TS 16949 - Clause 4.2.3 - Identification and Control of Documents of External Origin

R

Randy Lefferts

4.2.3 Control of Documents

We had our TS 2 audit and (un)fortunately it resulted in an open recommendation, pending a few actions needed to correct some nonconformances.

One of these nonconformances involved document control, specifically:

f) to ensure that documents of external origin are identified and their distribution controlled

The auditor asked how we controlled VDA 6.1. We don't use the standard. I told him to show me where it was required that we control it. He responded for me to show him where it was stated that we didn't need it.

He moved on to Guide 62. "Show me where you control it." I sort of laughed.

Then he pulled the DaimlerChrysler specific requirements and started reading through it. He then asked me where/how we controlled DC's Blue Dot Manual. Needless to say, I was getting a bit frustrated. I explained that there wasn't a Blue Dot Manual, per se. However I did show him the PSO and Product Assurance Testing Manuals. :frust:

So anyway, after all that, we were given a nonconformance "xxxxxxx does not fully address all documents of external origin, including customer specific requirements."

We currently have a list that contains all reference manuals used by my organization with rev levels/dates and it is posted on our intranet. It is reviewed annually to ensure we have the latest versions available, sometimes a bit more frequent if we are notified of a change.

This is supposedly not acceptable since we don't control the "distribution" of the manuals as well as not having every reference manual in the customer specific requirements section on our list. He stated that if you can't show that the customer "doesn't" require it, then you must control it.

So I have a couple of questions.

What is the definition of a document? (Are manuals, PPAP, MSA, etc documents?)

At what point do you "not" control something? (To control every reference manual in the customer specific requirements is insane.)

What is a better way to control externally generated documents?


Looking through the Ford specifics, they list VDA, Guide 62, Odette, etc. I am to control all of these unless I show that the customer (Ford in this case) doesn't require them of us. Absurd.

Anyway, could use some help on how others are handling this requirement.
 
C

Cari Spears

Super Moderator
Leader
Super Moderator
Hi Randy

I do not work in the automotive industry anymore, so I hesitate to advise about handling that requirement. But - if you have questions regarding an auditors findings you are free to contact your account manager or technical guy at your registrar for clarification and to verify your auditors statements. They will inform you of how they handle such things - I made a point to contact our technical guy right away and get to know him a bit. They are usually very helpful - ours is a great guy - I've called him a couple of times for clarification of some requirements as I was upgrading/transitioning to 9k2k. I'm not sure if this is typical - we may just be fortunate.

Many of the covers are auditors themselves, I'm sure you'll receive some helpful advice. Good Luck!
 
R

Randy Stewart

Randy (#3),
Do you have access to the B3 web sites? Can you get subscriptions to those manuals/standards required?

What we do is that every job from the customer lists what specs/standards, etc. are required (GP-11, 1294, etc.). We keep that version in the master job package.

As to distribution, who holds those pubs listed on your net? I would just add a column for "Custodial Department" and you have a distribution list.

Now if you want to argue the NC go after the "all documents of external origin". According to his write up you have to control Dictionaries, Sales Catalogs, etc. It doesn't state "Pertaining to customer or part" but all. Yes, I know its a verbiage issue but he pulled the show where you don't need them card.
If the customer doesn't state it in the SOW then how do you know what they are looking for? It should be in the Contract Review (QS title) to determine what the customer requirements are.
:smokin:
 
C

Cari Spears

Super Moderator
Leader
Super Moderator
Randy Lefferts said:
...The auditor asked how we controlled VDA 6.1. We don't use the standard. I told him to show me where it was required that we control it. He responded for me to show him where it was stated that we didn't need it...

...Then he asked me where/how we controlled DC's Blue Dot Manual. Needless to say, I was getting a bit frustrated. I explained that there wasn't a Blue Dot Manual, per se. However I did show him the PSO and Product Assurance Testing Manuals. :frust: ...

...He stated that if you can't show that the customer "doesn't" require it, then you must control it...

...At what point do you "not" control something?...

...Looking through the Ford specifics, they list VDA, Guide 62, Odette, etc. I am to control all of these unless I show that the customer (Ford in this case) doesn't require them of us.
Click to expand...

These are the statements that I'm having a problem with. Is the auditor correct?
 
R

Randy Stewart

They need to be addressed and the customer needs to let you know what they are holding you accountable for. It should be addressed under 7.2.2 Review of requirements related to the product. If I had an issue with this I believe I would have written under this section and not doc ctrl. Mainly because of this statement:
Where the customer provides no documented statement of requirement, the customer requirements "SHALL" be confirmed by the organization before acceptance.
It can be answered by this section.

What I believe the auditor was getting at was how do you know what the customer wants? He was waiting for a solid, firm answer. When he didn't receive one he put the whammy on you. In other words, look at your system and you tell me what it does. He was reporting his findings and not doing root cause analysis, almost an object lesson.

Randy, if you didn't receive any NC's under 7.2.2 you may already have the answer to the problem.

Without knowing what your system and procedures state that's about all I can do. But I really would look under how the customer requirements are made known to all those involved.
:thedeal:
 
T

tattva

Document Control!

Hi! Randy

Just for information which is your CB?

´Cause you can always ask the auditor for a motion and erase NC from the report as long as you prove NC was wrongfully assesed.

I don´t know how it works for others CB´s, I´m with BSI and we can achieve this talking with Account Manager who most of the times is the auditor himself. Mine in the opening meeting always makes this particular point very clear and gives us information about whom should we address in case of thinking a NC was wrongfully assesed.


Hope this helps and good luck! :truce:
 
D

db

The auditor asked how we controlled VDA 6.1. We don't use the standard. I told him to show me where it was required that we control it. He responded for me to show him where it was stated that we didn't need it.
Click to expand...

This is a STUPID statement.Do we have to list every document of external origin that you don't need? The list would be never ending!


We currently have a list that contains all reference manuals used by my organization with rev levels/dates and it is posted on our intranet. It is reviewed annually to ensure we have the latest versions available, sometimes a bit more frequent if we are notified of a change.

This is supposedly not acceptable since we don't control the "distribution" of the manuals
Click to expand...

Here he may have a point, to an extent. But all you have to do is add the location of the reference manual to the list. Now you've demonstrated "distribution".


...as well as not having every reference manual in the customer specific requirements section on our list. He stated that if you can't show that the customer "doesn't" require it, then you must control it.
Click to expand...

The real question here is how do you know if you need the customer referenced manuals? Do you have a process to determine this? This might be the real point.
 
R

richard b. thomas

4.2.3 Clntrol of documents

From reading your post I would contact your Registrar Customer Representative and asked them how they justify their auditors requesting you to control external documents that you are not required to maintain. I had this same scenario happen to me years ago. I told the auditor that I have access to my customers internet sites, which contains their specific documents. I have a process that we log onto the site and print out the most recent documentation, as needed. The auditor felt that I needed to go onto the site and check for the lastest revision level and then document the information on my internal master list under the tab for External Documents.
I stated that it was non-value added and unless evidence is found during an assessment that we weren't following our procedure, no finding should have been issued. The finding was removed by the auditor prior to the closing meeting.

The ongoing theme that I find throughout forums on the Cove are auditors telling clients to change there system based on unfactual intents or interpretations. Auditors are taught through AIAG or Registrar Internal training that this is what you should find when you audit this requirement. Which cause them to come into clients facilities with blinders on and state "this is what you have to do to meet this requirement". It is YOUR SYSTEM and as long as you can show that YOUR SYSTEM meets the intent, then they should not cite you with a finding of nonconformance. If you allow an auditor to come in and cite your for something that is not justifiable, they will continue to do this under the disguise of continually improving YOUR SYSTEM.

Good Luck,
Richard B. Thomas :ca: :ca:
 
C

Cari Spears

Super Moderator
Leader
Super Moderator
Richard -

While I agree that what you've posted does happen - I would still start by trying to contact a technical support type of function at the registrar and express my concerns in an inquisitive manner, rather than an overly defensive or aggressive way.

If you still can't come to an agreement, then I would initiate whatever their "appeals" process is.
 
D

db

Cari Spears said:
Richard -

While I agree that what you've posted does happen - I would still start by trying to contact a technical support type of function at the registrar and express my concerns in an inquisitive manner, rather than an overly defensive or aggressive way.

If you still can't come to an agreement, then I would initiate whatever their "appeals" process is.
Click to expand...

This is another good point Cari (no wonder you a zillion green dots!). I am often asked to intervene on behalf of a client with a registrar. I always begin with the auditor, and then if necessary go to registrar's technical contact. Very rarely do I have to go much farther. Normally, what I find is that what the auditee says the auditor said and what the auditor says they said are two different things. Now, I really don't care if the auditor mispoke, or if the auditee misheard. We get it cleared up and everyone sleeps better at night (and the best is I come out looking like a hero :rolleyes: )
 
You must log in or register to reply here.

Similar threads

Q
IATF 16949 8.3.3.3 Special Characteristics
2
Replies
10
Views
1K
Johnnymo62
Johnnymo62
P
How to deal with documentation requirements MDD/MDR under 2023/607
Replies
7
Views
364
EmiliaBedelia
E
Q
Minimal Documentation Method & 4.2
Replies
5
Views
444
John Broomfield
John Broomfield
I
Family FMEAs (PFMEA specific)
Replies
3
Views
263
toniriazor
T
A
AS9100D 8.4.1 c. Control on external providers... part of a process
2
Replies
13
Views
972
APetersen
A
Top Bottom