Loading module
Resolving locale, route permissions, and workspace projection.
ISO 17020 GOVERNANCE CONSTRAINTS MAP
EX-QM-01-20.1 Quality Manual Analysis
Document Purpose:
This document defines the COMPLIANCE GUARDRAILS and CONTROL REQUIREMENTS that any inspection workflow (KES template) must apply.
Analysis Date: 2026-02-09
Source: EX-QM-01-20.1 Quality Management System Manual
A. GOVERNANCE CONSTRAINTS MAP
1. IMPARTIALITY & INDEPENDENCE CONSTRAINTS
1.1 Organizational Independence (Section 4.1)
| Constraint ID | Requirement | Control Point | Violation Action |
|--------------|-------------|-------------------|------------------|
| GC-IND-01 | Inspection body must be independent from interested parties | Pre-contract validation | Block contract initiation |
| GC-IND-02 | No commercial/financial pressure allowed on inspection results | Throughout workflow | Flag & escalate |
| GC-IND-03 | Inspector cannot inspect their own work/products | Inspector assignment | Block assignment |
| GC-IND-04 | Conflict of interest must be declared immediately | On assignment | Immediate reassignment |
| GC-IND-05 | No participation in design/production/supply of inspected object | Pre-contract validation | Block contract |
READ 2026-03-28T23:42:21.903Z
READ 2026-03-29T04:52:41.869Z
CORE STRICT SAFE DELETE AFTER RERUN REPORT
PUBLIC | DRAFT | v1.0.0
READ 2026-03-29T03:13:33.020Z
1.2 Relationship Restrictions (Section 4.1.7)
PROHIBITED RELATIONSHIPS:
- Inspector body directors = Client company founders
- Inspector personnel = Client personnel (family relations up to 2nd degree)
- Inspector organization = Partner in client organization
- Inspector organization = Direct/indirect controller of client
ACTION: Risk assessment must be performed before ANY assignment.
REFERENCE: Declaration form in Annex A (EX-QM/MP-01-20.1)
2. CONFIDENTIALITY CONSTRAINTS (Section 4.2)
| Constraint ID | Requirement | Affected Data | Control |
|--------------|-------------|---------------|-------------|
| GC-CONF-01 | All inspection information is confidential by default | Reports, observations, client data | System-level access control |
| GC-CONF-02 | Client must be informed before data disclosure | Any client data | Pre-disclosure notification |
| GC-CONF-03 | Legal/contractual disclosure is exception only | Reports to authorities | Log disclosure event |
| GC-CONF-04 | All personnel sign confidentiality obligations | All data | Employment contract requirement |
3. PERSONNEL & AUTHORIZATION CONSTRAINTS (Section 6.1)
3.1 Competence Requirements
| Role | Minimum Requirements | Authorization Process | Monitoring Frequency |
|------|---------------------|----------------------|---------------------|
| Inspector | Technical knowledge, professional judgment, training | Multi-stage (orientation supervised independent) | Continuous |
| Technical Manager | Inspection methods expertise, process control | Appointed by Director | Annual review |
| Quality Manager | QMS expertise, ISO 17020 knowledge | Appointed by Director | Annual review |
REFERENCE: EX-QM/MP-03-20.1 Personnel Management Procedure
3.2 Authorization Stages (Section 6.1.5)
- Orientation period - Familiarization
- Supervised work period - Under experienced inspector supervision
- Continuous learning - Technology and methods updates
CONSTRAINT: No inspector can perform unsupervised inspection until all stages completed.
3.3 Monitoring Requirements (Section 6.1.7)
METHODS (must use combination):
- On-site observation of work performance
- Report review with sufficient evidence
- Simulated inspection exercises
- Process monitoring (transparent to client)
4. EQUIPMENT & RESOURCES CONSTRAINTS (Section 6.2)
| Constraint ID | Requirement | Validation Frequency | Record |
|--------------|-------------|---------------------|--------|
| GC-EQP-01 | All equipment must be suitable for inspection scope | Pre-use | Equipment log |
| GC-EQP-02 | Equipment must be maintained in working condition | Continuous | Maintenance records |
| GC-EQP-03 | Measuring instruments must be calibrated | According to schedule | Calibration certificates |
| GC-EQP-04 | Equipment affecting results must be uniquely identified | At acquisition | Equipment registry |
REFERENCE: EX-QM/MP-04-20.1 Equipment and Devices Procedure
TRACEABILITY REQUIREMENT:
Calibrated equipment must have traceability to national/international measurement standards.
5. SUBCONTRACTING CONSTRAINTS (Section 6.3)
| Constraint ID | Requirement | When | Evidence |
|--------------|-------------|------|----------|
| GC-SUB-01 | Subcontractor must be competent and ISO compliant | Before subcontract | Competence proof |
| GC-SUB-02 | Client must be notified in advance | Before subcontract | Written notification |
| GC-SUB-03 | Inspection body remains responsible for subcontracted work | Throughout | Contractual liability |
| GC-SUB-04 | Preference for accredited subcontractors | Selection phase | Accreditation check |
6. INSPECTION OPERATIONS CONSTRAINTS (Section 7)
6.1 Methods & Procedures (Section 7.1)
| Constraint ID | Requirement | Control |
|--------------|-------------|-------------|
| GC-PROC-01 | Only documented procedures may be used | Pre-operations check |
| GC-PROC-02 | Only standard methods allowed (no non-standard) | Method selection |
| GC-PROC-03 | All documents must be current version | Version control |
| GC-PROC-04 | Third-party information must be verified for completeness | Data acceptance |
INSPECTION TYPES PERFORMED:
- Cost estimate inspection ( )
- Completed works inspection - Form N2 ( )
- Technical supervision - construction works ( )
MISSING: Specific operational procedures for each type (IP-layer documents).
6.2 Object Handling (Section 7.2)
- Identify inspection object
- Verify object is prepared for inspection
- Record any deviations
- Notify client if object unsuitable or doesn't match description
- Prevent damage to objects under inspection body control
6.3 Records Requirements (Section 7.3)
- Observations during inspection
- Data collected
- Photos/videos when necessary
- All records must be traceable to inspector who performed inspection
RETENTION: 4 years (electronic format acceptable)
7. REPORTING CONSTRAINTS (Section 7.4)
| Constraint ID | Requirement | Validation | Evidence |
|--------------|-------------|------------|----------|
| GC-REP-01 | All inspection work must be documented in report | Post-inspection | Inspection report |
| GC-REP-02 | Report format may vary by inspection type | Report generation | Format specification |
| GC-REP-03 | No corrections allowed in report | Post-issuance | Version control |
| GC-REP-04 | If changes needed, withdraw old & issue new report | Change request | Report registry |
| GC-REP-05 | Only authorized persons can sign reports | Signature | Authorization list |
| GC-REP-06 | Negative report issued if critical deficiencies found | Final review | Report with findings |
REFERENCE: EX-QM/MP-06-20.1 Inspection Reports Procedure
RE-INSPECTION RULE (Section 8.4.9):
- Re-submission allowed only for elements with critical deficiencies
- Supplementary report issued for re-inspected elements
- Original negative report remains in registry with annotation
8. COMPLAINTS & APPEALS CONSTRAINTS (Section 7.5-7.6)
| Constraint ID | Requirement | Process Owner | Resolution Time |
|--------------|-------------|---------------|-----------------|
| GC-COMP-01 | Documented complaint handling procedure required | Quality Manager | UNSPECIFIED |
| GC-COMP-02 | Complaint registered in registry journal | Administrative | Immediate |
| GC-COMP-03 | Complaint assigned to investigator | Director | UNSPECIFIED |
| GC-COMP-04 | Decision makers must NOT be involved in original inspection | Director | N/A |
| GC-COMP-05 | Formal closure notification to complainant | Responsible Officer | UNSPECIFIED |
| GC-COMP-06 | Complaints process must be publicly available | Quality Manager | N/A |
REFERENCE: EX-QM/MP-07-20.1 Complaints and Appeals Procedure
NON-DISCRIMINATION CONSTRAINT:
All decisions must be free from discriminatory character.
9. DOCUMENT CONTROL CONSTRAINTS (Section 8.3)
9.1 Document Management
| Constraint ID | Requirement | Responsible | Frequency |
|--------------|-------------|-------------|-----------|
| GC-DOC-01 | All controlled documents must be adequate, reviewed, updated | Quality Manager | As needed |
| GC-DOC-02 | Document changes must be identified | Quality Manager | Per change |
| GC-DOC-03 | Correct version must be available at point of use | Quality Manager | Continuous |
| GC-DOC-04 | Obsolete documents must be clearly identified if retained | Quality Manager | At obsolescence |
| GC-DOC-05 | Confidentiality of documentation must be protected | All personnel | Continuous |
REFERENCE: EX-QM/MP-12-20.1 Document Management Procedure
9.2 Document Hierarchy
LEVEL 1: Quality Policy
LEVEL 2: Quality Manual (this document)
LEVEL 3: Procedures, plans, standards
LEVEL 4: Other normative documents (orders, reports, forms, questionnaires, contracts)
9.3 Document Identification
- Unique numbering system
- Document name
- Electronic ID = File name
- Approval: Developed by Quality Manager Approved by Director
RETENTION: Obsolete documents retained for 4 years.
10. RECORD MANAGEMENT CONSTRAINTS (Section 8.4)
| Constraint ID | Requirement | Evidence Type | Retention |
|--------------|-------------|---------------|-----------|
| GC-REC-01 | Records system must be established | Inspection records, audit reports, analysis results | MANDATORY |
| GC-REC-02 | Records must be clear, precise, unambiguous | All records | N/A |
| GC-REC-03 | Records protected from unauthorized access/changes | All records | Continuous |
| GC-REC-04 | Records stored securely (physical or electronic) | All records | 4 years |
| GC-REC-05 | Inspection info confidential between body & client | Inspection records | 4 years |
| GC-REC-06 | Reports issued as single original (scanned copy stored) | Inspection reports | 4 years |
| GC-REC-07 | Negative report if critical deficiencies found | Inspection reports | 4 years |
| GC-REC-08 | Registry system required (electronic acceptable) | Registration journals | 4 years |
| GC-REC-09 | Disposal must protect client confidentiality (burn paper) | All confidential records | At disposal |
REFERENCE: EX-QM/MP-05-20.1 Records Management Procedure
11. MANAGEMENT REVIEW CONSTRAINTS (Section 8.5)
| Constraint ID | Requirement | Frequency | Participants |
|--------------|-------------|-----------|--------------|
| GC-REV-01 | Management review required | 12 months | Top management |
| GC-REV-02 | Review must assess conformity, adequacy, effectiveness | Annually | Top management |
| GC-REV-03 | Previous management review results must be considered | Annually | Top management |
- Internal & external audit results
- Customer/stakeholder feedback
- Preventive & corrective actions status
- Previous review outcomes
- Objectives achievement
- Changes affecting management system
- Complaints & appeals
- Management system effectiveness improvements
- Inspection body activity improvements related to standard
- Required resources
REFERENCE: EX-QM/MP-09-20.1 Management Review Procedure
12. INTERNAL AUDIT CONSTRAINTS (Section 8.6)
| Constraint ID | Requirement | Frequency | Scope |
|--------------|-------------|-----------|-------|
| GC-AUD-01 | Internal audit procedure required | MANDATORY | ISO 17020 compliance |
| GC-AUD-02 | Audit must be conducted periodically | At least annually | All ISO 17020 clauses |
| GC-AUD-03 | Previous audit results must be considered | Per audit | Historical data |
| GC-AUD-04 | Auditors must be qualified | Per audit | ISO 17020 trained |
| GC-AUD-05 | Auditors cannot audit their own work | Per audit | Independence |
| GC-AUD-06 | Personnel must be informed of results | Post-audit | All staff |
| GC-AUD-07 | Actions must be timely and appropriate | Post-audit | Findings |
| GC-AUD-08 | Audit results must be documented | Post-audit | Audit records |
REFERENCE: EX-QM/MP-10-20.1 Internal Audit Procedure
13. CORRECTIVE ACTIONS CONSTRAINTS (Section 8.7)
| Constraint ID | Requirement | Trigger | Process |
|--------------|-------------|---------|---------|
| GC-COR-01 | Corrective action procedure required | Nonconformity detected | Documented process |
| GC-COR-02 | Measures to eliminate nonconformity recurrence | Nonconformity | Root cause elimination |
| GC-COR-03 | Actions must be timely implemented | Action plan | Defined timeline |
| GC-COR-04 | Results must be documented | Action completion | Records |
| GC-COR-05 | Effectiveness must be reviewed | Post-implementation | Verification |
- Identify nonconformities
- Determine causes
- Correct nonconformities
- Take measures to prevent recurrence
- Implement timely
- Document results
- Review effectiveness
REFERENCE: EX-QM/MP-11-20.1 Corrective and Preventive Actions Procedure
14. PREVENTIVE ACTIONS CONSTRAINTS (Section 8.8)
| Constraint ID | Requirement | Trigger | Process |
|--------------|-------------|---------|---------|
| GC-PRE-01 | Preventive action procedure required | Potential nonconformity | Documented process |
| GC-PRE-02 | Actions appropriate to potential problems | Risk assessment | Proportional response |
| GC-PRE-03 | Results must be documented | Action completion | Records |
| GC-PRE-04 | Effectiveness must be analyzed | Post-implementation | Verification |
- Identify potential nonconformities and causes
- Conduct measures to eliminate nonconformity
- Implement timely
- Document results
- Analyze effectiveness
REFERENCE: EX-QM/MP-11-20.1 Corrective and Preventive Actions Procedure
B. MANDATORY COMPLIANCE REQUIREMENTS
B.1 Human Decision Points (Cannot Be Automated)
| Decision Point | Decision Maker | Context | Constraints |
|---------------|---------------|---------|-------------|
| Conflict of interest declaration | Any personnel | Assignment | Must declare immediately |
| Subcontractor selection | Inspection Body Head | Need for subcontracting | Must verify competence |
| Inspector assignment | Technical Manager | New inspection request | Check competence, independence |
| Inspection readiness | Inspector | Pre-inspection | Object must be prepared |
| Nonconformity significance | Inspector | During inspection | Professional judgment |
| Report approval | Technical Manager | Report finalization | Technical review |
| Report signature | Authorized persons only | Report issuance | Authorization list |
| Complaint investigation | Appointed investigator | Complaint received | Independence from original work |
| Corrective action approval | Inspection Body Head | After investigation | Effectiveness assessment |
B.2 Required Approvals (Role-Based)
| Action | Approver | Alternative Approver | Veto Authority |
|--------|----------|---------------------|----------------|
| Quality Manual approval | Director | N/A | N/A |
| Procedure approval | Director | N/A | N/A |
| Inspector authorization | Technical Manager + IB Head | N/A | Director |
| Report signature | Technical Manager | Authorized Inspector | N/A |
| Contract initiation | Inspection Body Head | N/A | Director |
| Subcontract approval | Inspection Body Head | N/A | Director |
| Complaint resolution | Director | N/A | N/A |
IB Head: Inspection Body Head
B.3 Prohibited Actions
| Prohibition ID | Action | Context | Penalty |
|---------------|--------|---------|---------|
| PROH-01 | Inspector inspecting own work | Any inspection | Immediate disqualification |
| PROH-02 | Non-authorized person signing report | Report issuance | Report invalid |
| PROH-03 | Using non-standard methods | Inspection operations | Non-compliance |
| PROH-04 | Correcting issued report | Post-issuance | Must withdraw & reissue |
| PROH-05 | Disclosing confidential info without authorization | Any time | Legal liability |
| PROH-06 | Commercial pressure on inspection results | Any time | Accreditation risk |
| PROH-07 | Auditor auditing own work | Internal audit | Audit invalid |
| PROH-08 | Using obsolete documents | Any time | Non-compliance |
C. MISSING OPERATIONAL PROCEDURES (IP-LAYER)
C.1 Critical Missing Documents
The Quality Manual (QM) references but does NOT contain operational workflows.
These must be authored as separate IP (Inspection Procedure) documents:
| Missing Document ID | Title | Purpose | Referenced In |
|-------------------|-------|---------|---------------|
| EX-IP-01 | Cost Estimate Inspection Procedure | Step-by-step workflow for cost estimate inspection | Section 7.1.1 |
| EX-IP-02 | Completed Works Inspection Procedure (Form N2) | Step-by-step workflow for Form N2 inspection | Section 7.1.1 |
| EX-IP-03 | Technical Supervision Procedure | Step-by-step workflow for construction supervision | Section 7.1.1 |
C.2 Supporting Procedures (Referenced but May Exist)
| Procedure Code | Title | Status | Purpose |
|---------------|-------|--------|---------|
| EX-QM/MP-01-20.1 | Impartiality and Independence | UNKNOWN | Declaration form, conflict checks |
| EX-QM/MP-03-20.1 | Personnel Management | UNKNOWN | Competence, training, authorization |
| EX-QM/MP-04-20.1 | Equipment and Devices | UNKNOWN | Equipment management, calibration |
| EX-QM/MP-05-20.1 | Records Management | UNKNOWN | Record creation, storage, disposal |
| EX-QM/MP-06-20.1 | Inspection Reports | UNKNOWN | Report structure, content, issuance |
| EX-QM/MP-07-20.1 | Complaints and Appeals | UNKNOWN | Complaint handling workflow |
| EX-QM/MP-08-20.1 | Risk Management | UNKNOWN | Risk identification, mitigation |
| EX-QM/MP-09-20.1 | Management Review | UNKNOWN | Review process, inputs, outputs |
| EX-QM/MP-10-20.1 | Internal Audit | UNKNOWN | Audit planning, conduct, reporting |
| EX-QM/MP-11-20.1 | Corrective and Preventive Actions | UNKNOWN | Nonconformity handling |
| EX-QM/MP-12-20.1 | Document Management | UNKNOWN | Document control, version management |
D. CONSTRAINT INTEGRATION INTO KES TEMPLATES
D.1 State Machine Constraints
Any KES template for inspection workflows MUST:
- Check role authorization before state transition
- Apply role-based action restrictions
- Log all role assignments
- Mandate evidence at each state
- Apply evidence retention (4 years)
- Ensure evidence traceability to personnel
- Technical Manager approval before report issuance
- Director approval for contracts
- Authorized signature validation
- Block inspector assignment if conflict exists
- Require conflict declaration
- Log independence verification
- Log all state transitions
- Record decision maker
- Timestamp all actions
- Retain for 4 years
- No edits allowed post-issuance
- Withdrawal creates new version
- Original report retained in registry
D.2 Governance Events (Must Be Logged)
| Event Type | Trigger | Required Fields | Retention |
|-----------|---------|-----------------|-----------|
| CONFLICT_DECLARED | Inspector assignment | Personnel ID, Reason, Date | 4 years |
| INSPECTOR_AUTHORIZED | Training completion | Inspector ID, Authorization Level, Date | Permanent |
| REPORT_ISSUED | Report finalization | Report ID, Inspector, Manager, Date | 4 years |
| REPORT_WITHDRAWN | Report change request | Report ID, Reason, Date | 4 years |
| COMPLAINT_RECEIVED | Client submission | Complaint ID, Client, Date | 4 years |
| CORRECTIVE_ACTION | Nonconformity found | Action ID, Finding, Date | 4 years |
| AUDIT_PERFORMED | Scheduled audit | Audit ID, Scope, Findings, Date | 4 years |
| SUBCONTRACT_APPROVED | Subcontracting need | Subcontractor, Scope, Date | 4 years |
E. CONSTRAINT VALIDATION RULES
E.1 Pre-Operations Validation
Before ANY inspection can start:
- [ ] Contract exists and is signed
- [ ] Client independence verified
- [ ] Inspector authorized and available
- [ ] No conflict of interest declared
- [ ] Equipment calibrated (if applicable)
- [ ] Documented procedure exists
- [ ] Insurance valid
E.2 Operations Validation
- [ ] Only authorized inspector on site
- [ ] Current procedures used
- [ ] Observations recorded in real-time
- [ ] Photos/evidence captured with metadata
- [ ] Deviations logged and reported to client
- [ ] Safety requirements followed
E.3 Post-Operations Validation
- [ ] All evidence attached
- [ ] Technical Manager review completed
- [ ] Report signed by authorized person
- [ ] Negative report issued if critical deficiencies
- [ ] Report registered in journal
- [ ] Client notified
F. NEXT STEPS: OPERATIONAL PROCEDURE AUTHORING
F.1 Required Actions
To complete the governance-to-operations integration:
- Author Missing IP Documents:
- EX-IP-01: Cost Estimate Inspection Procedure
- EX-IP-02: Completed Works Inspection (Form N2)
- EX-IP-03: Technical Supervision Procedure
- Extract workflow states from IP documents
- Map to KES template structure
- Embed governance constraints at each state
- Map each state to required evidence
- Define evidence validation rules
- Link to governance constraints
- Map roles to allowed actions per state
- Embed authorization checks
- Link to personnel management procedure
G. SUMMARY
What This Document IS:
A compliance guardrail system
A constraint layer for KES templates
A governance requirements map
An audit checklist
What This Document IS NOT:
An operational workflow
A step-by-step inspection guide
A state machine definition
A KES template
Critical Insight:
The Quality Manual defines the "rules of the game."
The missing IP documents define "how to play the game."
KES templates encode both into executable workflows.
END OF GOVERNANCE CONSTRAINTS MAP