Control of External Audit Notes and Documents

drgnrider

Quite Involved in Discussions
#1
Having a discussion of what should and shouldn't be controlled and to what extent. Main issue: our CB leaves their draft audit report with us, to what extent should this record be controlled?

Since it is in MS Word format, that can be edited, should it be password protected somehow from changes? What type of controls should be in-place for copy and distribution?

"Top Management" says "no controls, e-mail to anyone". I disagree.

Am I overreaching this? I see this similarly as some of our in-house quality records and there needs to be some sort of control on access and dissemination.
 
Elsmar Forum Sponsor

insect warfare

QA=Question Authority
Trusted Information Resource
#2
Re: Control of external audits

Why not just make a PDF copy and discard the Word copy for good? If no changes are to be made to the document, the Word copy is not needed anyway - a PDF can be locked from editing and still be viewed by those you are allowed to distribute it to, provided they have downloaded a PDF reader (which is free).

On top of that, your controls for distribution could be modified to state that this is allowed, if there is a conflict.

Brian :rolleyes:
 
S

SimpleIsGood

#3
Re: Control of external audits

Perhaps I don't understand. Why would you want a draft copy of an audit report?

I would not make any changes to my QMS based on a DRAFT anything! You want me to make changes, you better show where I'm not meeting the standard, and it better be THE final version. Beside just being ornery (which I am), and pig headed (also guilty as charged), there is no sense making changes that may or may NOT be required, needed, wanted or necessary. I'd hate to change a procedure, get everyone retrained, then get my "official" audit report and find out I completely misunderstood what was required.

I would wait for the official results.
 

drgnrider

Quite Involved in Discussions
#4
Re: Control of external audits

... by those you are allowed to distribute it to, ...

On top of that, your controls for distribution could be modified to state that this is allowed, if there is a conflict.

Brian :rolleyes:
@Brian, this is part of our "discussion", Top Management says this is not a "controlled" record and feel they can e-mail it blithely to anyone, anywhere.



Perhaps I don't understand. Why would you want a draft copy of an audit report?
@SimpleIsGood, not making any changes based on this report. Assessor e-mailed it, and now managers are wanting to e-mail it and copy/save it on multiple drives within our network. They don't accept my argument that it should be treated as a controlled document.
 

Golfman25

Trusted Information Resource
#5
Why would you control it? How would you disseminate audit results if you controlled the outside report? Why make life more difficult? Seems to me like you are over thinking it. Good luck.
 

insect warfare

QA=Question Authority
Trusted Information Resource
#6
Re: Control of external audits

@Brian, this is part of our "discussion", Top Management says this is not a "controlled" record and feel they can e-mail it blithely to anyone, anywhere.
I agree with Golfman25. You are overthinking this. All records needed for your management system need to be "controlled", of course. But "control" of records usually relates to 6 major things (identification, storage, protection, retrieval, retention and disposition). Control requirements for these 6 elements should already be specified in a documented procedure, including what is and what is not acceptable distribution, if that is what the organization needs to address. And what I mean by "acceptable distribution" is that organizations can allow unfedered access to copies of certain management system records, provided that the integrity of the original record is not compromised, and that the distribution itself does not violate any confidentiality agreements or other regulations.

Brian :rolleyes:
 

RoxaneB

Change Agent and Data Storyteller
Super Moderator
#7
Re: Control of external audits

They don't accept my argument that it should be treated as a controlled document.
What points are you using to say that this should be a controlled document? Help us to understand your perspective. :)

That being said...it is a DRAFT document. Nothing official has come out the audit, so I would not control. If they wish to send it out to the world...let them...but perhaps they would be wise to include something like "Please find attached a DRAFT copy of the results of our recent audit. Final and official results are still pending, but we wanted to share the outcome while it was still fresh."

As for the final and official report, I do keep copies as 'records' and they are on my list with retention times, disposal methods, etc.. My reasons for keeping are mainly for historical purposes and changing personnel who ask questions about previous audits....and the "lottery factor" (i.e., if I win the lottery and leave, I'd like previous results to be easily accessible).
 

mihzago

Trusted Information Resource
#8
Re: Control of external audits

is this a distribution issue to prevent some people acting on the findings/actions in the report before they are finalized or is this a confidentiality issue to prevent access to the report by people that are not privy to the information?

i agree with others that I would not control the draft.
 

drgnrider

Quite Involved in Discussions
#9
Thanks all for the input.

For me, its not about "draft" vs. "final". I tend to treat all these strictly from the basis of habit. Especially in new systems, such as ours, where controls, and mindsets, never existed before. If one gets into the habit of exhibiting some form of control over this 'who_cares_about_it' version, then the other versions would hopefully be handled with at least the same care, or a second thought before sending it out. BTW, they are just as indiscriminate about "final" versions.

Old habits are hard to break. We are having issues with people fixing problems and not following the course of our Preventative Actions (PA) systems... we've always done it this way, now habits need to change and the PA system needs to be utilized.

Part of my argument is based on other records/reports we keep, they are stored but are not distributed to just anyone, only those with necessary need. We also don't send and/or make multiple copies of findings from other organizations (customer, regulatory, etc.) that come in and audit us.
 
Thread starter Similar threads Forum Replies Date
S External Audit Non-Conformance - Control Plan and Inspection Issues IATF 16949 - Automotive Quality Systems Standard 1
A External Audit CAR on Record Control? General Measurement Device and Calibration Topics 6
D 8.5.1.2 Validation and control of special processes requirements for Heat Treat External Processor AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 4
J 510(k) for a control kit for an external IVD test kit 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
I AS9100 8.4.2 Type and Extent of Control - External provider test reports Manufacturing and Related Processes 24
P AS9120B Control of External Providers for Franchised Distribution AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
E AS9120B 8.4.2a Ensuring external providers remain within control of the QMS AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
N Responding to NADCAP nonconformance - Control of External Documents AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
R External Standards List (Document Control) Document Control Systems, Procedures, Forms and Templates 3
M ISO9001:2015 Clause 8.4 Control of External Processes and Purchased Goods & Materials ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
M Document Control Management - External documents flowed down from customers Document Control Systems, Procedures, Forms and Templates 2
M Control of External Documents such as customer manuals AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 28
J ISO/IEC 17025 - Which External Documents require control? ISO 17025 related Discussions 6
smryan Satisfying the ISO 9001:2008 4.3.2.f External Document Control requirement ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Q Control of Customer Documents (Documents of External Origin) AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 6
K Guidance on AS 9100 4.2.3 Control of External Records AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
N Medical Device External Standards Control and Monitoring Other US Medical Device Regulations 10
T External Document (Documents of External Origin) Control Template example wanted Document Control Systems, Procedures, Forms and Templates 14
L ISO 9001:2008 - Control of Documents of External Origin Document Control Systems, Procedures, Forms and Templates 13
N Control of External Documents - Best Practices for Control of External Forms Document Control Systems, Procedures, Forms and Templates 2
Q Suppliers info into my Documents Control (Documents of External Origin)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
A Control of Documents (External Drawings) and Marking Up Prints Document Control Systems, Procedures, Forms and Templates 5
T Identification and Control of External Documents - 4.4.5 f) of ISO 14001 ISO 14001:2015 Specific Discussions 5
N How do you control weblinks used for external document requirements? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
A Document Control - Control of external documents ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
M Control of Customer Manuscripts (Manuals), Specifications - External Documents ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
C Monitoring changes in ANSI standards - Control of External Documents Document Control Systems, Procedures, Forms and Templates 6
T Document Control at Suppliers - Control of External Documents ISO 13485:2016 - Medical Device Quality Management Systems 2
B How to control external documents like drawings and standards ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
C Document Control for External and Internal Projects (overseas projects) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
N How to Control Documents of External Origin Document Control Systems, Procedures, Forms and Templates 7
H External Document Control Procedure advice wanted ISO 13485:2016 - Medical Device Quality Management Systems 9
E Control of documents procedure and external documents? Document Control Systems, Procedures, Forms and Templates 4
K How to Control and 'Monitor' External Documents (Documents of External Origin)? Document Control Systems, Procedures, Forms and Templates 1
L Sample of Control of Document Procedure and Control of External Documents Document Control Systems, Procedures, Forms and Templates 2
P Customer Furnished Drawings Retained? Control of Documents of External Origin Records and Data - Quality, Legal and Other Evidence 4
V Identification & Control - Documents of External Origin - ISO13485:2003 Clause 4.2.3f Document Control Systems, Procedures, Forms and Templates 8
J Control of External Documents - How does one *gain* control of external documents? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
A 4.2.3 Control of Documents - Need advice on Control of External Documents Document Control Systems, Procedures, Forms and Templates 3
M External Documents - How to control? NC over letter from registrar about use of logo Document Control Systems, Procedures, Forms and Templates 19
S ASTM specs - Control and Update of Documents of External Origin Document Control Systems, Procedures, Forms and Templates 20
M Control of documents of External Origin - Specifications from our customers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
R TS 16949 - Clause 4.2.3 - Identification and Control of Documents of External Origin IATF 16949 - Automotive Quality Systems Standard 15
C External Document Control Document Control Systems, Procedures, Forms and Templates 2
G Control of External Documents - Which documents are required to be controlled? IATF 16949 - Automotive Quality Systems Standard 11
F Documents of External Origin - Identification, Control and Distribution - 4.2.3 f) Document Control Systems, Procedures, Forms and Templates 13
A ISO 9001:2000 - Documents Requiring Control - Documents of External Origin Document Control Systems, Procedures, Forms and Templates 27
V External Processes - Subcontracting - Control Requirements ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
C Control of Documents of External Origin - Reference manuals and standards Document Control Systems, Procedures, Forms and Templates 4
K ISO 2859-5 (single run production) control plan issues FMEA and Control Plans 2

Similar threads

Top Bottom