Featured Video
This Week in Quality Digest Live
Standards Features
Miriam Boudreaux
This certificate smells fishy!
William A. Levinson
A risk assessment should clearly account for the frequency of exposure
Chad Kymal
How to meet interested party expectations and the mission/vision/values of your organization
Mike Richman
Report from Hexagon Live 2017 and two great guests
John Flaig
Doing the math right but getting the answer wrong

More Features

Standards News
More than seven billion lives may depend on it
BYK-Gardner’s byko-spectra lite
Nominations accepted through June 30, 2017
The FDA’s RMAT designation goes live
Learn the same methods and techniques used by examiners; network with examiners and Baldrige staff members
New service addresses challenges of working with emerging smart grid standards
Offerings help organizations navigate requirements of multiple information security standards

More News

Denise Robitaille

Standards

Who Cares About Records?

You should

Published: Tuesday, August 7, 2007 - 22:00

Control of quality records: Can there possibly be a more boring requirement? You can feel the yawn coming on as you read through the requirements of ISO 9001 subclause 4.2.4.

Not only are you required to keep records, you’re required to have a documented procedure that describes how you maintain them. How do you convince a manager that this isn’t the ultimate pencil-pushing exercise? How do you demonstrate that it’s an effective process?

Last month’s column dealt with monitoring and analyzing appropriate metrics. You can’t know how your organization is doing if you don’t assess the outcome of processes. It therefore stands to reason that you can’t assess the outcome of processes if you don’t have good records.

Other consequences of inconsistent record-keeping practices include:

- Inability to perform thorough and effective internal audits

- Incomplete management reviews

- Inaccurate analysis of trends and performance indicators

- Inconclusive root cause analyses

- Diminished opportunity for improvement

The upside is that good record-retention practices facilitate effective performance of the processes mentioned. They also save time by cutting down on the hours spent trying to track down pertinent information.

Does this really warrant a documented procedure? Isn’t that just a bit of overkill?

I’ve often asked clients, as well as other individuals, at trainings, “How many people in your organization are familiar with your control-of-records procedure? The answers I get are usually low, representing the quality function and one or two administrative persons. Individuals may know about the records that relate directly to their function, but they know little about those relating to other parts of the organization. Sometimes, they aren’t even sure what happens to the records for which they have primary responsibility.

ISO 9001 subclause 4.2.4 requires that records be: “…legible, readily identifiable and retrievable.” It goes on to state, “A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time, and disposition of records.” In short, people should be able to ascertain from the documented procedure what records are kept, where they are, how they’re identified, how they’re accessed, and how long they’re retained.

With limited knowledge of records maintenance, individuals who could otherwise participate in initiatives such as root cause analysis are deprived of the resources that would help them make a meaningful contribution. They don’t know what records are kept, where they’re located, or who has ownership. The organization loses the benefit of their talent and potential input, because they haven’t been given the necessary knowledge about finding records. They can’t get a clear and complete picture of a problem. That, in turn, handicaps any attempts to develop an appropriate plan of action.

Regardless of the process, it’s not possible to make good decisions with bad or incomplete data. The same record-retention shortcomings that hamper problem solving also thwart management’s ability to take appropriate action.

When most organizations write their procedure for control of quality records, they also develop a record-retention matrix. This is probably the most common format favored by organizations to easily arrange and lay out such information as location, ownership, and the retention period of identified records. It’s easy then to develop and manage such information. The matrix format also makes it comprehensible to a large group of individuals.

The problem that often arises is that this procedure and the accompanying matrix are written primarily to fulfill the requirements of the standard and to make an auditor happy. Little thought is given to the notion that someone might actually use the document for objective information about what happened. That’s unfortunate. This should be the go-to document for finding out what records you have and where they are. It makes the document meaningful. It also makes the control of quality records process effective, by making it a controlled input into other processes such as auditing, management review, and root cause analysis. The integrity of all three of these processes rests squarely on effective record retention. If the organization is addressing problems appropriately and making responsible decisions, the record-retention process is playing an important role.

Here are a few useful tips to improve your matrix.

-- Check the ISO 9001 standard (or whatever quality management system standard you’re using) for the specified requirements for records keeping. Generally, there’s a sentence that states: “Records from… XXX… shall be maintained…”

-- Next, figure out what additional records are unique and necessary to your organization. Examples: Companies dealing with chemicals need records of receipt of material certificates of analysis. Construction companies need evidence of receipt of required permits.

-- Be thorough. Include the records that are relevant to your organization, not just the ones you think the auditor will want to see listed.

-- Be specific with the information you include. Putting “administrative offices” down for a location isn’t particularly helpful, as it could easily refer to any file cabinet in the front half of your building.

-- If you have electronic records, indicate the server and the path to get to them. Just saying the records are electronically held is too vague to be useful.

-- If some records are password-protected or otherwise segregated from general access, indicate who is authorized to retrieve them.

-- Say how the records are identified or indexed. Is it by assembly number, customer name, date, or unique internal tracking number?

-- If appropriate, make the distinction between the records that are actively retained in close proximity, as opposed to those that are archived and stored in the attic.

-- Don’t forget records that are kept off-site by a third party.

-- If you have multiple facilities, indicate what records stay at each individual site and which ones are held at the corporate offices or other centralized location.

Write your procedure so that looking for records doesn’t turn into a scavenger hunt or wild goose chase. Your people have better things to do with their time…like actually solving problems and making improvements.

Discuss

About The Author

Denise Robitaille’s picture

Denise Robitaille

Denise E. Robitaille is a member of the U.S. TAG to ISO/TC 176, the committee responsible for updating the ISO 9000 family of standards. She is committed to making your quality system meaningful. Through training, Robitaille helps you turn audits, corrective actions, management reviews, and processes of implementing ISO 9001 into value-added features of your company. She’s an RABQSA-certified lead assessor, ASQ-certified quality auditor, and ASQ Fellow. She’s the author of numerous articles and several books, including The Corrective Action Handbook and The Preventive Action Handbook, and a co-author of The Insider’s Guide to ISO 9001:2008, all published by Paton Professional.