Control of email (and other electronic media) as Records - 4.2.4

#1
All,
As a company, we identify email (and other electronic media) as records.
Unfortunately, our Master Record List didn't. Minor n/c from our registrar auditor...no biggie. Easy enough to correct.
What I am struggling with is retention period. Our email server is via Office 365. All users 'manage' their own email accounts and we allow them the freedom to keep or delete as needed. As a general rule, for liability purposes, we don't want to keep records too long. But we don't want to restrict and have to police 100 email accounts.
Has/does anyone else face this issue? And how are you managing?
Thanks,

Mike C
 
Elsmar Forum Sponsor

hogheavenfarm

Quite Involved in Discussions
#2
Re: 4.2.4 - Control of Records-emails

We use a passport drive on each desktop, strictly for email backup. Active email is controlled thru ACT software. For Office outlook, the pst backup simply goes to the passport drive. There really should not be a retention problem as far as space goes, nor any extra work involved. To purposefully limit retention would actually require a bit more effort.
 

JodiB

Still plugging along
#3
Just like with all electronic records, emails are part of the network backup program. Anything that has ever come in or out of email has been recorded. A user might delete emails from their .pst, but they are still there in the backup files where they can be retrieved if necessary.
 
#4
Jodi,
We are using Microsoft Office 365 and they are our email server. If we delete an email, it remains in the Recycle Bin. If we empty the Recycle Bin, the MSO 365 server retains them for 31 days and then they are gone permanently.
As MSO 365 is somewhat new, I wonder who else is using it and how they manage it.
Thanks!!!
 

normzone

Trusted Information Resource
#5
An interesting problem. I've always just dealt with it in manners similar to [hogheavenfarm] and [JodiB].

Can the MSO 365 server setting be tweaked by a knowledgeable person to either extend the retention time or dump the contents to a known archive location?
 
#6
Yes...it is.
I am sure we can have our 'settings' adjusted on the server. But those are emails already disposed of.
I don't want to mandate a cumbersome policy within my organization that people won't follow and I don't want to open ourselves to unnecessary scrutiny by retaining things we don't need to retain...certainly a pickle...
 

Mark Meer

Trusted Information Resource
#7
Because of the "4.2.4" in the thread title, I'm assuming this relates to ISO quality system requirements?

As such, I'd suggest that the question to ask yourself is: what emails are quality system records? Most email traffic, I would imagine, is probably outside this scope.

Examples of emails that would constitute quality system records might be any correspondences regarding:
- Feedback & complaints (i.e. correspondences to/from customers)
- Orders & distribution
- Regulatory correspondences to do with post-market vigilance
- Any decisions or data not otherwise documented via established process data-collection methods (e.g. forms)
 

Mark Meer

Trusted Information Resource
#8
Previously, we had a system like you describe (individuals maintain their own emails, and the whole system is subject to regular backups).

But in a recent audit, we realized how much of a nightmare this can become if you need to dig up a particular email record in a timely manner. As such, we are now planning a repository of "quality system emails", and when emails are sent/received that meet the definition of a quality system record, they are exported to PDF and dumped in the repository.

This has the advantage that:
a) the emails relevant to the quality system are separated from the others; qnd
b) the emails (as records) are available to all individuals in the department.
 
P

PaulJSmith

#9
We use GoldMine CRM software. Any relevant emails are imported into it for retention. The rest are either archived with server backups or deleted at user discretion.

The problem with "the cloud" is that you really have no direct control of your files. There's no reason you can't back them up, as suggested above, and keep them in-house. Email files take up very little room on a drive (depending on any attachments, of course).
 
#10
Mark,
Thanks...
We have ID'ed email and other electronic media as records, so the horse is already out of the barn. Yes we can change it, but then/c is already written...
 
Thread starter Similar threads Forum Replies Date
A Document Control: Controlling Electronic Email (E-mail) Document Control Systems, Procedures, Forms and Templates 7
T How to Handle Email Document Control Document Control Systems, Procedures, Forms and Templates 2
R Risk control measures as per ISO 14971 ISO 14971 - Medical Device Risk Management 1
T Linking Control Plans and PFMEA's FMEA and Control Plans 2
L How to add exemption or statement to control of document procedure? ISO 13485:2016 - Medical Device Quality Management Systems 5
T PFMEA and Control Plans on legacy product FMEA and Control Plans 5
P IATF 16949 requirement - error-proofing in control plan IATF 16949 - Automotive Quality Systems Standard 3
C 8.5.1.1 Control of Equipment, Tools, and Software Programs - Questions about the extent of control of NC programs AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 5
Q Version/Revision Control of CAD files Document Control Systems, Procedures, Forms and Templates 2
earl62 What is the best way to control special characteristics in Control plan? Is it Mandatory to have SPC for IATF 16949? IATF 16949 - Automotive Quality Systems Standard 7
I Control Plan (Product/Process specification/ Tolerance) acceptance FMEA and Control Plans 27
Sravan Manchikanti How to interpret '8.3 Control of nonconforming product' for SaMD device while implementing ISO 13485 & MDSAP ISO 13485:2016 - Medical Device Quality Management Systems 7
Z Putting back excluded rows/data points in a control chart Using Minitab Software 0
J Control Plan use on the manufacturing floor FMEA and Control Plans 4
E Change in control plan - Do I have to do sampling? IATF 16949 - Automotive Quality Systems Standard 1
D All Dimensions listed on control plan FMEA and Control Plans 10
W Need for current design or process control FMEA and Control Plans 2
Q ISO 9001 8.5.1 - Control of production and service performance ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 5
A What is the difference between Design Process, Process Design and Design Control? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
A Beginners help with ISO3951-2 Combined control s-method n>5 what is Phi ?? Inspection, Prints (Drawings), Testing, Sampling and Related Topics 0
C Corrective action for failure in documents control ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 10
B Control chart and sample time Statistical Analysis Tools, Techniques and SPC 1
DuncanGibbons Manufacturing Plan vs Material Specification vs Control Plan Manufacturing and Related Processes 5
J Control chart for huge sample size Statistical Analysis Tools, Techniques and SPC 9
K Contamination Control - Class Is medical devices (Clause 6.4.2 ISO 13485:2016 (E)) ISO 13485:2016 - Medical Device Quality Management Systems 12
J 510(k) for a control kit for an external IVD test kit 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
T Assessing Hazard-Related Use Scenarios where control measures exist through standards IEC 62366 - Medical Device Usability Engineering 32
adir88 Documenting Risk Control Option Analysis ISO 14971 - Medical Device Risk Management 8
T Design Control Procedures later in the Development Process ISO 13485:2016 - Medical Device Quality Management Systems 6
L AS5553 Clause 3.1.7 e "Control packaging material ..................reused" AS9100, IAQG, NADCAP and Aerospace related Standards and Requirements 0
T Attributes SPC study - Attributive control (Go gage) Statistical Analysis Tools, Techniques and SPC 5
K Process Mapping - Inputs/Outputs/Detail Activities/Control points/Measurement? Process Maps, Process Mapping and Turtle Diagrams 4
S Should safety checks be included in the Control Plan? IATF 16949 - Automotive Quality Systems Standard 5
D Infrastructure: Equipment, Work Environment and Contamination Control ISO 13485:2016 - Medical Device Quality Management Systems 4
Q Relabeler for patent expired product - design control responsibilities? 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
J How to make Quality Control plans Quality Tools, Improvement and Analysis 5
I Document Control on Log Files ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
Q Tracking Procedure Revisions (Document Control) Document Control Systems, Procedures, Forms and Templates 9
C Document Control Stamps - Does anyone still stamp their documents? Document Control Systems, Procedures, Forms and Templates 24
D Supplied Product on Control Plan - Lot ranging in 40,000 pcs per product FMEA and Control Plans 3
D IEC 62304 Risk Classification - With and without hardware control IEC 62304 - Medical Device Software Life Cycle Processes 2
J Antiviral Mask or Mask to Mitigate or Control Corona Virus Manufacturing and Related Processes 29
A UDI and Design Controls - Labeling change via the Design Control process 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 1
I Control of Documentation Distribution - Document Control ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 2
S Inventory Control - Any thoughts would be appreciated ISO 13485:2016 - Medical Device Quality Management Systems 2
H SPC for special characteristics - CSR - Control of SC and CC Statistical Analysis Tools, Techniques and SPC 1
T Control of downloaded document copies by employees Document Control Systems, Procedures, Forms and Templates 3
T Document control ISO 13485:2016 ISO 13485:2016 - Medical Device Quality Management Systems 5
M Is there any pre-defined Control plan format/template acc. VDA? VDA Standards - Germany's Automotive Standards 0
B Record Management - Does the QMS need to control templates of records? Records and Data - Quality, Legal and Other Evidence 17

Similar threads

Top Bottom