Quality Records - Retention and Required Controls

[Tom W]

Hello All,

My question relates to Control of Records:

I have seen companies that look at the standard and pick out where the standard requires records. To my count there are around 20 references to required records. The company addresses record retention and the other requirements in 4.2.4 by these references to records. Meaning they summarize the different types of records by the main topics that require records. For example - instead of listing out all of the different inspection records that they might have, they just say "all" inspection records are handled according to blah, blah, blah.

I have also seen companies that have a master list of records listing all of the records under control individually and detail the handling of each record (as far as the requirements in 4.2.4).

If you were setting up a system, what would be your desired route to take? Would you try to list all individual records or would you try to lump them together based on type of record as far as addressing the identification, storage, protection, retrival, retention and disposition?

Now if anyone understands my babbling, please let me know what direction you would take. Thanks.

 

[Sam]

In our process each department manager is responsible for developing and maintaining their own documents and records.
The process initially started with an evaluation of the specification to determine what documents and records are required and which department manager have responsibility. Addotional documents and records were added as required. We do not have a central master list, however documents and records are noted in, or crosslinked to, the process definition.

 

[Mike S.]

For the most part we listed types of records - i.e. final inspection records - 3 years; Level 1, 2, 3 QMS Documents - current + 4 years; supplier material certs - 3 years; purchase orders to vendors - 2 years; etc. Now, there might be 5 different types of forms containing final inspection records, and we do not list each form individually. But there is only one PO form, so it is essentially listed by record. Does this make sense?

 

[db]

If you were setting up a system, what would be your desired route to take? Would you try to list all individual records or would you try to lump them together based on type of record as far as addressing the identification, storage, protection, retrival, retention and disposition?

I like Sam's idea of letting the department manager (process owner) control their own documentation and records. Other than that, I don't see this as an either/or. I do like a matrix, and I also like to see the system make sense. If, for example, all of your inspection records (other than final) can be purged after one year, but it makes sense to keep the final inspections for 3 years, then set it up that way.

 

[Cari Spears]

We make and repair various machine components. Ballscrews are their own animal however, so we catagorize jobs as being "Ballscrews" or "Details" (details can be quick change tooling, spindles, worms, lead screws, etc).

Final inspection reports (and many other records) for details and ballscrews are different because ballscrews include a final functional inspection and a few other things not applicable to other details. Even though its all final inspection records, they are not maintained the same way so I listed them individually in our matrix.

Calibration records, whether recorded on our internal forms or an outside calibration cert, are all maintained in the same place, by the same person, in the same manner. So the matrix just says "Calibration Records".

We just try to do what makes sense for each type of record so that everyone knows exactly where to find everything.

 

[howste]

Like others have posted above, I also like to have a matrix that at least defines minimum retention times for each type of record. Depending on the size of the organization, it may also have details of the exact records and where they are stored. This works well for smaller companies, and I've worked with several companies from 5 to 30 employees that have done it this way. I've also worked with larger companies with multiple divisions where this type of document would have been a nightmare to create and maintain. When you start getting too large, the number of records tends to balloon, and it usually works well for departments to maintain their own records requirements.

I don't think I said anything new - just do what is reasonable and manageable for your organization.

 

[Wes Bucey]

Electronic Document Management/Control

Hello All,

My question relates to Control of Records:
. . .
The company addresses record retention and the other requirements in 4.2.4 by these references to records. Meaning they summarize the different types of records by the main topics that require records. For example - instead of listing out all of the different inspection records that they might have, they just say "all" inspection records are handled according to blah, blah, blah.
If you were setting up a system, what would be your desired route to take?
. . .
Now if anyone understands my babbling, please let me know what direction you would take. Thanks.

Update: (added Oct 26, 2009)
In early computer days, we were limited to eight character file names (plus extension.)

Today, search and retrieval tools allow us to name documents in reader/user friendly terms, negating the use of an index to determine the difference between "A-123" and "A-124." Hence we can title the first document "SOP for cleaning toilets" and the second, "SOP for brain surgery," and use a search engine to key on key word "brain" or "surgery" to retrieve the document.

Version control and permissions are available from commercial software.

Original text:
I feel your pain, Tom W. Dealing with records in an efficient and organized manner is a major hurdle in many organizations. In my experience with employers, customers, and suppliers, I have seen some organizations actually choke on their records to the point where some secretly prayed for some natural disaster to wipe them all out so they could start over.

My own organization uses this phrasing for
4.2.4 Control of records

Records may be hard copy or electronic. A record is a special document which holds data generated during the course of performing a process. We control a document by maintaining its integrity against loss or alteration during its useful life. We provide access to a record to all interested parties. We may aggregate data from records into reports or summaries. We may analyze the data contained in a record with a view toward modifying or retaining a process.

We have a documented process to determine which controls over identification, storage, protection, retrieval, retention, disposal shall apply to a specific record.

So, in actual practice, each time we create or receive a document or record (internally generated or received from customer, regulator, or supplier), we hold it up against the yardstick of which Procedure (of several in the process) applies to that particular document or record. The item is then flagged/tagged with an ID code (alphanumeric) which identifies it in our system and therefore which storage, retrieval, retention, disposal actions will apply to it. The ID code is intuitive enough so that the average employee can determine whether it belongs to engineering, production, quality, accounting, sales, etc. and whether it is internally generated or externally generated when he has a hard copy in hand.

Of all of the advantages to our system, by far the most valuable to us has been being able to reduce the search and retrieval time for any document from a previous range of ten minutes to 48 hours down to 5 minutes maximum.

We use a computer-based system. Internally-generated documents are always left in native format (Word/CAD/Excel/Access/etc.) and our software allows us to image any of 200 different formats, regardless of whether the native format is loaded at an individual station. Externally-generated documents we receive go through an extra step of determining if we can import an electronic copy from the external source or if we have to scan a hard copy into our system. In either case, we often have to add "meta tags" (little bits of code which refer to a field in our database) to the externally generated document to aid in retrieval.

The meta tags allow us to add up to 30 layers of security to the documents once they are in our system. Security levels determine who may alter, delete, redline, read, print a document. By working with secure internet connections, we are able to share and/or collaborate on documents almost anywhere in the world. The same security layers allow documents and records to be sorted according to applicable departments. Note all documents are added in random order (alphanumeric ID is unique to each document) and the software sorts and regurgitates each according to the meta tags

We had to deal with our legacy documents (documents created before the system was installed) in the same way we deal with externally-generated documents - we had to add the meta tags individually (a time-consuming and labor-intensive project if you have a lot of documents - we decided the future cost savings justified the expense of adding legacy documents.)

As always, I apologize for telling how to build a watch when you only ask the time.

 

[Cari Spears]

Like others have posted above, I also like to have a matrix that at least defines minimum retention times for each type of record. Depending on the size of the organization, it may also have details of the exact records and where they are stored. This works well for smaller companies, and I've worked with several companies from 5 to 30 employees that have done it this way. I've also worked with larger companies with multiple divisions where this type of document would have been a nightmare to create and maintain. When you start getting too large, the number of records tends to balloon, and it usually works well for departments to maintain their own records requirements.

I don't think I said anything new - just do what is reasonable and manageable for your organization.

Perhaps not new - but you said it succinctly (as usual). We are 65 people and our matrix is only 3-1/2 pages (landscape). Very manageable.

 

[KWalls - 2008]

I found this thread on a search for answers to yet another burning question of mine...

I am wrestling with my matrix for quality records. Since I already have a "master document" matrix, can I not then just list retention periods, how/where it is filed, and who is responsible for that particular record? If I have one less matrix to maintain and I'm killing 2 birds with one stone.

(Did I just answer my own question?)