Two weeks later… He writes back (in blue ink):
Can I ask you a question regarding documentation? It’s in regards to that same client we discussed a couple weeks back. They have half of their forms on an ERP system, and other forms in pdf/hardcopy. They are in the middle of transitioning to the ERP, but not all of the forms are uploaded yet. I understand that the ERP controls the documents that are in it. But for the documents that aren’t, do you feel those documents should have an ID, rev. date? I always felt that if the document was printed out and completed by hand, that it should be controlled. I know the standard is flexible on how the docs are controlled, but when you have a doc system that is half ERP and half not, it’s kind of a grey area. I’m doing a gap audit and have been going back and forth.
First of all, what is your definition of control? Does an identification number and revision date really constitute control?
If you are in agreement that the ERP controls documents then you can eliminate those already entered into the system. That leaves you with pdf files and hard copies. I would argue that pdf files are controlled by virtue of satisfying d & e below (c is a different issue.) If they are a Word / Excel or e-file (pdf) they have to reside somewhere on the computer. Chances are these files are the latest and greatest (old versions overwritten) and pdf cannot be revised.
So all you have to worry about is hard copies. Now you need to read their procedure and answer a couple of questions specific to c – d.
Let’s look at AS 9101D audit standard (before they ‘mucked things up.’) These requirements parallel the AS 9100C Standard exactly. For relation to AS 9100 Rev. D see What is Really Required? Part 1.
If you see evidence that the requirements below are being followed, then they are compliant, if not, they aren’t. (N/A) indicates the requirement is not relevant to the context of the question.
4.2.3 Control of documents
Documents required by the QMS must be controlled
A documented PROCEDURE must exist and include controls needed for:
- approval process (N/A)
- review, update, and re-approval process (N/A)
- identification of changes and current revision status
- documents are available where needed
- documents are legible and identifiable
- external documents are identified and controlled (N/A)
- obsolete documents are identified and controlled (N/A)
You must ask yourself the following:
- Are the documents current?
- Is there a revision record? (It does not have to be on the individual document – just some way to determine you have a current copy.)
- Does this record somehow identify changes made?
- Are documents available when and where needed?
- Can you read them?
- Can you tell them apart – but more important, can they?
If you answered YES, then (at the minimum) they have met the requirements. If you answered NO, then they have not. If they are AS 9100 Certified look at previous audit findings that might indicate another auditor questioned their control process. But, they sound as if they are planning on entering all documents into ERP which kind of makes the whole thing moot.
If you still don’t feel warm and fuzzy about this, you could document an OBSERVATION such that the process needs to be completed without undue delay because there is the risk of potential nonconformity.
Figure you (they) only have a year to make it happen and that depends on their surveillance cycle. It will take you quite a while to document changes to their system – adding context, interested party needs, wants and desires, implementing the new processes (bone up on APQP) and addressing Positive Risk (opportunities,) Training, Full-system Audit (CAPAs) and Management Review. So plan on being busy…
Certified companies will need to upgrade to AS 9100D by June 14, 2018 and this should coincide with a scheduled surveillance or re-certification audit. Although, a special audit can also be scheduled and paid for. If you want to earn your keep, recommend they start preparations now – it will be cheaper in the long run.
I hope this helps.
And for the rest of you… Thanks for reading.