Control of Important Documents & Data © (Records)

"Keep It Clear – Keep It Simple – Keep It Business Focused ."

 
Control of Documents and Data

Identification - Storage - Protection - Retrieval - Retention Period - Disposition?

 

Abstract

The identification, control and proper disposition of important records can be an daunting challenge. When making these decisions there are three perspectives that need to be considered:

Your Needs as a Business Entity - These types of records are primarily tax, human resource, product liability, and sales or purchasing related records. These are the records that any business (provider of products and/or services) would be expected to retain.

Customer Specified Requirements - In today's business environment of Lean Manufacturing, Six Sigma, and other productivity improvement initiatives, suppliers are being taxed with retaining, and on occasion providing, product and/or service specific records. These records are typically specified in contractual documents (e.g., Requests for Quote and Purchase Orders).

International, National, and/or Industry Standards - The flow down of International, National, and Industry Standards for the control of records is inevitable. Adequately addressing these requirements is becoming a prerequisite for consideration as a supplier.

When addressing these requirements many companies err on the side of caution and tend to retain records and data that is not actually needed. This "save it all" approach can lead to costly filing and storage facility issues and make it more difficult to locate and retrieve important records.

Results International has put together guidelines and recommendations for addressing these issues.

Beyond "Save it All" - Control of Important Documents and Data

Important documents and electronic data (internally and/or externally generated) are media providing records that:

• Your products and/or services conform to established requirements,
• Provision of product or service was accomplished per established procedures, and
• Your management system is functioning effectively and efficiently.

One document or electronic data file may contain more than one important record. For example:

The use of one form (document) to record the review, approval, release, and employee notification of new or revised procedures (e.g., our Document Coordination/Release Notification Record) captures the following six important records: (See Example 1)

(1) The date the review process was completed,
(2) A listing of the documents reviewed,
(3) The individuals involved in the review process,
(4) The approval authority and release of the documents,
(5) The date employees were notified of the new or revised documents, and
(6) The dates the new or revised documents take effect.


Example 1

control of records

 

In the form of a Procedure or Work Instruction assign (by Job Description or Title) responsibility for collection, storage and control of important documents and for maintenance, control and distribution of your "Important Documents Matrix". (See Example 2)

 

Example 2

Results International

Important Document Matrix
Date: 02/15/04
Page 1 of 1
Document

Storage Location
Type File
How Indexed
Retention Period (Minimum)
Disposition
Customer Purchase Orders
Sales Office
 S -  EL & HC
  A
Active Customer + 1 year
  Destroy
Document Coordination/Release Notification Record
Quality Managers Office
 U -  HC
  C
1 year following year generated
  Discard
Internal Audit Work Papers
Lead Internal Auditors Office
 S -  EL & HC
  N
3 years following year generated
  Destroy
    
   
  
  
   
  
    
   
  
  
   
  
    
   
  
  
   
  
    
   
  
  
   
  
    
   
  
  
   
  
EL = Electronic A = Alphabetical Discard = Trash, Erase, or Delete
HC = Hard Copy C = Chronological Destroy = Shred, Burn, Erase, or Delete
S =Secured  N = Numerical U = Unsecured
Form Date: 05/18/03

 

You should have a documented procedure defining how you control the identification, storage, protection, retrieval, retention time and the disposition of your important documents and electronic data.

Identification

All documents and electronic data files containing important records should be readily identifiable.

We recommend that each of your documents and electronic data files have a “title”, not a number. Numbering documents and data files can cause major problems in the future. For example:

If you number your documents and/or data to correspond to a specific International or National Standard you may find yourself with a major rewrite when the Standards are update (most Standards are updated every 3-5 years).

Example: Many, if not most, of the 40,000 + companies in North America registered to the ISO 9000:1994 (20 element) standard are spending a lot of time and energy rewriting, and unfortunately, renumbering their documents to the ISO9001:2000 (8 section) format.

Our (Results International) clients are simply rearranging their upper level document (Procedures Manual) to reflect the new 8 section format. All the supporting Work Instructions and Controlled Forms require no rewriting since they were given a title, not a number.

Additionally, having your employees refer to documents by their name or title (e.g., Production Quality Control Sheet) instead of a form number (e.g., QC-25) helps reinforce the purpose of the document and the importance of the activity.

Also, if you make products and/or provide services to different industries (e.g., Automotive, Telecommunications, or Aerospace) their sector specific requirements for Quality Management Systems (QS 9000 or ISO 16949, TL 9000, and AS 9100 respectively) are not numbered exactly the same.

Storage

All documents and electronic data files containing important records should be adequately maintained (stored) to guard against damage or deterioration.

Hard Copy Documents – Storage of hard copy documents should guard against damage or deterioration of data. The key here is to use good common sense. You do not need to retain (store) all your records in fire proof safes, but you do need to ensure your records are protected from elements in the storage location that could cause damage or deterioration of data (e.g., oil spills, water damage). Standard filing cabinets will provide adequate storage for most hard copy documents.

Electronic Data Files– Storage of electronic data files containing important records should guard against damage or deterioration of data. A process for backing up electronic data files is recommended.

The specific type of storage medium needed and protection required will vary depending on the nature of your products and services and the industries you support. A simple process of periodically backing up your electronic records to a second data storage device (e.g., Diskette, ZIP Disk, CD, Magnetic Tape, or second computer) may be all that is needed. At the other end of the spectrum is real time backing up of data which is stored at a remote location. Your specific needs will fall somewhere in-between.

This is one area where businesses tend to do too little or too much. Remember, keep it clear, keep it simple, and keep it business focused.

Protection

Important documents and electronic data files should be properly protected.

The type and amount of protection needed will vary from industry to industry. The aerospace industry is a good example. AS 9100 requires all quality records to be available for review by the customer and regulatory authorities in accordance with contractual or regulatory requirements. If you are producing parts or assemblies that go into the space shuttle, NASA (your customer) has some very specific requirements regarding protection of your quality records.

We recommend you categorize your documents and electronic data files as “unsecured” and “secured”.

Unsecured - Standard filing cabinets will provide adequate protection for most of your important documents and electronic data.

Secured - Most standard filing cabinets have locking capabilities. For most small businesses, this type of security will be adequate. If additional security measures are warranted some very good service providers can be found on the internet.

Retrieval

Important documents and electronic data files should be readily retrievable.

lf your important documents and electronic data files are locked in a file cabinet (hard copy documents) or password protected (electronic data files) and the President/CEO is the only one who has a key or knows the password, your important records would not be considered “readily retrievable”. How would you have access to the documents or data if the President/CEO is on vacation or out of town on business?

Readily retrievable means the documents or data are accessible to qualified individuals and can be retrieved within a reasonable period of time (without undue delay).

Determination of the appropriate accessibility and security measures needed for your important records will fall somewhere between “unsecured” and “secured”. (See Protection)

Retention Period

A determination of how long documents and electronic data files containing important records are to be retained should be made. This “retention period” should be based on:

• Your company needs,
• Requirements specified by your customers, and
• Industry norms.

Our recommendation is that all documents and electronic data files containing important records should be retained for a minimum of one year following the year they were created. An extended retention time will be needed for some documents.

Most Documents – The Document Coordination/Release Notification Record we used in Example 1 was generated (approved and signed by the Executive Management Representative) on 02/15/04. This document should be retained for the remaining months of 2004 and all of the following year (2005). In January of 2006 the document would be eligible for disposition (See Disposition).

Other (extended retention time) Documents – The accepted practice for most industries is that Internal Audit documents be retained for a minimum of three years. Using our recommended methodology, Internal Audit documents generated in February of 2004 would be retained for the remaining months of 2004 and all of 2005, 2006 and 2007. In January of 2008 the documents would be eligible for disposition (See Disposition).

This approach provides management with an annual opportunity to authorize the disposition of documents no longer needed.

Disposition

The method(s) of disposing of documents containing important records that are no longer required to be retained should be established and documented.

Note: The appropriate method of disposition for your specific documents will be dependent upon your type of business and the information/data contained in the documents, requirements specified by your customers, and industry norms.

Unsecured Documents/Data - Documents and electronic data files containing no personal information or company or customer proprietary information - Discard:

• Trash
• Erase
• Delete

Secured Documents/Data - Documents and electronic data files containing personal information or company or customer proprietary information - Destroy:

• Shred
• Burn
• Erase
• Delete

 

Conclusion:

Control of Documents and Data

Following the Results Method® for control of important documents and data will reduce costly filing and storage facility issues and free up monies for investing in your "Core Functions". (Ref: White Paper - Sourcing)

[ Home ]

 
ISO 9001 Registered
Control of Occupational Health and Safety Management System Control of Documents and Data

Certificate No. FS36957

Quality and Environmental Management Systems

"Keep them clear, simple and business focused."
image
 image