Featured Product
This Week in Quality Digest Live
Standards Features
Mark Hembree
Rumors about ball performance meet quality assurance
Grant Ramaley
FDA seeks to align Part 820 with ISO 13485:2016; why that may not be enough.
ISO
MSMEs are encouraged to uphold the highest standards
Steven Brown
21st-century standard candles at NIST

More Features

Standards News
US Dept. of Commerce issues seven grand challenges
Requesting quotes for ‘Baldrige Reimagined’
Standards-based audit checklist and best practices provide support for growing technology in aerospace
Accelerating the adoption of digital twins in building industries
Tactics aim to improve job quality and retain a high-performing workforce
Demonstrating a commitment to keeping people safe and organizations running
Making the new material freely available to testing laboratories and manufacturers worldwide
Run compliance checks against products in seconds
Aug. 25, 2022, at 3:00 p.m. Eastern

More News

Denise Robitaille

Standards

Who Cares About Records?

You should

Published: Tuesday, August 7, 2007 - 22:00

Control of quality records: Can there possibly be a more boring requirement? You can feel the yawn coming on as you read through the requirements of ISO 9001 subclause 4.2.4.

Not only are you required to keep records, you’re required to have a documented procedure that describes how you maintain them. How do you convince a manager that this isn’t the ultimate pencil-pushing exercise? How do you demonstrate that it’s an effective process?

Last month’s column dealt with monitoring and analyzing appropriate metrics. You can’t know how your organization is doing if you don’t assess the outcome of processes. It therefore stands to reason that you can’t assess the outcome of processes if you don’t have good records.

Other consequences of inconsistent record-keeping practices include:

- Inability to perform thorough and effective internal audits

- Incomplete management reviews

- Inaccurate analysis of trends and performance indicators

- Inconclusive root cause analyses

- Diminished opportunity for improvement

The upside is that good record-retention practices facilitate effective performance of the processes mentioned. They also save time by cutting down on the hours spent trying to track down pertinent information.

Does this really warrant a documented procedure? Isn’t that just a bit of overkill?

I’ve often asked clients, as well as other individuals, at trainings, “How many people in your organization are familiar with your control-of-records procedure? The answers I get are usually low, representing the quality function and one or two administrative persons. Individuals may know about the records that relate directly to their function, but they know little about those relating to other parts of the organization. Sometimes, they aren’t even sure what happens to the records for which they have primary responsibility.

ISO 9001 subclause 4.2.4 requires that records be: “…legible, readily identifiable and retrievable.” It goes on to state, “A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time, and disposition of records.” In short, people should be able to ascertain from the documented procedure what records are kept, where they are, how they’re identified, how they’re accessed, and how long they’re retained.

With limited knowledge of records maintenance, individuals who could otherwise participate in initiatives such as root cause analysis are deprived of the resources that would help them make a meaningful contribution. They don’t know what records are kept, where they’re located, or who has ownership. The organization loses the benefit of their talent and potential input, because they haven’t been given the necessary knowledge about finding records. They can’t get a clear and complete picture of a problem. That, in turn, handicaps any attempts to develop an appropriate plan of action.

Regardless of the process, it’s not possible to make good decisions with bad or incomplete data. The same record-retention shortcomings that hamper problem solving also thwart management’s ability to take appropriate action.

When most organizations write their procedure for control of quality records, they also develop a record-retention matrix. This is probably the most common format favored by organizations to easily arrange and lay out such information as location, ownership, and the retention period of identified records. It’s easy then to develop and manage such information. The matrix format also makes it comprehensible to a large group of individuals.

The problem that often arises is that this procedure and the accompanying matrix are written primarily to fulfill the requirements of the standard and to make an auditor happy. Little thought is given to the notion that someone might actually use the document for objective information about what happened. That’s unfortunate. This should be the go-to document for finding out what records you have and where they are. It makes the document meaningful. It also makes the control of quality records process effective, by making it a controlled input into other processes such as auditing, management review, and root cause analysis. The integrity of all three of these processes rests squarely on effective record retention. If the organization is addressing problems appropriately and making responsible decisions, the record-retention process is playing an important role.

Here are a few useful tips to improve your matrix.

-- Check the ISO 9001 standard (or whatever quality management system standard you’re using) for the specified requirements for records keeping. Generally, there’s a sentence that states: “Records from… XXX… shall be maintained…”

-- Next, figure out what additional records are unique and necessary to your organization. Examples: Companies dealing with chemicals need records of receipt of material certificates of analysis. Construction companies need evidence of receipt of required permits.

-- Be thorough. Include the records that are relevant to your organization, not just the ones you think the auditor will want to see listed.

-- Be specific with the information you include. Putting “administrative offices” down for a location isn’t particularly helpful, as it could easily refer to any file cabinet in the front half of your building.

-- If you have electronic records, indicate the server and the path to get to them. Just saying the records are electronically held is too vague to be useful.

-- If some records are password-protected or otherwise segregated from general access, indicate who is authorized to retrieve them.

-- Say how the records are identified or indexed. Is it by assembly number, customer name, date, or unique internal tracking number?

-- If appropriate, make the distinction between the records that are actively retained in close proximity, as opposed to those that are archived and stored in the attic.

-- Don’t forget records that are kept off-site by a third party.

-- If you have multiple facilities, indicate what records stay at each individual site and which ones are held at the corporate offices or other centralized location.

Write your procedure so that looking for records doesn’t turn into a scavenger hunt or wild goose chase. Your people have better things to do with their time…like actually solving problems and making improvements.

Discuss

About The Author

Denise Robitaille’s picture

Denise Robitaille

Denise Robitaille is the author of thirteen books, including: ISO 9001:2015 Handbook for Small and Medium-Sized Businesses.

She is chair of PC302, the project committee responsible for the revision to ISO 19011, an active member of USTAG to ISO/TC 176 and technical expert on the working group that developed the current version of ISO 9004:2018. She has participated internationally in standards development for over 15 years. She is a globally recognized speaker and trainer. Denise is a Fellow of the American Society for Quality and an Exemplar Global certified lead assessor and an ASQ certified quality auditor.

As principal of Robitaille Associates, she has helped many companies achieve ISO 9001 registration and to improve their quality management systems. She has conducted training courses for thousands of individuals on such topics as auditing, corrective action, document control, root cause analysis, and implementing ISO 9001. Among Denise’s books are: 9 Keys to Successful Audits, The (Almost) Painless ISO 9001:2015 Transition and The Corrective Action Handbook. She is a frequent contributor to several quality periodicals.