Configuration Management and ISO 10007 (again)

B

Bonhomme

#1
Hi, and sorry if I'm posting this in the wrong section, I saw multiple threads about CM everywhere.
Then, excuse my poor english, and lack of QMS / general industry knowledge. I’m a young french student in his first job (actually a 1 year part-time training course between school and my company)

As part of a checklist for the new EN9100 version, I'm studying Configuration Management, as a lack of Configuration Audits was clearly identified. I've read our CM procedure, ISO 10007, and several threads here and various other sources.

I still have lots of questions (ISO 10007 appeared especially confusing to me :()

First let me clarify my context : my company is in the electronics domain, assembling printed circuit boards and electronic components (both bought to all kind of suppliers) either to customer design (we only design the process), or to our own design according to customer specs (product design in another location, not totally in my scope). Depending of the electronic card/product and customer request, we also do some integration, up to final packaging. Customers range from diverse industrials to automotive/aeronautics direct suppliers

- Configuration items : what are they ? Parts/sub-assemblies ? Design documents (either product / process) like plans, BoM ... ?
If the latter, I understand how we could identify & manage such items, but I fail to see how to identify sub-assemblies of electronic cards directly made of components. These are way « simpler » than a motor or whatever, built of X sub-assemblies themselves built of X parts. So that configuration item thing is blurred to me.

-Configuration plans : I don’t get that either. Are we supposed, for each product, to make or state a « configuration plan » that will explain in detail how we will manage configuration ? Isn’t a CM procedure enough, as electronic cards are, regarding changes, simple products ? The CM process will be the same each time, and apparently customers don’t seem to have a problem with that

- Configuration audits : If I get it right, we have to make Physical and Functional audits, which in my eyes looks like the ISO 9001 requirements of verification (=built according to specs, "theoric") & validation (=works as desired, "practical")

How is that different from « plain » controls during different production stages (verifying the soldering paste height and correct soldering characteristics according to IPC standards, etc)
and a final functional test (ie the distress beacon, once integrated, is correctly emitting to the right frequencies, is floating, etc)
Considering the production/control documents in the manufacturing area are up to date (every work order has the product revision n° written, and every document has a corresponding revision n°)
it seems to me like we're complying with the requirements, as every product is built and controlled/tested according to the latest available specs, and any NC (wrong document n° …) is transmitted to the engineer in charge of CM

From what I’ve read here (mostly « don’t panic, you’re probably good already ») I think we’re indeed not that bad. The CM procedure & system guarantees every product and manufacturing process will be associated with technical files and uptodate specifications, associated with « sub-files » in the plant, and that every change will be implemented all the way to the work documents BEFORE a product is done

We also have a Change Committee and associated procedure, involving people of most fuctions (engineering, quality, planification, buyers …), assessing impacts according to requirements (data, recording, etc)
So I’d say we’re in good shape, except maybe we should have formal configuration audits planned (and maybe put "CM" name all over ? I'm sure everyone in the plant gets the importance of it, but without knowing its name)
Change control seems good, traceability is maintained, documentation is consistent at all levels and with the product made

But reading ISO 10007 makes me doubt (and gives me a headache :x) more than giving me firm beliefs.
Hope that wasn’t too long, I like it when people in forums show they at least tried before asking :x

I’d really appreciate any highlight/advice on this, even though people have already helped multiple times on the subject.

Thanks in advance
 
Elsmar Forum Sponsor

Stijloor

Leader
Super Moderator
#2
Hi, and sorry if I'm posting this in the wrong section, I saw multiple threads about CM everywhere.
Then, excuse my poor English, and lack of QMS / general industry knowledge. I’m a young french student in his first job (actually a 1 year part-time training course between school and my company)

As part of a checklist for the new EN9100 version, I'm studying Configuration Management, as a lack of Configuration Audits was clearly identified. I've read our CM procedure, ISO 10007, and several threads here and various other sources.

I still have lots of questions (ISO 10007 appeared especially confusing to me :()

First let me clarify my context : my company is in the electronics domain, assembling printed circuit boards and electronic components (both bought to all kind of suppliers) either to customer design (we only design the process), or to our own design according to customer specs (product design in another location, not totally in my scope). Depending of the electronic card/product and customer request, we also do some integration, up to final packaging. Customers range from diverse industrials to automotive/aeronautics direct suppliers

- Configuration items : what are they ? Parts/sub-assemblies ? Design documents (either product / process) like plans, BoM ... ?
If the latter, I understand how we could identify & manage such items, but I fail to see how to identify sub-assemblies of electronic cards directly made of components. These are way « simpler » than a motor or whatever, built of X sub-assemblies themselves built of X parts. So that configuration item thing is blurred to me.

-Configuration plans : I don’t get that either. Are we supposed, for each product, to make or state a « configuration plan » that will explain in detail how we will manage configuration ? Isn’t a CM procedure enough, as electronic cards are, regarding changes, simple products ? The CM process will be the same each time, and apparently customers don’t seem to have a problem with that

- Configuration audits : If I get it right, we have to make Physical and Functional audits, which in my eyes looks like the ISO 9001 requirements of verification (=built according to specs, "theoric") & validation (=works as desired, "practical")

How is that different from « plain » controls during different production stages (verifying the soldering paste height and correct soldering characteristics according to IPC standards, etc)
and a final functional test (ie the distress beacon, once integrated, is correctly emitting to the right frequencies, is floating, etc)
Considering the production/control documents in the manufacturing area are up to date (every work order has the product revision n° written, and every document has a corresponding revision n°)
it seems to me like we're complying with the requirements, as every product is built and controlled/tested according to the latest available specs, and any NC (wrong document n° …) is transmitted to the engineer in charge of CM

From what I’ve read here (mostly « don’t panic, you’re probably good already ») I think we’re indeed not that bad. The CM procedure & system guarantees every product and manufacturing process will be associated with technical files and up to date specifications, associated with « sub-files » in the plant, and that every change will be implemented all the way to the work documents BEFORE a product is done

We also have a Change Committee and associated procedure, involving people of most functions (engineering, quality, planification, buyers …), assessing impacts according to requirements (data, recording, etc)
So I’d say we’re in good shape, except maybe we should have formal configuration audits planned (and maybe put "CM" name all over ? I'm sure everyone in the plant gets the importance of it, but without knowing its name)
Change control seems good, traceability is maintained, documentation is consistent at all levels and with the product made

But reading ISO 10007 makes me doubt (and gives me a headache :x) more than giving me firm beliefs.
Hope that wasn’t too long, I like it when people in forums show they at least tried before asking :x

I’d really appreciate any highlight/advice on this, even though people have already helped multiple times on the subject.

Thanks in advance
Can someone help?

Thank you!!

Stijloor.
 

dsanabria

Quite Involved in Discussions
#3
Hi, and sorry if I'm posting this in the wrong section, I saw multiple threads about CM everywhere.
Then, excuse my poor english, and lack of QMS / general industry knowledge. I’m a young french student in his first job (actually a 1 year part-time training course between school and my company)

As part of a checklist for the new EN9100 version, I'm studying Configuration Management, as a lack of Configuration Audits was clearly identified. I've read our CM procedure, ISO 10007, and several threads here and various other sources.

I still have lots of questions (ISO 10007 appeared especially confusing to me :()

First let me clarify my context : my company is in the electronics domain, assembling printed circuit boards and electronic components (both bought to all kind of suppliers) either to customer design (we only design the process), or to our own design according to customer specs (product design in another location, not totally in my scope). Depending of the electronic card/product and customer request, we also do some integration, up to final packaging. Customers range from diverse industrials to automotive/aeronautics direct suppliers

- Configuration items : what are they ? Parts/sub-assemblies ? Design documents (either product / process) like plans, BoM ... ?
If the latter, I understand how we could identify & manage such items, but I fail to see how to identify sub-assemblies of electronic cards directly made of components. These are way « simpler » than a motor or whatever, built of X sub-assemblies themselves built of X parts. So that configuration item thing is blurred to me.

-Configuration plans : I don’t get that either. Are we supposed, for each product, to make or state a « configuration plan » that will explain in detail how we will manage configuration ? Isn’t a CM procedure enough, as electronic cards are, regarding changes, simple products ? The CM process will be the same each time, and apparently customers don’t seem to have a problem with that

- Configuration audits : If I get it right, we have to make Physical and Functional audits, which in my eyes looks like the ISO 9001 requirements of verification (=built according to specs, "theoric") & validation (=works as desired, "practical")

How is that different from « plain » controls during different production stages (verifying the soldering paste height and correct soldering characteristics according to IPC standards, etc)
and a final functional test (ie the distress beacon, once integrated, is correctly emitting to the right frequencies, is floating, etc)
Considering the production/control documents in the manufacturing area are up to date (every work order has the product revision n° written, and every document has a corresponding revision n°)
it seems to me like we're complying with the requirements, as every product is built and controlled/tested according to the latest available specs, and any NC (wrong document n° …) is transmitted to the engineer in charge of CM

From what I’ve read here (mostly « don’t panic, you’re probably good already ») I think we’re indeed not that bad. The CM procedure & system guarantees every product and manufacturing process will be associated with technical files and uptodate specifications, associated with « sub-files » in the plant, and that every change will be implemented all the way to the work documents BEFORE a product is done

We also have a Change Committee and associated procedure, involving people of most fuctions (engineering, quality, planification, buyers …), assessing impacts according to requirements (data, recording, etc)
So I’d say we’re in good shape, except maybe we should have formal configuration audits planned (and maybe put "CM" name all over ? I'm sure everyone in the plant gets the importance of it, but without knowing its name)
Change control seems good, traceability is maintained, documentation is consistent at all levels and with the product made

But reading ISO 10007 makes me doubt (and gives me a headache :x) more than giving me firm beliefs.
Hope that wasn’t too long, I like it when people in forums show they at least tried before asking :x

I’d really appreciate any highlight/advice on this, even though people have already helped multiple times on the subject.

Thanks in advance
1. Do you do Design & Development

2. You have many questions - which one do you need help understanding and applying.

3. Configuration Management is in section 7 so you could take an exclusion if it does not apply to your process.
 
B

Bonhomme

#4
Hi

We sometimes design the product according to customer wishes (translating a functional need into an electronic card drawing), and we always design the processes to make/test these electronic cards.

So we need and have some sort of configuration management.

I guess all my questions could be pooled into one :

Is it possible to meet the CM requirements of EN9100 (7.1.3) while not following 100% of ISO 10007 guidelines, or would we have to find how to better stick to them ?

I'm pretty sure the CM system we already have is not bad, but if I read ISO 10007 correctly we still miss some things :
- Configuration items (or their formal identification)
- Formal configuration plan per product
- Configuration audits

For now, our system seems to work, and I'm not aware of any complaint from customers or auditors.
But that doesn't prove the system is good, does it ? It may only mean that we're either lucky, or not seeing its flaws. Or that problems haven't happened ... yet (aeronautics, 30+ years product life & records retention, etc etc)

Thanks
 

dsanabria

Quite Involved in Discussions
#5
If customers have not complaint, and auditors have reviewed it - then it's probably effective. If you want additional information you could either attach the procedure for review or send it to me on a PM (Private message)
 
B

Bonhomme

#6
Yeah, I suppose I'm thinking too hard.

My boss told me to look at some of the gaps we have regarding EN9100 (audit in january, first one with the new standard version)
He had filled the EN9101 audit grid to see where we are missing, and Configuration audits came up among other things.

Then I read ISO10007 and started doubting our whole CM process.

Sorry for the mess, I'll think tw... thrice before asking something stupid :nope:
 

Sidney Vianna

Post Responsibly
Leader
Admin
#7
J

Jeff Frost

#8
One question to first answer is based on your current system have you received internal or external complaints about configuration issues and does is meet the requirements of AS9100C. ISO 10007 is a reference only and not a requirement of AS9100. If you have not done so build a configuration management flow chart or model for your company and ask how do we meet the configuration requirements referenced in clause 7.1.e, 4.2.3, 7.5.1.2, 7.3.3, 7.3.7, 7.4, 7.5.3, 7.3.6.1 and 7.6 configuration note. Look at the risks in the current system and build from there based on your business model. Also because you are assembling printed circuit board you may find industry specific information in IPC specifications or applicable military/NATO documents.
 
B

Bonhomme

#9
:applause: Thank you for your answers, I'll definitely make some sort of flowchart to better visualize the milestones and whether we cover the risks or not, rather than trying to stick our system over ISO 10007.

Also, that handbook will really help me on several topics, it'll avoid I come here asking dumb questions about risk management for example :notme:
 
Thread starter Similar threads Forum Replies Date
K Example of ISO 10007 - Configuration Management Plan AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
L What exactly does Configuration Management in ISO 9001, Clause 7.5.3 means? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
B Configuration Management - Is Configuration Management a requirement of ISO 9001 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 21
J Configuration Management - ISO 9001 - 7.6 Monitoring and Measuring Equipment ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
L Configuration Management, Need to review ISO 10007, anybody have one? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
N ISO/IEC 20000-1 (IT Managed Services) Configuration Management Database? Other ISO and International Standards and European Regulations 2
S ISO 10007 Standard for Configuration Management AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
L ISO 10007 - Configuration Management Requirements Other ISO and International Standards and European Regulations 18
R Configuration Management - Identifying Documentation IEC 62304 - Medical Device Software Life Cycle Processes 3
H AS9100 D - 8.1.2 Configuration Management for Build-to-Print Service Provider AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
William55401 Distributed By Product - Best Practices for Configuration Management and Purchasing Controls ISO 13485:2016 - Medical Device Quality Management Systems 0
John Predmore Configuration Management as a process instead of a procedure AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
G AS9100-8.1.2 Configuration Management AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
R Configuration Management in AS9100 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 1
N Configuration Management - Physical Audit and Functional Audit for Software and Hardware General Auditing Discussions 4
T Change control and configuration management - When to create a new model/part number? Other Medical Device and Orthopedic Related Topics 0
P Configuration Management Software EASA and JAA Aviation Standards and Requirements 4
Q Configuration management clarification and example AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
A Risk Management and Configuration Management ISO 14971 - Medical Device Risk Management 3
A AS9100. 7.1.3 Configuration Management. PCB production. ECN. Revision Control. AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
K Software Configuration Management Audit Questions Quality Assurance and Compliance Software Tools and Solutions 8
Q Configuration Management Audit AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 10
Wes Bucey Aerospace Configuration Management Webinar Book, Video, Blog and Web Site Reviews and Recommendations 3
Q Understanding Configuration Management AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 16
B How to define and implement Configuration Management Document Control Systems, Procedures, Forms and Templates 5
Q Configuration Management Form example(s) wanted Document Control Systems, Procedures, Forms and Templates 1
P Configuration Management for Build to Print Company AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
S Configuration Management System software that can also be linked to our ERP system AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
N Change Management, Configuration Management or Other Process? Manufacturing and Related Processes 9
G AATT Focus: Configuration Management & Risk Management AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 3
B AS9100 (FCA / PCA) of section 7.1.3 - Configuration Management - Audit question AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
K Configuration Management Procedure Template wanted AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 2
K Configuration Management - AS9100 Requirements AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 11
T Upgrading to AS9120A - Configuration Management AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
B What is meant by "Configuration Management"? AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 36
O Difference between Configuration Management Procedure / Plan in IT context? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
T Who owns Configuration Management Document Control Systems, Procedures, Forms and Templates 6
C Configuration Management template or db wanted Document Control Systems, Procedures, Forms and Templates 2
B How to ensure Configuration Management and Control manually AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
D AS9100 Configuration Management Procedure example wanted AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
V Configuration Management - Configurable, Managed and Controlled Document Control Systems, Procedures, Forms and Templates 3
M Configuration Management - AS9100 Rev B or C AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7
C Configuration Management requirements if this facility is not design responsible AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 9
T Configuration Management For Design and Development (Clause 7.1.3) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
S Is Configuration Management Mandatory? AS9100 Clause 7.1.3 AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 9
N The International Society of Configuration Management (ISCM) certification exam Professional Certifications and Degrees 2
A Configuration Management and On-Hand/In-Transit Inventory Quality Manager and Management Related Issues 3
L Definition Configuration Management - What is Configuration Management? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 5
S Configuration Management compliance - Adding information to individual procedures AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
W Configuration Management for sub-contractors working to Customer Drawings AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 7

Similar threads

Top Bottom