|
Par. 4.2.1(e) of the Standard is very clear about records as mandatory documents. Appendix B of the ISO Guidance on the Documentation Requirements of ISO 9001:2000, provides a list of such records (see Table 8.2.) Notice that the required records are given in a descriptive manner, and it is up to the organization to clearly define which specific records are to be kept. Typical records of this type are indicated in Table 8.2.
Clause | Mandatory Record | Typical Records |
---|---|---|
5.6.1 | Management Reviews | Minutes of the monthly review Weekly departmental reviews In-house publications |
6.2.2(e) | Education, training, skills, and experience | Resumes Certificates of course work (internal/external) External studies/seminars Individual employee training record Signed off training attendance sheets Annual reviews Syllabus for training session On-the-job (OJT) training records Training schedules and plans |
7.1(d) | Evidence that the realization processes and resulting product fulfill requirements | Nonconforming material reports (NCMRs) Returned material authorizations (RMAs/RGAs) Repair history sheets Routers/travelers Supplier certificates of analysis (C of Cs/C of As) Inspection and test stamps Waivers/concession reports Customer release reports Shelf-life records ESD records Shipping records Customer site reports Warranty records |
7.2.2 | Results of the review of requirements relating to the product and actions arising from the review | Requests for quotes, proposals Catalog quotes Purchase orders Sales orders Sales acknowledgments |
7.3.2 | Design and development inputs | Market analysis Regulatory standards Requirements document Competitive product analysis Research and development results |
7.3.3 | Design and development output—not explicitly called out as requiring records; these are "implied" records | Software functional specification Hardware functional specification User's manual Risk and hazard analysis Systems specification Verification and validation test protocols Bill of materials |
7.3.4 | Results of design and development reviews and any necessary actions | Design review minutes Final drawings Final schematics Final systems specification Transfer to production plan |
7.3.5 | Results of design and development verification and any necessary actions | Test data packages Alpha testing results Final design modifications Verification and validation of software completed Summary verification test report Controlled laboratory notebooks verified |
7.3.6 | Results of design and development validation and any necessary actions | Test data packages Beta testing results Customer validation reports Summary validation test report |
7.3.7 | Results of design and development changes and any necessary actions | Engineering change orders Engineering change requests Revised drawings and prints Transfer to production sign off |
7.4.1 | Results of supplier evaluations and actions arising from the evaluations | Approved supplier list Evaluation of supplier performance Supplier corrective action reports Certificates of compliance/analysis Source inspection reports Incoming receiving reports Surveys of suppliers Supplier audit reports |
7.5.2(d) | As required by the organization to demonstrate the validation of processes, where the resulting output cannot be verified by subsequent monitoring or measurement | Computer validation report Customer numeric control (CNC) validation report Employee qualification report Process validation report Machine validation report Revalidation reports Employee requalification reports |
7.5.3 | The unique identification of the product, where trace-ability is a requirement | Serial number logs Control of stamps logs Receiving logs Inspection reports Testing reports Heat numbers Certificates of compliance/analysis Pick lists Packing lists |
7.5.4 | Customer property that is lost, damaged, or otherwise found to be unsuitable for use | Nonconformance material reports Nonconformance product reports Returned material authorizations Returned goods authorization Product repair reports |
7.6(a) | Standards used for calibration or verification of measuring equipment where no international or national measuring standards exist | In-house designed test fixtures Software verification and validation reports Ad hoc industrial Standards In-house designed measuring fixtures Golden electronic boards |
7.6 | Validity of previous results when measuring equipment is found not to conform with its requirements | Corrective action reports Nonconforming product reports Recall reports Returned goods authorizations |
7.6 | Results of calibration and verification of measuring equipment | Test hardware validation Test software validation Inspection equipment calibration Measuring equipment calibration Test equipment calibration Master calibration lists |
8.2.2 | Internal audit results | Audit schedules with assignments Audit plans and checklists Audit reports Vendor/supplier audit reports Third-party audit reports Customer audit reports |
8.2.4 | Evidence of product conformity with the acceptance criteria and indication of the authority responsible for the release of the product | Receiving inspection and test reports In-process inspection and test reports Final inspection and test reports Vendor/supplier certificates of compliance/analysis Your certificates of compliance Declaration of conformity Pass/fail records Quality-control stamps Quality-assurance release records Device history records |
8.3 | Nature of the product nonconformities and any subsequent actions taken, including concessions obtained | Rework records Scrap records Nonconformance tags Hold tags Customer release records Waiver records Concession reports |
8.5.2 | Results of corrective action | Corrective action reports (CARs) Supplier corrective action reports (SCARs) Audit corrective action reports (ACARs) Registrar's nonconformance reports (NCRs) Summary presentation at the management review |
8.5.3 | Results of preventive action | Preventive action reports (PARs) Root-cause analysis reports Action team reports Summary presentation at the management review |
This area tends to be one of mass confusion due to a lack of specificity [1]. Records (used as objective evidence of activities) complement the hierarchal documents and can be associated with any tier. For example, records do not require a separate documentation control numbering system because they are already controlled, either centrally or locally, by date and signature.
Imagine how confusing it would be to take a form with a control number F-103-01, fill it in, and then give it another control number R-103-01 for storage as a record. This is a danger in ISO document control interpretation and is certainly not specified in the Standard.
Another case of confusion can occur when forms are signed off to approve their distribution. In that case, it really gets confusing between the form's approval signature and the signature of the operator who signs off in the data columns. Approval sign-offs on forms should be avoided and are usually removed once the issue is discussed.
A record is basically an historical document that contains information that is worth keeping for some time. The most familiar form of record keeping is the documents we maintain for the Internal Revenue Service. For an FDA-regulated organization, the need to maintain device history records is made painfully clear via U.S. government penalties [2]. Records are usually filled-in forms, but they can be in the form of memoranda, reports, or e-mails.
The Standard's vocabulary requires that a record should contain useful information that either lists achieved results or provides evidence that some operational activity was performed. This set of requirements provides the framework for an expansive list of specific records (see Table 8.2).
To create a meaningful set of records requires that we do not use just the category sales and marketing records, but that we define sales and marketing records explicitly (e.g., quotations, purchase orders, sales orders, acknowledgments, purchase order changes). We also specify where they are kept (e.g., maintained in the sales files cabinet). Further, we specify who maintains the records (e.g., maintenance of the records is by the sales and marketing administrative supervisor). In addition, we specify retention time (e.g., all records are kept for the current year plus 2 years). Finally, we specify who can destroy records (e.g., records cannot be destroyed without the direct approval of the controller). It is usually best to avoid specifying the exact nature of record disposal and state that it is at the discretion of top management (e.g., the controller).
[1]The subject has received some deserved dedicated attention. See, for example, Brumm, Eugenia K., "Managing Records for ISO 9000 Compliance," Quality Progress, January 1995, p. 73. The book of the same title is also available from the ASQ, ISBN 0-87389-312-3.
[2]Quality System Regulation, Part VII, Department of Health and Human Services, Food and Drug Administration, 21 CFR Part 820, Current Good Manufacturing Practices (CGMP): Final Rule, October 7, 1996, published by the SAM Group, Stat-A-Matrix, Edison, N.J., Sec. 820.181: Device Master Record.
|