Protection of quality records - How are people handling the requirement?

Elsmar Forum Sponsor

Mike S.

Happy to be Alive
Trusted Information Resource
#2
You determine what is reasonable to you. We keep paper records for a set time in boxes in a storage room on site. Electronic records get backed-up at planned intervals and stored on CD's in a fireproof storage box on-site. You can also get external electronic storage pretty cheap either by export to an off-site server or have a top dog take them home on backup media like CD's. Off-site paper storage is more expensive, but companies offer this service, or you can rent a nearby storage building yourself and transport stuff there from time-to-time. It depends on the criticality of the records, what potential "disasters" you might face, etc. A securities company or bank will have different needs than a small toy manufacturer.
 
#3
Interesting question, Rick. The standard give no indication how to protect records. Nor does it say to what extent they have to be protected. Companies I work with adapt the protection to the importance of the record. For example, an aerospace company safeguards records that FAA requires by placing them in a fireproof room. They protect training records as they would any other personnel record. Once a year, they copy all paper records to CD and copies of the CDs are distributed to their Mexico plant, their Michigan plant and their attorney’s office. The thought is if they had three separate, simultaneous disasters that destroys all the records, they would be out of business and wouldn’t care anymore. Should a singular event destroy all the records, they wouldn’t care either because with an event large enough to destroy everything from Mexico to Michigan none of us would have to worry.

Once you determine how long each record is to be kept, then determine how to reasonably protect them. The extent and degree of protection is strictly up to you.
 

JodiB

Still plugging along
#4
Outside of catastrophes like fire and flood, the records that you are keeping in accordance to the time frame you have established for yourself, ( 3 years, etc.) should be ordinarily protected from rodents (and other pests), rain and other moisture that would render them nonlegible, heat (that might damage electronic formats), and theft. Those are the typical things that come to mind.

You are to ensure that the records remain legible and retrievable.

In the days of thermal faxes, I saw companies get dinged on assessment for not making a hard copy of the fax for record storage, and for keeping the records in the back of a cave where it took them 3-5 days to get to the needed record.
 

Mike S.

Happy to be Alive
Trusted Information Resource
#5
As Lucinda says, easy retrieval is a must. My rule is any records pertaining to currently open orders should be retrievable in minutes; "historical" records for old orders within 24 hours max. Usually all old order records are available in 1-2 hours in reality.
 
E

energy

#6
I'm trying this

For hard copies, a lot of protection method is "Permission from Department Manager". I saw it used in a reference document supplied by someone who had obtained certification. You don't have to get crazy. As for retrieval times, you should be able to walk an Auditor to them immediately. In the case of old files, I like Mike's idea of 24 hours. That would also force an Auditor to stick around to see Ancient History in the hopes of finding a "finding".;) :ko: :smokin:
 
Thread starter Similar threads Forum Replies Date
N Quality Records - Password and Anti-virus Protection Records and Data - Quality, Legal and Other Evidence 3
A ISO17025 Quality Manual - Calibration - Radiotherapy and radiation protection ISO 17025 related Discussions 0
B IEC 60601 - Creepage Distance - Relay that acts as a means of physical mechanical protection Process Maps, Process Mapping and Turtle Diagrams 0
F General Data Protection Regulation (GDRP) CE Marking (Conformité Européene) / CB Scheme 6
B Operator protection - When to apply table 7, Dielectric strength test voltage IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
D Defibrillation protection for patient connection except for electrodes IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
M Applicability of Means of Protection, working voltage in an Automated External Defibrillator IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
L IEC 60601-1-11 IP22 Compliance - Ingress protection testing IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
MrTetris GDPR - General Data Protection Regulation - Only applicable to EU data? Other ISO and International Standards and European Regulations 6
M Informational USFDA Final Rule – Human Subject Protection; Acceptance of Data From Clinical Investigations for Medical Devices Medical Device and FDA Regulations and Standards News 0
S Are Defibrillator Protection and Pacemaker pulse detection features mandatory as per IEC 60601-2-25 or 2-27...? IEC 60601 - Medical Electrical Equipment Safety Standards Series 11
S Defibrillator protection test IEC 60601 - Medical Electrical Equipment Safety Standards Series 6
K Is Defib Protection mandatory for wearable ECG? IEC 60601 - Medical Electrical Equipment Safety Standards Series 10
V Software as control or protection will lead to different Software Safety Class? IEC 60601 - Medical Electrical Equipment Safety Standards Series 18
L GDPR scope - "Personal data" definition - General Data Protection Regulation EU Medical Device Regulations 5
S GDPR (General Data Protection Regulation) - My company is ISMS certified IEC 27001 - Information Security Management Systems (ISMS) 3
D IEC 60601 Defibrillation protection test - Metal foil IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
W EU GDPR General Data Protection Regulation - What we need to update for our QMS EU Medical Device Regulations 10
T GDPR - General Data Protection Regulation (EU and UK 2018) Other ISO and International Standards and European Regulations 7
M IEC 60601-1 and Active Current Protection Requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 0
K Thoughts on the impact of the General Data Protection Regulation? Medical Information Technology, Medical Software and Health Informatics 5
R Internal Audit of Information Security and Data Protection Internal Auditing 6
B Primary lithium battery protection and vented gas IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
P Question on Table 6 "Test voltages for solid insulation forming a MEANS OF PROTECTION IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
K ESD Protection in the Assembly Bay ISO 13485:2016 - Medical Device Quality Management Systems 9
R Determination of IP (International Protection Marking) Rating IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
U USB Connector Operator Protection (MOPP) IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
A IEC 60601-1 cl.15.4.2.1 - Tubular Heating Element (Protection against Overheating) IEC 60601 - Medical Electrical Equipment Safety Standards Series 5
F How to provide 2 MOPP (Means of Patient Protection) - Heating Rod IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
F MOP (Means Of Protection) - Creepage and Clearance questions IEC 60601 - Medical Electrical Equipment Safety Standards Series 19
F Evaluation of MOP (Means of Protection) IEC 60601 - Medical Electrical Equipment Safety Standards Series 8
L Intellectual Property Protection - Storage, Access, Distribution, etc ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 6
B Use of Y1 capacitors for MOPP (means of patient protection) IEC 60601 - Medical Electrical Equipment Safety Standards Series 1
R Security Standard referred to as TAPA (Transported Asset Protection Association) Other ISO and International Standards and European Regulations 1
J Data Protection - Documents on Desktops ISO 9000, ISO 9001, and ISO 9004 Quality Management Systems Standards 7
S 510(K) Ownership and Protection from Use by Others 21 CFR Part 820 - US FDA Quality System Regulations (QSR) 2
S How to implement protection for multi-winding transformer? IEC 60601 - Medical Electrical Equipment Safety Standards Series 3
W Medical Device Single fault test-protection against fire IEC 60601 - Medical Electrical Equipment Safety Standards Series 2
P IEC 60601-1-11 - Medical Electrical Equipment IP (Ingress Protection) Requirements IEC 60601 - Medical Electrical Equipment Safety Standards Series 12
R Protection of Records from Unauthorized Access or Alteration Records and Data - Quality, Legal and Other Evidence 4
L ESD Protection and Danger for Operators Manufacturing and Related Processes 3
E Data Protection Compliance Plan example wanted Misc. Quality Assurance and Business Systems Related Topics 6
M Can I continue using IEC60601-1 Ed2 PSU for MOOP (Means Of Operator Protection) IEC 60601 - Medical Electrical Equipment Safety Standards Series 7
M What is "protection" as in section 7.5.5 "Preservation of product" ? IATF 16949 - Automotive Quality Systems Standard 7
kmyers Employee ESD Protection Methodologies - Need input. Training - Internal, External, Online and Distance Learning 8
G Placing a dollar value on our QMS (we are looking at IP protection) Quality Manager and Management Related Issues 3
kedarg6500 Protection of Data in Calibration Software & ISO 9001 Calibration and Metrology Software and Hardware 4
R Is reversed charging protection necessary for Rechargeable Batteries IEC 60601 - Medical Electrical Equipment Safety Standards Series 13
Sidney Vianna New and improved ISO/IEC 27005 Standard Beefs Up Protection IEC 27001 - Information Security Management Systems (ISMS) 1
S How to Design the Means of Protection for Home Use Unit IEC 60601 - Medical Electrical Equipment Safety Standards Series 12

Similar threads

Top Bottom