| Document and Data Control |
| Are all customer authority datasets registered and controlled? |
| Are current revisions of documents available at the point of use? |
| Are obsolete documents removed or clearly marked? |
| Is SharePoint/local server access restricted and logged? |
| Are hard copy prints tracked/marked and they are all logged? |
| Is the logged data up to date? e.g., the location of hard copy in floor shop |
| Are job-related records archived upon job completion in accordance with retention policy |
| Can completed jobs be traced to their full quality documentation (e.g., material certs, inspection results, change approvals) |
| Are documents sensitive labelled and correct file naming is completed? |
| Is master register logged up to date? |
| Are all computers/USB and other eletric devices registered for defence project? |
| Are all hardware or hard copies securely stored? |
| Is soft copy (e.g., CNC/CMM files) stored securely? e.g., no file should be available on CNC machine or CMM computer. |
| Change Management Implementation |
| Is there a formal change request process in place for CNC/CAM/CMM files and process documents? |
| Are all changes reviewed, approved, and documented before implementation? |
| Are customers notified and approvals obtained for changes requiring external validation? |
| Are post-change implementation checks conducted? |
| For applicable changes, has a First Article Inspection (FAI) been conducted or planned? |
| Configuration Item Traceability |
| Are configuration IDs assigned to all relevant work orders or parts? |
| Can the current part/configuration be traced back to the authority dataset and change history? |
| Are revision changes reflected in work orders and job travellers? |
| Derivative Data Register Accuracy |
| Are CNC, CAM, and CMM files correctly registered and linked to the authority dataset? |
| Do registers include file name, version, approval status, and linkage to jobs or WOs? |
| Are backup and access logs maintained? |
| Nonconformance and Corrective Action |
| Are all non-conformances formally documented with NCR numbers and traceable to affected parts/processes? |
| Are NCRs linked to the correct configuration or job traveller? |
| Is containment action taken immediately for defence-related issues? |
| Is root cause analysis (e.g., 5 Whys, fishbone) conducted for recurring or critical NCRs? |
| Are corrective actions documented, approved, and assigned with due dates? |
| Is effectiveness of corrective action verified and recorded? |
| Are CAPA records reviewed during internal audits or management review? |
| Are trends or repeated issues identified and addressed proactively? |
| Supplier Handling of Controlled Data |
| Are external suppliers (e.g., heat treaters, coating vendors) provided with the correct drawing revision and specifications? |
| Is the data sent to suppliers tracked and logged? |
| Are certificates (COC, heat treat, etc.) linked to the correct job and retained in quality records? |
| Awareness and Training Records |
| Have relevant personnel been trained on configuration management, change control, and data handling? |
| Is training recorded and reflected in the skills matrix? |
| Are staff aware of where to find controlled documents and how to request changes? |
| Internal Audit |
| Are audit results documented and reported to management? |
| Are internal audits scheduled and conducted according to plan? |
