How to approach Paper and Electronic Record Control for ISO 9001:2008

[Dubai_capi]

hi,

am having a record control procedure in place.. now am trying to implement the procedure..its says to list all record of activities in the form i made.. the records include papers and electronic files.. so i talked to staff abt it and they saw some huge tasks involved..

i wud like to make it easy.. just list all your records wheather papers or electronic files and specify retention, authoriesd persons..etc..

any guidance how to approach record control in a simple way... thanks

 

[John Broomfield]

hi,

am having a record control procedure in place.. now am trying to implement the procedure..its says to list all record of activities in the form i made.. the records include papers and electronic files.. so i talked to staff abt it and they saw some huge tasks involved..

i wud like to make it easy.. just list all your records wheather papers or electronic files and specify retention, authoriesd persons..etc..

any guidance how to approach record control in a simple way... thanks

Dubai_capi,

Your process owners will need to help the owner of the filing and archiving process with analyzing and documenting the procedure for this process.

Archiving follows filing as one process.

Search this site for "filing and archiving" and you will find the recommendations you need to analyze this process to document how it actually works sufficient for its effective planning, operation and control.

Duplicate records are a symptom of a lack of knowledge or confidence in this process. Work with the process owners to agree the official record and rid the organization of the surplus records in accordance with the archiving part of your documented filing and archiving procedure.

John

 

[JRKH]

My approach to this subject is to make records and retention a part of each procedure rather than trying to make it a distinct process.

here is how I would handle it...
In their simplest form, each procedure will have statements of
Purpose and scope
Responsibilities
What are the inputs
What are the expected outputs
And (as necessary) the steps required to turn input into output.
Records can be s separate item or can be included under the outputs section.

This approach allows one to put in as much detail (or little) as is necessary.

As far as records and retention times are concerned, just ask what they are currently doing....and make that the starting point in your procedure. you can make changes as you go along.
This has the double advantage of keeping it simple and also showing the process owners that you want to work with them and not pile extra stuff on them.

Hope this helps

James

 

[drgnrider]

My approach to this subject is to make records and retention a part of each procedure rather than trying to make it a distinct process.

James

I like this approach, will look at it during our conversion to the 2015 revision.

My :
If not already done, "group" your records, (i.e.: PM, training, job-specific, etc.), don't list each one.

Lastly, one that got us, are all similar records kept in the same storage area? We have a 6-inch binder for each "project" (Code requirements: Boiler maker, ASME, etc.), retention: 75-years, these are kept in the QA office. All other records are kept in "central file", retention: 50-years, been that way for decades... first re-certification audit (overlooked on two surveillance audits and three internal audits) caught our oversight of "not all QA records are kept in central file"!

 

[Helmut Jilling]

I like this approach, will look at it during our conversion to the 2015 revision.

My :
If not already done, "group" your records, (i.e.: PM, training, job-specific, etc.), don't list each one.

Lastly, one that got us, are all similar records kept in the same storage area? We have a 6-inch binder for each "project" (Code requirements: Boiler maker, ASME, etc.), retention: 75-years, these are kept in the QA office. All other records are kept in "central file", retention: 50-years, been that way for decades... first re-certification audit (overlooked on two surveillance audits and three internal audits) caught our oversight of "not all QA records are kept in central file"!

Sounds like a good approach. But, I am puzzled by the "all other records 50 years." All other records? Basic inspection, production, ISO records. That is extremely long... I would like to have your binder business...

I would also add, if there is an electronic record, keeping the paper also is not necessary. Make sure records are labelled clearly.

Make sure record control is clearly audited and sampled at every internal audit.

 

[drgnrider]

Sounds like a good approach. But, I am puzzled by the "all other records 50 years." All other records? Basic inspection, production, ISO records. That is extremely long... I would like to have your binder business...

Sorry, "all other production-related records": receiving inspection, OK-to-ship tags, final inspection readings, employee(s) who worked on project, etc. These go to central file in file folders. Typical life span of our main product is 30-35 years.

On the CODE jobs, the customer sometimes needs to replace a part and we need to know, more than just a part number, what was there and what's attached to it. But also for regulatory purposes, should anyone get audited.

 

[Dubai_capi]

how to sample record control.. whats the correct approach to do sampling and auditing.. say for example how to audit authorised access to electronic and paper records and find pitfalls if any... etc..

 

[John Broomfield]

how to sample record control.. whats the correct approach to do sampling and auditing.. say for example how to audit authorised access to electronic and paper records and find pitfalls if any... etc..

Dubai_capi,

You could ask the people responsible for monitoring the effectiveness of filing and archiving (see 8.2.3) to demonstrate what they do.

And, you could test accessibility of electronic records during your planning of the audit for further investigation during the audit. This may be when you engage a technical expert to help your audit to fulfill its objective.

You could also ask to see how the access controls are maintained especially when people join and leave the organization.

John