Hi all, need help

"define the controls for disposition of records" as stated in the Standard ISO 9001:2000, does it mean explicitly that you need to also describe HOW records are being disposed of ???

e.g by shredding, reuse as recycled paper, etc which are some common mode of disposition.

All comments are most welcome !

:frust: ::confused:

We have defined that requirement to mean, "Define when records will/can be disposed." Just because you have already defined "retention" times, does not automatically mean that records will be disposed at the end of those retention times. We in-fact intend on keeping some records for as long as possible, but at a minimum for the period identified as the retention time.

Our doc. control procedure states via a table which records must be retained, by whom, and for how long. Once the required retention time is past, we can either continue to keep them if we want or dispose of them in any way we see fit. I never said exactly HOW we dould dispose of them but I think this could be an issue for some companies who deal with confidential info. like medical records, credit card numbers, etc. If there is a concern such as this I would define which particular records may need to be disposed-of in "secure ways" in my procedure. JMO.

Doesn't seem unreasonable. Since about 98% of our stuff is electronic it is kept 7 years (magnetic tape life) and then written over.
Does shredding mean we have to supply Enron training???

zhugxian said:

Hi all, need help

"define the controls for disposition of records" as stated in the Standard ISO 9001:2000, does it mean explicitly that you need to also describe HOW records are being disposed of ???
---X---


I'm following the crowd here. We often keep records longer than the minimum time stated in our procedures. And no, we do not specify the method to be used for killing them when that time comes.

/Claes

We use a table, in the disposition column we put either "to suit" or "safeguard". At the end of the table we include the definitions.

To suit - Documents can be recycled or thrown in the trash. No security measures required.

Safeguard - Documents must be unreadable when they are discarded. Examples: shredding or burning

Although we/I still need to update our doc control procedure for our 2000 upgrade, we also have a chart of when things CAN be disposed of.

As far as I can tell we've NEVER thrown any quality records away.
I found some that are about 10 years old, back when our company had never even thought about ISO.

Accounting records (in the US) have certain legal requirements for retention. Our accouting department attempts to dispose of them within the first few months of every new year. (Its a dirty/dusty job).

In my opinion (and no one asked for it, but I'll throw in my 2 cents anyway), disposition and disposal are two completely different meanings. We're all interpreting those two words as our registrar interprets it. Not right. The ISO people should clarify it. Disposition may include disposal but disposition does not mean that we HAVE to dispose of records. Disposition (to me) means that we have to decide what to do with the records at some point in the process or system or time.

Arguements? :argue:
Lee

I got hit with this on an audit years ago. I added to our record retention procedure a statement to the effect of "all records may be disposed of in the most efficient manner, such as simply throwing in the trash or deleting of electronic records, unless specifically stated otherwise in record retention guidelines". I had a table showing all of the records, their retention times, responsibility, etc. For anything sensitive I just added "Shred" to the comments field. Truthfully probably a good idea due to the sensitive nature of some documents.

I can't believe that you got hit with that because there is nothing in ISO saying that you must define how disposal is accomplished. In fact, there is nothing mentioning "disposal". That is why I am challenging it. Disposition is mentioned and required but that is an ambiguous term that could mean a lot of things....including disposal. I cannot see in writing where "disposal" is a direct requirment in ISO 9K2K.
Lee

I don't remember all of the details or have my standard in front of me, but disposition is the term that was referenced. I believe at the time I did do a synonym check, which I just did again at dictionary.com, and disposal is a synonym of disposition.

I don't know if defining the method of disposal was intended by ISO, but I did not disagree that it would be a good idea to specifically state which ultra sensitive documents had to be shredded, special hard drive wipe (I believe there is a DOD standard for this), etc.

:truce: :truce: :truce:
disposal/disposition...I surrender.
Lee

One company I worked for had a contract that required some records be maintained in active files for 5 years then in archive files for another 5 years. After the 10 year period the records were to be destroyed.

This would be record disposition (active for 5, archive for 5) and disposal (destroyed).

I have seen some contracts that require specific methods of disposal (shred, burn, magnetically scramble).

I would think that a record retention process that stated "the record will be maintained as an active file in x location for x time period then destroyed" should be sufficient. JMHO.

We have defined that requirement to mean, "Define when records will/can be disposed." Just because you have already defined "retention" times, does not automatically mean that records will be disposed at the end of those retention times. We in-fact intend on keeping some records for as long as possible, but at a minimum for the period identified as the retention time.
I think this would be the best way to avoid this question, if your auditor allows. I have been questioned as to "how" they are disposed and proof that it was destroyed. I think the will/can approach is a great idea.

Everyone needs to read Wes Bucey's reply in the topic/thread "4.2.4 Control of Records....". I'd put the link here but I don't know how. Open up your minds when reading his response. He could not have put it any better/clearer. Don't let your auditors tell you that you HAVE to "dispose" - the choice is up to you, er, the "disposition" is up to you.
Thanks,
Lee

http://elsmar.com/Forums/showthread.php?t=11473

We have defined the retention times of the documents but does not specifiy how to how to dispose of like shred etc. No its not the ISO 9001 requirement.
Like big companies the documents could be cumbersome & need to be disposed of once the retention period is over.

I'd put the link here but I don't know how.If you use MS Explorer, all you need to do is to go to the forum thread list, mark and copy the thread title (which contains a link to the thread) in question, and paste it into your reply. The link will follow the text and function from your reply as well.

P.s. I habitually have at least two browser windows open when I visit the Cove: One for reading and replying to posts, and one for searching and copying stuff to past into my replys.

/Claes