Document Control is so boring.. boring …. but GovernanceRiskCompliance matters to the business…. Kerrie Anne Christian UOW - 2012 1 Document Control KAC 2012
Oct 21, 2014
Document Control KAC 2012 1
Document Control is so boring.. boring …. but GovernanceRiskCompliance
matters to the business….
Kerrie Anne ChristianUOW - 2012
Document Control KAC 2012 2
•DOCUMENT CONTROL SYSTEMS - OVERVIEW
•TYPICAL SYSTEM STRUCTURES –
•DOCUMENT SYSTEM - CONTROLS IN PLACE
• DIVISIONAL
• DEPARTMENT
•PROCEDURES FOR DOCUMENT CONTROL
Document Control KAC 2012 3
Controlled Documents : musts
A well controlled environment – like a tidy garage
Not - a potentially good tool if only we really understood it ?
Not - a belt & braces approach to “head off” system failure ? The “useful box” of possibly useful stuff must not live in the same “electronic cabinet area” as controlled documents
Document Control KAC 2012 4
Hard Copy Files - traditional
PC Databases eg Access
Document Management Systems eg SAP, Sharepoint,
Documentum or Wikis
If use “workflow” - must not become a “black box”
Needs to be accessible by those who need to use it
Doesn’t have to stymie innovation & change
Overload risk ? No need for new version, if document
checked but not changed – just make sure it’s clear doc
has been reviewed
Does EBMS affect auditing style ?
EGRCM : EBMS & Document Control
Document Control KAC 2012 5
THE DOCUMENT CONTROL SYSTEM IS PART OF AN INTEGRATED MANAGEMENT SYSTEM COVERING ALL KEY ACTIVITIES INCLUDING:
· manufacture of products;
· provision of support services;
· occupational health and safety;
· environmental management;
· technical safety; and
· access control.
And remember : it’s not just ticking the boxes ...
its because you need to satisfy your customer and / or regulator
Document Control KAC 2012 6
Who created it? Who signed off on it? Who changed it? When was it issued – changed ? Is everyone working with the same version of the
information? Missing or inaccurate documentation ? Where do I find it ? How many copies of a document can/should I find ? What’s controlled and what’s not? How do I stop unauthorised copies on the EBMS?
EGRCM : Documents in control or out of control ?
Document Control KAC 2012 7
Certification is a business decision
Certification is a decision to be taken for business reasons:
• if it is a contractual, regulatory, or market requirement,•Quality, OHS, Environment, Food, IT, Risk• If it meets customer preferences• It is part of a risk management programme, or • If it will motivate staff by setting a clear goal.
MANAGEMENT SYSTEMS & CERTIFICATION
Document Control KAC 2012 8
A combination of some or all of the following criteria are considered when selecting a supplier:
Reputation and past performance of supplier/producer Quality of product supplied previously ISO 9001Certification of supplier/producer Ability to meet required material, chemical, size and
packaging specifications Ability to meet required shipment and/or arrival times Ability to negotiate mutually acceptable payment
terms Offer price and validity Delivery and contract terms and conditions Market price and short/medium term market
expectations Local market conditions Domestic and international prices Stock levels and usage forecasts
ISO 9001 –Why do Certification ?
Customers’ Supplier Evaluation Perspectives
Document Control KAC 2012 9
2.1 Criminal offence It is, in some instances, unlawful to prematurely destroy
documents. For example, the Crimes (Document Destruction) Act 2006 (Vic)
makes it an offence for a person to knowingly destroy or conceal a document or render a document illegible, undecipherable or incapable of identification that is, or is likely to be required in evidence in legal proceedings. Anyone who commits an act with the intention of preventing a document from being used in evidence in a legal proceeding may be guilty of an indictable offence and may be liable to imprisonment, a fine or both.
An adverse inference may be drawn by a judge if documents which were in the possession of a party to the proceedings are not available or have been destroyed.
If an employee of the Group contravenes the Crimes (Document Destruction) Act 2006 (Vic), proceedings may also be commenced against the Group. In such a proceeding, it is a defence to the charge for the company to prove that it exercised due diligence to prevent the contravention by the employee. One of the factors that the court may consider when assessing whether there has been a contravention is whether the Group had a corporate culture that directed, encourage, tolerated or lead to the destruction of documents.
Crimes (Document Destruction) Act 2006 (Vic)
Adobe Acrobat Document
Document Control KAC 2012 10
DOCUMENT CONTROL SYSTEMS IN PLACE
• There is a Divisional Document Control Officer who is responsible for site level documents and provides alignment of document control systems – what happens during annual leave periods ?
• Each department has a nominated Document Control Officer who is responsible for department level documents.
• Each DCO has documents that defines how they maintain their specific document control processes. These are consistent with the requirements outlined in a Divisional procedure.
Document Control KAC 2012 11
Legible
Dated ( with revision dates)
Identifiable by Number and or Title
Maintained in Hard and or Electronic copy
Locatable by users
Periodically reviewed & revised as required
Current approved versions available
Obsolete documents removed from users
Archival documents retained for defined periods
Changes are recorded and communicated to users
Master document lists are maintained
Document Control procedures in all areas ensure that documents are :
Document Control KAC 2012 12
Removal and Archival of Obsolete Documents
All departments/sites shall document a system for the control of obsolete documents.
This shall include the removal of such documents from circulation and the maintenance of archived copies.
EGRCM :
Document Control KAC 2012 13
We need ISO 9001 to sell products / services & it specifies a Management Representative ie
Top management shall appoint a member of management who, irrespective of other responsibilities, shall have
responsibility and authority that includes◦ a) ensuring that processes needed for the quality management
system are established, implemented and maintained,◦ b) reporting to top management on the performance of the
quality management system and any need for improvement, and◦ c) ensuring the promotion of awareness of customer requirements
throughout the organization. Can the Management Representative be confident of .. ie
◦ all documents uniquely numbered / identified & conform with rules
◦ prevent unintended use of obsolete documents◦ control distribution of controlled documents
what if 100’s of unauthorised copies exist ?◦ ensure continuity of management system availability 24x7x52◦ addressing problems in Departments which lie outside the ISO
9001 certification system – due to their lack of awareness◦ Maintain awareness of the rules & IT competency of DCOs’ &
Auditors
Certification Systems requires Management Representatives ..
Document Control KAC 2012 14
• Document Control Officer's responsibilities defined, • A Register of types of documents being controlled is
kept,• Document Reference Numbering systems are defined to
maintain unique identity,• Document Formats are defined,• Authorities for Document Authorisation is defined,• Document Ownership is maintained,• Document Distribution systems are defined and
maintained,• A Master File of Controlled Documents is maintained in
dept. databases,• Document Reviews and Revisions are controlled and
updated,• The nature of Changes to document is indicated in
Revisions,• Systems for the Removal, Archival and Disposal of
Obsolete Documents are maintained.
Departments Define their Document Control Requirements
Document Control KAC 2012 15
4.2.3 Control of documents Documents required by the quality management system shall be
controlled. Records are a special type of document and shall be controlled
according to the requirements given in 4.2.4. A documented procedure shall be established to define the controls
needed◦ a) to approve documents for adequacy prior to issue,◦ b) to review and update as necessary and re-approve documents,◦ c) to ensure that changes and the current revision status of
documents are identified,◦ d) to ensure that relevant versions of applicable documents are
available at points of use,◦ e) to ensure that documents remain legible and readily identifiable,◦ f) to ensure that documents of external origin are identified and their
distribution controlled, and◦ g) to prevent the unintended use of obsolete documents, and
to apply suitable identification to them if they are retained for any purpose
EGRCM : ISO 9001 - Quality Management Systems
Document Control KAC 2012 16
Documentation is at the core of ISO 9000 conformance. In fact, the standards have been described as this:
"Say what you do… Do what you say...Write it down…
…. at the end of the day.“
EGRCM : ISO 9000 etc
Document Control KAC 2012 17
4.4.5 Control of documents Documents required by the environmental management system
and by this International Standard shall be controlled. Records are a special type of document and shall be controlled in accordance with the requirements given in 4.5.4.
The organization shall establish, implement and maintain a procedure(s) to
a) approve documents for adequacy prior to issue, b) review and update as necessary and re-approve documents, c) ensure that changes and the current revision status of
documents are identified, d) ensure that relevant versions of applicable documents are
available at points of use, e) ensure that documents remain legible and readily identifiable, f) ensure that documents of external origin determined by the
organization to be necessary for the planning and operation of the environmental management system are identified and their distribution controlled, and
g) prevent the unintended use of obsolete documents and apply suitable identification to them if they are retained for any purpose.
EGRCM : ISO 14001 – Environment Management Systems
Document Control KAC 2012 18
4.4.5 Document and data control
The organization shall establish, implement and maintain procedures for controlling all relevant documents and data required by this Standard to ensure that—
(a) they can be readily located; (b) they are periodically reviewed, revised as necessary and approved for
adequacy by competent and responsible personnel; (c) current versions of relevant documents and data are available at all
locations where operations essential to the effective functioning of the OHSMS are performed;
(d) obsolete documents and data are promptly removed from all points of issue and points of use or otherwise assured against unintended use; and
(e) archival documents and data retained for legal or knowledge preservation purposes or both, are suitably identified.
Documentation and data shall be legible, dated (with dates of revision) and readily identifiable and be maintained in an orderly manner for a specified period. Procedures and responsibilities shall be established and maintained concerning the creation and modification of the various types of documents and data.
The organization shall preclude the use of obsolete documents.
EGRCM : AS 4801 – OHS Management Systems
Document Control KAC 2012 19
7.1 Systems shall be implemented and maintained to identify OH&S documents requiring control.
7.2 A hierarchy and structure shall exist such that OH&S documents:
• are uniquely identified • provide direction to related documents. 7.3 Systems shall be implemented and maintained to create,
review, approve and issue OH&S documents, in accordance with defined responsibilities and BlueScope Steel formatting.
7.4 Systems shall be implemented and maintained to ensure that at point of use:
• OH&S documents are easily accessible • the current version is effectively implemented • obsolete OH&S documents are removed.
7.5 Documented procedures shall exist to ensure control of workplace activities directly impacting on OH&S. 7.6 Systems shall exist to identify and maintain relevant
OH&S records with consideration of their need to be: • protected from loss and deterioration • easily accessible and retrieved • traceable to the activity, product or service • confidential • retained for specified periods and disposed of appropriately.
EGRCM : BSL 14 Safety Standards – Std 7
Document Control KAC 2012 20
We need one best document control system Departments should not have poorly defined
document numbering & control systems – if not - must be fixed
We need each Department to have a cabinet in Document Control System that is structured and only has controlled documents
There must be a limit on who can store controlled documents in Document Control System for each Department
We want the Site Divisional procedures in main IT Document Management repository
A Council to guide Document Control ?
EGRCM : SHR says ….
Document Control KAC 2012 21
Verification of Document Control Systems
• Audits of both Department and Divisional Document Control Systems shall be conducted routinely & systematically
• in accordance with documented procedures, by independent auditors.
Document Control KAC 2012 22
EGRCM : IT & MS Auditors in an EBMS world
Microsoft Word Document
Microsoft Word Document
Document Control KAC 2012 23
Controlled documents live in their own structured space – not a “Useful Box” – want DIV-QA –xx-xx rules obeyed
EBMS file names are always the same as their document number Documents in a controlled document space only have file names
compliant with divisional numbering system Able to verify if documents are controlled master document or linked
document or an unauthorised copy DCO’s able to set separate permissions for linking or copying of
documents DCO’s able to set permissions at the folder level – eg obsolete docs DCO’s have Digital document approval Only the current revision of a document can be seen Obsolete documents cannot be accessed at all by anyone except
DCO & review team – not even by link or search IT ensure Service Level Agreements for system outages/backups
EGRCM : An Auditor’s EBMS Wish list
Document Control KAC 2012 24
PKSW MANAGEMENT SYSTEMS & CERTIFICATION
Case Study PKSW - Independently Certified Management Systems since 1988 – Integrated
Document Control. QUALITY –Standard is ISO 9001
Certification Authority is SAI Global Assurance Services
Certified since September 1991ENVIRONMENT –Standard is ISO 14001
Certification Authority is Lloyd’ Register Quality Assurance
Certified since December 2002OCCUPATIONAL HEALTH & SAFETY – AS4801 – Self Insurer
Audited by the NSW State Government Workcover Authority since 1994
- Legal Compliance issuesAll OF THESE CALL FOR EFFECTIVE DOCUMENT CONTROL SYSTEMS
Document Control KAC 2012 25
BOND
POLICY
MM-PKS
STANDARDS
COMPANY DOCUMENTS
BUSINESS / SITE / DEPT DOCUMENTS
Overriding statement of our values
Policies on Quality, HSEC, People & Business Conduct
Industrial Markets Management Manual
Management Standards of Intent and Key Performance Requirements
Company wide set of Documents and Codes of Practice
Business, Sites and Department Documents of Applicable Procedures
Tier 1 Policy
Tier 2 Strategy
Tier 3 Operations
ALIGNMENT OF THE BSL MANAGEMENT SYSTEM
AND DOCUMENT STRUCTURE
Document Control KAC 2012 26
DIVISIONAL HANDBOOK CONTROL
DOCUMENT & DATA CONTROL – OVERVIEW,
DOCUMENT REFERENCE NUMBERING & CONTROL
FORMAT FOR STANDARD PROCEDURES
DOCUMENT CONTROL FOR SPECIAL MANUALS
CONTROL OF AUSTRALIAN & EXTERNAL STANDARDS
GUIDELINES FOR WRITING STANDARD PROCEDURES
ANZIM – PKSW DIVISIONAL DOCUMENT CONTROL
Document Control KAC 2012 27
Document Control in non Manufacturing
eg IT – Health …
why we need it …. some examples
Document Control KAC 2012 28
Mothers Day 2012 - a Grandson & his Grandmother - - as a WA construction management engineer he needs great systems :
- the right materials, the right procedures, the right records
Seriously - some companies no longer in business due to failings … eg wrong version of engineering drawings
Document Control KAC 2012 29
A week later – and a fracture – in hospital ED / ER - and his grandmother needed great document control systems
too – diagnostic, surgical, treatment, admission procedures, records, policies
Document Control KAC 2012 30
We are under cost pressures – a major driver So cost issues mean that complicated Service
Level Agreements would create headaches for us We have our own IT rules that we follow Departments should use Workflow not MS.Access
DB’s Document control is just another user issue We need one system - for the controlled document
repository We don’t know detail of “the musts” for your
EGRCM QMS / EMS/ OHSMS / RMS – does it matter ?
Do you really need 24x7x52 systems ? For all of the documents ? Which ones ?
Do we need a user council or reference group ?
Document Control in IT - business issues…
Document Control KAC 2012 31
UOW College 2013 applications closing date –
◦ UOW College Web site – 2 pages said 11/01/2013
◦ But – when I rang Uniadvice Hotline this morning –
they said applications actually close on 9/01/2013
…. Oops !!
UOW IT now working on a fix …. Document control issue ?
Document Control in non Manufacturing eg IT – Health …
why we need it …. some examples
Document Control KAC 2012 32
Document Control is so boring.. boring …. but GovernanceRiskCompliance
matters to the business….
Document Control KAC 2012 33
QUESTIONS
Document Control KAC 2012 34
Click icon to add picture
Document Control KAC 2012 35
PKSW MANAGEMENT SYSTEMS & CERTIFICATION
Case Study PKSW - Independently Certified Management Systems since 1988 – Integrated
Document Control. QUALITY –Standard is ISO 9001
Certification Authority is SAI Global Assurance Services
Certified since September 1991ENVIRONMENT –Standard is ISO 14001
Certification Authority is Lloyd’ Register Quality Assurance
Certified since December 2002OCCUPATIONAL HEALTH & SAFETY – AS4801 – Self Insurer
Audited by the NSW State Government Workcover Authority since 1994
- Legal Compliance issuesAll OF THESE CALL FOR EFFECTIVE DOCUMENT CONTROL SYSTEMS
Document Control KAC 2012 36
BOND
POLICY
MM-PKS
STANDARDS
COMPANY DOCUMENTS
BUSINESS / SITE / DEPT DOCUMENTS
Overriding statement of our values
Policies on Quality, HSEC, People & Business Conduct
Industrial Markets Management Manual
Management Standards of Intent and Key Performance Requirements
Company wide set of Documents and Codes of Practice
Business, Sites and Department Documents of Applicable Procedures
Tier 1 Policy
Tier 2 Strategy
Tier 3 Operations
ALIGNMENT OF THE BSL MANAGEMENT SYSTEM AND DOCUMENT STRUCTURE
Document Control KAC 2012 37
DIVISIONAL HANDBOOK CONTROL
DOCUMENT & DATA CONTROL – OVERVIEW,
DOCUMENT REFERENCE NUMBERING & CONTROL
FORMAT FOR STANDARD PROCEDURES
DOCUMENT CONTROL FOR SPECIAL MANUALS
CONTROL OF AUSTRALIAN & EXTERNAL STANDARDS
GUIDELINES FOR WRITING STANDARD PROCEDURES
ANZIM – PKSW DIVISIONAL DOCUMENT CONTROL
Document Control KAC 2012 38
TIER 1 - POLICY DOCUMENTS
BLUESCOPE STEEL / INDUSTRIAL MARKETS - POLICIES AND PROCEDURES
• BLUESCOPE Steel Bond
• IM – Management Manual – PKSW • Quality Policy – Industrial Markets• Health Safety, Environment & Community Policy• Code of Business Conduct
Document Control KAC 2012 39
Tier 2 provides guidance and approaches for the implementation of Tier 1 policies and requirements.• Divisional Handbook
The ‘Handbook’ consists of detailed systems policies and procedures prepared by functional discipline departments for common application across the Site.
• Department HandbooksThese contain department specific policy and procedures for application within their respective departments. Where appropriate, they provide reference to other manuals, and handbooks in tier 2 and to the documents contained in tier 3.
TIER 2 - STRATEGY DOCUMENTS
Document Control KAC 2012 40
TIER 3 - OPERATIONAL DOCUMENTSTier 3 contains the detailed information that is required
to operate and maintain processes and produce outputs. Some document types included at this level are:
• Standard Procedures or Work Instructions, Forms, Data Sheets & Charts
• Manuals• Logistic Production Plans• Orders and Schedules• Product Specifications• Customer Supplier Agreements• User Manuals• Equipment Specifications• Drawings
Document Control KAC 2012 41
5.2.7 Master File
The department document control officer shall maintain an indexed file of all authorised controlled documents issued under their control.
The list shall identify the current revision status of documents and be readily accessible to users to verify a document’s status
EGRCM : PKSW - DIV-QA-05-00
Document Control KAC 2012 42
Individual departments and sites shall have a written procedure(s) for the control of the Controlled Documents that they issue or use.
This procedure(s) shall address the specific issues of: ◦ who shall be the department document control officer◦ document control officer's responsibilities,register of types
of documents being controlled◦ reference numbering◦ document formats◦ document authorisation ◦ document distribution (including identifying where
documents are needed)◦ maintenance of a master file of controlled documents◦ document review/revision ◦ identification of the nature of the revision ,◦ removal and archival of obsolete documents , ◦ disposal of documents archived for required period
Departmental/Site Document Control Procedure
Document Control KAC 2012 43
1.3 First Field Codes
1.3.1 Codes that can only be used with the approval of the Grade & Quality Systems Manager.
CODE DOCUMENT TYPE BSL BlueScope Steel DIV Divisional Handbook MM Management Manual
1.3.2 Codes able to be used at the discretion of Departments/Sites.
CODE DOCUMENT TYPE BP Business Plan CH Charts (eg. flowcharts, diagrams) CH.xx Charts related to a specific document DH Departmental Handbook DS.xx Data Sheet related to a specific document F.xx Form related to a specific document MA Special Manual MA.xx Special Manual related to a specific document RD Role Description SA Supply Agreements SP Standard Procedure
Document Numbering
Document Control KAC 2012 44
IntroductionControlled documents need to be uniquely identified to ensure
that they are able to be distinguished from all other documents in circulation.
Departments wanting to use different numbering or control information to that following, must get approval from the Grade & Quality Systems Manager.
5.1.1 Description of Reference Numbering SystemA four field numbering system is used for all controlled documents,
as follows:- First Field: A character code representing the document type
(eg. SP for Standard Procedure), refer to Section 5.1.3 for a list of codes commonly used.
Second Field: A character code representing the Department of origin of the document (eg. BF for Blast Furnaces Department). This may also represent a logical group of Departments.
Third Field: A numeric or character code representing a logical group of Department/Site functions or workstations.
Fourth Field: Successive numbering of the documents within a function or workstation. This field may be omitted if it is not required
EGRCM : PKSW - DIV-QA-05-01 – Document Numbering
Document Control KAC 2012 45
5.2.6.2.2 Software File Management
It is easy for people to make copies of electronic documents and have them accessible from more than one source.
Because of this; only the latest authorised version of Controlled documents must be made available from the distribution Server.
Users must not make duplicate versions of controlled documents and store them on a Server because Server/Web Search Engines can (and usually do) index all files on the server, older or new draft versions can be picked up and accessed in a Search enquiry.
When a controlled document is required to be referenced on a Web page or within a document, this is done by creating a Hyperlink to the controlled source document, not to a duplicate copy.
Updated, revised, obsolete or draft versions should be removed from the distribution server. It is not sufficient to simply de-link a file from a Web page.
If the file is to be archived as well as the signed hard-copy version, then it must be secured from general access.
EGRCM : PKSW - DIV-QA-05-00
Document Control KAC 2012 46
5.2.6.2.3 Controlled Documents Retained as Records
If copies of controlled documents are to be retained as electronic Records attached to meeting minutes etc,
then that copy must be identified as an uncontrolled document.
Inserting a Watermark comment in the Header/Footer is a suggested method.
e.g. “Uncontrolled – Retained for Record” or something similar that clearly shows that it is not a controlled document.
EGRCM : PKSW - DIV-QA-05-00
Document Control KAC 2012 47
The ISO 9000 standards are quite explicit on one point.
Your organization must document what you do.Why is that so important? A recent study by The Gartner Group revealed
that 75% of all business information is in document form.
Today, more and more senior managers realize that information is their most important asset.
And how they manage that information - in the form of documents - is critical to their success.
For ISO 9000, documentation is the medium that the communication about the quality of your organization must take.
And conversely, poor documentation systems is one of the main reasons that companies fail.
ISO says …. The Gartner Group says ….
Document Control KAC 2012 48
Given the increased capacity to modify, update, reformat and otherwise improve documents within an electronic-based management system, auditors should ….◦ pay particular attention to control elements such as
document identification and document revision level. As electronic media facilitates an increased rate of
document modifications, auditors should ….◦ verify that the controls being employed for the
management of obsolete documents are considered within the organizations’ document control policies and procedures.
◦ “Point-of-use” requirements associated with the applicable management system standards
ISO APG :Document Control in an EBMS World
Document Control KAC 2012 49
Key factor - ability of auditors to understand the trends in IT as organizations rely increasingly on software for monitoring and controlling their operations.
Auditing Organizations should ensure provision of training, to address ◦ IT trends that may impact operation of management systems◦ Specific considerations for each audit undertaken ◦ As the innovations in the IT sector are relatively rapid as compared to
changes in Audit Criteria, auditors and auditing organizations are challenged with the need to have a practical understanding of the associated trends & how they may be applicable & utilized within an EBMS.
◦ In light of the innovations that influence the functioning of an EBMS, Auditing Organizations should determine if the experience needed in order to be effective for a given audit is possessed by the audit team itself or whether the assistance of a technical expert would required.
ISO APG : Auditor Competence
Document Control KAC 2012 50
Organizations need to employ suitable and effective methods within the electronic environment for ensuring the adequate review, approval, publication and distribution of its management system documentation.
These should be consistent with the methods for the development and modification of electronic documents.
In many cases these document control measures may also be standard features of software applications used for their creation.
Therefore auditors should understand these application-specific controls to the degree that these are utilized as a basis for conformance to the applicable management system standard.
Auditors may conduct part or all of the document review off-site; either on-line or by downloading electronic documentation
ISO APG : Document Control in an EBMS
World
Document Control KAC 2012 51
When Intranets, Email, and Instant Messaging are utilized for satisfying the requirements of the EBMS, auditors should verify
that policies and procedures address the circumstances under which these means would be employed. ◦ Additionally, if the results of internal electronic communication
are to be used to satisfy the audit criteria, then auditors should verify that policies and procedures for the control of records are being applied.
that the methodology, policies and procedures for these communications and associated transactions are formally addressed within the EBMS.◦ Eg specially when the organization relies on its IT infrastructure
for electronic communications with its customers (e.g. for e-commerce), suppliers (e-procurement), external sites and other interested parties
ISO APG : Auditors should verify …
Document Control KAC 2012 52
an organization's system maintenance policies and procedures for its IT platform.
how the organization addresses system downtime incidents, as these will impact the normal functioning of the EBMS.
whether or not the organization has formal backup systems, and whether or not these are periodically reviewed and tested for adequacy.
if the organization’s controls take into account aspects such as facility maintenance, temperature, humidity, etc, to the extent that these bear upon the operation of the EBMS.
ISO APG : Auditors should verify …
Document Control KAC 2012 53
the different networking means employed by the organization to the extent that it is necessary for ascertaining if the EBMS meets with the audit criteria
whether the controls over a multi-site management system are appropriately addressed and established within the organization's policies and procedures. Note◦ Organizations that operate through multiple sites (or from a
central location to satellite sites) usually maintain communications and share policies, procedures and process data with their various locations via electronic means, such as the internet, extranets, e-mail and instant messaging.
when the IT platform and its associated software applications are used to share information that is pertinent to the Audit Criteria
ISO APG : Auditors should understand/verify
Document Control KAC 2012
Read a paragraph from the material in front of you
How easy was it to read : too hard / too childish / just right ?
Select one paragraph • what is the average no. of words per sentence = A (eg 162/6 =
27)
• what is the % of words with >2 syllables in the paragraph = B (eg 18/162 = 11%)
• Calculate C = A + B (eg 27 +11 = 38)
• Calculate GF Index = C x 0.4 (eg 38 x 0.4 = 15.2)
What does this mean?
54
Complexity : Goldilocks & the Gunning Fog Index
Document Control KAC 2012
Writing Level Gunning Fog Index (GFI) Education Level
◦ Childish 6 – 8 Primary School
◦ Acceptable (simple) 8 – 10 Junior High School
◦ Ideal 10 – 12 Senior High School/TAFE
◦ Acceptable (difficult) 12 – 14 Uni Undergraduate
◦ Difficult 14 –1 7 Uni Graduate
◦ Unacceptable 17 + (Sir Humphrey)
Now repeat with your own writing – what does it tell you about this piece of your own
writing?55
Clarity Measures – Gunning Fog Index aka Years of Education needed for adults reader to understand a written
article
56
Clarity Measures – Gunning Fog Indexaka Years of Education needed for an adult reader to
understand a written article
Item GFI Item GFI Item GFI
Goosebumps 7 IM Soccer 15 PKSW Cadets 11
Blinky Bill 8 Medium Tech Article 16 PKSW Cadets 12
The Hobbit 9 SMH Editorial 17 PKSW Cadets 13
Harry Potter 10 Lord of the Rings 17 PKSW Cadets 13
Girlfriend Mag 11 The Bulletin Mag 18 PKSW Cadets 13
SMH Political Article 11 IM Soccer 18 PKSW Cadets 15
Light Tech Article 12 IM Rugby League 18 PKSW Cadets 15
Lonely Planet Guidebook 13 New Scientist 21 PKSW Cadets 15
Australian Geographic 14 Heavy Tech Article 25 PKSW Cadets 18
SMH Political Article 14 Clavell's Whirlwind 25 PKSW Cadets 19
NB. Media articles sometimes have one-sentence paragraphs & surround with lots of white space