Got a non conformance for 7.5.3.2 Control of Documented information for The organization has not fully defined the protection processes (e.g., protection from loss, unauthorized changes, unintended alteration, corruption, physical damage). is managed electronically, when documented information is managed electronically. With the objective evidence as The document control procedure does not define the process for managing electronic document protection.

In our Quality Manual it states - All documents are posted electronically; a master list is not required. The electronic control is sufficient to preclude use of invalid or obsolete documents and to protect documentation from loss, unauthorized changes, unintended alteration or physical damage. Documented information necessary for (company) OMS system and applicable standards are readily available and suitable for use when and where needed; this will be through the use of electronic media.
Changes to documents will be subject to the same review and approval process as was performed for their original release unless specifically designated otherwise. These changes when directly affecting our customer’s contracts and/or regulatory authorities will be properly coordinated with them. Authorized individuals will be supplied adequate information to base their review and approval upon.

Is this not sufficient to fulfill this requirement of the standard or do we have to specifically spell out what procedures IT has in place to manage the protection of these documents???
Yes, you need to describe it.
AS9100D said:
When documented information is managed electronically, data protection processes shall be defined (e.g., protection from loss, unauthorized changes, unintended alteration, corruption, physical damage).
 

Kronos147

Trusted Information Resource
#4
Is it possible to put both the statement of non-conformance and the objective evidence for more effective feedback?
 

QualityStandardsGirl

Starting to get Involved
#5
Statement of Nonconformity
  • The organization has not fully defined the protection processes (e.g., protection from loss, unauthorized changes, unintended alteration, corruption, physical damage). is managed electronically, when documented information is managed electronically.

Objective Evidence
  • The document control procedure does not define the process for managing electronic document protection
 

Big Jim

Super Moderator
#6
Yes, you need to describe it.
Interesting.

Written procedures are not required anymore. Procedures aren't even mentioned in the standard, not even where the AS enhancements require written procedures for control of nonconforming product and corrective actions use different terminology. "The organizations nonconformity control process shall be maintained as documented information . . . " "The organization shall maintain documented information that defines the nonconformity and corrective action management process."

Do you find similar wording about document control? I don't. Does "define" mean document if the requirement to document isn't included with the shall? I don't think so.

It does mean that you need to explain yourself, but it doesn't mean document.

I suspect the auditor doesn't understand this either.
 

QualityStandardsGirl

Starting to get Involved
#7
Interesting.

Written procedures are not required anymore. Procedures aren't even mentioned in the standard, not even where the AS enhancements require written procedures for control of nonconforming product and corrective actions use different terminology. "The organizations nonconformity control process shall be maintained as documented information . . . " "The organization shall maintain documented information that defines the nonconformity and corrective action management process."

Do you find similar wording about document control? I don't. Does "define" mean document if the requirement to document isn't included with the shall? I don't think so.

It does mean that you need to explain yourself, but it doesn't mean document.

I suspect the auditor doesn't understand this either.
But then I will ask the question how do you define it? Is it just verbally known? To me I would think documented information means that it has to be documented somewhere which would mean document would it not?
 

Al Rosen

Staff member
Super Moderator
#8
Interesting.

Written procedures are not required anymore. Procedures aren't even mentioned in the standard, not even where the AS enhancements require written procedures for control of nonconforming product and corrective actions use different terminology. "The organizations nonconformity control process shall be maintained as documented information . . . " "The organization shall maintain documented information that defines the nonconformity and corrective action management process."

Do you find similar wording about document control? I don't. Does "define" mean document if the requirement to document isn't included with the shall? I don't think so.

It does mean that you need to explain yourself, but it doesn't mean document.

I suspect the auditor doesn't understand this either.
I believe if you have a documented procedure the control of electronic data needs to be defined in the procedure. If there is no documented procedure, you must be prepared to describe the controls.
 

Big Jim

Super Moderator
#9
But then I will ask the question how do you define it? Is it just verbally known? To me I would think documented information means that it has to be documented somewhere which would mean document would it not?
Document control does not require a written procedure (does not require that you maintain documented information that describes how you do it). The only two topics that require written procedures are control of nonconforming outputs and preventive actions.

I might question if what you have in you manual is a written procedure or if it is just an explanation.

To satisfy the auditor I would suggest that you revise your manual so that you show what you are doing addresses all of the shalls for document control line by line. State the requirement and show how your method addresses it.

I suggest doing this reluctantly, as I believe what you have is probably adequate and you are only doing it to satisfy the auditor, not to satisfy the requirements of the standard.
 

Big Jim

Super Moderator
#10
I believe if you have a documented procedure the control of electronic data needs to be defined in the procedure. If there is no documented procedure, you must be prepared to describe the controls.
I'm not sure that what is in the manual is a procedure. Are you? Either way it would be very beneficial to be ready to explain in greater detail how each document control requirement is being met.
 
Thread starter Similar threads Forum Replies Date
S AS9120 Store QMS packages AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
N AS9120 9.2.2 Objectivity? Dispute AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 9
C AS9120 or AS9100 Cert pertaining to inventory? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
N From 0 to AS9120 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
T Was Just told we could ONLY buy material for AS9100 customers if the DISTRIBUTION house is AS9100 / AS9120 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
Q AS9120 Vendor of ESD Monitoring Equipment needs to be in the Approved Supplier List? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
A AS9120 External Provider Registry Scope of Approvals AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
howste AS9120 Rev B has been released and is available for purchase - November 2016 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
B AS9120 Internal Audit Scheduling & Planning AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
M Does AS9120 (aerospace first article inspection) apply to all customers AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
H AS9120 stockist now able to work with Airbus sub contractors? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
G AS9120 Purchase Department Performance Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
G AS9120 - What should we be expecting once we set forth into becoming certified? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
TrivialSublime TUV Rheinland voluntarily suspending their ANAB accreditation to AS9100/AS9120. Registrars and Notified Bodies 19
N Do I need to certify to AS9100 or AS9120? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
J Verification of AC0056A requirement during AS9120 audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
P Parts Salvage, Overhaul and Resale - AS9120 Registration question AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
L Registration to AS9120 Rev. A timeline AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
C As9120 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
M Purchasing Process - AS9120 Clause 7.4.1 - What do they want?! AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
Sidney Vianna AS9120 Revision A has been released AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
M AS9120 Requirements for for Freight Forwarders (eg no batch splitting) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
M AS9120 Certification Process AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
A New AS9120 Questions - Distributor - Is 7.5.1 applicable? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
F Should I remove references to AS9120 / ISO 9001 from my Quality Manual and QMS? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
S AS9120 Request AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
V Interesting quiz, case studies or exercises for AS9120 needed AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
V Has AS9120:2002 been replaced by AS9120:2005? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
V What Training is Required to be a Qualified AS9120 Internal Auditor AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 14
Sidney Vianna AS9120 - Should planning of product realization be excluded? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A Upgrading from ISO9001:2000 to AS9120 - Difficulties? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 17
V Can anyone explain the extra requirements of AS9120 vs. AS9100? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
Marc AS9120 - Designed for aerospace suppliers known as "stockist distributors" Design and Development of Products and Processes 3
P EN/AS9100 vs. EN/AS9120 - Can we be both? EN/AS9100 Requirements Exceed EN/AS9120? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
Sidney Vianna AS9003 and AS9120 - First Accredited Registrars for AS9003 and AS9120. Various Other Specifications, Standards, and related Requirements 5
Sidney Vianna AS/EN/SJAC AS9120 - Aerospace Requirements for Stockist Distributors - Now available AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
A Prototype control plan FMEA and Control Plans 2
J Records Control - Does each individual record need to be numbered? Records and Data - Quality, Legal and Other Evidence 2
shimonv Document Control Procedure Header Content Document Control Systems, Procedures, Forms and Templates 3
W FMEA - Current control and occurrence rating FMEA and Control Plans 3
S Which department should prepare the control plan? could you show me a standard regarding to this matter. APQP and PPAP 16
G Control Plan & PFMEA Review Procedure? FMEA and Control Plans 1
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
A Fabric roll inspection - What type of Control Chart to use? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2
C Monitoring and Control Instruments RoHS, REACH, ELV, IMDS and Restricted Substances 3
M ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 3
T Risks arising from control measures vs. ineffective control measures ISO 14971 - Medical Device Risk Management 11
J Need Change Control Yes/No Decision Tree Template ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
P IQ, OQ, PQ protocol, and report templates for Distributed Control Systems in Pharmaceutical Manufacturing Systems. Qualification and Validation (including 21 CFR Part 11) 0
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6

Similar threads

Top Bottom