I'm not aware of any law or regulation prescribing the length of time such records must be kept. From an ISO standpoint, absolute minimum is one year. Probably, to be safe, keep them 3-5 years; this gives you backup in case a customer comes back to you sometime down the line.

I advise you to be completely open about this recurring problem. The original corrective action was not effective, so I'd raise a new one, restating the problem and stating plainly that the original corrective action was not effective.

Just leave it in the system that way. I strongly doubt the registration people will raise a finding of their own as long as they see that you are addressing it. (God knows the auditors will not find it earthshaking that a corrective action did not work the first time!) Unless of course you get an assessor who's especially picky about paperwork (there are such creatures) - but hey, all you can do is all you can do. Better to have it openly addressed in the system than hide it and hope they don't notice.

I would not turn it into a preventive action because technically "preventive action" is for problems that have not occurred, intended to prevent their occurrence. This one has occurred and continues to occur, so corrective action has been ineffective (so far).

First off, this probably happens all of the time. People make up their own notes to "put things in their own words" to make it easier for themselves to do a certain duty. I understand that if the work instruction itself changes, we face the possibility of that "cheat sheet" now disagreeing with the work instruction - that is essentially "uncontrolled." But can we trust in the system enough to rely on the fact that the person doing that job will be notified of the change (if they weren't actually the person that made the change anyway) by the process owner of the doc?

If people get caught with these types of notes, it's a noncompliance. Not a major unless it's rampant, but it's contrary to the whole purpose of the system, which is that we control such job instructions. If the person doesn't find the work instruction sufficiently helpful, then he/she is obligated to propose changes to the work instruction, and if he/she is a subject matter expert, that's all to the good. PLEASE nip this in the bud wherever you find it.

They must be completely consistent. This is not to say that an organization chart must list every single function of the organization. Some summarization / consolidation is acceptable here in the interest of clarity. But job functions, titles, etc. must be consistent across the entire system - organization chart, procedures, work instructions, training plans / records, job descriptions (though job descriptions as such are not specifically required and, in fact, are not always desirable).

He/she had no answer because there is no such requirement in the Standard. Listing the forms is a good idea, but it's neither necessary nor convenient to list revision level and revision dates of the forms; that's found on the forms themselves. As for revision history, this is also unnecessary -- if you keep an archive of obsolete versions. That archive functions as an adequate revision history.

Yes. There is no earthly reason to keep obsolete hard copies of they are available electronically.

The true test is for any employee (hourly or otherwise) to have reasonable access to documents pertaining to them - and to be able to show such a document to an auditor on request. One of our clients took the position that the employee may ask a supervisor to access computer files for him/her and obtain the document, and this is acceptable, barely. We are very enthusiastic about using electronic distribution. The worst case is that if internal audit shows that certain employees can’t access the documents, simply revert to hard copy in those areas.

I don't know of any internet sites that offer models such as these. Though the policy sections are fairly generic, the standard operating procedures are so specific to the organization concerned that templates / models are not very helpful. Most companies either develop these on their own, or enlist the aid of a consulting firm (like mine).

You need to start with a copy of the Standard itself to find out what's required. You can get this by ordering from ASQ at www.ASQ.com, or from the standards organization in your country.

Forms referenced by or related to the quality system (procedures, work instructions, etc.) need to be controlled. Most organizations use form numbers are part of this process. How you set that up is up to you. So it's more than just specs -- if a form is referred to by a procedure or a work instruction, it needs to be controlled.

It's not necessary to keep forms in the procedures / work instruction books. You can keep them anywhere you want to as long as the people who need them know where to find the latest approved versions.Typically, procedures (sometimes called "level 2 documents") spell out how PROCESSES are done. So you would write a procedure to document how your process for calibrating measuring equipment would be done. A process is a series of activities.

Work instructions are used to document how ACTIVITIES or TASKS are done. So work instructions are subsets of procedures. They are much more detailed than procedures. Normally they are written in step-by-step format. The important thing about work instructions is to use them ONLY in places where an activity or task must always be carried out a certain specific exact way. In other words, it's not required (or desirable) to write a work instruction for every single blessed activity in the place!

Work instructions are normally written to document things like 1) inspection / testing practices, 2) work activities that have a direct impact on quality; 3) work activities whose outcome cannot be independently inspected / judged.

If what you're asking me is if documents can be maintained and accessed electronically - with read-only access - the answer is yes. This is an ideal method because you have no hard copies to go obsolete. Notifying users of changes via email, etc. is fine, too.

This practice is a hangover from the "bad old" days of the original 1987 Standard. Back then it was thought necessary for the Quality Manual to parrot the language of the Standard virtually in boilerplate fashion.

Today's Quality Manuals (and, for that matter, Environmental, Health/Safety, or integrated system policy manuals) focus on policies, objectives, process sequence / interaction, and description of (with reference to) system documentation. The typical quality manual has some text, some charts, and some tables. And it's quite brief. Certainly less than 20 pages.

There is no "normal" or "acceptable" time. The usual approach is to state in the procedure (on document and data control) that procedures are updated as needed through suggestions by employees and/or feedback from internal quality audits. Given the amount of dynamic change that usually occurs just from these sources, I see no reason or need for having a separate scheduled "review process." Strikes me as overkill.

Any externally generated document that you use in your facility that does, or can, affect the quality of the product/service going to the customer, must be controlled. Control means, first of all, having a process for assuring that what you're using is the source's latest approved version. Control also means that, if you copy and circulate the document internally, you have the means to assure that only the latest approved version is in use.

There are three drawbacks to this approach.

Having said that, utilizing chunks of language from the Standard is not a bad way to start, as long as you fully comprehend what you are saying.

Your initial draft can begin as a rip-off of the Standard. But then let upper and middle management read the document thoroughly and provide feedback. You'll get lots of questions, and the answers to those questions will help you polish the manual and make it more distinctly your own.

Do the same with selected people from among the hourly group. Edit the manual some more. Strive to eliminate "quality jargon," stuffy Britishese, beancounter / lawyer lingo, and other bureaucratic stuffiness that may not suit the way people in your company think and talk.

Ultimately, the ISO/QS 9000 system belongs to you, not the auditors, and the policies expressed in the manual should be written in that spirit.

Assuming the material is competently organized and presented, it can eliminate much of the "scut" work involved in putting the documentation together.

But every organization is different. Even organizations in the same general line of work can be vastly different. (Even divisions in the same organization can differ tremendously!) No "canned" set of documents can possibly be installed on a "plug and play" basis, no matter how carefully designed.

Start with a model or a template, if you can find one. But then it's essential that you review the material line by line, word by word, and edit it. Not just once, but repeatedly, with input and feedback from everyone affected by it. That is the only way to make sure it fits you and expresses and defines your quality system and its procedures accurately.

Sure, it's work. Grueling and mind-numbingly boring work. (If there's a more intrinsically boring subject than ISO/QS-9000, I have yet to find it.) But there's no escaping the work; there's no quick fix and no way around it. Without it, you may have a "system" --at least on paper -- but it will not necessarily improve your organization (or, for that matter, pass a rigorous audit).

What's value-added about that?

ISO 9001 (2000) has a note that makes it clear that documents can be distributed in any medium. Increasingly our clients are moving to electronic distribution via networks or intranets.

On policies and procedures, you have to show that a documented system exists for the preparation, approval, and distribution of documents. This would require things like read-only access for all but authorized people, as well as regular data backups. You would also need to see to it that everyone who needs access to the procedures has reasonable access to them. Training, similarly, is a matter of planning what you're going to do, documenting it in a procedure, and keeping records. Probably the latter issue is the most challenging with respect to on-line training; perhaps some kind of on-line "completion quiz," which the student would take, could be prepared and then stored not only as a record that the raining was taken, but also as a means of assessing effectiveness.