JP,
You may find this useful.
You are setting out to purge the system of useless documents. While a huge task, once clean, keeping it clean may even be larger. Either way, it is nice to clear the slate.
What level 3 documents need to be controlled? As stated earlier, any form that becomes a Quality Record needs to be controlled. So what other documents?
Well, any document referenced in the QM or in Level 2 documents, these should be controlled. For other documents you collect, they need to be put to the test you mentioned; what effect do they have on the system? You may want to use a Risk Analysis tool (maybe create your own), such as an
FMEA, to determine the level of risk involved. Low risk, low chance that it needs to be controlled. However, this is not a fast rule. Developing an RPN uses three criteria, Severity, Occurrence, and Detection. For Risk Analysis on Forms, I believe you need to pay particular attention to the Severity and Occurrence factors. Severity deals with direct impact of the failure. The higher, the more consideration should be given. The same is true of Occurrence. Many small failures add up to a big failure in the eyes of auditors. For this reason, even if the Severity rates low, a large Occurrence would drive me towards controlling the document.
I think you will find that many forms in your system are more in tune with working documents. This should make your document control more simplified. However, it is a good idea to make sure your internal auditors routinely challenge the form classification, in either direction.
I hope this helps. Any other ideas out there?
Regards,
Kevin