Protection of quality records - How are people handling the requirement?

[Rick St]

How are people handling the protection of quality records requirement?

 

[Mike S.]

You determine what is reasonable to you. We keep paper records for a set time in boxes in a storage room on site. Electronic records get backed-up at planned intervals and stored on CD's in a fireproof storage box on-site. You can also get external electronic storage pretty cheap either by export to an off-site server or have a top dog take them home on backup media like CD's. Off-site paper storage is more expensive, but companies offer this service, or you can rent a nearby storage building yourself and transport stuff there from time-to-time. It depends on the criticality of the records, what potential "disasters" you might face, etc. A securities company or bank will have different needs than a small toy manufacturer.

 

[db]

Interesting question, Rick. The standard give no indication how to protect records. Nor does it say to what extent they have to be protected. Companies I work with adapt the protection to the importance of the record. For example, an aerospace company safeguards records that FAA requires by placing them in a fireproof room. They protect training records as they would any other personnel record. Once a year, they copy all paper records to CD and copies of the CDs are distributed to their Mexico plant, their Michigan plant and their attorney’s office. The thought is if they had three separate, simultaneous disasters that destroys all the records, they would be out of business and wouldn’t care anymore. Should a singular event destroy all the records, they wouldn’t care either because with an event large enough to destroy everything from Mexico to Michigan none of us would have to worry.

Once you determine how long each record is to be kept, then determine how to reasonably protect them. The extent and degree of protection is strictly up to you.

 

[JodiB]

Outside of catastrophes like fire and flood, the records that you are keeping in accordance to the time frame you have established for yourself, ( 3 years, etc.) should be ordinarily protected from rodents (and other pests), rain and other moisture that would render them nonlegible, heat (that might damage electronic formats), and theft. Those are the typical things that come to mind.

You are to ensure that the records remain legible and retrievable.

In the days of thermal faxes, I saw companies get dinged on assessment for not making a hard copy of the fax for record storage, and for keeping the records in the back of a cave where it took them 3-5 days to get to the needed record.

 

[Mike S.]

As Lucinda says, easy retrieval is a must. My rule is any records pertaining to currently open orders should be retrievable in minutes; "historical" records for old orders within 24 hours max. Usually all old order records are available in 1-2 hours in reality.

 

[energy]

I'm trying this

For hard copies, a lot of protection method is "Permission from Department Manager". I saw it used in a reference document supplied by someone who had obtained certification. You don't have to get crazy. As for retrieval times, you should be able to walk an Auditor to them immediately. In the case of old files, I like Mike's idea of 24 hours. That would also force an Auditor to stick around to see Ancient History in the hopes of finding a "finding".