Document and Data Control - We are not satisfied with electronic document security



This is Alexi of Subic, Philippines
According to 4.5 of ISO 9001:1994, document and data can be in form of hardcopy or electronic media.In order to be a paperless organization and to support the objective of ISO 14001, we in ISO 9002 Group decided to place some of our documents (and even records) in an electronic file, and the only security that we could provide with this is to have it set in Read-Only for the readers in order to avoid unauthorized editing of the documents and records..but we are still not satisfied with this security, do you have any suggestion? and how can we show that this documents or records in electronic media has been approved and can be used for official reference?


Roger Eastin

In what way do you think that your documents are not secure using the Read-only function? Is someone able to modify the document and then reintroduce it into your system? If not, I don't see anything wrong with your security for maintaining current documents. You didn't say how you create and introduce documents into your system and whether this part of the system is secure. As far as review and approval of electronic documents go, we use Word and use one of two systems: 1) Use the "Routing Slip" capability or 2) write the reviewer or approver's signature on the document after you have received and stored a message from the reviewer or approver stating that he/she has reviewed or approved it.


Fully vaccinated are you?
Another route people take is using Adobe's Actobat - procedures and such in pdf format. Read Only is sufficient IMHO.


The document properties in word may be useful in providing details of authorisation, amendment history etc, if read only is the preferred option. Also, have you thought of secure electronic back-up?
There has been a range of software solutions to paperless systems become available since ISO9001 and I.T. collided. It is worth investigating a number of options before purchasing anything to make sure it suits your business, is suitable to ISO9001:2000 and is not too cumbersome.

Mark G.
Top Bottom