Documents required by the quality management system shall be controlled

x-files

Involved In Discussions
#1
Hi,

First of all excuse for my bad English (which is not my native language), and for this very basic question.

Can someone please explane to me, what exactly means this statement:
4.2.3 Control of documents: ?Documents required by the quality management system shall be controlled?.

Closer, I'm trying to understand this particular two words ? ?required by?.

I?ll do my best to explain the origin of my question. Within QMS procedures we established, we pretty frequently say ?QMS documents this..., QMS documents that...? and similar. By that said, we sometimes think of Procedures, sometimes we think of Manual, sometimes we think of some procedure reference document or record directly related to (required by) a procedure is some activity.

Finally, we absolutely do not know for sure what type of document to control by DCF, and what to control in some different way. Further, we do not know should (or can) the ?Control of documents? procedure address the document other that procedures. I?m aware that there is the ?external documents? requirement, but not all our documents are external.

So, what exacly are (should be) ?QMS documents?, and what are (should) not (be)?

For example, is some technical document (technical drawing in mechanics or architecture) or normative document of external origin (national legal regulation), that are directly needed in some activity of a procedure ? a QMS document?

I work in a company that has about 3500 emplyees. This is the imaginary document hierarchy, which we think fits our needs.

1. Policy, Manual
2. Procedures (System, Core, Centralized, Supporting)
3. Documents closely associated to procedures (Appendices, Forms, Templates, Work instructions), but are maintained separately
4. Documents that are used within procedures in activities, some are just cross reference documents, and some are produced by a procedure (plans, logs, ?):
- External (Normative, Technical, Other)
- Internal (Other reference procedures, Technical, Other)
5. Records
6. Documents that are NOT mentioned (named) though other documents of QMS (processes which are not documented, documents that are not recognized to be indivisible part of some process or are in test phase, personal reference documents)

Every type of those documents we control in different way. For example, Procedures by ?DCF? and ?legal regulations? by specialized software which allows to browse and download only valid documents, and direct communicating to personel about that.

In special cases, we think that even some procedure related document, for example ?Risks...? should be controled by DCF and not by direct change of one authorized person.

Can we in the procedure ?Control of documents? explain ?type by type? (maybe with few exceptions) how we control every single document type mentioned in the document hierarchy? Ok, except ?Records?, which has a separate procedure.

If I was not clear enough, please tell, I?ll try to clarify (explain) more.


Best regards,
Vladimir
 
Elsmar Forum Sponsor

somashekar

Staff member
Super Moderator
#2
Can we in the procedure „Control of documents“ explain „type by type“ (maybe with few exceptions) how we control every single document type mentioned in the document hierarchy?
Welcome to the COVE Vladimir ~~~
Yes, that is what you are to do.
I am sure you require all these within your quality management system to operate, else you would not be having them. Hence all these become the documents required by your QMS.
It is you who has to determine what is required, based on your document usage.
(Not to worry about your english...you are clear enough...)
 

sagai

Quite Involved in Discussions
#3
There is one more thing I would mention.
Most of the things we face with is more like the huge variety of the different shades of gray rather than clearly black and white.

It could be a good starting point to identify the purpose of your QMS.
Is it for compliance, is it for supporting business with good practises, mixture of both in what level extent, etc.

In a highly regulated industry I tend to say that I would consider to gradually segregate the compliance part of the QMS from the good practises part, simply because regulators rigorously looking into the QMS and the practise to determine the extent of the consistency between these and also the QMS itself to determine its level of compliance to the regulation itself.

With 3500 employees in case you cover the majority of the aspects of your running business in your QMS, that is lined up for regulatory compliance and for accommodating good practices I think it is more or less impossible to make sure that your practise does not deviate from the practise defined in QMS (there could be some special cases when the granularity of the QMS is master crafted on that way to make this happen).

So, coming back to your question, in overall of course I agree with the previous post.

The only mentioning I would have is that I would advise to identify first the purpose of your QMS.
If your compliance exposure is high, than I would suggest to consider the identification of the bare minimum set of documents to be handled by your QMS document management and explicitly exclude all the rest of it from your QMS. It takes time and effort, however it pays well at the end whilst minimizing compliance risks.

Cheers!
 

x-files

Involved In Discussions
#4
Thanks both of you (sagai and somashekar) for your very clear answers.

@somashekar

I am sure you require all these within your quality management system to operate, else you would not be having them. Hence all these become the documents required by your QMS.
It is you who has to determine what is required, based on your document usage.
Thanks for encouraging me. All the document hierarchy presented - we just need.

@ sagai

It could be a good starting point to identify the purpose of your QMS.
Is it for compliance, is it for supporting business with good practices, mixture of both in what level extent, etc.
It’s mixture, but prevailing on documenting good practice. Of course, the general director wants the “Certificate on the wall”, but he also wants the processes to be distinct, under control, with clearly expressed responsibilities and interfaces within processes, etc.

Example: If a chief, for 30 years of his work at a position, conclude that some activity is to be done “that way”, which is confirmed in practice many times, we consider that “a good practice”. We want that practice to be explicitly documented within procedure or work instruction. Otherwise, when that chief retire or goes to other position, we could face a situation that newcomer starts learning everything from scratch. Maybe, he’ll also got to the same conclusions like his predecessor, but why to invent the wheel every time.

In a highly regulated industry I tend to say that I would consider to gradually segregate the compliance part of the QMS from the good practices part, simply because regulators rigorously looking into the QMS and the practice to determine the extent of the consistency between these and also the QMS itself to determine its level of compliance to the regulation itself.
It’s maybe not polite to say, but major misunderstanding and misinterpreting of QMS are produced by not well practiced consultants in our country. Majority of companies in our country just wants „Certificate“, to become a valid qualificant for tenders, nevertheless is that documentation useful. Such scenario created such consultants. Now we have a QMS (made by instant consultant) which is „not for us“. Like a suit of clothes, with wrong number. Text of our procedures is 90% a „placeholder text“, copied from standard. Also, the same text is said in many documents, as we don’t know where it belongs primarily.

Being a computer programmer, I learned to analyze a system in “layers”. Now, I’m frustrated with the documentation we currently maintain.

With 3500 employees in case you cover the majority of the aspects of your running business in your QMS, that is lined up for regulatory compliance and for accommodating good practices I think it is more or less impossible to make sure that your practice does not deviate from the practice defined in QMS (there could be some special cases when the granularity of the QMS is master crafted on that way to make this happen).
I work in a Thermal Power Plant. Absolutely true. I agree 100%.
 

Marcelo

Inactive Registered Visitor
#5
Just a general clarification of the proocess expected by the standard and why the requirement is written as it is:

1 - You need to define the QMS policy (based on the purpose of the company) and derive the objectives.

2 - Based on the objectives, create the processes to achieve them.

3 - For each process define, among other stuff, which documents are required for the processes to perform effectively.

Those woud be the documents the standard mentions in ?Documents required by the quality management system shall be controlled?.

Usually, those are:

- the documents required by the standard (procedures and records)
- other documents defined by the company for each process to perform effectively (usually, they are the bulk)
- maybe some external documents
 

sagai

Quite Involved in Discussions
#6
One way out of this forest could be to identify the bare minimum set of and content of the processes/documents you have already in your QMS to address the requirements of the corresponding standard(s). Same job for documents. Actually it is also an opportunity to clearly identify the compulsory set of standards, I have also recognised that companies are tend to innocently bind themselves to voluntary standards as well.
And than all the rest of it could be moved to, let say to a kind of Guidance section whereas you could define "Guidance" as a non compulsory recommendation of your QMS per definition of your redefined quality manual.
Otherwise there is a chance that the majority of external auditors could look into your QMS in totality.
 

Big Jim

Trusted Information Resource
#7
Another dimension to pay attention to is that as an auditor, if I find it in use, that pretty much tells me you have found it necessary.

Look for the documents including forms that your company actually uses.
 

x-files

Involved In Discussions
#8
Another dimension to pay attention to is that as an auditor, if I find it in use, that pretty much tells me you have found it necessary.
We pay much attention to documents (besides records) used in processes, which are used to direct activities. Such documents we address in the appropriate place of a procedure, with precise name and other relevant details. Sometimes, auditors (internal, never external I have to admit), when find some document nearby in the workplace (even in drawer/chest/shelf), forces us to find the place in the procedure and describe its usage. Problem is that many documents found nearby in the workplace (IE. Catalog, or an old technical instruction for some device) possibly will never be directly used in process activities, and auditors (internal, I repeat) insists to describe it in a procedure.
If you can imagine, there are hundreds and hundreds of technical instructions in some workplaces in thermal power plant, which already are enumerated (named) and stored in the Archive for future reference.

The employees just cannot invent new sentences how to use those documents rather than just say something like ?process equipment is documented by technical documents listed in <LIST OF TECHNICAL DOCUMENTS OF ?>, and is used when necessary?. How can one know how will possibly and exactly use some complex document? I'm not an expert for this, but is that kind of demand an overkill?
By enumerating technical documents used in a process, we keep integrity of documents needed for that process, and I agree 100% that's good idea, but insisting on further details? hm?.

Furthermore, when we agree that a document is undoubted necessary as a part of a process (procedure) activity, besides declaring it?s name in a procedure, we found out that it?s crucial to us, to add more details to it, besides pure name.
IE: LIST OF TECHNICAL DOCUMENTS OF PROCESS 1 (Adobe document / Sharepoint, QMS site/ IMS Admin)

First detail is about appearing form (Hard copy/Word/Adobe/Excel/Email, ?)
Second detail is about a place where is it placed/could be found (local computer of...; office of...; Sharepoint portal; Archive of..., etc...)
Third detail is about a responsible person to assure/publish/guarantee the document existence.

Exposing such additional details was my idea, because in practice, personnel didn't know where to find those related documents, who is responsible for the existence of such document, and in what appearing form it's expected to be.

What do you think of exposing such additional details? Feel free to criticize if you do not agree :)
 

sagai

Quite Involved in Discussions
#9
IWhat if you would classify documents whether or not for regulatory purposes and than the ones are not for to show compliance with the standard would be explicitly excluded from the scope of your QMS document management measure?
Or for those you would determine a rather low complexity measures in your document management.
 

x-files

Involved In Discussions
#10
If I understoud the question well, yes I think it would be wise to exclude from DCP (by scope section of a procedure) everything of document types we could not yet prove (or just could not be guaranteed in practice) to be under requirements of 4.2.3.

Funny is that under scope section in procedures (not just for 4.2.3), we usually think of part of company, department, etc ... Almost never say something about addressed activities, products, services, ...

Thats why in the first post I asked "what are QMS documents". We just never said in our documentation what exactly we think of that. We say in the SCOPE: Procedure is applied in <COMPANY> ?! I think it should be, I do not know, for example, "This procedure applies to: manuals, procedures and work instructions with assigned alphanumeric QMS ID".
 
Thread starter Similar threads Forum Replies Date
T Using References - Required in Quality Documents? Document Control Systems, Procedures, Forms and Templates 2
I QMS documents required at each stage of Software development IEC 62304 - Medical Device Software Life Cycle Processes 5
C Defining Approvals Required for Design Control Documents ISO 13485:2016 - Medical Device Quality Management Systems 6
Marc IAF Mandatory Documents (MD Series) - Required to be used by certification bodies ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
F The depth of the required Design Documents ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
M Which documents are required for a class I medical device listing US Food and Drug Administration (FDA) 4
S Clarification in organizing required documents for ISO 27001 IEC 27001 - Information Security Management Systems (ISMS) 6
H Is "Master Documents and Records list" required per ISO 9001 ? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
drgnrider Informational Required Documents/Records in ISO 9001:2015 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 49
S Minimum documents required by AS9100 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3
N What Documents are Required for each ISO 9001 Requirement ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
G Rookie to the ISO 9001:2008 World - Required Procedures and Documents ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
M AS9100 Clause 4.2.3 requirements - Documents required by the QMS shall be Controlled AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 13
T Control of Safety Documents Required? ISO 9001:2008 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
R What Documents are required for Application of Brazilian INMETRO IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
K Documents required to display/keep during ISO 9000 Audit in EPCC firm ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
W Electronic Distribution of Controlled Documents: Validation required? Qualification and Validation (including 21 CFR Part 11) 5
J ISO 9001:2008 Clause 4.2.3 - What are the required documents? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 24
C ISO 3834-2 references ISO 3834-5 for the list of documents required for conformity Other ISO and International Standards and European Regulations 1
M All Internally Generated Documents ? Required to be Controlled or Not All? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
C Control of Documents - Is a unique format required? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
S Required documents for Class III Medical Device in Yemen Other Medical Device Regulations World-Wide 3
M List of documents required for engineering service project (CAD/CAM) AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 4
V What documents are required for Education and Training in AS9100 Internal Auditing 3
A Documents required for ISO 17020 vs. ISO 9001? General Measurement Device and Calibration Topics 10
P Required Documents and Document Control in Human Resources for ISO 9001:2000 Document Control Systems, Procedures, Forms and Templates 5
P New product Design & Development for automotive requirements - Documents required Design and Development of Products and Processes 4
R Documents required for certification process - AS/EN/JISQ9100 AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 2
E New and revised documents - Acknowledgement of distribution required? Document Control Systems, Procedures, Forms and Templates 3
E Level 3 PPAP with only a few of the required documents? APQP and PPAP 3
O What are typical records of different documents required by ISO9001? Records and Data - Quality, Legal and Other Evidence 2
R TS16949 Grandfather documents - Control Plans - Required or not based upon date FMEA and Control Plans 4
L ISO 14001 4.4.4 d) - What exactly are the documents and records required by ISO 14001 ISO 14001:2015 Specific Discussions 3
Howard Atkins TS 16949 Clause 4.2.1 - Required Documents IATF 16949 - Automotive Quality Systems Standard 15
G Control of External Documents - Which documents are required to be controlled? IATF 16949 - Automotive Quality Systems Standard 10
C How long we're required to keep supplier and our PPAP documents? Supplier Quality Assurance and other Supplier Issues 1
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 4
C Corrective action for failure in documents control ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
A QMS Overhaul - Reorganizing and Renaming Documents - Internal References Document Control Systems, Procedures, Forms and Templates 18
J Controlled information versus defined documents / records ISO 13485:2016 - Medical Device Quality Management Systems 3
D DQ documents of new equipment - Function specification Qualification and Validation (including 21 CFR Part 11) 0
B Using Unreleased Documents & Process Maps for Internal Audit purposes ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 12
N Device Labeling - Medtronic Ventilator Files (Risk Management documents) Coffee Break and Water Cooler Discussions 2
Q To set frequency to review documents in ISO 9001 7.5? Document Control Systems, Procedures, Forms and Templates 13
S Mandatory documents vs shall "something" but without mandatory documents ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 17
I Reissuing documents due to missing version / issue numbers Document Control Systems, Procedures, Forms and Templates 3
I Dating controlled documents after changes - Revision History Document Control Systems, Procedures, Forms and Templates 13
C Document Control Stamps - Does anyone still stamp their documents? Document Control Systems, Procedures, Forms and Templates 21
M Advertising medical devices in the U.S - Advertising regulations or guidance documents Other US Medical Device Regulations 3
R Process control documents - Context of API Spec Q1, Clause 5.7.1.3 Other ISO and International Standards and European Regulations 0
Similar threads


















































Top Bottom