External documentation and ISO 17021

P

popolo

#1
I am working in a small certification body accredited according to ISO/IEC 17021. In clause 10.3.3 "Control of documents" it is stated

"The certification body shall establish procedures to control the documents (internal and external) that relate to the fulfilment of this International Standard
...
f) to ensure that documents of external origin are identified and their distribution controlled"

Till recently, our external documentation management was described in several sentences in our general procedure for management of documents in which following categories of external documents which shall be controlled were identified:
- National and international standards and other related documents (such as IAF MD documents)
- Key documents received from AB (reports, formal letters, accreditation rules)
- Documents received from clients (but only control in general, mostly from the point f view of confidentiality)
- Essential legal and regulatory documents (related to defining of legal entity, certification agreements and contracts with our external personnel)
- Various documentation received form authorities
- Documentation from our partners.

Some of external documents were not identified as such, but they were controlled (such as evidence of competence for external auditors).

But, recently, we received a nonconformity from our AB and their opinion is that our external documentation management is not defined adequately (e.g not defined responsibilities, there is no External Documents Register). Also their opinion is that we should identify and control complete set of legal and regulatory documents for each technical area and each management system covered by our scope of accreditation, because this is also needed for "fulfillment of the requirements of ISO/IEC 17021", as it is stated as requirement in 10.3.3.

I have a few questions
- Is there any additional category of external documentation which should be considered for CB?
- Is it common to have Registers of external documentation
- To which extent external documentation should be identified and controlled (e.g. do you make a record of each quality manual received from client by e-mail in those Registers)
- Do you consider and manage legal and regulatory documents, needed for audits, as external documentation?

Thanking in advance for your answers!
 
Elsmar Forum Sponsor
T

t.PoN

#2
.

I have a few questions
- Is there any additional category of external documentation which should be considered for CB?
- Is it common to have Registers of external documentation
- To which extent external documentation should be identified and controlled (e.g. do you make a record of each quality manual received from client by e-mail in those Registers)
- Do you consider and manage legal and regulatory documents, needed for audits, as external documentation?

Thanking in advance for your answers!
Let me try to answer it:
1. Additional category:
Just the method you use to make sure you are aware of the latest updates for the external documents.
the distribution of documents. including the authorization to work in these documents.
Once an external document is changed, you may need to take further actions. as an example: train your staff or review your internal documents. or inform your customers when will the changes take effect.

2. Yes, it is common practice to have a register or master list of external documents.

3. It is up to you.
if you want your customer to inform you of any changes within their system, then you should have a clear policy and communicate it with them.
do you need a register for customer documents?
well, i don't know how you manage your process!
Some use customers Own Master List, the one your customer is using to manage their own internal documents. and they keep it in the customer file like a history index.
its up to you

4. Yes, you need to trace back the documents used in the audits even if it was regulatory documents. but you may online refer to them as long as they are available upon request.
 
P

popolo

#3
First, thank you very much for your reply!

Just the method you use to make sure you are aware of the latest updates for the external documents.
the distribution of documents. including the authorization to work in these documents.
Methods and levels of controls used to exist for each of categories I've mentioned, and now they will be in a written procedure. I just wondered is there another category of documents common for certification bodies which should be treated as "external documents" as they are defined in ISO 17021.

2. Yes, it is common practice to have a register or master list of external documents.
We also used simple registers for e.g. relevant standards and legal documents. I wasn't clear enough, I was referring to e.g. formal Registers of external documents for documentation from clients (manuals, evidences of corrective actions etc.).

3. It is up to you.
It is ISO 9001:2008 approach - "to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled".

ISO 17021 is more strict. It is not (only) up to CB to determine which are those necessary external documents. Also, in ISO 17021 it is stated "documents that relate to fulfillment of the standard" which is, I would say, significantly different than "documents necessary for the planning and operation of the (quality) management system". Anyway, this formulation in ISO 17021 gave much more "power" to assessors from accreditation bodies...

4. Yes, you need to trace back the documents used in the audits even if it was regulatory documents. but you may online refer to them as long as they are available upon request.
I will try to do something like this, I hope it will be accepted.

Thank you once again!
 
T

t.PoN

#4
Just to be clear about this issue:
- what i meant about the method used for update is the following:
For example: You are certifying your customer on ASTM, ISO or whatever. if there is a new issue from the ASTM or ISO, how do you check for update? do you check the website once a year or are u subscribe in mailing list for update?
if you conduct a surveillance on Jan 2013 and the ASTM/ISO was updated on April 2013. what is your policy for customer certification? do you give them a grace period for applying changes or is it flexible scope of certification?

that what i could not found or i didn't understand in your system.


-For the customer documents, most certification bodies request their customer in their policies to maintain documents for a minimum retention period (which is the certification period 4 or 5 years) so the control of customer documents is maintained with customer and not the certification body.
You may ask your customer for uncontrolled copy or a copy that is valid for "assessment period".

but if you want your copy to be a controlled copy, you need to have a clear policy about that.
do you need just the Quality Manual? or a controlled copy of all documents which include "records" like a list of key staff, list of software, ...etc?

both ways fulfill the ISO 17021, or at least that's my thoughts.

I hope we its helpful, we are just sharing thoughts here not assessing each others :)
 
Last edited by a moderator:
Thread starter Similar threads Forum Replies Date
P Other Company's Documentation - Registered as External Documents Document Control Systems, Procedures, Forms and Templates 3
R What is External Documentation? Equipment Operation Manuals and Handbooks ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
N Audit non-compliance API Q1 - Use of External Documents 4.4.4 in Product Realization Oil and Gas Industry Standards and Regulations 4
J 510(k) for a control kit for an external IVD test kit 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
R Is it required to have an SOP for external audits? Medical Device and FDA Regulations and Standards News 7
Pmarszal External Standards and Regulations Management Process Document Control Systems, Procedures, Forms and Templates 10
I What kind of wine best complements the Friday that you close out your external audit findings? Opinions are welcome. Coffee Break and Water Cooler Discussions 12
B How to apply external voltage to SIP/SOP IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
P Qualifying commercial off the shelf (COTS) external suppliers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
B Internal and external auditor competency to CSR's IATF 16949 - Automotive Quality Systems Standard 20
N IATF 16949:2016 7.1.5.3.2 External Laboratory - How to approve the Testing Laboratory without accreditation scope IATF 16949 - Automotive Quality Systems Standard 1
A OHSAS 18001 external auditor finding personal interpretation? Occupational Health & Safety Management Standards 5
L External power supplies: How close does the safety report have to match the end-use application? IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
D Reduction of software class based on multiple external risk controls IEC 62304 - Medical Device Software Life Cycle Processes 5
C Identifying and Controlling External Documents Document Control Systems, Procedures, Forms and Templates 3
C External Laboratories and OEM Calibration IATF 16949 - Automotive Quality Systems Standard 0
Q AS9120B flow down to external providers: Records Retention AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 2
Casana IATF 16949 7.1.5.3.2 External Laboratory - On Site Calibration IATF 16949 - Automotive Quality Systems Standard 8
B Using external FDA and ISO 13485 audit as internal audit Internal Auditing 6
C ISO 17025 2017, Requirement 6.6.3 - Communicate requirements to external providers ISO 17025 related Discussions 4
C Determining if Maintenance Contractor is an External Service subject to ISO 9001 Clause 8.4 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 43
Q The Perfect audit? External Audit causes a significant negative impact in a company General Auditing Discussions 9
K AS9100D 8.4.1.1 external providers question - Walmart, Home Depot, our lawn care team. etc. AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 20
A External Auditor issue with Internal Audits Internal Auditing 7
R Do we need to treat local law as external origin documents? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 15
D ISO 9001:2015 Clause 8.4.3 "Information for External Providers" buying from online retailers. ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
M Applicability of Means of Protection, working voltage in an Automated External Defibrillator IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Necessity of external watchdog next to internal watchdog ISO 14971 - Medical Device Risk Management 1
B How to reply NCR on ineffectiveness of corrective action during IATF external audit? This is repeated issue whereby some mistake was done. IATF 16949 - Automotive Quality Systems Standard 7
I AS9100 8.4.2 Type and Extent of Control - External provider test reports Manufacturing and Related Processes 24
P AS9120B Control of External Providers for Franchised Distribution AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 0
S Tools and equipment provided by customer - Considered as external provider? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
T Transportation - External Service Provider ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 3
S ISO9001:2015 Clause 9.1 - What the external auditor will look at? ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
N IATF 16949 7.1.5.3.2 External Laboratory - Calibration of Nikon machine in factory IATF 16949 - Automotive Quality Systems Standard 24
H External power supply - requirements in safety/EMC test? IEC 60601 - Medical Electrical Equipment Safety Standards Series 4
Ashok sunder How to determine the internal and external issues in ISO 45001 standard? Occupational Health & Safety Management Standards 2
Q How to efficiently and compliantly reference external standards/regulations Other Medical Device Related Standards 2
B IATF 16949 7.1.5.3.2 FAQ #7 Audit Finding - External Calibration Laboratory IATF 16949 - Automotive Quality Systems Standard 7
P IATF checklist for External Supplier Audit IATF 16949 - Automotive Quality Systems Standard 8
J Ignoring a Failed Gage R&R and upcoming external audit IATF 16949 - Automotive Quality Systems Standard 22
sswaim IATF 16949 7.1.5.3.2 External Calibration Laboratory Requirelents IATF 16949 - Automotive Quality Systems Standard 15
S Risk Approach doesn't address External Issues (Auditor's Comment) ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 30
J Use of External Documents in Product Realization Document Control Systems, Procedures, Forms and Templates 7
Q AS9120B Clause 8.4.1.1 External Providers Scope of Approval AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 5
M AS9100d Controlling External Provided Processes (purchasing 8.4) - The customer want us to use supplier X AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 3
Q ISO 9001 - 9.3.2 c) 7 is answer for 8.4.1? Performance of external suppliers ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 9
A AS9120 External Provider Registry Scope of Approvals AS9100, IAQG 9100, Nadcap and related Aerospace Standards and Requirements 0
T Relevant internal and external communication - ISO 9001:2015 section 7.4 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
K EMS Manual - External auditor expectations Miscellaneous Environmental Standards and EMS Related Discussions 5
Similar threads


















































Top Bottom