Defining Record Retention Times - Is 5 years long enough?

Hi Raffy -

I hope this helps - attached is my Control of Quality Records Procedure and the first page of our Record Retention List.

Never pitch a weibull plot. Everything else has an optimum frequency for review and retention. On the day before Christmas vacation I try to touch all of the quality documents documents that could have been reviewed (including weibull plots) by me within the last year.

Hi Wes Bucey,

Your right! I'm already frustrated especially this times as our Certification Audit
is now fast approaching, I just hope I could close all the findings that was been
found by the auditor who reviewed our documents.

Now I'm now confused with regards to document and records. Was there a need to
keep the documents for many years or shall we say that were just going to
those documents on the latest revision? I thought documents and records are
of the same in nature, with the same treatment with records.... Please
enlighten me more on this aspect.

Thank you, Wes.

Hi Cari Spears,
I already downloaded the attached file, I think I would use the file and make some
revisions which are applicable to us.
Thank you too, Cari.

Best regards,
Raffy

Probably more than you want to know

Raffy said:

Hi Wes Bucey,

Your right! I'm already frustrated especially this times as our Certification Audit
is now fast approaching, I just hope I could close all the findings that was been
found by the auditor who reviewed our documents.

Now I'm now confused with regards to document and records. Was there a need to
keep the documents for many years or shall we say that were just going to
those documents on the latest revision? I thought documents and records are
of the same in nature, with the same treatment with records.... Please
enlighten me more on this aspect.

Thank you, Wes.
Best regards,
Raffy

Click to expand...

Here's my quick and dirty [sardonic laugh here] division between document and special subset of document called "record" with a brief [I promise] yardstick for control and retention:

Documents are all written or drawn papers (whether hard copy or strictly electronic) used by an organization in its business. Some of these documents are "plans" or "designs" on performing some process within the business. These documents may change or become obsolete as plans are revised or no longer needed.

Records are a special subset of documents which represent the history of some activity (hours worked, results of inspections, number of products made in a shift, etc.) Just as a good historian does not rewrite history, so, too, a good organization does not rewrite a record. Records may be continuous (a weekly time card, for instance which has new data added every day) or they may be unique for a date and time (a receiving inspection record for a particular lot of goods.) Unless there is an obvious error (data entered under a wrong date or column on a form?), records remain unchanged until they reach the end of their retention period. Some organizations use the data from records to make "reports" which are rarely controlled documents (except for confidentiality purposes) in the sense that Quality organizations use the term "control" (reports might be Shipments on ALL Orders During October)

Retention
An organization makes a decision when a document (including records) is created as to a point in the future when it will make a decision whether the document is still needed or can be discarded. (At the same time, it makes a decision whether the document will be "controlled" or not.)

The most efficient organizations create a method of retrieving and evaluating those documents at the end of the initial retention period. Some documents may have retention periods calculated in seconds or minutes (a note for the UPS driver NOT to pick up Friday because the plant will be closed for inventory.) Other documents have a longer life span (blueprints for a classic product that sells year after year - Radio Flyer wagons?) Almost by definition, records have a definite life span, dictated by customer or regulatory requirement (inspection records, material C of C, tax records) or by the organization (supplier performance records.)

Here are some working definitions about "Control" which many Quality professionals agree with. Some readers may have additions or subtractions according to their experience.
Control
"Control " has a special meaning in a Quality organization. It implies a series of actions on a product, document, or process which determine the "five W's" of information (who, what, when, where, why) about the controlled object. Further, "control" implies a record is kept of those actions. (See Control process , Controlled , Controlled conditions, Controlled copy, Process Control)
Control process
Procedures to create and monitor methods and documents. A Control Process ensures appropriate people have input in creating the method or document and uniform practices are followed in implementing the necessary actions. (Compare with Process Control.)
Controlled
Means assuring only the most recent authorized version or revision of a design, document, or part is in process by actively removing all outdated or nonconforming versions, marking them as such, and keeping them segregated from the active design or production process except for archival reference.
(note the point about keeping segregated from ACTIVE design process - the activity of creating or amending/revising a document is controlled with a separate process from controlling finished and released documents.)

Controlled conditions
Throughout the Quality world, "control" implies the controlling entity (1) has a written Plan; (2) follows the Plan; (3) records the activity performed following the Plan; and (4) has a system for evaluating the record to decide whether to modify the Plan. "Controlling the conditions" of production merely means adhering to the four steps of the Plan.

Controlled copy
"Control " implies we will keep a register of the authorized holders of any document created by us. When any event occurs related to a controlled document, we notify the registered holders, requiring them to acknowledge the notice. When we change or revise a document, we send registered holders the updated version and require them to return or confirm destruction of the outdated document to us. Compare with "uncontrolled copy" where the holder is responsible for maintaining an updated copy.
(All documents are not controlled - review the note to the UPS driver taped to the door or a sales letter to a prospect, soliciting business.)
Process Control
The activity performed to limit the natural variation inherent in any process to keep the process or product within the limits of the design specifications. (Compare with Control Process.)

Gosh, I know this was long, but I'm trying to eliminate any ambiguity. However, if you are still concerned about this, send me an email or a private message, include the findings from your auditor. This topic of documents, records, control, and retention normally takes up 2 to 3 seminar or workshop hours.

Wow, Wes! Lotsa good information there. Just curious: Are you a lawyer, or otherwise deeply involved in some type of super-critical records retention?

Mike S. said:

Wow, Wes! Lotsa good information there. Just curious: Are you a lawyer, or otherwise deeply involved in some type of super-critical records retention?

Click to expand...

Thanks.
Lots of formal legal training, primarily "agency and contract" and uniform commercial code. Not a member of the bar.

I like to use the "inoculation" technique:
Establish bona fides on first go around. No "sandbagging." Most folks are happy to have a guy dot the "i's" and cross the "t's" so there is no ambiguity.

If you are ASQ, check my member Profile on the ASQ web site.

Over the years, I've dealt with a lot of regulators and other assorted ankle biters (FDA, FAA, Big 3 automotive, medical equipment manufacturers, etc.) The key point is ankle biters are basically lazy people and the easier you make it for them, the happier everyone will be.

Personally, I dislike keeping even a personal calendar, but l love the feeling of power when I can lay my hands on any document in our organization in less than five minutes and know without doubt it is the most up-to-date. I love the looks of amazement on faces of customers, regulators, bosses when they, too, can do it. It's like teaching everyone MAGIC!

It occurs to me to mention that documents created by others may come into an organization's Control System. Examples are:

• purchase orders
• supplier's shipping and inspection data
• government regulations
• Corrective Action requests from customers
• etc.

Once these third party generated documents come into an organization's Control System, they are treated like records - not changed, revised, etc. When the creator of the document delivers an update, the previous version may be discarded or kept in an archive, based on an organization's policy about that kind of document.

Hi Wes,

Thank you for the comprehensive information you've discussed.
It was a great help. Basically, I'm still concerned on the retention. We
do have a system for retention but it was just defined on one specific
record, its not a general procedure. The problem is that not all of
our quality records are defined on the procedure that was been
submitted for review as quoted by the auditor.

But anyway, I would like to thank you for this. I highly appreciate your
concern.

Best regards,
Raffy

Raffy said:

Hi Wes,

Thank you for the comprehensive information you've discussed.
It was a great help. Basically, I'm still concerned on the retention. We
do have a system for retention but it was just defined on one specific
record, its not a general procedure. The problem is that not all of
our quality records are defined on the procedure that was been
submitted for review as quoted by the auditor.

But anyway, I would like to thank you for this. I highly appreciate your
concern.

Best regards,
Raffy

Click to expand...

Look. I don't want to seem like the Grinch Who Stole Christmas, but Document retention is serious business. Read this:
[Emphasis in bold or underline is mine]
https://www.cfo.com/article/1,5309,7785%7C%7CA%7C16%7C4,00.html

Document Retention

Should It Stay or Should It Go?
Joan Urdang, CFO Magazine October 01, 2002
A federal district court judge in Arkansas ordered sanctions against Cooper Tire & Rubber Co. earlier this year for destroying documents related to a product-liability case. Although the documents were shredded in accordance with the company's existing document-retention policy, the judge ruled that Cooper "should have known [the documents] were relevant to litigation" and therefore they "should have been preserved."

The Sarbanes-Oxley Act of 2002 looks at Cooper's behavior--known as spoliation--even more harshly. The new law makes it a crime to intentionally change or destroy a record that might be germane to any federal investigation. The punishment? Up to 20 years in jail.

Not so long ago, the question of whether to keep or destroy a company's documents was often answered by someone in the facilities or waste-management department. No more. High-profile fiascos like that at Arthur Andersen have raised the stakes. "Document-retention policies are now corporate-governance issues, with responsibility going to the top," says Bob Johnson, executive director of the National Association for Information Destruction Inc.

As senior managers try to find the right balance between what to save and what to destroy, some say they have gone from one extreme to the other. "Companies are saving too much now," says attorney Simon Lorne of Munger, Tolles & Olson in Los Angeles. They are being driven to do so, he says, not by their auditors, but by newspaper headlines.

"A lot of public companies are in a defensive posture," contends Quentin Faust, an attorney in the Dallas office of Arter & Hadden LLP.

There are legitimate reasons for destroying documents, as long as a clear policy is in place. While there is no such thing as a "one-size-fits-all" approach, there are certain guidelines, says Faust. First, it should be applied in a consistent way: it's hard to say that something was destroyed in accordance with a company's policy if the policy is applied randomly. Second, it must also be able to accommodate requests for documents that were scheduled to be destroyed if they are needed for legal or other reasons.

In my opinion, a first step is to Google for Record Retention or Destruction outfits like National Association for Information Destruction Inc. to pick up some basic guidelines. Then, the suits in an organization should take a hard look at their policies. This is one of those issues that can come and bite your gluteus maximus if you ignore it.

Hi Wes,

Thanks for your help and thanks for the information.

Best regards,
Raffy

Retention time for TS16949 is addressed

Customer Specific requirements of the big three OEMs and others who embrace and specify their specific record retention and disposal have to be met for registration.