The Elsmar Cove Wiki More Free Files The Elsmar Cove Forums Discussion Thread Index Post Attachments Listing Failure Modes Services and Solutions to Problems Elsmar cove Forums Main Page Elsmar Cove Home Page
Google
  Web Elsmar.com
*Please be aware that SOME RECENT forum threads may not yet be indexed by Google.
PDA

View Full Version : Access to records - Defining who has access to what

dbulak
20th June 2001, 02:28 PM
I am looking for information (terminology) on how to handle who specifically has access to certain records. For example, certain people have access to some records and some have access to all records. Does this have to be specifically spelled out or are there "general" statements that can be made?

Any help would be appeciated.
Jim Biz
20th June 2001, 04:34 PM
We use a matrix sheet with the headings
Element/Record number/custodian/indexed by/ accessed by/ stored in (location)/ retained time - legnth / disposition.

The wording in 9000:2000 section 4.2.4 "who has access - but it does state the procedure shahll "define controls needed".

Hope this helps
Regards
Jim
E Wall
21st June 2001, 10:28 AM
Originally posted by Jim Biz:
The wording in 9000:2000 section 4.2.4 "who has access - but it does state the procedure shahll "define controls needed".

Now I'm confused. In Section 4.2.4 of 9001:2000 I do not find any wording or reference regarding 'who has access'.

Unless your management locks you into defining such (and I'd have to ask what benefit would there be?) I would get rid of it.

We also keep a database of what records are kept, as well as identifying who is responsible for collection/retension of these documents. I would be happy to offer a copy of our work instruction. I have no plans of modifying it for 2000 revision.

Using the Auditor Checklist received from our Registrar these are the questions they will be looking for answers on:

1) Have records been established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system?
and,
2) Has a documented procedure been established to define the following controls needed?
a. identification?
b. storage?
c. retrieval?
d. protection?
e. retention time?
f. Disposition?

If there is something I am missing please let me know :eek: , I'd hate to be caught unaware.
Jim Biz
21st June 2001, 12:12 PM
Sorry for the confusion

9001:2000 Does NOT specifically state “Who has access” just that they be controlled
However, implement guide 9004 pg. 3 under 4.2 says Access to docs “Should” be ensured………. based on
Communication policy.

We took a minor hit – on this issue under 1994 version because we had not included “Accessed by.”
In our procedure and had not identified “Who had responsibility for release of doc/data information to customers. (In 4.16 and in 4.11)

Regards
Jim