Business Management System: Policies 00-BMS-002 · Business Management System: Policies 00-BMS-002 Rev. 1 Page 8 of 38 UNCONTROLLED COPY IF PRINTED 1.1 Quoting (continued) Activity

Business Management System: Policies

00-BMS-002


00-BMS-002 Rev. 1 Page 2 of 38 UNCONTROLLED COPY IF PRINTED

Preface This document defines the requirements that apply to the Business Management System (BMS) established at GM Nameplate (GMN). The BMS is comprised of the processes needed to support GMN’s purpose and to achieve its strategic direction. The BMS is an integrated approach to managing the needs and requirements of our interested parties: customers, employees, shareholders and our local communities. The BMS integrates quality, environmental, and health and safety management systems requirements into BMS Processes by focusing on who we are, what we do and how we do it. This document is intended to be used by GM Nameplate, customers, auditors, and other interested parties who need to understand how GM Nameplate complies with customer, regulatory and international/standard management system requirements. Requirements for BMS Processes are defined as BMS Policies. Each BMS Policy identifies:

The applicable BMS Process; Applicable management system standard sections and clauses; The activities needed to transform process inputs into process outputs; and The requirements that apply to each activity.

Because the BMS is based upon the ISO9001 family of management standards and includes requirements for multiple management standards, requirements are identified where they deviate from the ISO9001 management standard. Requirements are differentiated from ISO9001 per the following formats:

ISO9001 (standard font); AS9100 (italic font); ISO13485 (italic, bold font); ISO14001 (bold, green font); and ISO45001* (bold, orange font, *asterisk at the end).



Table of Contents

BMS Processes ......................................................................................................................... 4

1.0 PRODUCT RELATED PROCESSES .......................................................................... 5

1.1 Quoting ........................................................................................................................ 6

1.2 Contract Review .......................................................................................................... 9

1.3 Advanced Product Quality Planning (APQP) ............................................................ 11

1.4 Manufacturing ............................................................................................................ 13

1.5 Inspection and Packaging ......................................................................................... 15

1.6 Product Audit and Ship .............................................................................................. 18

1.7 Dispositioning Nonconforming Product ..................................................................... 21

2.0 SYSTEM RELATED PROCESSES ........................................................................... 23

2.1 Document Control ..................................................................................................... 24

2.2 Hiring ......................................................................................................................... 26

2.3 Training Process ....................................................................................................... 27

2.4 Purchasing ................................................................................................................ 29

2.5 Receiving and Inspection .......................................................................................... 32

2.6 Calibration ................................................................................................................. 34

2.7 Internal Audits ........................................................................................................... 35

2.8 Management Planning and Review ........................................................................... 37



BMS Processes



1.0 PRODUCT RELATED PROCESSES

This section contains policies for the following:

Product Planning Process Quoting Contract Review APQP

Production Process Manufacturing

Product Evaluation Process Inspection and Packaging Product Audit and Ship Dispositioning Nonconforming Product



1.1 Quoting

Requirement applicable to this process include: ISO9001:2015—§8.1, 8.2.1, 8.2.2; AS9100D—§8.1, 8.2.1, 8.2.2; ISO13485:2016—§7.1. 7.2.1, 7.2.3; ISO14001:2015—§8.1; and ISO/DIS45001—§8.1.

Activity 1 Determine customer requirements to ensure that:

Product-related requirements are identified, which may include: o Part size, number and revision; o Tolerances; o Materials and material specifications; o Part configuration, including the ability to trace part components to

requirements; o Key/critical characteristics; o Colors/Inks; o Font type and size; o ITAR classification; o EAR classification (ECCN); o Manufacturing process specifications; o Material compliance; o Certificate of Conformance; o Process capability; o First Article; o PPAP; o Documentation, including training or instruction needed to

accompany the product to ensure effective use, application and/or incorporation to other parts or components;

o Component specifications; o Post delivery requirements; o Features or characteristics critical to product safety and employee safety;

and o Special requirements;

System-related requirements are identified, which may include: o Quality, environmental and/or health system certifications; o Regulatory requirements; o On time delivery or specified lead times; o DFARs; o ITAR; and o Process capability.



1.1 Quoting (continued)

Activity 2 Verify that GMN has the capability to meet requirements to ensure that: Customer requirements are addressed, which may include:

o Part size; o Part tolerances and manufacturing tolerances; o Materials and material specifications; o Key/critical characteristics; o Colors/Inks; o Font type and size; o International Traffic Arms Regulations (ITAR) classification; o Export Arms Regulations (EAR) classification (e.g. Export Control

Classification Number (ECCN)); o Manufacturing process specifications; o Material compliance; o Certificate of Conformance; o First Article requirements; o Production Part Approval Process (PPAP) requirements; o Part component specifications; o Post-delivery requirements; and o Customer order forecast.

Activity 3 Create the manufacturing plan (a quote) to ensure that:

The resources needed to manufacture, test, inspect and ship product to the customer are identified and documented;

GMN’s ability to meet the customer’s requirements has been evaluated, including the ability to product, inspect, package, preserve and dispose of the product, and to maintain production capacity;

Manufacturing processes are appropriate to the product, and include consideration of the effect of foreign object damage that could potentially result from the manufacturing processes;

Monitoring, measurement, testing and inspection activities are appropriate to the product and the characteristics to be measured;

Environmental hazards associated with specific products are identified; Safety hazards associated with specific products are identified;* The need for APQP is identified; Exceptions to customer requirements are documented; and Customer requirements unknown by GMN and deemed necessary and

proper to supplying the product are documented;



1.1 Quoting (continued)

Activity 4 Finalize the quote to ensure that: Product pricing, margins, commissions, and other cost factors have been

reviewed and determined to be appropriate to the product; Product lead times, any exceptions to customer requirements, and unknown

requirements are clearly and explicitly identified; Any other relevant information related to the product being provided by GMN

to the customer is defined; and The finalized, formal quote is submitted to the customer.



1.2 Contract Review

Requirement applicable to this process include: ISO9001:2015—§8.1, 8.2 AS9100D—§8.1, 8.2; 8.1.1; 8.1.2; ISO13485:2016—§7.1; 7.2, 7.5.1, 7.5.8, 7.5.9, 8.2.2, 8.2.3; 8.2.6 ISO14001:2015—§8.1; and ISO/DIS45001—§8.1.

Activity 1 Review purchase orders and customer communications to ensure that:

Customer requirements are identified; Customer requirements differing from those previously communicated to

GMN are identified; Customer requirements unknown to GMN at the time of quotation are

resolved; The customer is not a Denied Person; The customer is a US Person where applicable; The product to be supplied by GMN to the customer will not be used for a

prohibited end use; The need for APQP is verified; Customer complaints unrelated to products or contracts are

documented, investigated, and the need for corrective action, and reporting to regulatory authorities is determined, including the issuance of advisory notices. Complaints not investigated are justified and documented;

The need to complete customer surveys, supplier profiles, material compliance requests, return material authorizations, and supplier quality agreements is identified;

The need to schedule, plan and facilitate customer visits, tours and audits is identified; and

The need to obtain an export license is determined.



1.2 Contract Review (continued) Activity 2 Verify ability to meet customer requirements to ensure that:

Customer requirements are evaluated based upon GMN capabilities; Customer requirements differing from those previously expressed are

resolved, including requirements that cannot be met or only partially met; The effects of customer requirements that differ from those previously

expressed is considered, and appropriate action is taken, including changes to the manufacturing plan;

Applicable regulatory requirements are met; Processes are validated when product acceptance cannot be verified by

subsequent monitoring and measurement; Manufacturing process controls are established to monitor and verify critical

items and key characteristics; Product monitoring, measurement, testing, and inspection activities are

documented and include the product characteristics to be verified, the product acceptance criteria, and the method for retaining evidence of verification;

Risks identified during quotation are evaluated and managed; Methods to measure variable data are identified when variable data is used

for process control and to determine product acceptance; Sampling plans are justified based upon recognized statistical principles and

are appropriate to the product when plans are used for product acceptance; In process verification or inspection activities are identified, planned and

sequenced when manufacturing processes prevent product verification or inspection at later stages of manufacture;

Potential environmental hazards are identified; and Potential safety hazards are identified;*

Activity 3 Assemble job ticket packages to ensure:

All documented information required to manufacture, inspect, and ship product to the customer is contained or referenced.

Activity 4 Commit to supply products to customers ensure that:

The commitment to supply product is formally communicated only after customer requirements have been reviewed and GMN’s ability to meet those requirements has been verified.



1.3 Advanced Product Quality Planning (APQP)

Requirements applicable to this process include: ISO9001:2015—§8.1, 8.2 AS9100D—§8.1, 8.2; 8.1.1; 8.1.2; ISO13485:2016—§7.1; 7.2, 7.5.1, 7.5.8, 7.5.9, 8.2.2, 8.2.3; 8.2.6 ISO14001:2015—§8.1; and ISO/DIS45001—§8.1.

Activity 1 Create project plan to ensure that:

A cross functional team is identified from functions involved in the APQP process;

Customer inputs are reviewed e.g. purchase order, design inputs, specifications;

Customer requirements, including functional, performance, statutory, regulatory, delivery and post-delivery are identified;

Potential environmental hazards are identified; Potential safety hazards are identified;* Manufacturing, testing and inspection data from previous or similar designs,

product types, and manufacturing processes is considered as inputs to the planning process, where applicable;

The need for process validation is identified; Potential consequences of obsolesce are considered e.g. materials,

equipment, suppliers; Risks to the manufacture of products are identified and evaluated; and Conflicting customer requirements are identified.

Activity 2 Develop quality plan, manufacturing plan and process controls to ensure that:

The resources needed to plan, manufacture, inspect and ship product to the customer are identified and documented;

GMN’s ability to meet the customer’s requirements has been evaluated and areas of uncertainty have been identified;

Actions to manage risks to manufacture are identified, and assigned to the persons responsible for implementation, including inclusion to the manufacturing plan and the quality plan;

Manufacturing processes are appropriate to the product; Testing and inspection activities are appropriate to the product and the

characteristics to be measured; The elements of the quality plan are identified e.g. control plan, process flow

chart, FMEA, PFMEA; and Tasks, responsibilities and completion dates for planning activities are

identified.



1.3 Advanced Product Quality Planning (APQP) (continued) Activity 3 Create a validation protocol when required to ensure that:

The validation objective is defined; The scope of the validation, including the manufacturing site, location of

process and special conditions is defined; The process to be validated is defined, including the process steps; Reference documentation, including procedures, work instructions, and

product or equipment specifications are identified; The validation procedure is defined, including the methods used to

demonstrate that the process operates in a controlled state; The production, test, measurement and inspection equipment are identified; The data to be collected during the validation is defined; and The criteria used to evaluate whether the process can operate in a controlled

state is defined. Activity 4 Conduct production run to ensure that:

The manufacturing plan was followed and implemented effectively; The product conforms to requirements; The implementation of actions to manage risks is verified; and Product and process nonconformities are identified and corrective action is

taken as necessary. Activity 5 Complete quality plan, manufacturing plan and process controls to ensure that:

A production control plan is completed; All planning activities and actions defined within the project plan are

completed; The quality plan is updated when changes to the plan are needed; and Customer approval of product and project documentation is obtained.

Activity 6 Transfer product to production to ensure that:

All necessary documentation is completed and available for production use.



1.4 Manufacturing

Requirements applicable to this process include: ISO9001:2015—§8.1; 8.5; 8.7; AS9100D—§8.1; 8.5; 8.7; ISO13485:2016—§7.1, 7.5.1, 7.5.8, 7.5.9, 7.5.10, 7.5.11, 8.3.1, 8.3.2; 8.2.6; ISO14001:2015—§8.1; and ISO/DIS45001—§8.1.

Activity 1 Review the job ticket package to ensure that:

All previous workstations have been properly documented; Part number and revision on the drawing and the job ticket match; Sub-tickets correspond to the control ticket; Workstation instructions are identified and understood; Applicable work instructions are referenced and readily available for use; Tooling, fixtures, customer property or setup aids are identified; Monitoring and measurement activities, including any in-process tests, used

to determine product acceptance are identified or referenced; Criteria for product acceptance is identified or referenced; and ITAR controlled technical data is identified.

Activity 2 Setup workstations to ensure that:

Setup materials and any nonconforming product remain identified and segregated from raw materials and conforming product;

The workstation remains clean, organized and free of prohibited personal items;

Tooling, fixtures, customer property, and setup aids are obtained from and returned to their designated storage locations;

Actions are taken to eliminate or reduce environmental hazards; Actions are taken to eliminate or reduce safety hazards*; Product acceptance is verified by a supervising authority before processing

the job; Changes to manufacturing processes are reviewed, evaluated and approved.

Persons authorized to approve changes are identified; and Utilities, including air, water and electricity are monitored to the extent that

their performance affects conformity to product requirements.



1.4 Manufacturing (continued) Activity 3 Process jobs to ensure that:

Product characteristics are monitored and measured at frequencies appropriate to the product and process. When a sampling plan is used to determine measurement frequency, the sampling plan is justified based upon statistical principles and appropriate to the product characteristics being measured;

Product is verified per established workmanship criteria and/or product specifications;

Critical items, including key characteristics are monitored and controlled; Action is taken as applicable to prevent foreign object damage; In-process tests are performed as documented; Product is handled appropriately to preserve conformity and prevent damage

and contamination, which may include: cleaning; special handling for sensitive products and hazardous materials; preservation instructions, including labelling; and shelf life control and stock rotation;

Product is identified and segregated when determined to be nonconforming. Nonconforming product remains with the job unless it is transferred to a designated nonconforming product holding area;

Action is taken to contain the effect of nonconformities on other products and processes;

The extent and effect of the process nonconformities upon product is determined and appropriate actions are taken. Appropriate actions include containment, correction, and escalation;

ITAR controlled technical data is secured and concealed from view when the job is not actively in process;

Tooling, fixtures, customer property, and setup aids are returned to their designated storage locations after the job has been processed; and

Suspect counterfeit materials are identified and segregated.

Activity 4 Complete records to ensure that: Workstation sign-offs are properly documented, including the quantity of parts

processed and their status e.g. conforming/nonconforming; Evidence of product acceptance, and the completion of manufacturing,

testing, and inspection activities, is maintained; Customer property that has been lost, damaged or is otherwise unsuitable for

use is reported to the customer and documented; and Product is identified and traceable when the product has not completed all

required measurement and verification activities, yet is routed to workstations for subsequent processing.



1.5 Inspection and Packaging

Requirements applicable to this process include: ISO9001:2015—§8.1; 8.5; 8.7; AS9100D—§8.1; 8.5; 8.7; ISO13485:2016—§7.1, 7.5.1, 7.5.8, 7.5.9, 7.5.10, 7.5.11, 8.3.1, 8.3.2; 8.2.6; ISO14001:2015—§8.1; and ISO/DIS45001—§8.1.

Activity 1 Perform First Article Inspection to ensure that:

First Article Inspections are performed where required by contract, or determined as necessary to verify conformance to requirements; and

Aerospace products are inspected per AS9102, First Article Inspection Requirements.

Activity 2 Review job ticket packages to ensure that:

All previous workstations have been properly documented; Supplies/overs allocated are identified; Part number and revision on the drawing and the job ticket match, including

any supplies/overs allocated; Sub-tickets correspond to the control ticket; Workstation instructions are identified; Inspection criteria and acceptance/inspection level are identified; Applicable work instructions are readily available for use; Inspection and measuring devices, fixtures and aids, including customer

property are identified; Part characteristics to be inspected and measured are identified; ITAR controlled technical data is identified; and Packaging and labelling requirements are identified.

Activity 3 Setup workstations to ensure that:

Inspection and measuring devices, fixtures and aids, including customer property are identified;

The work environment is configured where applicable e.g. lighting, temperature;

Suppliers/overs are obtained; Actions are taken to eliminate or reduce environmental hazards; and Actions are taken to eliminate or reduce safety hazards;*



1.5 Inspection and Packaging (continued) Activity 4 Inspect parts to ensure that:

Inspect a sample part per the defined inspection criteria. Criteria includes, but is not limited to: o Dimensions; o Graphics and graphic locations; o Font, font size, and font location; o Color locations; o Size, shape and location of part features e.g. cutouts, round corners;

Inspect each part per the specified inspection level against the defined criteria;

Product is handled appropriately to preserve conformity and prevent damage and contamination, which may include: cleaning; special handling for sensitive products and hazardous materials; preservation instructions, including labelling; and shelf life control and stock rotation;

Product is identified and segregated when determined to be nonconforming; Nonconforming product is transferred to a designated nonconforming product

holding area or to Quality Assurance; Nonconforming product traceable to the supplies must be identified and

segregated from nonconforming product traceable to the completed parts to preserve manufacturing lot integrity;


Inspection and measure devices, fixtures and aids, including customer property, are returned to their designated storage locations when no longer in use; and

Suspect counterfeit materials are identified and segregated.

Activity 5 Package conforming parts to ensure that” Packaging methods and materials preserve product conformity, including

preventing damage, contamination and deterioration; Special packaging requirements are defined when packaging methods

alone are insufficient to preserve product conformity; and Label each package of parts. Labelling must contain the GM#, part number

and part revision.



1.5 Inspection and Packaging (continued) Activity 6. Complete records to ensure that:

Workstation sign-offs are properly documented, including the quantity of parts processed and their status e.g. conforming/nonconforming;

Evidence of product acceptance, and the completion of manufacturing, testing, and inspection activities, is maintained;

Customer property that has been lost, damaged or is otherwise unsuitable for use is reported to the customer and documented;

Any inspection, nonconforming, and/or customer supplier forms are completed;

The order status is determined as complete or within GMN’s Terms and Conditions; and

If the order quantity is short/incomplete or falls outside of GMN’s Terms and Conditions, appropriate action is taken to determine if the job will be re-run for the balance of the order, and if the job will be shipped short/incomplete.



1.6 Product Audit and Ship

Requirements applicable to this process include: ISO9001:2015—§8.1; 8.5; 8.6, 8.7; AS9100D—§8.1; 8.5; 8.6, 8.7; ISO13485:2016—§7.1, 7.5.1, 7.5.8, 7.5.9, 7.5.10, 7.5.11, 8.3.1, 8.3.2; 8.2.6; ISO14001:2015—§8.1; and ISO/DIS45001—§8.1.

Activity 1 Review job ticket packages to ensure that:

All previous workstations have been properly documented; The quantity of conforming product is identified; Supplies/overs allocated are identified; Part number and revision on the drawing and the job ticket match, including

any supplies/overs allocated and packaging labels; Sub-tickets correspond to the control ticket; Workstation instructions are identified; Inspection criteria and acceptance/inspection level are identified; Applicable work instructions are readily available for use; Documents required to accompany products are identified; Inspection and measuring devices, fixtures and aids, including customer

property are identified; Part characteristics to be inspected and measured are identified; ITAR controlled technical data is identified; Packaging and labelling requirements are identified; and Documented customer approval is obtained when workstation 938 is omitted

from the manufacturing plan, and includes the GM# and shipment releases to be omitted.

Activity 2 Setup workstations to ensure that

Inspection and measuring devices, fixtures and aids, including customer property are identified;

The work environment is configured where applicable e.g. lighting, temperature;

Actions are taken to eliminate or reduce environmental hazards; and Actions are taken to eliminate or reduce safety hazards;*



1.6 Product Audit and Ship (continued) Activity 3 Perform sample part inspection to ensure that:

The product conforms to part and cosmetic specifications, as applicable: o Graphics—position and layout; o Colors—visual color check, count and location; o Windows, cutouts, bends, angles, shapes—position and layout; o Studs and brackets—presence and position; o Corners—type, size, and location; o Liners and slits—presence and position; o Adhesive—review the line to verify the correct adhesive was used; o Masking; o Part dimensions—if required, verify part dimensions are within the

specified tolerance. Where applicable, ensure dimensions are inputted in NWA Statistical Software Database;

o Part thickness—for multilayer parts, identify each layer’s thickness and add together those measurements to obtain the overall part thickness.

o LEDs—location, color, and alignment; o Connector—presence and orientation; o Test labels—any test labels affixed to parts are stamped or initialed; and o Part number marking—if the part number is marked on the part, verify

that the part number marked matches the drawing and ticket. If the part number marked on the part differs, review the drawing and job ticket to determine whether the different part number is valid.

Activity 4 Perform sample audit to ensure that:

The lot size equals the quantity of parts conforming parts; The sample is determined per C=0 Sampling Table, AQL 1.0. The

acceptance number in all cases will be 0; The sample lot is inspected per applicable cosmetic and workmanship critera,

which may include: o Alignment of components; o Burrs; o Rough or uneven edges; o Wrinkles and bubbles; and o Damage, dents, and nicks.

The lot is rejected and returned to Inspection when a nonconformity is identified during the sample audit;


Inspection and measure devices, fixtures and aids, including customer property, are returned to their designated storage locations when no longer in use;

Suspect counterfeit materials are identified and segregated; and Product is handled appropriately to preserve conformity and prevent damage

and contamination, which may include: cleaning; special handling for sensitive products and hazardous materials; preservation instructions, including labelling; and shelf life control and stock rotation.



1.7 Product Audit and Ship (continued) Activity 5 Complete records to ensure that:


Evidence of product acceptance, and the completion of manufacturing, testing, and inspection activities, is maintained;

The quantity of product approved for release and shipment to the customer is documented;


Any inspection, nonconforming, and/or customer supplier forms are completed; and

Documents required to accompany products are included with job ticket packages.

Activity 6 Ship product to ensure that:

All previous workstations have been properly documented; The quantity of product approved for shipment is identified; Part number and revision on the drawing and the job ticket match, including

any supplies/overs allocated and packaging labels; Sub-tickets correspond to the control ticket; Workstation instructions are identified; Applicable work instructions are readily available for use; Documents required to accompany products are present; ITAR controlled technical data is secured and concealed from view when the

job is not actively in process; Packaging requirements are identified; and Product is packaged in suitable containers that preserve conformity during

shipment, including the prevention of damage, contamination and deterioration.



1.7 Dispositioning Nonconforming Product

Requirements applicable to this process include: ISO9001:2015—§8.7; 10.2; AS9100D—§8.7; 10.2; ISO13485:2016—§8.3, 8.3.2; 8.5.2; 8.5.3. ISO14001:2015—§N/A; and ISO/DIS45001—§N/A

Activity 1 Review nonconforming product to ensure that:

The nonconformance is evaluated for validity; Any associated documentation (e.g. PO, RMA, internal form) reference the

correct product and GM#, and indicate the product discrepancy or nonconformance (i.e. reason for rejection or return);

The nonconformance is evaluated to determine if an external party may have contributed to the nonconformance, and as a result would need to be notified;

The effect of the nonconformance on product already delivered, on product in process is determined;

Nonconforming product remains segregated throughout review; and Suspect counterfeit materials are reviewed and verified by the applicable

supplier. Activity 2 Determine the disposition to ensure that:

Invalid nonconformances are returned to the customer or relevant function in the organization;

Valid nonconformances remain identified and segregated from conforming product;

Valid nonconformances are corrected where appropriate, or scrapped; Product conformance is verified when nonconforming product is corrected; Scrapped nonconforming product is identified until scrapped or destroyed; or

conspicuously or permanently marketed until physically rendered unusable; ITAR controlled nonconforming product is conspicuously or permanently

marked until physically destroyed; Approval of the organization responsible for product design is obtained when

nonconforming product is dispositioned Used-As-Is or Repair; Customer approval is obtained when nonconforming product is dispositioned

Used-As-Is or Repair, if the nonconformity results in a departure from contract requirements;

Quality management approval, and customer approval when applicable, is obtained when accepting nonconforming product under concession.

When accepting nonconforming product under concession, justification is provided and applicable regulatory requirements are met;

The potential adverse effects of rework upon the product are considered;



1.7 Dispositioning Nonconforming Product (continued) Activity 3 Complete records to ensure that:

A description of the nonconformance is maintained, which includes a summary of the evaluation and justification for the disposition;

Actions taken as a result of the disposition are maintained, which include the results of rework and re-verification of product conformance;

Reference to rework instructions and the results of re-verification of product conformance must be maintained;

The persons responsible for reviewing and approving the disposition are identified;

Nonconformities affected delivered products are reported to customers in a timely fashion;

Suspect counterfeit material is reported to Purchasing; and Advisory notices are issued where applicable.

Activity 4 Take corrective action to ensure that:

The effect of nonconformities is contained and immediately corrected; Root causes of nonconformities are determined, including those related to

human factors; The existence of similar nonconformities is considered; Action is taken to eliminate root causes and prevent recurrence; The effectiveness of corrective actions is verified; Actions are flowed down to external providers e.g. suppliers when it is

determined that the supplier is responsible for the nonconformity; Actions are taken when timely and effective corrective actions are not

achieved; and Actions are taken when nonconforming product is detected after delivery.



2.0 SYSTEM RELATED PROCESSES

This section contains policies for the following:

System Planning Process Management Planning (see Management Planning and Review)

Resource Management Process Document Control Hiring Training Purchasing Receiving and Inspection Calibration

System Evaluation Process Internal Audit Management Planning and Review



2.1 Document Control

Requirements applicable to this process include: ISO9001:2015—§7.5; AS9100D—§7.5; ISO13485:2016—§4.2.4; ISO14001:2015—§7.5; and ISO/DIS45001—§7.5.

Activity 1 Evaluate new documents and document change requests to ensure that:

Documents that need to be included in the BMS are identified; Changes to existing documents are clearly defined; and Documents are properly formatting, including document number and

document revision.

Activity 2 Add/Update documents to ensure that: Documents are added or uploaded in a timely manner; and Documents are added and updated appropriately based upon document type,

organization hierarchy and document owner.

Activity 3 Apply document controls to ensure that: Documents have the appropriate distribution, approval, release and access

controls; Documents that are used to communicate information e.g. work instructions,

specifications are electronically distributed as secured .pdfs; Documents that are used to record information e.g. forms are distributed in

their native file format, and are access restricted when required by the document’s owner e.g. fill in form fields only;

Access to obsolete documents is restricted to Document Control or authorized persons;

External documents are identified and distinguished from internal documents; and

Obsolete documents are identified, archived and retained per record retention requirements.

Activity 4 Review and approve documents to ensure that:

The appropriate positions review and approve documents, including new document, document changes to existing documents, re-approval of existing documents and the obsolescence of documents; and

The positions required to approve documents are identified by document type.



2.1 Document Control (continued) Activity 5 Release and distribute or withdrawal documents to ensure that:

Documents are released after they have been approved by appropriate persons;

Released documents, excluding documents that are intended to be written on e.g. forms, are physically identified as being ‘Uncontrolled if Printed’;

Access to documents is verified once released; Documents are available at relevant points of use; and A paper copies of documents are distributed only as needed, and are

physically identified as ‘Controlled’.

Activity 6 Add/update training requirements to ensure that: Training requirements are assigned to the appropriate job codes; Training requirements are revised following training content revisions; and Training requirements are communicated to the appropriate departments and

personnel.



2.2 Hiring

Requirement applicable to this process include: ISO9001:2015—§7.1.2; 7.2; AS9100D—§7.1.2; 7.2; ISO13485:2016—§6.2; ISO14001:2015—§7.1; 7.2; and ISO/DIS45001—§7.1; 7.2.

Activity 1 Request employees to ensure that:

The Human Resources needed to implement and control BMS processes are identified, including appropriate skills, education and background requirements for job positions;

Training requirements for job positions are identified; The required US personhood status is identified; A hiring timeline is established; and The creation of new job codes is identified.

Activity 2 Review applicants to ensure that:

The initial employee requisition is adequate to attract candidates meeting the job position requirements.

Activity 3 Schedule interviews to ensure that:

The hiring process is tracking to the hiring timeline. Activity 4 Review candidates post-interview to ensure that:

Candidates are evaluated based upon the job position requirements and the results of candidate interviews;

The need to revise the job position requirements, including adding additional job position requirements are is determined; and

A suitable candidate is selected to receive an offer of employment. Activity 5 Offer employment to ensure that:

N/A Activity 6 Screen employees pre-employment to ensure that:

Candidates comply with substance use policies; and The required US personhood status is verified.

Activity 7 On-board employees to ensure that:

Appropriate employment paperwork is completed; and Employee receive GMN badges.



2.3 Training Process

Requirement applicable to this process include: ISO9001:2015—§7.1.2; 7.1.6; 7.2; 7.3; AS9100D—§7.1.2; 7.1.6; 7.2; 7.3; ISO13485:2016—§6.2; ISO14001:2015—§7.1; 7.2; 7.3; and ISO/DIS45001—§7.1; 7.2; 7.3

Activity 1 Employees participate in new employee orientation to ensure that:

Employees are aware of the BMS Policy, BMS objectives, and how they contribute to the effectiveness of the BMS, compliance to regulatory requirements, product conformity, promoting a safe, healthy and ethical work environment, and reducing our environmental impact.

Activity 2 Review training requirements to ensure that:

The knowledge and information needed to adequately perform the duties assigned to job positions is identified;

Documents relevant to job positions are identified and provided to employees, including relevant BMS documentation and any subsequent changes thereafter; and

Competencies for job positions are determined and periodically reviewed. Activity 3 Train employees to ensure that:

Training methods and actions are appropriate to the job position; Actions are taken as needed to obtain the necessary competency; Safety hazards associated with the job position, and actions to reduce

the risks associated with the hazards, are identified and communicated to employees*;

Environmental hazards associated with the job position, and actions to reduce the risks associated with the hazards, are identified and communicated to employees;

FOD, export control and counterfeit materials aspects applicable to the job position are identified and communicated to employees;

Training occurs within the required timeframe; and Employees are aware of their contribution to product quality and product

safety, and the importance of integrity and ethical behavior.



2.3 Training (continued) Activity 4 Evaluate employee training to ensure that:

The necessary competency for job positions has been demonstrated and observed;

Additional actions are taken to obtain the necessary competency for a job position; and

The need to extend training is identified and communicated before reaching the required timeframe for completion.

Activity 5 Certify employees to ensure that:

Evidence of obtaining the necessary competency is maintained.



2.4 Purchasing

Requirement applicable to this process include: ISO9001:2015—§8.4; 8.5.2; AS9100D—§8.4; 8.5.2; ISO13485:2016—§7.4; 7.5.9; ISO14001:2015—§8.1; and ISO/DIS45001—§8.1.

Activity 1 Identify purchasing needs and requirements to ensure that:

Resources needed for the BMS are determined and identified. Resources may include processes, products or material, services and equipment;

Customer designated or approved resources are used when required by contract;

Resources are analyzed based upon supply chain criticality, which may include consideration of whether a resource could be substituted or procured from an alternative source; is critical to GMN’s processes or products supplied; is obtained through a distributor or broker, is highly susceptible to counterfeiting;

Resources that present safety hazards are determined and identified;* Resources that present environmental hazards are determined and

identified; Resources to be procured through distributors, brokers or customer-

designated suppliers are determined and identified; Resources, the procurement of which requires an executed supplier quality

agreement, are determined and identified; Resources needed for ITAR controlled products are determined and

identified; Resources responsible for supplying the final product to the customer on

behalf of GMN are determined and identified; and Quality system requirements for resources are determined and identified.



2.4 Purchasing (continued)

Activity 2 Identify, evaluate and select suppliers to ensure that: Suppliers are evaluated based upon their ability to meet external resource

requirements. Evaluation criteria includes, but is not limited to the scope of approval; supplier type (e.g. OEM, distributor, broker, customer-designated); supplier performance (where known); whether the supplier maintains a documented quality management system; whether a supplier quality agreement is required; whether the resources to be supplied affect counterfeit risk; the supplier’s ability to mitigate counterfeit risks identified by GMN; a supplier’s DPL status and US person status, including DDTC registration; the adequacy and appropriateness of supplier controls in regards to the material or services to be provided; the supplier’s ability to perform test or verification activities in behalf of GMN;

Suppliers are selected and approved based upon the results of the supplier evaluation. Evidence of approval includes the persons who approved the supplier and any exceptions to the scope of approval;

Suppliers are identified within the BMS. The identification includes a supplier’s approval status, scope of approval, current performance to BMS supply chain criteria (e.g. on time delivery and product conformity,) and the scope of and requirements for delegations when verification activities are delegated, including monitoring of delegation activities;

Suppliers are monitored at frequencies that detect potential performance issues, which could negatively affect suppliers’ ability to meet resource requirements. Monitoring of suppliers is based upon supplier on time deliver and product conformity. The results of monitoring are used to determine whether supplier re-evaluation is needed and/or changes in approval status and scope of approval;

The results of re-evaluation may include a change in approval status or scope of approval, and corrective action;

Documented information created by suppliers and/or maintained by suppliers is controlled; and

The need for additional verification activities is considered based upon risks identified.

Activity 3 Obtain quotations to ensure that:

Suppliers have the ability to provide specified resources that meet BMS requirements for materials, components and services.



2.4 Purchasing (continued)

Activity 4 Issue a purchase order to ensure that: Requirements specified for the product or service identified in the transaction

are identified. Requirements include those related to the product , component and/or service to be supplied, or to the supplier’s management system;

Where applicable, requirements for products and services are identified, which may include product identification and any specifications necessary to differentiate one product from a similar product, including critical items or key characteristics; approval of changes related to design and development control; the approval of production methods, processes, equipment; product release activities, including the use of statistical techniques for product acceptance; test, inspection and verification activities; positive traceability and acquisition; the need to provide documented information as evidence of conformity e.g. test results, Certificates of Conformance or Analysis, test, inspection, verification or validation activities that GMN intends to perform at the supplier’s premises;

Where applicable, requirements for the supplier’s management system are identified, which may include requirements applicable to the supplier’s sub-tier suppliers; delegated verification and inspection activities; the use of designated suppliers; notification of the potential transfer of ITAR controlled technical data; the need to implement a quality management system; the need to maintain documented information, including disposition and retention specifications; rights of access to the supplier by GMN; competency or certification standards for employees performing work that affects product conformity; employee awareness of their contribution to product safety, the importance of ethical behavior, and their contribution to product or service conformity; notifying GMN of nonconforming processes, products or services and to obtain approval for disposition; notify GMN of changes to processes, products or services, including the place of manufacture and to obtain GMN’s approval; notification of GMN by suppliers when product is changed, prior to implementing any changes that affect the ability of the product to meet purchasing requirements;

Requirements are reviewed for adequacy by before being communicated to suppliers; and

Resource specifications are defined, and identify any documentation needed to communicate the specifications e.g. drawing, blueprint, specification sheet;



2.5 Receiving and Inspection

Requirement applicable to this process include: ISO9001:2015—§8.4.2, 8.5.2, 8.5.3, 8.5.4, 8.7; AS9100D—§8.4.2, 8.5.2, 8.5.3, 8.5.4, 8.7; ISO13485:2016—§7.4.3; 7.5.9; 7.5.10; 7.5.11; 8.3 ISO14001:2015—§8.1; and ISO/DIS45001—§8.1.

Activity 1 Receive and verify materials and components to ensure that:

All identifying items listed on documentation received from suppliers e.g. part or product number, lot number, revision match or correspond to the identifying items listed on GMN created purchasing documentation, and job ticket packages where applicable;

Product containers are reviewed for damage; Product, once verified and accepted, is positively identified to distinguish it

from other product that has not been verified and accepted; and Customer property is identified.

Activity 2 Store materials and components to ensure that:

Product is identified. The identification includes the acceptance status; relevant information needed (1) to distinguish the product from similar products, (2) to enable First In, First Out inventory management practices, and (3) to enable product recall and containment; and product expiration information, where applicable;

Product, regardless of where it is stored, is stored using methods that prevent product damage, deterioration, and contamination;

Storage methods include requirements for preserving product sensitive to environmental conditions and subject to a defined expiration period;

Storage methods also consider the prevention of safety incidents;* and Storage methods also consider the prevention of environmental

hazards.



2.5 Receiving and Inspection (continued)

Activity 3 Inspect materials and components to ensure that: Acceptance activities, including methods of inspection, testing, and

verification of requirements, occur at frequencies appropriate to a supplier’s performance history, product criticality, and counterfeit risk;

High counterfeit risk materials and components are inspected to detect signs of counterfeit activities;

Acceptance criteria, including critical or key characteristics are inspected; Sampling plans are based upon established statistical principles when used

to verify resource conformance; Product, once verified and accepted, is positively identified to distinguish it

from other product that has not been verified and accepted; Nonconforming product is identified, segregated and transferred to a

designated holding area or to Quality Assurance for disposition; The product is identified and traceable when released for production use

pending the completion of acceptance activities. The methods of identification unverified product to be recalled and contained, including product that has been incorporated or transformed into other products;

Part number and revision on the drawing and the job ticket match; Workstation instructions are identified; Applicable work instructions are readily available for use; Inspection and measuring devices, fixtures and aids, including customer

property are identified, obtained, and returned to are returned to their designated storage locations when no longer in use;



Evidence of product acceptance, and the completion of testing and inspection activities, is maintained;


Test data is evaluated when used to verify that product conforms to requirements, and validated when the product is a raw material and identified as a significant operational risk;

Any inspection, nonconforming, and/or customer supplier forms are completed;

Actions are taken to eliminate or reduce environmental hazards; and Actions are taken to eliminate or reduce safety hazards.*



2.6 Calibration

Requirement applicable to this process include: ISO9001:2015—§7.1.4; 7.1.5; AS9100D—§7.1.4; 7.1.5; ISO13485:2016—§7.6; ISO14001:2015—§9.1.1; and ISO/DIS45001—§9.1.1.

Activity 1 Obtain IMTE and calibration standards to ensure that:

Equipment and inspection stamps, including personally owned and customer supplied, needed to verify, validate or test for product or process conformity, and provide evidence of product acceptance, can be calibrated and traceable.

Activity 2 Evaluate IMTE to ensure that:

Equipment is suitable, based upon recommended usage, for the monitoring and measuring activities indicated or assigned;

Equipment calibration requirements, including method, frequency, environmental conditions, calibration standard, and calibration instructions are identified;

Equipment use requirements, including accuracy rations are identified; Equipment storage requirements, including methods to prevent damage and

deterioration and to safeguard from adjustment are identified; and Software applications used in monitoring and measuring equipment are

identified and validated.

Activity 3 Add IMTE and calibration standards to register to ensure that: Equipment, including type, unique identification, calibration status and

location of use are identified in the register; and Calibration frequency, method, and acceptance criteria are identified in the

register. Activity 4 Calibrate IMTE and calibration standards to ensure that:

IMTE calibration status is identifiable at the equipment’s point of use; IMTE identification methods enable the equipment to be recalled for

calibration; Calibration is carried out according to the equipment’s environmental

condition requirements; and Previous measuring results are reviewed for validity when IMTE is

determined to be out of tolerance, damage or unfit for purpose.



2.7 Internal Audits

Requirement applicable to this process include: ISO9001:2015—§9.2; AS9100D—§9.2; ISO13485:2016—§8.2.4; ISO14001:2015—§9.2; and ISO/DIS45001—§9.2.

Activity 1 Establish internal audit schedules to ensure that:

Each Division’s Quality Management Representative is responsible for planning and approving the audit schedule, including approving of changes. Changes to the audit schedule must be documented;

The audit schedule must be planned annually. Planning must ensure that the processes defined in this manual are audited once yearly, at minimum, to verify that the organization conforms to the requirements of this manual. Additional audits may also be planned at the discretion of the Divisional Quality Management Representative; and

As inputs to the planning process, planning must consider also the results of previous audits (e.g. nonconformances) and the outputs of performance reviews to determine whether these inputs have an effect upon audit frequency, scope, and objectives.

Activity 2 Prepare for audits to ensure that: Each Divisional Quality Management Representative is responsible for

ensuring that auditors are qualified and adequately trained to prepare, conduct, and report audits;

Qualification of auditors includes: o A GMN employee, unless an audit is prepared, or conducted, or reported

by an external service provider. If the organization elects to have audits performed and reported by an external service provider, then the Divisional Quality Management Representative is responsible for communicating the applicable requirements of this document to that provider, also must also ensure that the requirements of this manual are satisfied;

o Completion of formal, classroom-based internal audit training. Training may be provided internally or externally; and

o Additional competencies determined by the Divisional Quality Management Representative.

Auditors cannot audit their own work and must be independent of those responsible for the activity or process being audited; and

Preparing for an audit includes the use of applicable audit tools.



2.7 Internal Audits (continued)

Activity 3 Conduct audits to ensure that: Audits must be conducted in the timeframe established by the audit schedule.

If audits cannot be performed per the schedule, then the schedule must be changed to reflect the new timeframe; and

Performance to objectives and process results/effectiveness are considered in determining overall BMS effectiveness.

Activity 4 Report audit results to ensure that:

The audit report must reference: {reference standard audit report form} o The auditor and the dates of the audit; o The process and areas audited; o The audit scope; o Criteria used to assess process conformity; o The persons interviewed; o Objective evidence, either observed or attached to the audit report; o Observations for improvement; and o Nonconformities, including any identifiers needed to demonstrate

traceability to corrective actions. The audit results must be communicated to relevant managers in a timely

manner upon completion of the audit. This communication must include any observations for improvement, nonconformities, and overall conclusions; and

Nonconformities are communicated to the Divisional Quality Management Representative in a timely manner.

Activity 5 Close audits to ensure that:

The audit report must include the report and any attachments, including objective evidence, notes, checklists, or other tools used to assess conformity.

Activity 6 Initiate corrective action to ensure that:

Corrective actions are initiated in a timely manner to address any nonconformities;

The effect of nonconformities is contained and immediately corrected; Root causes of nonconformities are determined, including those related to

human factors; The existence of similar nonconformities is considered; Action is taken to eliminate root causes and prevent recurrence; The effectiveness of corrective actions is verified; Actions are flowed down to external providers e.g. suppliers when it is

determined that the supplier is responsible for the nonconformity; Actions are taken when timely and effective corrective actions are not

achieved; Audits associated with corrective actions will remain open until corrective

actions have been verified as effective; and Audits must be closed in a timely manner once corrective actions have been

verified as effective.



2.8 Management Planning and Review

Requirement applicable to this process include: ISO9001:2015—§4, 5, 6, 7.1.1, 7.1.2, 7.1.3, 7.4, 9.1, 9.3, 10; AS9100D—§4, 5, 6, 7.1.1, 7.1.2, 7.1.3, 7.4, 9.1, 9.3, 10; ISO13485:2016—§4.1, 4.2, 5, 6.1, 6.2, 6.3 8.1, 8.2.1, 8.2.5, 8.4, 8.5; ISO14001:2015—§4, 5, 6, 7.1, 7.4, 9.1, 9.3, 10; and ISO/DIS45001—§4, 5, 6, 7.1, 7.4, 9.1, 9.3, 10.

Activity 1 Develop and implement strategic plans to ensure that:

The needs and requirements of interested parties is incorporated into the BMS;

Customer and/or regulatory requirements, including environmental compliance obligations and safety compliance obligations* are incorporated into the BMS;

Product conformity and on time delivery are monitored and measured. Sales and profit are monitored and measured. Environmental impact is monitored and measured. Employee safety is monitored and measured. Customer satisfaction is monitored and measured. Risks and opportunities to the achievement of strategic plans are identified

and evaluated, and actions to manage risks and exploit opportunities are determined, assigned and implemented.

Environmental aspects and corresponding hazards are identified and evaluated, and corresponding risks are managed;

Safety hazards are identified and evaluated, and corresponding risks are managed;*

Responsibilities and authorities for BMS processes is identified; Criteria for determining BMS process effectiveness is determined. A work environment and company culture based upon improvement, using

the process approach and risk-based thinking, and focusing on customer needs is promoted throughout the organization; and

Resources are identified. BMS communications, including objectives and thresholds, the need to meet

customer requirements and conform to BMS requirements, and the need to contribute to product quality are distributed throughout the organization.

Responsibilities and accountabilities for BMS communications are determined and assigned.

Thresholds for objectives are established at each division.



2.8 Management Review and Planning (continued) Activity 2 Divisional review of overall BMS effectiveness to ensure that:

The status of actions from previous management reviews is determined; Division sales, product conformity, on time delivery, profit, environmental

impact and employee safety are measured and evaluated; BMS process results are evaluated. The results of internal and external audits are evaluated, including auditing

findings and associated corrective actions. The status and results of corrective actions are evaluated, including those

resulting from product and process nonconformities. Customer satisfaction and feedback are evaluated, including customer

complaints, corrective action requests, product conformity, and on time delivery;

Supplier product conformity and on time delivery are evaluated, including corrective actions associated with supplier nonconformities.

The status of compliance obligations is evaluated. Status and results of preventive actions are evaluated. The status and results of continuous improvement activities are evaluated. Reporting to regulatory authorties; Department performance is evaluated. Changes needed to the BMS are identified. Resources allocated to BMS processes are adequate. Actions taken to address risks to the achievement of performance objectives

are evaluated. Areas of improvement are identified.

Activity 3 Determine actions to ensure that:

New risks and opportunities identified during the evaluation of performance objectives and overall BMS effectiveness are managed.

Corrective action is initiated when performance to objectives is not or will not be achieved;

Corrective action is initiated as appropriate when the results of evaluation indicate that the BMS lacks effectiveness.

Changes needed to the BMS are evaluated based upon their effect of the proposed changes on other BMS process, available resources and changes in responsibilities and accountability.

Additional resources needed are identified. Areas of improvement are addressed and responsibilities and accountabilities

are assigned. Activity 4 Review the status of strategic plans and performance to objectives to ensure

that: Desired results were achieved, including improvement; and Changes to strategic plans are considered as needed.