Re: Simple ISO compliant Doc control
No promises, but here's the tack I'm taking with a similar Wild West scenario. I've created the following form, and for every document group I identify I get the players to give me the following information. It's yet to be tested by external auditor, so fingers crossed.
CONTROL OF CHANGES, DOCUMENTS, RECORDS : TEMPLATE – XX – XXXX F Rev. A
The categories underlined below must be completed.
Example answers are shown between underlined categories. Replace that text as appropriate.
Document or record description:
What is this thing? A drawing, technical specification, work ticket, corrective action, etc.?
Unique identification (document number if applicable) :
This item has a document number, has no document number but has a job number, etc.
Process owner(s):
Which department(s) or group(s) executes the process(es) resulting in the change, document, or record ? Operations, Sales and Engineering, Field Application Engineer, etc.
Storage method / location
This document/record is kept on my hard drive, on the engineering server, on the network, in a file cabinet, in email folders filed by customer, DocShare, public server location, etc.
Review authority / mechanism
This document is generated and approved by the Operations Manager, generated by engineering and approved by the Design Review Board, etc.
Authority to revise
This assembly instruction may be revised by Operations, this customer communication by Engineering, this work ticket by the Director of Operations, etc.
Revision / Change status identification method
Revisions are identified by alphanumeric, datestring, not identified but previous version destroyed/archived and new version distributed, etc.
Obsoletion control method
Previous revisions are archived on the server, put in the shredder, maintained as records in email, do not exist because each new document overwrites the previous one, etc.
Record retention duration
Records exist forever in XYZ200, are retained for five years, are retained as required by regulatory and contractual requirements, exist until the email server is purged, etc.
I'm going to put a cover sheet over that stack explaining that this is how we do it. I think it is legitimate and vaguely compliant - auditors will help me poke holes in it and we'll fix it, repeat as necessary.