Definition Defined - Definition and meaning of "defined"

Mikishots

Trusted Information Resource
#1
With respect to AS9100D Clause 7.5.3.2, there is a requirement to define data protection processes.

While our IT group is very much included in our audit that contains review of document and record control (as we almost exclusively have a paperless system), this requirement has them asking exactly what "define' means. They are reluctant to create any kind of document that explains how they go about protecting data because they are not the kind of guys that will do anything outside IT work that they don't have to, and audits have shown that they indeed do have a robust method and infrastructure to do these activities reliably.

But what of "define"? Is there any guidance material that would explain what the Standard specifically means and expects when the term "define" is used? I've had a careful look in ISO 9000:2015 - Fundamentals and Vocabulary, but no dice.

My take: They need some kind of documentation that explains how they go about protecting our data, and to show that they can continue the practice without having to depend on certain individuals simply knowing what to do - a tidy segue-way into organizational knowledge!!!


thanks all.
 
Last edited:
Elsmar Forum Sponsor

CanadianQA

Starting to get Involved
#2
Define "define"? Sounds a bit like your IT department is trying to lead you down the garden path.

7.1.3 requires that "The organization shall determine, provide, and maintain the infrastructure necessary for the operation of its processes and
to achieve conformity of products and services." This includes IT resources. IT processes do need to be described to the extent that you can confirm that customer and applicable regulatory requirements are met through internal audit, which in my opinion is part of maintaining your infrastructure.

I had my IT department describe for me how they do the following:
  • System Maintenance;
  • System Backups;
  • System Security;
  • Virus Control;
  • Environmental Controls

I put what they wrote down into my procedures manual, added it to my internal audit and review what they do every year.
 

Sidney Vianna

Post Responsibly
Staff member
Admin
#3
But what of "define"? Is there any guidance material that would explain what the Standard specifically means and expects when the term "define" is used? I've had a careful look in ISO 9000:2015 - Fundamentals and Vocabulary, but no dice.
The meaning of "define" in the context of ISO 9001 is provided in the Guidance on some of the frequently used words found in the ISO 9000 family of standards document.

As for the "things to consider" concerning AS9100D 7.5.3.2, point your browser to the AS9100 Guidance document.
 

Mikishots

Trusted Information Resource
#4
I have seen this, but there is still the question - in writing, or verbally? Is it enough for them to simply tell me what they do? Does this constitute "define"?

The reason I ask - when someone new comes on board, that new staff member will not see this requirement anywhere in IT department's documentation - someone would have to TELL them. This ends up bumping heads with the requirements of "Organizational Knowledge", as it can be construed as tribal knowledge.
 

Ninja

Looking for Reality
Trusted Information Resource
#5
There is a standard you must "prove" compliance with (dangling participle and all...)

If your "define"-ing is verbal, you should document compliance being verbal.

Which puts it in writing...

You're reaching for ways around ...that's a warning flag that you're straying from the path...just write the darned thing down and move on...there are more important things to get uptight about...

:popcorn:
 

Mikishots

Trusted Information Resource
#6
Good thing I'm not responsible for writing their procedure. I'm just an auditor. The point is that they don't WANT to write it down, and I'm trying to determine if it can be complied with in another way that suits our workplace and yet still be in compliance.

I don't think there's any attempt at reaching around - I'm simply trying to determine how to comply with the intent of the Standard.
 

Ninja

Looking for Reality
Trusted Information Resource
#7
Things are defined for a reason...so everyone is "speaking the same language".

Consider something that there is resistance to "defining" in writing...then (without management next to you) ask 30 people (who would be impacted by that definition) what XXX means.

might give you either a level of comfort, or a compelling reason to force the written...either way it seems you might benefit.

Just thinking out loud...
 

Cari Spears

Super Moderator
Staff member
Super Moderator
#8
With respect to AS9100D Clause 7.5.3.2, there is a requirement to define data protection processes.

While our IT group is very much included in our audit that contains review of document and record control (as we almost exclusively have a paperless system), this requirement has them asking exactly what "define' means. They are reluctant to create any kind of document that explains how they go about protecting data because they are not the kind of guys that will do anything outside IT work that they don't have to, and audits have shown that they indeed do have a robust method and infrastructure to do these activities reliably.
Hi,

Is your organization DPD approved by Boeing or any other customers?
 

Mike S.

Happy to be Alive
Trusted Information Resource
#9
The terminology doc Sidney references defines "define" :bonk: as "state or describe exactly the nature, scope or meaning of"

So I would say that writing it down is preferred and safer but technically you are not in violation of the standard if all the people who need to know this are able to verbally define the system in the same way.

I get it -- you run into hardheads sometimes and don't have the authority to force them to do it the better way. So I would document to them the dangers of not defining it in writing (CYA) and then, if they are able to verbally comply, note it that way in the audit or wherever and move on. If it later comes back to bite them in the butt, they will have to address the issue in a corrective action.
 
Thread starter Similar threads Forum Replies Date
C AS9100 Requirement Definition - Defined vs. Documented AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 14
C Definition Internal Laboratory as defined in TS16949 - Definition Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 14
Randy Definition Policy - Have we ever defined the word "POLICY"? Definition sought Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 9
J Controlled information versus defined documents / records ISO 13485:2016 - Medical Device Quality Management Systems 3
M Is there any pre-defined Control plan format/template acc. VDA? VDA Standards - Germany's Automotive Standards 0
C Design and implementation of process audits as defined within IATF 16949 IATF 16949 - Automotive Quality Systems Standard 2
T No Defined Shelf Life/Expiration Date - Disposable single-use, non-invasive, non-sterile Other Medical Device Regulations World-Wide 2
S How are Medical Device Components and Subassemblies defined? ISO 13485:2016 - Medical Device Quality Management Systems 1
E Defined Roles in Small Company ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
A Short Term vs. Long Term SPC Study - Where is Cp and Cpk Defined Statistical Analysis Tools, Techniques and SPC 8
P Validation of Processes - What is meant by 7.5.6 (a) - Defined Criteria for Review ISO 13485:2016 - Medical Device Quality Management Systems 7
J Measuring Leakage Currents with IEC 60601 defined Measurement Device (MD) IEC 60601 - Medical Electrical Equipment Safety Standards Series 15
R Technical Files Sampling Rule defined in NBOG 2009-4 EU Medical Device Regulations 2
J What results need to be defined in IATF 16949 Clause 8.3.4 IATF 16949 - Automotive Quality Systems Standard 3
J Deformation specification not defined in print Inspection, Prints (Drawings), Testing, Sampling and Related Topics 1
S How others have defined "reaudits"? 21 CFR Part 820.22 Internal Auditing 1
R Property - What is defined as Property in ISO 14971 ISO 14971 - Medical Device Risk Management 4
X Are defined roles and responsibilities mandatory for ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
M Root Cause of 'Supplier Evaluation Not defined' Nonconformance and Corrective Action 15
J Is painting considered a Special Process as defined by ISO 9001 7.5.2? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
sagai Preventive Action vs. Corrective Action as defined by 21CFR820 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 10
A How is Segregation of Duties defined in the IT World? IEC 27001 - Information Security Management Systems (ISMS) 4
Q Must Support Processes have defined KPI's (Key Performance Indicators)? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K What constitutes (is defined as) as a Medical Device? Other Medical Device and Orthopedic Related Topics 3
Chennaiite External Audit re-defined Imported Legacy Blogs 4
B Definition Diagnostic - Is "diagnostic" defined in the EU Medical Device Standards? Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 10
H Document Control Defined? Determining what documents must be controlled ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
V QbD Approach - What are the "New Processes" to be "Defined / Introduced" US Food and Drug Administration (FDA) 6
kedarg6500 What is the meaning of "define/defined" in ISO 9001? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
S No Process Defined to Capture the Special Requirements of Customers Problem Solving, Root Cause Fault and Failure Analysis 10
G How is a Medical Device defined in the EU? ISO 13485:2016 - Medical Device Quality Management Systems 2
Q Suspect Product: How can Suspect Product be defined? TS 16949 IATF 16949 - Automotive Quality Systems Standard 15
G SEI CMMI Dev v1.3 - Defined (ML2) and Managed (ML3) Process Areas Software Quality Assurance 1
T TS 16949 Internal Audit Effectiveness Defined Internal Auditing 5
V Definition Documented versus Defined Procedures Definitions, Acronyms, Abbreviations and Interpretations Listed Alphabetically 5
J Control of Outsourced Processes defined within the Quality Management System ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
I Does a QMS defined by the element-by-element approach meet the intent of 4.1a? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
T A confusing Non-conformity - No defined QMS processes intended for 'Management' ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
A Defined intervals for review of quality system documents? Document Control Systems, Procedures, Forms and Templates 13
S Non-conformance regarding Lean Process - Lean Process is not defined ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
P Specified stages of design and development shall be defined - TS 16949 clause 7.3.4.1 IATF 16949 - Automotive Quality Systems Standard 4
M Common tools defined Funny Stuff - Jokes and Humour 3
C Measurement of Uncertainty ?as defined by the US Pharmacopeia? Measurement Uncertainty (MU) 9
P Defined Records Retention Time Of Customer/Regulatory Requirements Records and Data - Quality, Legal and Other Evidence 4
A Accepted / litigated AQLs in the Automotive Industry? Where is this defined? AQL - Acceptable Quality Level 7
G Customer Complaint(s) - Can what a Customer Complaint is be defined? Customer Complaints 34
apestate Poorly Defined Product Requirements - ISO 9001:2000 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
Manix GD&T Dimensional Control Frames - How the tolerance is defined Inspection, Prints (Drawings), Testing, Sampling and Related Topics 8
S Test Method Validation Help - New titration test method, not defined in the USP Qualification and Validation (including 21 CFR Part 11) 2
apestate Integrity in reporting, and Poorly defined Tolerances and Requirements Records and Data - Quality, Legal and Other Evidence 4
Similar threads


















































Top Bottom