Forms vs Records

[rogerpenna]

And he/she could have been correct, emails could be considered "record's of communication" and they aren't on a form. Then again, other than what ISO 9001:2015 says/requires (quit referencing those other out of date documents) it's your organization that says what is or is not a record except when an auditor can demonstrate with objective evidence a lack of effectiveness due to the lack of one.

I'm just a simple old 3rd party auditor, that's all I do, nothing else just audit, this week in Tennessee, last week in Kansas, next week in New Jersey, all ISO:9001 audits in these cases and I don't really give a personal crap how, who, what, where or why about your records other than effective consistency, control and effectiveness of them, while meeting whatever requirements for them exists.

Thanks Randy. I agreed with that non conformity at the time AND now. I just wrote on it because of MY misunderstanding on Bev D's post about the list of records being the list of forms.

Yes, I may overcomplicate some things. Plus, English is not my first language and thus, despite sometimes I may apparently speak it well enough, misunderstandings might happen more often than between native speakers, as small contextual nuances might escape me.

Still, please, don´t hate me guys. I really value your opinion. A student that asks a lot of questions is not trying to contradict the professor.

 

[Jen Kirley]

rogerpenna, I've been reading through this thread and just want to be sure I understand all this.

The nonconformity was about using forms for records that were not on a control list; the confusion was invited by variation in naming conventions.

I agree that controlling the record is what is important. Sometimes auditors ask for a list of records, but unless you are working with a standard that specifically requires this OR your own system describes this list, the auditor would be over-reaching.

What matters is the information the record holds. That being said, the main reasons I see for controlling the forms are
1) To keep them in a place where users can easily obtain them
2) To make sure they are collecting all of the correct information

How you manage to do #1 and #2 is up to you. Please keep it simple enough that others can use the process if you should win the lottery and disappear.

 

[Bev D]

I was simply answering your questions directly. You need to take a deep breath, reread all of the posts, and think about what is required. Tidge, Randy and Chris have said some powerful things.
Records are uniquely identified by their content; codes are not necessary and stop looking at old versions of the standard. THINK about what the standard actually says, not what your organization has done in the past.

 

[rogerpenna]

rogerpenna, I've been reading through this thread and just want to be sure I understand all this.

The nonconformity was about using forms for records that were not on a control list; the confusion was invited by variation in naming conventions.

Hi Jen.

The nonconformity was because our MRL only contained records that were associated with a form. Well, there were a few others. But even those others were associated with a "model", a "template".


So the auditor asked about specific records that were not created from models/templates. We showed him. He asked why those weren´t on the MRL. We couldn´t explain, besides saying we probably misunderstood something.

The CALIBRATION CERTIFICATES. Which are obvious records of conformity. Why they weren´t listed? Because calibration certificates were created by third parties (calibration labs) and thus they didn´t have a model/template/form. Yes, quite idiotic lol.

The root cause analysis was basically

-The process failed because the records that are not forms were not being controlled.

-Due to the forms being called records, at the time of transitioning from manual control in Excel to the S.A., the person responsible for Quality at that time considered that all records would be covered.

-This confusion occurred because there was no separate way to control the forms and the records.

So, from then on, I created a document category for Forms and another for Records. Basically same code (changing only initial letter) for both, so , trying to dispel this confusion. So we could have a list of records and another of forms only, and where a form matched a record, the code would be the same.

So you see, our previous system DID have a Record called Calibration Control, which was an Excel Spreadsheet template (because it was a record WE created) where we pasted results from calibration certificates and checked against our accepted error margins to see if they were ok or not.

But the calibration certificates themselves were not covered in the MRL, as they were created outside the company.

What matters is the information the record holds. That being said, the main reasons I see for controlling the forms are
1) To keep them in a place where users can easily obtain them
2) To make sure they are collecting all of the correct information

How you manage to do #1 and #2 is up to you. Please keep it simple enough that others can use the process if you should win the lottery and disappear.

that's my objective too. As we changed our documents system, I made sure it would be very easy to find the forms that you need in your department and print them, as well as links to them both from department page AND from the Procedures and WI documents. (which is why I went for a Wiki system... it's a breeze to link everything, which also creates backlinks.

 

[rogerpenna]

I was simply answering your questions directly. You need to take a deep breath, reread all of the posts, and think about what is required. Tidge, Randy and Chris have said some powerful things.
Records are uniquely identified by their content; codes are not necessary and stop looking at old versions of the standard. THINK about what the standard actually says, not what your organization has done in the past.

Here is what I have decided, after careful consideration of everything you guys helped me with here, and also the system we are using (a Wiki system) and also what I consider as best implementation in my company, considering already existing company culture, etc

Forms will keep their codes and names. Example, FQP-ADM-010

Our Master List of records will get rid of codes. Although codes for records have some use imho, it requires micromanagement. Broader Categories are better to manage. But also broader categories of Records may have several forms associated with it. Therefore, having a code for records will create confusion.

I didn´t consider previously there would be confusion because I would have more specific form-record relation. Form FQP-HR-010 - Declaration of Literacy would equal record RQP-HR-010 - Declaration of Literacy.

With broader Record categories, like Employee Documents, which will include external records (ID, Drivers License, etc, etc) plus several forms, like Declaration of Literacy, Declaration of PPE Receivement, etc, the matching of codes really loses any sense and instead becomes a hindrance.



The MRL on our Wiki will have thus these broader categories, each with links to several forms if needed.

 

[Bev D]

Let’s put a really fine point on this ( which may help you convince your organizations and not just yourself)

Where does the standard say that you must have a master list of records? (And while it doesn’t say this in the 2008 version you must be compliant to the 2015 version, so where does it say that in the 2015 version)?

What is the purpose of a master list? Is there a better (simpler less complex less prone to error) way to accomplish this purpose without a master list?


In my experience a ‘master list’ is generated by Legal to cover all types of records that will be subject to legal discovery or legal proof of something. And it will include records of more things that are outside the realm of any QMS standard. There is a very broad description of types of records and their retention periods. For example all emails will only be kept for 3 months. All manufacturing records of product quality will be kept for the time period required by the applicable standard. All design records will be kept for XX period of time….Quality doesn’t maintain a master list as it would be redundant to the legal list…think about that for a minute.

 

[Randy]

But the calibration certificates themselves were not covered in the MRL, as they were created outside the company.

All the more reason to keep them, what other proof of calibration do you have?

 

[rogerpenna]

Those are some fine points. I will try to answer in the "forget the ISO requirement" line... and answer your questions by using Jen's example of me or someone else winning the lottery and disappearing: if that happens and we don´t have a master list of records, my guess is that anyone occupying that job will have a hard time finding old records, etc. Specially ones that are saved in specific folders in the network or specific lockers, physical folders, etc. As well as we don´t have a Legal Team list of records and retention times, etc.

So the MRL is not the only way... but I guess that right now it's the best way to know where single file digital records and physical records are kept and HOW to keep them.

As we have more and more database systems where records are kept in the database, etc, yes, MRL will get smaller and smaller.

But yes, it's food for thought. I will keep that in mind and chew on it.

 

[rogerpenna]

All the more reason to keep them, what other proof of calibration do you have?

Absolutely. We kept them on a physical folder. I don´t disagree with the external auditor. I think that we having a MRL that was badly thought and only considered records that were made in-company, specially ones with templates, models, etc, created confusion (for everyone). Either you cover most or maybe you dont... or make it very clear what you cover and what you don´t.

 

[rogerpenna]

All the more reason to keep them, what other proof of calibration do you have?

our main calibration lab works with a system that has online repository. All instruments we calibrate with them have proof of calibration there. But not of our approval the results are accepted.

We import the calibration files, which are XMLs with tables of results and pdfs, into a free system made by the same company. The system has all our instruments and error margins etc, based on type of instrument. We just create a new calibration, import the file, and the system already verifies if the results are compatible with our accepted error margins and validates the calibration result.

We also have hundreds of metal measuring tapes. We keep master metal measuring tapes inhouse, of several lenghts, and these ones we send once a year to calibration labs.

The hundreds of others, used by employees on worksites, are compared to the "master" tapes calibrated on lab. We assign them a number and if they match up to a difference the main master tapes.

The calibration on a lab is more expensive than the tapes, the tapes don´t last much because of the work conditions and in fact, if we were allowed (by PBQP-h standard) we wouldn´t even calibrate these tapes, as they are not used in precision work.