Control of sensitive documentation

Hello,
I am currently in the process of updating a QMS, rewriting procedures etc, I have come across a hurdle that I need some assistance with. The company I am currently with is an ISO 9001: 2015 / AS9100D company, we are currently engaged in contracts for the defence industry, my hurdle is as follows, I am confident with the updating of the QMS based on the guide lines of ISO and AS, but we have a lot of documentation that is deemed to be of a confidential / sensitive nature and I am unsure how to control this - I am aware we need to add controls in place - any ideas

Hi dumpsterdude,

“but we have a lot of documentation that is deemed to be of a confidential / sensitive nature ..” By what definition is this, company or DOD? Makes a world of difference…

Optomist1, we are a small private company in the UK supplying product to the MOD and other EU counterparts via OEMs located also in the UK. So we have drawings / specifications / customer documentation etc that relate to the product we supply, also emails and meeting mins.

Hi,
Optomist1 makes a good point. I'm outside DOD activity, and work with in medical devices. Our eQMS has the ability to limit who has access to documents. We set-up several levels of access depending upon need.
Best regards,
Quinn

We were required by a giant pharma company to have a process for receiving, processing, classifying, and disposing of any information shared intentionally or unintentionally with our company. We have a data classification section that directs how that information must be handled and records of it.

Dumpsterdude said:

Optomist1, we are a small private company in the UK supplying product to the MOD and other EU counterparts via OEMs located also in the UK. So we have drawings / specifications / customer documentation etc that relate to the product we supply, also emails and meeting mins.

Click to expand...

Drawing on experience, if a firm is part of a defense supply chain: I would urge you to seek input/guidance from your Plant Security officer/Program Manager or similar for specifics...one does not want to go astray re: documents, files, granting access and proper marking, control etc...a last point, in this scenario better to err on the side of conservatism. If overly conservative, one can back off the controls, the opposite scenario possibly opens the firm and employees to risks.

Hope this helps

All,
Many thanks for responding, it is much appreciated. I will take all valid comments made and address our senior management team, that we need to update our current process for control of documentation to incorporate a sub system to control 'sensitive material'.

Thank you all.