SBS - The Best Value in QMS software

Control of email (and other electronic media) as Records - 4.2.4

#1
All,
As a company, we identify email (and other electronic media) as records.
Unfortunately, our Master Record List didn't. Minor n/c from our registrar auditor...no biggie. Easy enough to correct.
What I am struggling with is retention period. Our email server is via Office 365. All users 'manage' their own email accounts and we allow them the freedom to keep or delete as needed. As a general rule, for liability purposes, we don't want to keep records too long. But we don't want to restrict and have to police 100 email accounts.
Has/does anyone else face this issue? And how are you managing?
Thanks,

Mike C
 
Elsmar Forum Sponsor

hogheavenfarm

Quite Involved in Discussions
#2
Re: 4.2.4 - Control of Records-emails

We use a passport drive on each desktop, strictly for email backup. Active email is controlled thru ACT software. For Office outlook, the pst backup simply goes to the passport drive. There really should not be a retention problem as far as space goes, nor any extra work involved. To purposefully limit retention would actually require a bit more effort.
 
J

JodiB

#3
Just like with all electronic records, emails are part of the network backup program. Anything that has ever come in or out of email has been recorded. A user might delete emails from their .pst, but they are still there in the backup files where they can be retrieved if necessary.
 
#4
Jodi,
We are using Microsoft Office 365 and they are our email server. If we delete an email, it remains in the Recycle Bin. If we empty the Recycle Bin, the MSO 365 server retains them for 31 days and then they are gone permanently.
As MSO 365 is somewhat new, I wonder who else is using it and how they manage it.
Thanks!!!
 

normzone

Trusted Information Resource
#5
An interesting problem. I've always just dealt with it in manners similar to [hogheavenfarm] and [JodiB].

Can the MSO 365 server setting be tweaked by a knowledgeable person to either extend the retention time or dump the contents to a known archive location?
 
#6
Yes...it is.
I am sure we can have our 'settings' adjusted on the server. But those are emails already disposed of.
I don't want to mandate a cumbersome policy within my organization that people won't follow and I don't want to open ourselves to unnecessary scrutiny by retaining things we don't need to retain...certainly a pickle...
 

Mark Meer

Trusted Information Resource
#7
Because of the "4.2.4" in the thread title, I'm assuming this relates to ISO quality system requirements?

As such, I'd suggest that the question to ask yourself is: what emails are quality system records? Most email traffic, I would imagine, is probably outside this scope.

Examples of emails that would constitute quality system records might be any correspondences regarding:
- Feedback & complaints (i.e. correspondences to/from customers)
- Orders & distribution
- Regulatory correspondences to do with post-market vigilance
- Any decisions or data not otherwise documented via established process data-collection methods (e.g. forms)
 

Mark Meer

Trusted Information Resource
#8
Previously, we had a system like you describe (individuals maintain their own emails, and the whole system is subject to regular backups).

But in a recent audit, we realized how much of a nightmare this can become if you need to dig up a particular email record in a timely manner. As such, we are now planning a repository of "quality system emails", and when emails are sent/received that meet the definition of a quality system record, they are exported to PDF and dumped in the repository.

This has the advantage that:
a) the emails relevant to the quality system are separated from the others; qnd
b) the emails (as records) are available to all individuals in the department.
 
P

PaulJSmith

#9
We use GoldMine CRM software. Any relevant emails are imported into it for retention. The rest are either archived with server backups or deleted at user discretion.

The problem with "the cloud" is that you really have no direct control of your files. There's no reason you can't back them up, as suggested above, and keep them in-house. Email files take up very little room on a drive (depending on any attachments, of course).
 
#10
Mark,
Thanks...
We have ID'ed email and other electronic media as records, so the horse is already out of the barn. Yes we can change it, but then/c is already written...
 
Thread starter Similar threads Forum Replies Date
A Document Control: Controlling Electronic Email (E-mail) Document Control Systems, Procedures, Forms and Templates 7
T How to Handle Email Document Control Document Control Systems, Procedures, Forms and Templates 2
D GAMP CAT 5 Change Control Qualification and Validation (including 21 CFR Part 11) 9
D Use Error Risk Controls and Control Verification ISO 14971 - Medical Device Risk Management 5
S Maintenence related action in Control plan FMEA and Control Plans 3
M ISO 13485 and document control for programs ISO 13485:2016 - Medical Device Quality Management Systems 6
R Control Methods in Control Plan FMEA and Control Plans 4
M Design Control - Management of Electronic CAD files Design and Development of Products and Processes 11
S TSCA (Toxic Substances Control Act) PIP 3:1 RoHS, REACH, ELV, IMDS and Restricted Substances 0
S Use of Attributes Control Charts Statistical Analysis Tools, Techniques and SPC 1
U Appraiser Out of Control Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 5
L Looking for Control Plan and FMEA Stamping process FMEA and Control Plans 2
Z AS9100 Control of Nonconforming Outputs - Rework Dispositions AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
K ASME, ANSI, ASTM and similar specifications and their requirements for document control. Inspection, Prints (Drawings), Testing, Sampling and Related Topics 8
Z Software for design control ISO 13485:2016 - Medical Device Quality Management Systems 5
K Quality Control/Assurance in the Metal Industry Quality Tools, Improvement and Analysis 10
K Defining risk control measures IEC 62304 - Medical Device Software Life Cycle Processes 14
J Warehouse temperature and humidity control EU Medical Device Regulations 7
Jimmy123 IATF16949 Control Plan FMEA and Control Plans 1
D Control Number for Class III and IV devices Canada Medical Device Regulations 1
J Document Control Metrics Document Control Systems, Procedures, Forms and Templates 3
I Document Control Software Document Control Systems, Procedures, Forms and Templates 2
T Controlling Expandable Forms in Paper-Based Document Control System Document Control Systems, Procedures, Forms and Templates 10
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6
C UDI Questions on Control Units Other US Medical Device Regulations 6
A Quality Control Datasheets Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2
M Control-self assessment Internal Auditing 5
GreatNate Master Control QMS software Quality Tools, Improvement and Analysis 1
A Prototype control plan FMEA and Control Plans 2
J Records Control - Does each individual record need to be numbered? Records and Data - Quality, Legal and Other Evidence 2
shimonv Document Control Procedure Header Content Document Control Systems, Procedures, Forms and Templates 4
W FMEA - Current control and occurrence rating FMEA and Control Plans 3
S Which department should prepare the control plan? could you show me a standard regarding to this matter. FMEA and Control Plans 17
G Control Plan & PFMEA Review Procedure? FMEA and Control Plans 8
N What are the software audit and control steps Reliability Analysis - Predictions, Testing and Standards 2
A Fabric roll inspection - What type of Control Chart to use? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 2
C Monitoring and Control Instruments RoHS, REACH, ELV, IMDS and Restricted Substances 3
M ISO14971:2019 - Verification of implementation and effectiveness of risk control ISO 14971 - Medical Device Risk Management 3
T Risks arising from control measures vs. ineffective control measures ISO 14971 - Medical Device Risk Management 11
J Need Change Control Yes/No Decision Tree Template ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 1
P IQ, OQ, PQ protocol, and report templates for Distributed Control Systems in Pharmaceutical Manufacturing Systems. Qualification and Validation (including 21 CFR Part 11) 0
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 6
T Linking Control Plans and PFMEA's FMEA and Control Plans 3
L How to add exemption or statement to control of document procedure? ISO 13485:2016 - Medical Device Quality Management Systems 5
T PFMEA and Control Plans on legacy product FMEA and Control Plans 5
P IATF 16949 requirement - error-proofing in control plan IATF 16949 - Automotive Quality Systems Standard 3
C 8.5.1.1 Control of Equipment, Tools, and Software Programs - Questions about the extent of control of NC programs AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
Q Version/Revision Control of CAD files Document Control Systems, Procedures, Forms and Templates 2
earl62 What is the best way to control special characteristics in Control plan? Is it Mandatory to have SPC for IATF 16949? IATF 16949 - Automotive Quality Systems Standard 12
I Control Plan (Product/Process specification/ Tolerance) acceptance FMEA and Control Plans 27

Similar threads

Top Bottom