Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
articles:as9100d_oe_requirements-1 [2019/08/11 12:08]
rrandall
articles:as9100d_oe_requirements-1 [2019/08/18 18:50] (current)
rrandall
Line 1: Line 1:
 ====== AS9100D Objective Evidence Requirements:​ Part 1 Documentation ====== ====== AS9100D Objective Evidence Requirements:​ Part 1 Documentation ======
  
-AS 9100D is an incredibly poorly written QMS standard littered with ambiguous / vague requirements that have resulted in subjective interpretations and inconsistent implementation. This article discusses the minimum "​Objective Evidence"​ actually by the standard. Any interpretations beyond these minimum requirements (e.g., by an internal or external auditor) are based purely on subjective opinion. ​+AS 9100D is an incredibly poorly written QMS standard littered with ambiguous / vague requirements that have resulted in subjective interpretations and inconsistent implementation. This article discusses the minimum "​Objective Evidence"​ actually ​required ​by the standard. Any interpretations beyond these minimum requirements (e.g., by an internal or external auditor) are based purely on subjective ​//opinion//
  
 The first confusing point to address is which documentation (e.g., procedures) are actually required by AS 9100D. The first confusing point to address is which documentation (e.g., procedures) are actually required by AS 9100D.
Line 13: Line 13:
  
 ^  #  ^  “Maintain” as Documented Information (Documents) ​ ^  Sec.  ^ ^  #  ^  “Maintain” as Documented Information (Documents) ​ ^  Sec.  ^
-|  1  | //To the extent necessary//,​ the organization shall: ​ \\ a. maintain //​**documented information**//​ to support the operation of its processes; \\ **[SUBJECTIVE requirement - to be determined by the ORGANIZATION (as per 7.5.1b)... NOT the auditor.]** |  4.4.2  |+|  1  | //To the extent necessary//,​ the organization shall: ​ \\ a. maintain //​**documented information**//​ to support the operation of its processes; \\ <wrap em>**[SUBJECTIVE requirement - to be determined by the ORGANIZATION (as per 7.5.1b)... NOT the auditor.]**</​wrap> ​|  4.4.2  |
 |  2  | a general description of relevant interested parties (see 4.2 a);  |  4.4.2  | |  2  | a general description of relevant interested parties (see 4.2 a);  |  4.4.2  |
-|  3  | the scope of the quality management system, including boundaries and applicability (see 4.3);  |  4.3 & 4.4. | +|  3  | the scope of the quality management system, including boundaries and applicability (see 4.3);  |  4.4.2 & 4. | 
-|  4  | a description of the processes needed for the quality management system and their application throughout the organization; ​ |  4.4.2+|  4  | a description of the processes needed for the quality management system and their application throughout the organization; ​ |  4.4.2  
-|  5  | the sequence and interaction of these processes; ​ |  4.4.2  |+|  5  | the sequence and interaction of these processes; ​ |  4.4.2 & 4.4.1b ​ |
 |  6  | assignment of the responsibilities and authorities for these processes. ​ |  4.4.2  | |  6  | assignment of the responsibilities and authorities for these processes. ​ |  4.4.2  |
 |  7  | Quality policy ​ |  5.2.2.a ​ | |  7  | Quality policy ​ |  5.2.2.a ​ |
 |  8  | Quality objectives ​ |  6.2.1  | |  8  | Quality objectives ​ |  6.2.1  |
 |  9  | a register of the monitoring and measuring equipment (that includes: the equipment type, unique identification,​ location, and the calibration or verification method, frequency, and acceptance criteria). ​ |  7.1.5.2 ​ | |  9  | a register of the monitoring and measuring equipment (that includes: the equipment type, unique identification,​ location, and the calibration or verification method, frequency, and acceptance criteria). ​ |  7.1.5.2 ​ |
-|  10  | The organization shall "​determine"​ and "​maintain"​ //​**documented information**//​ "to the extent necessary:"​ \\ 1. to have confidence that the processes have been carried out as planned; \\ 2. to demonstrate the conformity of products and services to their requirements;​ \\ **[SUBJECTIVE requirement - to be determined by the ORGANIZATION (as per 7.5.1b)... NOT the auditor.]** |  8.1.e  | +|  10  | The organization shall "​determine"​ and "​maintain"​ //​**documented information**//​ "to the extent necessary:"​ \\ 1. to have confidence that the processes have been carried out as planned; \\ 2. to demonstrate the conformity of products and services to their requirements;​ \\ <wrap em>**[SUBJECTIVE requirement - to be determined by the ORGANIZATION (as per 7.5.1b)... NOT the auditor.]**</​wrap> ​|  8.1.e  | 
-|  11  | 8.3.4.1 When tests are necessary for verification and validation, these tests shall be planned, controlled, reviewed, and //​**documented**//​ to ensure and prove the following: \\ a. test plans or specifications identify the test item being tested and the resources being used, define test objectives and conditions, parameters to be recorded and relevant acceptance criteria; \\ b. test procedures describe the test methods to be used, how to perform the test, and how to record the results; \\ c. the correct configuration of the test item is submitted for the test; \\ d. the requirements of the test plan and the test procedures are observed; \\ e. the acceptance criteria are met. \\ **[While this requirement does not include the words "​maintained"​ or "​retained",​ it is generally interpreted as applying in part to "test plans" (or specifications),​ "test procedures",​ and to the "test results"​ (i.e., record)]**| ​ 8.3.4.1 ​ | +|  11  | 8.3.4.1 When tests are necessary for verification and validation, these tests shall be planned, controlled, reviewed, and //​**documented**//​ to ensure and prove the following: \\ a. test plans or specifications identify the test item being tested and the resources being used, define test objectives and conditions, parameters to be recorded and relevant acceptance criteria; \\ b. test procedures describe the test methods to be used, how to perform the test, and how to record the results; \\ c. the correct configuration of the test item is submitted for the test; \\ d. the requirements of the test plan and the test procedures are observed; \\ e. the acceptance criteria are met. \\ <wrap hi>**[While this requirement does not include the words "​maintained"​ or "​retained",​ it is generally interpreted as applying in part to "test plans" (or specifications),​ "test procedures",​ and to the "test results"​ (i.e., record)]**</​wrap>​|  8.3.4.1 ​ | 
-|  12  | Controlled conditions shall include, as applicable: \\ a. the __availability__ of //​**documented information**//​ that defines: \\ 1. the characteristics of the products to be produced, the services to be provided, or the activities to be performed; \\ 2. the results to be achieved; ​ \\ **[This documented information //may// be provided by the customer (e.g., Drawings)]** |  8.5.1.a ​ |+|  12  | Controlled conditions shall include, as applicable: \\ a. the __availability__ of //​**documented information**//​ that defines: \\ 1. the characteristics of the products to be produced, the services to be provided, or the activities to be performed; \\ 2. the results to be achieved; ​ \\ <wrap hi>**[This documented information //may// be provided by the customer (e.g., Drawings)]**</​wrap> ​|  8.5.1.a ​ |
 |  13  | c. the implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met; \\ 1. ensuring that //​**documented information**//​ for monitoring and measurement activity for product acceptance includes: \\  - criteria for acceptance and rejection; \\  - where in the sequence verification operations are to be performed; \\  - measurement results to be retained (at a minimum an indication of acceptance or rejection); \\  - any specific monitoring and measurement equipment required and instructions associated with their use; |  8.5.1.c1 ​ | |  13  | c. the implementation of monitoring and measurement activities at appropriate stages to verify that criteria for control of processes or outputs, and acceptance criteria for products and services, have been met; \\ 1. ensuring that //​**documented information**//​ for monitoring and measurement activity for product acceptance includes: \\  - criteria for acceptance and rejection; \\  - where in the sequence verification operations are to be performed; \\  - measurement results to be retained (at a minimum an indication of acceptance or rejection); \\  - any specific monitoring and measurement equipment required and instructions associated with their use; |  8.5.1.c1 ​ |
 |  14  | The organization’s nonconformity control process shall be maintained as //​**documented information**//​ including the provisions for: \\ − defining the responsibility and authority for the review and disposition of nonconforming outputs and the process for approving persons making these decisions; \\ − taking actions necessary to contain the effect of the nonconformity on other processes, products, or services; \\ − timely reporting of nonconformities affecting delivered products and services to the customer and to relevant interested parties; \\ − defining corrective actions for nonconforming products and services detected after delivery, as appropriate to their impacts (see 10.2). ​ |  8.7.1  | |  14  | The organization’s nonconformity control process shall be maintained as //​**documented information**//​ including the provisions for: \\ − defining the responsibility and authority for the review and disposition of nonconforming outputs and the process for approving persons making these decisions; \\ − taking actions necessary to contain the effect of the nonconformity on other processes, products, or services; \\ − timely reporting of nonconformities affecting delivered products and services to the customer and to relevant interested parties; \\ − defining corrective actions for nonconforming products and services detected after delivery, as appropriate to their impacts (see 10.2). ​ |  8.7.1  |
Line 32: Line 32:
  
 <note tip>**# 3** \\ Guidance from ISO on crafting an acceptable QMS "​scope"​ can be found online in the: [[https://​committee.iso.org/​files/​live/​sites/​tc176sc2/​files/​documents/​ISO%209001%20Auditing%20Practices%20Group%20docs/​General/​APG-Scope2015.pdf|ISO 9001 Auditing Practices Group Guidance on: "Scope of ISO 9001, Scope of Quality Management System (QMS) and Scope of Certification"​]]</​note>​ <note tip>**# 3** \\ Guidance from ISO on crafting an acceptable QMS "​scope"​ can be found online in the: [[https://​committee.iso.org/​files/​live/​sites/​tc176sc2/​files/​documents/​ISO%209001%20Auditing%20Practices%20Group%20docs/​General/​APG-Scope2015.pdf|ISO 9001 Auditing Practices Group Guidance on: "Scope of ISO 9001, Scope of Quality Management System (QMS) and Scope of Certification"​]]</​note>​
 +
 +<note important>​**#​ 3** \\ When asked "//Is it allowable for an organization to claim non-applicability with any sub-clause or sub-paragraph of 9100-series?//",​ the response contained in the IAQG official [[https://​www.sae.org/​iaqg/​projects/​9100-2016_clarification_table.pdf|"​AS 9100:2016 Series Clarifications"​]] stated: \\ //"​Yes. Organizations can claim non- applicability even down to a shall statement or portions of a shall statement."//​ \\ \\ Also, when asked "//Is it required that any non-applicability with a requirement be documented in the scope section of the __Quality Manual__?//",​ the response contained in the IAQG official [[https://​www.sae.org/​iaqg/​projects/​9100-2016_clarification_table.pdf|"​AS 9100:2016 Series Clarifications"​]] stated: \\ //"No. It is required that any non-applicability with a clause or “shall” statement be documented information but does not have to be documented in the scope section of a __Quality Manual__."//</​note>​
 +
 +<note important>​**#​ 5** \\ When asked "//Is using the process diagram in Figure 2 from clause 0.3.2, in your quality manual for interaction between the processes sufficient?//",​ the response contained in the IAQG official [[https://​www.sae.org/​iaqg/​projects/​9100-2016_clarification_table.pdf|"​AS 9100:2016 Series Clarifications"​]] stated: \\ //No. 9100-series standards are a process-based standard with requirements to identify the organization’s QMS processes and their interaction. The diagram on page 8 of 9100-series includes the relationships of the 9100-series sections 4 through
 +10. This diagram is not intended to define an organization’s processes and their interaction. Additional information is available from the [[https://​committee.iso.org/​files/​live/​sites/​tc176sc2/​files/​documents/​ISO%209001%20Auditing%20Practices%20Group%20docs/​Auditing%20to%20ISO%209001%202015/​APG-Processes2015.pdf|ISO 9001 Auditing Practices Group website]] and [[https://​www.sae.org/​iaqg/​projects/​9100-2016changes.pdf|IAQG 9100 Key Changes Presentation]] on the topic Process Management/​Approach. \\ In addition, Annex A.1 of the standard provides this statement: “The structure of clauses is intended to provide a coherent presentation of requirements,​ rather than a model for documenting an organization’s policies, objectives, and processes.”//</​note>​
  
 <note tip>**# 5** \\ //Most// AS 9100D auditors prefer to see "the sequence and interaction"​ of your QMS processes in "​Turtle Charts"​ because that is how the auditor'​s [[https://​www.sae.org/​iaqg/​forms/​disclaimer9101fform3ul.htm|SAE AS 9101F, Form 3 "​Process Effectiveness Assessment Report"​]] (a.k.a. "​PEAR"​ form) is structured. However, if using "flow charts"​ to document "the sequence and interaction"​ of your QMS processes, preference should be given to using the [[https://​www.omg.org/​spec/​BPMN/​|"​Business Process Model and Notation"​ (BPMN™) Standard]] for flow charting your processes.</​note>​ <note tip>**# 5** \\ //Most// AS 9100D auditors prefer to see "the sequence and interaction"​ of your QMS processes in "​Turtle Charts"​ because that is how the auditor'​s [[https://​www.sae.org/​iaqg/​forms/​disclaimer9101fform3ul.htm|SAE AS 9101F, Form 3 "​Process Effectiveness Assessment Report"​]] (a.k.a. "​PEAR"​ form) is structured. However, if using "flow charts"​ to document "the sequence and interaction"​ of your QMS processes, preference should be given to using the [[https://​www.omg.org/​spec/​BPMN/​|"​Business Process Model and Notation"​ (BPMN™) Standard]] for flow charting your processes.</​note>​
Line 37: Line 42:
 <note tip>**# 2 thru 8** \\ While AS 9100 does NOT require a "​Quality Manual",​ it is generally a good idea to do so as a "​defensive measure"​ because: \\ 1. Addressing all of the requirements of AS 9100D in a "​Quality Manual"​ (at a policy level) the business can argue that it has addressed the more //​subjective//​ requirements (contained throughout AS 9100D) that do not specifically require "​objective evidence",​ and \\ 2. Including references to the sources for the business'​s interpretations can immediately dismiss many //​subjective//​ interpretations that an auditor may have. \\  Also, a "​Quality Manual"​ can improve efficiency through providing a single source addressing items 2 thru 8 from the above chart.</​note>​ <note tip>**# 2 thru 8** \\ While AS 9100 does NOT require a "​Quality Manual",​ it is generally a good idea to do so as a "​defensive measure"​ because: \\ 1. Addressing all of the requirements of AS 9100D in a "​Quality Manual"​ (at a policy level) the business can argue that it has addressed the more //​subjective//​ requirements (contained throughout AS 9100D) that do not specifically require "​objective evidence",​ and \\ 2. Including references to the sources for the business'​s interpretations can immediately dismiss many //​subjective//​ interpretations that an auditor may have. \\  Also, a "​Quality Manual"​ can improve efficiency through providing a single source addressing items 2 thru 8 from the above chart.</​note>​
  
-<note important>​**#​ 9** \\ The IAQG official [[https://​www.sae.org/​iaqg/​projects/​9100-2016_clarification_table.pdf|"​AS 9100:2016 Series Clarifications"​]] states: //The 9100-series clause 7.1.5.2 was not intended to force organizations to have the register specifically include the "​equipment type, unique identification,​ location, and the calibration or verification method, frequency, and acceptance criteria.” The organization is required to have this information for equipment listed on the calibration register but not specifically in the register.// \\ \\ Almost ​no one identifies the “method” or “acceptance criteria” in their “register” (database)... unless they have a full in-house calibration laboratory. What auditors typically see is: \\ 1. the “method” identified on the calibration certificate (from the calibration/​metrology lab). \\ 2. the  “acceptance criteria” either identified in the calibration certificate (from the calibration/​metrology lab) OR for the company to have a copy of the calibration “method” that was used (containing the acceptance criteria). \\ \\ While the company could have the instrument specifications,​ if those specifications can’t be matched to the actual calibration method used, then there is no way to confirm that was the actual “acceptance criteria” used in performing the calibration.</​note>​+<note important>​**#​ 9** \\ The IAQG official [[https://​www.sae.org/​iaqg/​projects/​9100-2016_clarification_table.pdf|"​AS 9100:2016 Series Clarifications"​]] states: //The 9100-series clause 7.1.5.2 was not intended to force organizations to have the register specifically include the "​equipment type, unique identification,​ location, and the calibration or verification method, frequency, and acceptance criteria.” The organization is required to have this information for equipment listed on the calibration register but not specifically in the register.// ​ </​note>​  
 + 
 +<note tip>**# 9** \\ Consistent with the above "​official"​ interpretation,​ almost ​no one identifies the “method” or “acceptance criteria” in their “register” (database)... unless they have a full in-house calibration laboratory. What auditors typically see is: \\ 1. the “method” identified on the calibration certificate (from the calibration/​metrology lab). \\ 2. the  “acceptance criteria” either identified in the calibration certificate (from the calibration/​metrology lab) OR for the company to have a copy of the calibration “method” that was used (containing the acceptance criteria). ​ \\ \\ While the company could have the instrument specifications,​ if those specifications can’t be matched to the actual calibration method used, then there is no way to confirm that was the actual “acceptance criteria” used in performing the calibration. ​ </​note>​
  
 <note important>​**#​ 12** \\ When asked whether clause no. 8.5.1a) of ISO 9001:2015 "​availability of documented information"​ means "​maintain documented information”,​ the " <note important>​**#​ 12** \\ When asked whether clause no. 8.5.1a) of ISO 9001:2015 "​availability of documented information"​ means "​maintain documented information”,​ the "