SBS - The best value in QMS software

How to show Approval for Documents and Training?

C

cywork

#11
Cywork,

It's really, really, really difficult to venture an opinion here without being 'on the spot' or being able to see some specific examples. Perhaps you'd be able to either post a couple to illustrate, or give a specific example of what you do have and what your auditor wasn't satisfied with?

Because that's here is your description and although I've read it, I really don't quite follow it accurately enough to determine and without specific examples, can't assess. Part of what you write sounds as though it does, but then other parts appear to contradict....
Hi Jane,

Thanks for your response. I do realize my post was a bit confusing...I just return from a long trip and still recovering from jetlag.

Please allow me to clarify:

As a background info, the way my company has been controlling document approval prior to the said auditor (let's call him Auditor X) has been approved by previous auditors. My company has been certified since 1994. I recently joined this company a year ago so I have not worked with other auditors besides Auditor X (we had a reassessment in September).

However, we were originally approved by Auditor X for ISO certification and then later were switched to someone else. So this has been the first time for several years that Auditor X has audited us.

Now on to the actual document approval procedure:
We have 3 types of documents (plus the 4th which is just records) - a main procedure (for various major operations e.g. CPA procedure), a sub-procedure or work instruction (more detailed instructions for specific parts of the operation e.g. how to fill out CPA form) and quality forms for keeping quality data (e.g. a completed CPA form).

Prior to me taking over Quality, document approval pretty much consisted of just signatures on the main procedure which automatically approves any sub-procedure or forms generated for that procedure. When I took over, I decided to make it much clearer who approves what so I created a separate Change Request procedure for doc revisions (which for some reason we never had) and updated the Doc control matrix to include approval authorities which is just a job title, no name (our previous doc control matrix only had doc number, doc title and revision level).

On my Change Request form I also have signatures for approving authorities to approve the changes to the documents.

Now the issue the auditor had with me is on our actual sub-procedures and forms there were no indications of approval authorities (no name or job title responsible), which only existed on our main procedures (it has the name of person responsible for everything under the main procedure). Even though I had the Doc Matrix to prove the specific documents had specific approving authorities and the change request form numbers with the signatures are listed on the doc matrix for traceability he said that still doesn't show that my sub-procedures and forms were approved per ISO requirement. But I do have the revision levels on each document which also corresponds with what is listed on the Change Request and Doc Matrix.

Attached are a sample of my doc matrix and the Change Request form.

Because this issue has been written up already I have to make the changes and what I did was for new doc updates I just included on the footnote of the sub-procedures and forms who the doc approval is by job title and added a new form for signatures of revisions. However, I just want to check with others whether I have actually violated the ISO standard in regards to doc approvals.

Thanks again! Sorry this is so long...
 

Attachments

Elsmar Forum Sponsor
J

JaneB

#12
the issue the auditor had with me is on our actual sub-procedures and forms there were no indications of approval authorities (no name or job title responsible), which only existed on our main procedures (it has the name of person responsible for everything under the main procedure). Even though I had the Doc Matrix to prove the specific documents had specific approving authorities and the change request form numbers with the signatures are listed on the doc matrix for traceability he said that still doesn't show that my sub-procedures and forms were approved per ISO requirement. But I do have the revision levels on each document which also corresponds with what is listed on the Change Request and Doc Matrix.
Thanks for the stuff you posted, though it's still difficult to say without also seeing whatever your procedure says and seeing actual examples - which of course is what the auditor did see!
But if what you re doing IS covered by the procedure & there's no conflict with it, and the records clearly show that the person with appropriate authority did sign off a revision of sub-proc v1.1 (say), then I am having a bit of difficulty seeing the problem.

As for the NC... not doing it 'Per ISO requirement' is a bit broad - after all the clause itself says there must be a procedure to define requirements for ie, this is something you get to decide (of course within reason, and bearing in mind the importance and impact of said docs).

Because this issue has been written up already I have to make the changes
Actually, no. You don't. If you really disagree with an audit finding & the raising of an NC, then your first port of call is to appeal it to the auditor's Technical Manager, citing your evidence & reasons for disagreeing. I'd try via phone/email and discuss with them. You do NOT have to just automatically take it and make changes.
And why do you need a whole new form for revisions to sub-procs & forms? Sounds a bit cumbersome. Don't these already get signed off by the person who did the ones above them?

PS I understand one might be a little annoyed if all previous auditors have accepted it... but this in & of itself isn't enough, as each auditor has their own responsibility when auditing. Though it does add a bit of weight (possibly) to your argument that it was OK. It's certainly a questin to discuss with the Tech Manager - ie, why did all other auditors accept this over X years if it's not compliant?
Sorry this is so long...
Longer is better when it adds clarity. Brevity isn't always best.
 
D

DrM2u

#13
The ISO9001:2008 standard requires the organization to 'define the controls needed to review and update as necessary and re-approve documents' (clause 4.2.3.a). There are no specifications as to who to perform this or how to prove that this has been done. In other words, you can have your cleaning lady have exclusive access to your electronic documents folders and say that just the fact that she updates the documents constitutes proof that the documents have been reviewed, updated and re-approved. On the other hand, there are other standards (i.e. ISO 13485) that do require that the review is done by qualified personnel. In this case the 'cleaning lady' approach won't cut it anymore.
With regards to auditing all employees, FALSE! Like others said, you audit the process and the employees are part of the process. The audit is a snapshot in time, a sample of the activities, and not everything that takes place. Therefore you will audit only a relevant sample of the employees (also previously mentioned). That means that the employees audited have to be involved in the process but not all employees involved have to be audited (althoug all are subject to being audited).
Another tip: don't hesitate to challenge the auditors or consultants, external or internal. Either you are right and avert false requirements based on individual's expectations, or you are wrong and the auditor can show you where something is specified in the standard. Interpretations can always be debated. Keep in mind that you are the customer and it is your quality system, so don't let any auditor intimidate you or stir you in the wrong direction. This is coming from a former lead auditor with a very large registrar.
That's my two-pennies worth for today ... :)
 
Last edited by a moderator:
J

JaneB

#14
The ISO9001:2008 standard requires the organization to 'define the controls needed to review and update as necessary and re-approve documents' (clause 4.2.3.a). There are no specifications as to who to perform this or how to prove that this has been done.
No, the who is left up to the organisation, and rightly so. Re. the no requirement 'prove that this has been done'... strictly speaking yes. But as there is a requirement to control documents, I'd be interested to see how you would expect that to be met without being able to demonstrate (not necessarily 'prove') that the documented procedure is in use.

In other words, you can have your cleaning lady have exclusive access to your electronic documents folders and say that just the fact that she updates the documents constitutes proof that the documents have been reviewed, updated and re-approved.
If you merely took each of the clauses in 9001 in isolation, in theory this would be true. But you can't. Anyone attempting to run that kind of line for their their system would definitely not meet the requirement of 6.2 for personnel to be competent.

Interpretations can always be debated. Keep in mind that you are the customer and it is your quality system, so don't let any auditor intimidate you or stir you in the wrong direction.
Yes, I agree with you here. Good auditors are willing to discuss and debate.
 
D

DrM2u

#15
Maybe I did not express myself clearly. I was trying to say that the 'who' is left to the otganization, and so is the 'how'. That's what I meant by 'no specifications'. No doubt that you have to demonstrate (or prove) through objective evidence that the documents are controlled and that the process matches the documented procedure.

No, the who is left up to the organisation, and rightly so. Re. the no requirement 'prove that this has been done'... strictly speaking yes. But as there is a requirement to control documents, I'd be interested to see how you would expect that to be met without being able to demonstrate (not necessarily 'prove') that the documented procedure is in use.
Let's debate this one ... Clause 4.2.3 does not specify any competency requirements for review, approval, update, identification of changes, etc of documents. Clause 6.2 says that the organization shall determine the necessary competence [...]. So, if I say that for my document control system in my organization all I need is someone with good understanding of file management in a computer and my cleaning lady has these competencies, then she is qualified to perform these duties. I will dare any auditor to prove me wrong, specially if she can prove that she follows the procedure and can demonstrate how she follows it!

If you merely took each of the clauses in 9001 in isolation, in theory this would be true. But you can't. Anyone attempting to run that kind of line for their their system would definitely not meet the requirement of 6.2 for personnel to be competent.


Yes, I agree with you here. Good auditors are willing to discuss and debate.
 
Last edited by a moderator:
J

JaneB

#16
I was trying to say that the 'who' is left to the organization, and so is the 'how'.
Agree.

No doubt that you have to demonstrate (or prove) through objective evidence that the documents are controlled and that the process matches the documented procedure.
Nope, there is no doubt.

But do I think it is more accurate - and thus far more useful - and especially when taking a provocative stance (eg, 'a cleaning lady could do it') to also give the full picture. So to just quote the 'cleaning lady' alone without referencing the requirement for competency could give someone who doesn't know a lot about the Standard a false understanding of its requirements.

Note: I didn't write all the words that you are ascribing to me in your 2nd quote - many of them are your words, not mine. And I'd rather not be misquoted, particularly on this topic. (I think you're muddling up the quote tags)
 
Last edited by a moderator:

Marc

Hunkered Down for the Duration with a Mask on...
Staff member
Admin
#17
Sue, don't trust what other people (no matter how well-intentioned) tell you that you 'have to do' this because 'the Standard says'. Always check it out by reading the Standard itself. You've just had the bad experience of having someone misinformed try to infect you with the same misinformed viewpoint. He's wrong. Congratulations on asking the question.
:topic: This is how this web site and forum came about. There are a lot of opinions and interpretations (scroll down to What Part Do I Play? (or Who has Control of the Tiller?). I have mine and others have theirs.

A problem in a forum such as this is the level of detail and complexity, not to mention the specificity in general, of a scenario. One has to read through opinions and consider peoples opinions and thoughts. From that one has to decide the best path for their specific scenario. And if there isn't a clear answer, sometimes it's good to add more details in a post so folks can respond in a more specific post.

Bottom line: If you ask a question you will get a lot of opinions. It is up to each individual to decide what is appropriate for their specific scenario and which posters are credible and which posters are not.
 
D

DrM2u

#19
JaneB,

Please accept my apologies! I did not intend to attribute my words/oppinions to you. I am fairly new to this forum and am still to learn how to do multiple quotes in a reply. There has to be a way to edit my replay but I did not figured it out yet. Correction: managed to edit my previous reply to clarify the quotes.

There is also a reason for providing just a partial disclosure and an instigative statement: it makes people think and questions status quo. Too many of us would not have to or take the time to think, question and analyze if everything was provided to us in full detail and with good reasoning. Of course, I also like a good argument where transfer of knowledge occurs. You seem to enjoy that also! :)
 

Caster

An Early Cover
Trusted Information Resource
#20
Clause 6.2 says that the organization shall determine the necessary competence [...]. So, if I say that for my document control system in my organization all I need is someone with good understanding of file management in a computer and my cleaning lady has these competencies, then she is qualified to perform these duties. I will dare any auditor to prove me wrong, specially if she can prove that she follows the procedure and can demonstrate how she follows it!
Hmmm...this is a letter of the law approach to ISO for sure.

In fact there is no need at all for a "document controller" position, the process owner can take care of this trivial task with software or even e-mail.

The spirit behind the standard is that when change happens, the impact on the entire system (including suppliers and customers) is evaluated, hopefully by a person or group who are competent to understand the impact of the change.

Somehow this often turns into a doc control clerk making life difficult for everyone. But it doesn't have to be this way.

I lean more to the spirit and less to the letter. I like to have process owners handle changes. It doesn't always happen of course.

Just because you can, should you? Does the cost outweigh the benefit?
 
Thread starter Similar threads Forum Replies Date
Q Should electronic copies of Procedures show the approval signatures? Document Control Systems, Procedures, Forms and Templates 5
Nihls When the MSA results show no operator influence Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 3
S Which department should prepare the control plan? could you show me a standard regarding to this matter. FMEA and Control Plans 17
E Our company is planning to file MDD not MDR next month. Do we require to show chemical characterization report ? CE Marking (Conformité Européene) / CB Scheme 2
B IATF16949 audit requirement - Auditor request UCL and LCL must be show Xbar-R, IATF 16949 - Automotive Quality Systems Standard 7
F Hi friends, can anyone show me an example of a procedure for ISO 13485 6.4.1 Work Environment? ISO 13485:2016 - Medical Device Quality Management Systems 2
R How to SHOW the importance of checklists, through some team gaming or play? Training - Internal, External, Online and Distance Learning 37
Wes Bucey International Manufacturing Technology Show - 10 September 2018 - Chicago (meet up?) Coffee Break and Water Cooler Discussions 6
S What records are required to show compliance to ISO 13485:2016? ISO 13485:2016 - Medical Device Quality Management Systems 1
K Questions on Technical File to show it is current EU Medical Device Regulations 5
D How do I show compliance to RoHS, REACH and Conflict Minerals? REACH and RoHS Conversations 6
K Operator Checks - How to show that they were completed on a checklist as acceptable IATF 16949 - Automotive Quality Systems Standard 2
M Metric/Way to show how Internal DPPM and External DPPM relate to each other Nonconformance and Corrective Action 1
R Is it legal to attend a trade show while you have a 510(k) application pending? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
M Presentation displays for malls, etc. for exhibition to show products Coffee Break and Water Cooler Discussions 5
D Medica show in Dusseldorf - Has anyone else gone? Other Medical Device and Orthopedic Related Topics 3
W How to show compliance to multiple CE Directives ? CE Marking (Conformité Européene) / CB Scheme 4
T Is there a requirement in TS16949 that PO's show a revision level? IATF 16949 - Automotive Quality Systems Standard 3
S Which non Salmonella organisms show positive in Wellcolex? Test kit ? US Food and Drug Administration (FDA) 1
C Do I need to show fasteners in my BOM's/DMR etc? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 7
G What is needed to show competency Clause 6.2.2 ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 11
W DIN ISO 1101 - Show me the General Dimensioning Tolerance Value Other ISO and International Standards and European Regulations 3
M Unapproved System Display at a Mexican Trade Show Other Medical Device Regulations World-Wide 2
L CE Auditor Using ISO audit reports to show compliance to the MDD?? EU Medical Device Regulations 4
P Is it necessary to show Model Number on the Labeling (meter box, label and manual)? Other US Medical Device Regulations 3
Hershal Reality TV show contest Coffee Break and Water Cooler Discussions 1
AnaMariaVR2 Design of Experiments in a Cooking Show Coffee Break and Water Cooler Discussions 0
T How to Show "Date/time" Data Graphically in Minitab Please? Using Minitab Software 2
S Suggested process to show compliance for this 820.120(a) for Label Integrity 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
R How do we show our Software Develoment Life Cycle is similar to IEC 62304 Other US Medical Device Regulations 3
L Old and New Primary Standards show a difference between them General Measurement Device and Calibration Topics 9
Marc Questions about the Internet circa 1994 on NBC's "The Today Show" After Work and Weekend Discussion Topics 1
V Can we show Photocopied Uncontrolled Copies of Documents to an FDA Auditor? US Food and Drug Administration (FDA) 15
H Can anyone show me a sample of a Cleaning Program for Food Manufacturing? Food Safety - ISO 22000, HACCP (21 CFR 120) 5
Ajit Basrur How to show percentage in an Excel graph? Excel .xls Spreadsheet Templates and Tools 13
P Rework Notification - Is it sufficient to show how we control rework process Manufacturing and Related Processes 1
Anerol C How I can show evidence that quality related activities are impacting the financials ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 8
L BSI Logo - Requirements when using the BSI logo to show certification ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 4
G Japan's PMDA Response to Question on Trade Show Display of Non-approved Device Japan Medical Device Regulations 9
P Must show Sub-Supplier details? Supplying a Tier 2 company IATF 16949 - Automotive Quality Systems Standard 7
JoCam How do I show the benefits of a QMS to the Design Team? ISO 13485:2016 - Medical Device Quality Management Systems 23
I In ISO 9001:2008 - Can we show an Internal Department as our Client/Customer ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 19
Marc Land a Million Show - Aviation Funny Stuff - Jokes and Humour 0
B Can somebody help me to show a 'delta-FMEA' example? FMEA and Control Plans 10
V Competency - How I can show experienced operators are competent? Document Control Systems, Procedures, Forms and Templates 3
S How to show that policies are properly communicated & Training Effectiveness ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Stijloor GM to take back 5 Delphi plants, contract details show World News 0
T Prison Break Fans ?? - TV Show Coffee Break and Water Cooler Discussions 10
8 SMED Classroom Exercise to show operators the importance of SMED Lean in Manufacturing and Service Industries 10
D A true example of CAPA - Accident that show its cause and the corrective action Nonconformance and Corrective Action 8

Similar threads

Top Bottom