ISO 9000 Standards – Retention Of Records

ISO 9000 Standards – Retention Of Records

It is important that records are not destroyed before their useful life is over.
There are several factors to consider when determining the retention time for records.
The duration of the contract – some records are only of value whilst the contract is in force.
The life of the product – access to the records will probably not be needed for some considerable time, possibly long after the contract has closed. On defence contracts the contractor has to keep records for up to 20 years and
for product liability purposes, in the worst-case situation (taking account of
appeals) you could be asked to produce records up to 17 years after you made the product.
The period between management system assessments – assessors may wish to see evidence that corrective actions from the last assessment were taken. If the period of assessment is three years and you dispose of the evidence after 2 years, you will have some difficulty in convincing the assessor that you corrected the deficiency.
You will also need to take account of the subcontractor records and ensure
adequate retention times are invoked in the contract.
Where the retention time is actually specified can present a problem. If you
specify it in a general procedure you are likely to want to prescribe a single
figure, say 5 years for all records. However, this may cause storage problems – it may be more appropriate therefore to specify the retention times in the procedures that describe the records. In this way you can be selective.
You will also need a means of determining when the retention time has
expired so that if necessary you can dispose of the records. The retention time doesn’t mean that you must dispose of them when the time expires – only that you must retain the records for at least that stated period. Not only will the records need to be dated but the files that contain the records need to be dated and if stored in an archive, the shelves or drawers also dated. It is for this reason that all documents should carry a date of origin and this requirement needs to be specified in the procedures that describe the records. If you can rely on the selection process a simple method is to store the records in bins or computer disks that carry the date of disposal.
While the ISO 9000 requirement applies only to records, you may also need to retain tools, jigs, fixtures, test software – in fact anything that is needed to repair or reproduce equipment in order to honour your long-term commitments.
Should the customer specify a retention period greater than what you
prescribe in your procedures, special provisions will need to be made and this is a potential area of risk. Customers may choose not to specify a particular time and require you to seek approval before destruction. Any contract that requires you to do something different creates a problem in conveying the requirements to those who are to implement them. The simple solution is to persuade your customer to accept your policy. You may not want to change your procedures for one contract. If you can’t change the contract, the only alternative is to issue special instructions. You may be better off storing the records in a special contract store away from the normal store or alternatively attach special labels to the files to alert the people looking after the archives.

Develop Quality Management System Documentation In ISO 9000 Standards

Develop Quality Management System Documentation In ISO 9000 Standards
Documentation is the most common area of non-conformance among organizations wishing to implement ISO 9000 quality management systems. As one company pointed out: “When we started our implementation, we found that documentation was inadequate. Even absent, in some areas. Take calibration. Obviously it’s necessary, and obviously we do it, but it wasn’t being documented. Another area was inspection and testing. We inspect and test practically every item that leaves here, but our documentation was inadequate”.
Documentation of the quality management system should include:
1. Documented statements of a quality policy and quality objectives,
2. A quality manual,
3. Documented procedures and records required by the standard ISO 9001:2008, and
4. Documents needed by the organization to ensure the effective planning, operation and control of its processes.

Quality documentation is generally prepared in the three levels indicated below that follows. Use ISO 10013:1995 for guidance in quality documentation.

Level A: Quality manual
States the scope of the quality management system, including exclusions and details of their justification; and describes the processes of the quality management system and their interaction. Generally gives an organization profile; presents the organizational relationships and responsibilities of persons whose work affects quality and outlines the main procedures. It may also describe organization’s quality policy and quality objectives.

Level B: Quality management system procedures
Describes the activities of individual departments, how quality is controlled in each department and the checks that are carried out.

Level C: Quality documents (forms, reports, work instructions, etc.)
1. Work instructions describe in detail how specific tasks are performed; include drawing standards, methods of tests, customer’s specifications, etc.
2. Presents forms to be used for recording observations, etc.

ISO 9000 Standards – Document control procedures

ISO 9000 Standards – Document control procedures

The ISO 9000 Standards requires that a documented procedure be established to define the controls needed.

This requirement means that the methods for performing the various activities required to control different types of documents should be defined and documented.

Although the ISO 9000 standards implies that a single procedure is required, should you choose to produce several different procedures for handling the different types of documents it is doubtful that any auditor would deem this noncompliant. Where this might be questionable is in cases where there is no logical reason for such differences and where merging the procedures and settling on a best practice would improve efficiency and effectiveness.

Documents are recorded information and the purpose of the document
control process is to firstly ensure the appropriate information is available
where needed and secondly to prevent the inadvertent use of invalid
information. At each stage of the process are activities to be performed that
may require documented procedures in order to ensure consistency and
predictability. Procedures may not be necessary for each stage in the process.

Every process is likely to require the use of documents or generate documents and it is in the process descriptions that you define the documents that need to be controlled. Any document not referred to in your process descriptions is therefore, by definition, not essential to the achievement of quality and not required to be under control. It is not necessary to identify uncontrolled documents in such cases. If you had no way of tracing documents to a governing process, a means of separating controlled from uncontrolled may well be necessary.

The procedures that require the use or preparation of documents should also specify or invoke the procedures for their control. If the controls are unique to the document, they should be specified in the procedure that requires the document. You can produce one or more common procedures that deal with the controls that apply to all documents. The stages in the process may differ depending on the type of document and organizations involved in its preparation, approval, publication and use. One procedure may cater for all the processes but several may be needed.
The aspects you should cover in your document control procedures, (some
of which are addressed further in this chapter) are as follows
Planning new documents, funding, prior authorization, establishing need
etc.

- Preparation of documents, who prepares them, how they are drafted,
conventions for text, diagrams, forms etc.
- Standards for the format and content of documents, forms and diagrams.
- Document identification conventions.
- Issue notation, draft issues, post approval issues.
- Dating conventions, date of issue, date of approval or date of distribution.
- Document review, who reviews them and what evidence is retained.
- Document approval, who approves them and how approval is denoted.
- Document proving prior to use.
- Printing and publication, who does it and who checks it.
- Distribution of documents, who decides, who does it, who checks it.
- Use of documents, limitations, unauthorized copying and marking.
- Revision of issued documents, requests for revision, who approves the
request, who implements the change.
- Denoting changes, revision marks, reissues, sidelining, underlining.
Amending copies of issued documents, amendment instructions, and
amendment status.
- Indexing documents, listing documents by issue status.
- Document maintenance, keeping them current, periodic review.
- Document accessibility inside and outside normal working hours.
- Document security, unauthorized changes, copying, disposal, computer
viruses, fire and theft.
- Document filing, masters, copies, drafts, and custom binders.
- Document storage, libraries and archive, who controls location, loan
arrangements.
- Document retention and obsolescence.

With electronically stored documentation, the document database may provide many of the above features and may not need to be separately prescribed in your procedures. Only the tasks carried out by personnel need to be defined in your procedures. A help file associated with a document database is as much a documented procedure as a conventional paper based procedure.

ISO 9000 Standards – Document Approval

ISO 9000 Standards – Document Approval

The ISO 9000 Standards requires that documents be approved for adequacy prior to issue.

Approval prior to issue means that designated authorities have agreed the document before being made available for use. Whilst the term ade-
quacy is a little vague it should be taken as meaning that the document is judged as fit for the intended purpose. In a paper based system, this means approval before the document is distributed. With an electronic system, it means that the documents should be approved before they are published or made available to the user community.

The ISO 9000 Standards document control process needs to define the process by which documents are approved. In some cases it may not be necessary for anyone other than the approval authority to examine the documents. In others it may be necessary to set up a panel of reviewers to solicit their comments before approval is given.
It all depends on whether the approval authority has all the information
needed to make the decision and is therefore ‘competent’. One might think that the CEO could approve any document in the organization but just because a person is the most senior executive does not mean he or she is competent to perform any role in the organization.

Users should be the prime participants in the approval process so that the
resultant documents reflect their needs and are fit for the intended purpose. If the objective is stated in the document, does it fulfil that objective? If it is stated that the document applies to certain equipment, area or activity, does it cover that equipment, area or activity to the depth expected of such a document? One of the difficulties in soliciting comments to documents is that you will gather comment on what you have written but not on what you have omitted. A useful method is to ensure that the procedures requiring the document specify the acceptance criteria so that the reviewers and approvers can check the document against an agreed standard.

To demonstrate documents have been deemed as adequate prior to issue,
you will need to show that the document has been processed through the
prescribed document approval process. Where there is a review panel, a simple method is to employ a standard comment sheet on which reviewers can indicate their comments or signify that they have no comment. During the drafting process you may undertake several revisions. You may feel it
necessary to retain these in case of dispute later, but you are not required to do so. You also need to show that the current issue has been reviewed so your comment sheets need to indicate document issue status.

Identifying and Recording Design Changes In ISO 9000 Standards

Identifying and Recording Design Changes In ISO 9000 Standards

The documentation for design changes in ISO 9000 Standards should comprise the change proposal, the results of the evaluation, the instructions for change and traceability in the changed documents to the source and nature of the change. You will therefore need:
- A Change Request form which contains the reason for change and the
results of the evaluation – this is used to initiate the change and obtain
approval before being implemented.
- A Change Notice that provides instructions defining what has to be changed this is issued following approval of the change as instructions to the owners of the various documents that are affected by the change.
- A Change Record that describes what has been changed – this usually forms part of the document that has been changed and can be either in the form of a box at the side of the sheet (as with drawings) or in the form of a table on a separate sheet (as with specifications).
Where the evaluation of the change requires further design work and possibly experimentation and testing, the results for such activities should be documented to form part of the change documentation.
At each design review a design baseline should be established which identifies the design documentation that has been approved. The baseline
should be recorded and change control procedures employed to deal with any changes. These change procedures should provide a means for formally
requesting or proposing changes to the design. For complex designs you may prefer to separate proposals from instructions and have one form for proposing design changes and another form for promulgating design changes after approval. You will need a central registry to collect all proposed changes and provide a means for screening those that are not suitable to go before the review board, (either because they duplicate proposals already made or because they may not satisfy certain acceptance criteria which you have prescribed). On receipt, the change proposals should be identified with a unique number that can be used on all related documentation that is subsequently produced. The change proposal needs to:
- Identify the product of which the design is to be changed
- State the nature of the proposed change identify the principal requirements, specifications, drawings or other design documents which are affected by the change
- State the reasons for the change either directly or by reference to failure
reports, nonconformity reports, customer requests or other sources
- Provide for the results of the evaluation, review and decision to be
recorded.