Translating Audit Check List to Guidelines - Paperwork Reductions


Quite Involved in Discussions

I had a checklist that I would like to transform into a set of guidelines since I would like to reduce the paperwork. This checklist in used during our audit. This was been filled up then filed. We do it twice a day. We consume a lot of paper. :frust:

My problem now is this, since it is a checklist, we considered it as a form. I put a form number in it. Then, as I write a change notice, would it be possibly that form can be transformed into a guidelines. e.g. From F-01 Rev A. To G-01 Rev. A. Wherein F stands for Form, while G for Guidelines. :eek:

Do I have to include this in our Document Control Procedure? How I would be able to document this changes? Am I not violating any rules?
This seems to be very conflicting to me. :bigwave:

Any feedback would be appreciated.
Thanks in advance,

Laura - 2003

Doc control...a b***er

Make the form obsolete, and get rid in accordance with your procedure, then create a so called 'new' guideline (which is based on the form) in accordance with procedure.

The idea is to ensure that everyone is holding and using the most up to date and correct information. If you eliminate the obsolete form and distribute the guidelines to the relevant personnel and controlling any subsequenet changes to the guidelines, you shouldn't have any probs.

Does that make sense?


M Greenaway

Doc Control


It seems from your post that you are asking if you still need to operate document control practices on your guideline document, now that it is no longer a form.

My thoughts are that no matter what you call this document it should be controlled in some way if it is issued as a 'standard' document that either defines the process in some way, or is retained as a Quality Record.

By creating 'guidelines' you might well be merely re-creating existing systems under a new title. I have issued checklists to be used in audits but have always said that they are compiled and issued by myself for that specific audit only, hence have no need to be a controlled form (this is a bit tongue in cheek, but so far so good).

You could alternatively issue your guidelines in your procedure, if they are general enough.



I have to agree with M. Greenway. We too have quite a few guidlines per say, which we still maintain in a controlled enviroment.

The managers prefer to call them "guidlines" instead of procedures, because it sound less serious, and that the auditor will skip it because it is "a guidline". However, in our November audit ( ISO 9001-2k) The external auditor did ask to see the controlled enviorment of the guidline we had published.

Which personally to me makes sense, because customers change, companies change, so guidlines change!

Talk to you soon!

Laura - 2003

Guidelines to guide.


I agree with you about change control.

I am trying to ensure that staff at my place do not confuse the differences between a procedure and guidance documents, although we both know they should be controlled.

I ensure that guidelines are maintained at a local level by the department that performs the function, it is their responsibility that they control the changes.

The procedures are managed by me and published throughout the organisation, thus ensuring that change control is maintained, that everyone has access to the correct information and that cross functional communication is established without getting messy in detail!

I have been asked by assessors about how guidelines have been controlled and I myself also audit this internally. This way, we know its happening and encourages regular review of the guidelines by the relevant areas.

My last company had a 'local work instructions' which issued direction on how to control guidelines and who should ratify them.


Just a question for discussion

What is it that requires every document in a company to be controlled? The standard says "documents and data that relate to the standard" but do all forms and documents used in your company relate to the standard?

A good example would be the "guidelines" you mention. What would happen if they were not followed? Would it have an effect on the product? If you say yes, they can't really be a guideline, they would be required. If it didn't matter if they were followed, then it probably wouldn't matter if it was today's guideline or yesterday's guideline so would it really matter if it was controlled?

The same thing with a form. Lets assume there is no criticality in having the same information (in that case we would control the form) filled in by every user. Contact notes come to mind here. The information on the form becomes "data" and must be controlled but what about the blank form itself? Without data, it has nothing to do with anything. Throw it away, use the back as scrap paper, whatever. Does it have to be controlled? Can I put my data on a note pad and you put yours on the form? Would data on the note pad be a nonconformance because I didn't use the latest revision?

I once heard a registrar's auditor tell a roomfull of people that all signs posted in the workplace had to be controlled. This, he said, included post-it notes placed on a machine by an operator to remind herself of thread coverage requirements so she wouldn't have to refer to the job spec on the table behind her.

Do we "overkill" this requirement and controll everything just "because"? No wonder it is listed as the largest cause of nonconformance. The standard certainly requires control for documents and data that relate to the requirements of the standard. This doesn't say though that control is required for everything that relates to the standard - just to the requirements. This would seem to allow judgement in the sense that if a document or form related to the business but not necessarily to the requirements the company could decide if it mattered if a document were changed for a particular use or if a form was the same company wide.

A good example of the distinction here would be training records. The company policy and procedure on training and record retention would be required to be controlled. Unless you specifically say so in your procedures, would it matter how the training in each department/area were recorded? If in one place they used a hardcopy card and another they used a computer, would it really matter? If the answer is no, then why would you make the card a controlled document? If the answer is "to keep the auditor happy", I think we have created another monster.

What if when an auditor asked why a guideline wasn't controlled. you simply said there is no need to control it? Any other thoughts?


M Greenaway

Great post Dave - agree entirely.

If the purpose of a guideline is not to mandate how to do something, just offer advice on best practice which can be followed or not, then there is no need to control it and you shouldnt audit against it.



I've been through this same soulsearching type of argument with myself (because I didn't want to have to control everything). I have a post somewhere around here where I was asking if I absolutely had to "control" some guidelines that I had written for the new doc control administrators.

My thoughts now are that if it is necessary for the function of a process or to demonstrate the effective working or control of a process, then it has to be controlled. It doesn't matter if it affects the product, because we have to control our processes too.

It is hard to find documents within a company that don't apply somehow to one of the QMS processes, that would be exempt from control. Examples might be personnel-type forms like expense reports, vacation requests, etc.

But even with something like vacation requests, you may have policies that only so many from a particular department or position can take vacation at the same time because of the impact to the company's ability to function ( sorry customer, we can't install that windshield for you today. All of our windshield installers are in Cancun.:vfunny: )

So while the form that the request is made on may not seem so important, whatever database or other means of recording the scheduling is very important and may become your record. That database needs specific information for its integrity.

The purpose of having a controlled form is to ensure that all of the necessary information is provided. If there is a piece of information that is needed, and not provided because you allow alternate ways of providing it, then you have failed to control your process.

However, although almost everything needs 'control', we are thankfully left to determine the level and means of appropriate control.

An auditor once told me that he doesn't stress over whether a form is the current revision or not so long as the necessary information for the process to function is there. And he added, "but if there are instructions on the form, such as a test procedure, then that is a different story".



Great thoughts. Not to be argumentative, but to continue the line of thought - I agree, if information is absolutely necessary, you should control the document but what if the information is not all that critical?

My thinking is that there are many instances where the company should be making a decision on what truly needs to be controlled and following M. Greenway's thought, what should be subject to audit.

Anyone else got some input on this one?



Summary of my thoughts on this issue

Well, I guess my thoughts on the whole thing out "To Control or not to Control" is.... It is a lot easier to train people to thinking "controlling" eveything, rather then well you can control that, but not that.

This way, I believe it's an evolution. They train themselves in thinking that way, and employees tend to come to me and ask, "This is the reason why I am controlling this, is this ok?"

To, me we have a paperless system so it's easy, but I'm sure for the manual systems it could be a bit more challenging!

Top Bottom