How to control documents that most likely won't change ever ?

[drgnrider]

Having a discussion with Quality Manager and "Top Management" regarding how to control "documents that won't change", mainly our 'Weld Procedures' (WPs).

1) On our re-certification audit, we recently took a minor-NC for not having our ASME Code Manuals and 'local weld code manual' on a 'document control list'. This opened our (not CB auditor) discussion to our WPs that are controlled by a specialized program designed for ASME-code-WPs. This program, meets all the ISO requirements for document control: strict access controls, limited users, server gets back-upped daily, etc. I contend if they print them and put them out in the shop they need to have a list of where they are distributing all of these printed copies. They, contend, since these will 'never change' we don't need to track these, or we just mark them as "uncontrolled". As I know only those not yet 'qualified' on this procedure will reference it, they definitely won't check for revision control.

2) Additionally, we have a number of "guidelines" for machine shop to make parts and what they need to do to verify the part, (they used to call these "Standard Operating Procedures", but changed the name to keep them from ISO document control). Again, I contend, it doesn't matter what they call them, they need more 'control' then on an open server and a distribution list.

Managements whole idea with ISO (9001 & 14001) is, "what is the minimum we HAVE to do to maintain certification?" Right now, they are only being 'reactive' to audits. (see #1 above), they don't want the 'distribution lists' since we "haven't been caught on an audit"... yet.

Cove experts, what do you say?

 

[kgott]

Re: Controlling documents that most likely won't change...ever

Having a discussion with Quality Manager and "Top Management" regarding how to control "documents that won't change", mainly our 'Weld Procedures' (WPs).

1) On our re-certification audit, we recently took a minor-NC for not having our ASME Code Manuals and 'local weld code manual' on a 'document control list'. This opened our (not CB auditor) discussion to our WPs that are controlled by a specialized program designed for ASME-code-WPs. This program, meets all the ISO requirements for document control: strict access controls, limited users, server gets back-upped daily, etc. I contend if they print them and put them out in the shop they need to have a list of where they are distributing all of these printed copies. They, contend, since these will 'never change' we don't need to track these, or we just mark them as "uncontrolled". As I know only those not yet 'qualified' on this procedure will reference it, they definitely won't check for revision control.

2) Additionally, we have a number of "guidelines" for machine shop to make parts and what they need to do to verify the part, (they used to call these "Standard Operating Procedures", but changed the name to keep them from ISO document control). Again, I contend, it doesn't matter what they call them, they need more 'control' then on an open server and a distribution list.

Managements whole idea with ISO (9001 & 14001) is, "what is the minimum we HAVE to do to maintain certification?" Right now, they are only being 'reactive' to audits. (see #1 above), they don't want the 'distribution lists' since we "haven't been caught on an audit"... yet.

Cove experts, what do you say?

Strictly speaking all 9001 requires is that the document have a revision status on it for it to be controlled but in reality by the time you put a title on the document, the company logo and a revision status and ensure the document is available to uses at all their points of use, your document is effectively controlled.

There is little to gain by going down the path of saying 'lets look for reason why we can stamp as many documents as possible "not controlled"

The purpose of having a document management system is so that all business documents, particularly those that are used for the planning design of effective operation of the business are controlled.

The other reason any well managed business would want to control business documents, is so they can be certain that the most up-to-date information is available everywhere in the business it needs to be.

Looking for reasons for not controlling documents is symptomatic of a belief that the above two reasons for controlling documents are either invalid or their importance is not sufficiently understood.

 

[Wes Bucey]

Re: Controlling documents that most likely won't change...ever

My first blush response for the auditor is "Show me the shall!" I don't know of any clause in a QMS Standard which requires ASME Code Manuals to be even required, let alone "controlled." (see comment below about "Control."

Do any of your customer contracts require this?

Does your own QMS have a written requirement to do this?

WES BUCEY ON CONTROLLED DOCUMENTS
"Control" is merely a subset of Document Management, as is "Configuration Management."

In most cases, when someone used the term "Controlled Document" in relation to a Quality Management System, the primary criteria are as follows:

1. most recent version, obsolete versions made unavailable at point of use.
2. a list is kept of who receives updated documents and records whether obsolete ones are returned or destroyed.
3. a list of who may view, copy, edit, revise is kept.
4. a review schedule is kept and followed to review the document at set time periods to determine if it can be reaffirmed, needs to be updated, or should be archived or destroyed as obsolete.
5. how the documents are stored to prevent damage, loss, or alteration, and how they may be retrieved when needed

In most cases, ALL documents in a system are "Controlled." Some may have tighter security than others. (For example, everyone, including customers, prospects, suppliers, may view a Quality Manual, but not everyone might be able to view documents outlining trade secrets, and those documents may be kept in a more secure place than others.)

For a discussion of "Configuration Management," see this post on Configuration Management

In your particular case, I would suggest a simple tweak to your process - print the current version of the applicable portion of an ASME code as part of the work order (the Traveler) and that way, individual operators are guaranteed a fresh, up-to-date version with each order and no old, possibly obsolete versions will be hanging around. The problem of "private stash" can derail ANY QMS, whether it is documents, tools, measuring instruments, supplies. It is definitely a red flag to an auditor (in-house, customer, or third party) to approach a work station and see documents laying about or posted which appear to be "private stash" versus authorized attachments to work orders or official posters placed by the organization. The cost of printing is far less than the cost of one mis-manufactured order because an operator worked from an obsolete document.

 

[drgnrider]

Re: Controlling documents that most likely won't change...ever

The purpose of having a document management system is so that all business documents, particularly those that are used for the planning design of effective operation of the business are controlled.

The other reason any well managed business would want to control business documents, is so they can be certain that the most up-to-date information is available everywhere in the business it needs to be.

Looking for reasons for not controlling documents is symptomatic of a belief that the above two reasons for controlling documents are either invalid or their importance is not sufficiently understood.

I agree. I say we need to put these on a distribution list but they don?t want to go through the efforts to identify the appropriate documents and create the distribution lists. They say I am 'reading too much into this.'

My first blush response for the auditor is "Show me the shall!" I don't know of any clause in a QMS Standard which requires ASME Code Manuals to be even required, let alone "controlled." (see comment below about "Control."

Do any of your customer contracts require this?

Does your own QMS have a written requirement to do this?

<snip>

In your particular case, I would suggest a simple tweak to your process - print the current version of the applicable portion of an ASME code as part of the work order (the Traveler) and that way, individual operators are guaranteed a fresh, up-to-date version with each order and no old, possibly obsolete versions will be hanging around. The problem of "private stash" can derail ANY QMS, whether it is documents, tools, measuring instruments, supplies. It is definitely a red flag to an auditor (in-house, customer, or third party) to approach a work station and see documents laying about or posted which appear to be "private stash" versus authorized attachments to work orders or official posters placed by the organization. The cost of printing is far less than the cost of one mis-manufactured order because an operator worked from an obsolete document.

Our QM says our welders are "certified to ASME section 9?, (we build pressure vessels (boilers), heat exchangers, etc.) that require the higher, ASME code, standard of work, many welds even require x-rays. So the answer is ?yes? to both questions. Thus this code manual falls under 4.2.3 ?All documents required by the quality management system shall be controlled.? I am not disputing this NC, it is legitimate for our business. What I am questioning is managements? intent by their trying to circumvent the management system and not controlling distribution of ?necessary procedures?.

Two such sets of 'necessary procedures' for "quality of product" are our Weld Procedures (WPs) and 'machining guidelines' (formerly known as: SOPs). They want to print these and place them in binders at multiple locations in the shop, for use by the welders and machinists as they need them. But they do not want to control these printed versions, their reason, ?they won?t ever change?, and I know the user will not verify this is still the current version.

 

[kgott]

Re: Controlling documents that most likely won't change...ever

WES BUCEY ON CONTROLLED DOCUMENTS
"Control" is merely a subset of Document Management, as is "Configuration Management."

1. a review schedule is kept and followed to review the document at set time periods to determine if it can be reaffirmed, needs to be updated, or should be archived or destroyed as obsolete.

Our document control procedure says ..... documents are reviewed when:



investigation into root causes of problems indicates that the contents of a company document may be a contributing factor and review is warranted.


when there is a change in business process and review of appropriate documentation may be warranted.


when contracts with clients have requirements that may indicate that review of documents is appropriate.


when requested to do by clients


when audits indicate deficiences may exist in the relevant documentation.


at any time management requests that review take place.

 

[Wes Bucey]

Re: Controlling documents that most likely won't change...ever

[/LIST]
Our document control procedure says ..... documents are reviewed when:

investigation into root causes of problems indicates that the contents of a company document may be a contributing factor and review is warranted.

when there is a change in business process and review of appropriate documentation may be warranted.

when contracts with clients have requirements that may indicate that review of documents is appropriate.

when requested to do by clients

when audits indicate deficiences may exist in the relevant documentation.

at any time management requests that review take place.

What your company does is fine - there is no International Standard which lists a "shall" for regular and periodic review of documents. It is, however, an Opportunity for Improvement, to periodically review documents to clear out old and obsolete documents which may NOT have been a contributing factor in root cause investigations (Configuration Management should take care of that aspect.)

Perhaps if I illustrate with just ONE example I came across last year on a consulting assignment:

This small company of less than 100 personnel had a file room that was the size of a typical 7-11 or Stop-N-Go convenience store. I casually asked, "What's in all these files?" The answer: "EVERYTHING!" Even though the company had switched to all CNC machining centers from old Browne & Sharpe and Bridgeport equipment more than ten years previously, they still had all the manuals, maintenance schedules, and operator qualification records (most of the operators in the records had moved on to the Great Machine Shop in the Sky) of those machines dating back to 1947, the year of the company's incorporation.

A quick survey and calculation resulted in a cost factor for keeping all old, obsolete documents of every type from year one of the organization was costing the organization close to $50,000/year more than a streamlined paper system would cost and $100,000 more than a computerized system would cost, even factoring in the cost of periodic review of all existing and future documents. The key is not to use the same schedule for EVERY document, but to use a reasoned schedule for different types of documents, keeping tax, regulatory, and customer requirements in mind as each new document is created.
​