Control of email (and other electronic media) as Records - 4.2.4

#1
All,
As a company, we identify email (and other electronic media) as records.
Unfortunately, our Master Record List didn't. Minor n/c from our registrar auditor...no biggie. Easy enough to correct.
What I am struggling with is retention period. Our email server is via Office 365. All users 'manage' their own email accounts and we allow them the freedom to keep or delete as needed. As a general rule, for liability purposes, we don't want to keep records too long. But we don't want to restrict and have to police 100 email accounts.
Has/does anyone else face this issue? And how are you managing?
Thanks,

Mike C
 
Elsmar Forum Sponsor
#2
Re: 4.2.4 - Control of Records-emails

We use a passport drive on each desktop, strictly for email backup. Active email is controlled thru ACT software. For Office outlook, the pst backup simply goes to the passport drive. There really should not be a retention problem as far as space goes, nor any extra work involved. To purposefully limit retention would actually require a bit more effort.
 
J

JodiB

#3
Just like with all electronic records, emails are part of the network backup program. Anything that has ever come in or out of email has been recorded. A user might delete emails from their .pst, but they are still there in the backup files where they can be retrieved if necessary.
 
#4
Jodi,
We are using Microsoft Office 365 and they are our email server. If we delete an email, it remains in the Recycle Bin. If we empty the Recycle Bin, the MSO 365 server retains them for 31 days and then they are gone permanently.
As MSO 365 is somewhat new, I wonder who else is using it and how they manage it.
Thanks!!!
 

normzone

Trusted Information Resource
#5
An interesting problem. I've always just dealt with it in manners similar to [hogheavenfarm] and [JodiB].

Can the MSO 365 server setting be tweaked by a knowledgeable person to either extend the retention time or dump the contents to a known archive location?
 
#6
Yes...it is.
I am sure we can have our 'settings' adjusted on the server. But those are emails already disposed of.
I don't want to mandate a cumbersome policy within my organization that people won't follow and I don't want to open ourselves to unnecessary scrutiny by retaining things we don't need to retain...certainly a pickle...
 

Mark Meer

Trusted Information Resource
#7
Because of the "4.2.4" in the thread title, I'm assuming this relates to ISO quality system requirements?

As such, I'd suggest that the question to ask yourself is: what emails are quality system records? Most email traffic, I would imagine, is probably outside this scope.

Examples of emails that would constitute quality system records might be any correspondences regarding:
- Feedback & complaints (i.e. correspondences to/from customers)
- Orders & distribution
- Regulatory correspondences to do with post-market vigilance
- Any decisions or data not otherwise documented via established process data-collection methods (e.g. forms)
 

Mark Meer

Trusted Information Resource
#8
Previously, we had a system like you describe (individuals maintain their own emails, and the whole system is subject to regular backups).

But in a recent audit, we realized how much of a nightmare this can become if you need to dig up a particular email record in a timely manner. As such, we are now planning a repository of "quality system emails", and when emails are sent/received that meet the definition of a quality system record, they are exported to PDF and dumped in the repository.

This has the advantage that:
a) the emails relevant to the quality system are separated from the others; qnd
b) the emails (as records) are available to all individuals in the department.
 
P

PaulJSmith

#9
We use GoldMine CRM software. Any relevant emails are imported into it for retention. The rest are either archived with server backups or deleted at user discretion.

The problem with "the cloud" is that you really have no direct control of your files. There's no reason you can't back them up, as suggested above, and keep them in-house. Email files take up very little room on a drive (depending on any attachments, of course).
 
#10
Mark,
Thanks...
We have ID'ed email and other electronic media as records, so the horse is already out of the barn. Yes we can change it, but then/c is already written...
 
Thread starter Similar threads Forum Replies Date
A Document Control: Controlling Electronic Email (E-mail) Document Control Systems, Procedures, Forms and Templates 7
T How to Handle Email Document Control Document Control Systems, Procedures, Forms and Templates 2
S Linking control chart with control plan Statistical Analysis Tools, Techniques and SPC 5
T IEC 62304 : Risk control for SaMD IEC 62304 - Medical Device Software Life Cycle Processes 8
N Change Control for processes & products Manufacturing and Related Processes 6
Q Change Control Numbering system Document Control Systems, Procedures, Forms and Templates 6
S Operation of possible rework in control plan FMEA and Control Plans 8
K MHLW MO169 2021 Japan Ministerial Ordinance on Standards for Manufacturing Control and Quality Control for Medical Devices and In-Vitro Diagnostics Japan Medical Device Regulations 2
D Using electronic lab notebooks in the design control process ISO 13485:2016 - Medical Device Quality Management Systems 3
M Process & Product Characteristic in Control Plan FMEA and Control Plans 17
D How to calculate the A4 constants in Median/Range control charts? Statistical Analysis Tools, Techniques and SPC 2
Nihls Quality Control (stability) Chart for CMM's - How the control limits are to be calculated Capability, Accuracy and Stability - Processes, Machines, etc. 2
M Change control on Tracking Sheet ISO 13485:2016 - Medical Device Quality Management Systems 11
K COPLANARITY: Composite profile tolerance on multiple surfaces- what does" lower dimensional reference frame tolerance" control? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 11
M Medical Device Marketing Material - Control of Social Media 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
M Does 4.5 - Alternative RISK CONTROL apply to the Particular Standards? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
H Control of Change i.e. process and WI IATF 16949 - Automotive Quality Systems Standard 9
Sonja D AIAG VDA PFMEA and Control Plan training FMEA and Control Plans 6
F Quality Control in Electrical Calibration ISO 17025 related Discussions 0
Z Why Control Limits are not the same depending on type of exclusion of data points Using Minitab Software 7
D Engineering Change order vs. Change Control ISO 13485:2016 - Medical Device Quality Management Systems 3
D Computer access, password control ISO 13485:2016 - Medical Device Quality Management Systems 6
A How to control distribution list? Document Control Systems, Procedures, Forms and Templates 2
A Control plan for IATF - example? FMEA and Control Plans 1
J ISO 9001:2015 Clause 8.5.1 Control of Production and service provision - Help with Work Instruction Access ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 13
A Final quality control corrective actions ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
J Training on the importance of Document Control Document Control Systems, Procedures, Forms and Templates 3
G How to implement H&S and Quality Control Requirements in Contract for Potential Supplier? Contract Review Process 6
D GAMP CAT 5 Change Control Qualification and Validation (including 21 CFR Part 11) 9
D Use Error Risk Controls and Control Verification ISO 14971 - Medical Device Risk Management 6
S Maintenence related action in Control plan FMEA and Control Plans 3
M ISO 13485 and document control for programs ISO 13485:2016 - Medical Device Quality Management Systems 6
R Control Methods in Control Plan FMEA and Control Plans 5
M Design Control - Management of Electronic CAD files Design and Development of Products and Processes 14
S TSCA (Toxic Substances Control Act) PIP 3:1 RoHS, REACH, ELV, IMDS and Restricted Substances 0
S Use of Attributes Control Charts Statistical Analysis Tools, Techniques and SPC 1
U Appraiser Out of Control Gage R&R (GR&R) and MSA (Measurement Systems Analysis) 5
L Looking for Control Plan and FMEA Stamping process FMEA and Control Plans 2
Z AS9100 Control of Nonconforming Outputs - Rework Dispositions AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 8
K ASME, ANSI, ASTM and similar specifications and their requirements for document control. Inspection, Prints (Drawings), Testing, Sampling and Related Topics 8
Z Software for design control ISO 13485:2016 - Medical Device Quality Management Systems 5
K Quality Control/Assurance in the Metal Industry Quality Tools, Improvement and Analysis 10
K Defining risk control measures IEC 62304 - Medical Device Software Life Cycle Processes 14
J Warehouse temperature and humidity control EU Medical Device Regulations 7
Jimmy123 IATF16949 Control Plan FMEA and Control Plans 1
D Control Number for Class III and IV devices Canada Medical Device Regulations 1
J Document Control Metrics Document Control Systems, Procedures, Forms and Templates 3
I Document Control Software Document Control Systems, Procedures, Forms and Templates 2
T Controlling Expandable Forms in Paper-Based Document Control System Document Control Systems, Procedures, Forms and Templates 10
N ISO 13485 7.3.9 Change control in medical device software ISO 13485:2016 - Medical Device Quality Management Systems 6

Similar threads

Top Bottom