Documents required by the quality management system shall be controlled

[Big Jim]

We pay much attention to documents (besides records) used in processes, which are used to direct activities. Such documents we address in the appropriate place of a procedure, with precise name and other relevant details. Sometimes, auditors (internal, never external I have to admit), when find some document nearby in the workplace (even in drawer/chest/shelf), forces us to find the place in the procedure and describe its usage. Problem is that many documents found nearby in the workplace (IE. Catalog, or an old technical instruction for some device) possibly will never be directly used in process activities, and auditors (internal, I repeat) insists to describe it in a procedure.
If you can imagine, there are hundreds and hundreds of technical instructions in some workplaces in thermal power plant, which already are enumerated (named) and stored in the Archive for future reference.

The employees just cannot invent new sentences how to use those documents rather than just say something like ?process equipment is documented by technical documents listed in <LIST OF TECHNICAL DOCUMENTS OF ?>, and is used when necessary?. How can one know how will possibly and exactly use some complex document? I'm not an expert for this, but is that kind of demand an overkill?
By enumerating technical documents used in a process, we keep integrity of documents needed for that process, and I agree 100% that's good idea, but insisting on further details? hm?.

Furthermore, when we agree that a document is undoubted necessary as a part of a process (procedure) activity, besides declaring it?s name in a procedure, we found out that it?s crucial to us, to add more details to it, besides pure name.
IE: LIST OF TECHNICAL DOCUMENTS OF PROCESS 1 (Adobe document / Sharepoint, QMS site/ IMS Admin)

First detail is about appearing form (Hard copy/Word/Adobe/Excel/Email, ?)
Second detail is about a place where is it placed/could be found (local computer of...; office of...; Sharepoint portal; Archive of..., etc...)
Third detail is about a responsible person to assure/publish/guarantee the document existence.

Exposing such additional details was my idea, because in practice, personnel didn't know where to find those related documents, who is responsible for the existence of such document, and in what appearing form it's expected to be.

What do you think of exposing such additional details? Feel free to criticize if you do not agree

When dealing with documents of external origin that you have determined are necessary for the control or operation of your quality management system, usually it is suffecient to list them and show where they are kept. In some cases, it may be suffecient to treat them in bulk, such as MSDS Sheets are kept in a binder located outside of the production office or MIL specs are retained in a library in the Production Manager's office.

 

[kgott]

Vladimir; along with the other good advice you have received here perhaps it would help to know that at 4.1 General requirements, NOTE 1, it states that processes needed for the quality management system include processes for management activities, provision of resources, product realization, measurement, analysis and improvement.

It’s these process that need documenting and the documents need controlling within the context of their status and importance to these functions.

 

[Wes Bucey]

Hi,

First of all excuse for my bad English (which is not my native language), and for this very basic question.

Can someone please explane to me, what exactly means this statement:
4.2.3 Control of documents: „Documents required by the quality management system shall be controlled“.

Closer, I'm trying to understand this particular two words – “required by”.

I’ll do my best to explain the origin of my question. Within QMS procedures we established, we pretty frequently say „QMS documents this..., QMS documents that...“ and similar. By that said, we sometimes think of Procedures, sometimes we think of Manual, sometimes we think of some procedure reference document or record directly related to (required by) a procedure is some activity.

Finally, we absolutely do not know for sure what type of document to control by DCF, and what to control in some different way. Further, we do not know should (or can) the „Control of documents“ procedure address the document other that procedures. I’m aware that there is the “external documents” requirement, but not all our documents are external.

So, what exacly are (should be) „QMS documents“, and what are (should) not (be)?

For example, is some technical document (technical drawing in mechanics or architecture) or normative document of external origin (national legal regulation), that are directly needed in some activity of a procedure – a QMS document?

I work in a company that has about 3500 emplyees. This is the imaginary document hierarchy, which we think fits our needs.

1. Policy, Manual
2. Procedures (System, Core, Centralized, Supporting)
3. Documents closely associated to procedures (Appendices, Forms, Templates, Work instructions), but are maintained separately
4. Documents that are used within procedures in activities, some are just cross reference documents, and some are produced by a procedure (plans, logs, …):
- External (Normative, Technical, Other)
- Internal (Other reference procedures, Technical, Other)
5. Records
6. Documents that are NOT mentioned (named) though other documents of QMS (processes which are not documented, documents that are not recognized to be indivisible part of some process or are in test phase, personal reference documents)

Every type of those documents we control in different way. For example, Procedures by “DCF” and “legal regulations“ by specialized software which allows to browse and download only valid documents, and direct communicating to personel about that.

In special cases, we think that even some procedure related document, for example „Risks...“ should be controled by DCF and not by direct change of one authorized person.

Can we in the procedure „Control of documents“ explain „type by type“ (maybe with few exceptions) how we control every single document type mentioned in the document hierarchy? Ok, except „Records“, which has a separate procedure.

If I was not clear enough, please tell, I’ll try to clarify (explain) more.


Best regards,
Vladimir

For starters, I think you have a good understanding of "control" - that's usually the sticking point we encounter from folks asking about document management.

Second, I think you are on a good track by understanding that different categories of documents require different levels of control.

Third, you may be making the definition of "required by" more complicated than it needs to be. Each organization makes its own decisions about documents "required," but all documents really can be categorized in some simple groups, while agreeing that the organization only agrees to keep and use such documents because they affect either the organization itself or the supply chain (including in-house processes) which result in delivering a finished product or service to a customer which fits (meets) the customer's requirements.

One way, but not the only way, to identify these groups might be:

1. regulatory - what various governments require
2. legal documents between customer and supplier (contracts, purchase orders, etc. between all the links in the supply chain)
3. product or service designs, descriptions, etc.
4. internal documents about processes related to product or service
5. internal documents for organization operations (employee contracts, property or equipment contracts, utilities, etc.)
6. records of activities concerning all of the above.

In some way, ALL of these groups affect the Quality Management System. The organization makes value judgements in which ones are "required" and which ones are just "nice to have."



Once categorized, your concept:

Can we in the procedure „Control of documents“ explain „type by type“ (maybe with few exceptions) how we control every single document type mentioned in the document hierarchy? Ok, except „Records“, which has a separate procedure.
​

would come into play. It is important to recognize that "control" is concerned with these major factors:

• keeping documents safe from physical harm or loss
• assuring documents can be retrieved if and when needed
• keeping documents from unauthorized alteration
• limiting access to view, copy, or change a document or group of documents to only authorized classes of people or individuals by name or title.

There are no Standards which dictate a particular method or system of control - that is up to the organization.