Records Management

Performance Improvement Solutions for Your Business Needs September 2007
In this issue

  • Records Management
  • Risk Management for Medical Devices
  • FMEA Quality Tool
  • Getting the CE Mark
  • Training Courses
  • Greetings!

    Welcome to Sustaining Edge Solutions E- Newsletter

    Our newsletters provide guidance on operational and quality systems ISO 9001, AS9100, ISO/TS 16949, TL 9000, ISO 13485, ISO 14001, and others. This includes process improvement methods Six Sigma, Lean Enterprise, and other topics of interest to our readers.

    If you have any questions about the articles appearing in this issue, or you want to suggest topics for future issues, please let us know.

    Newsletter Sign-up

    Thanks for your Support!

    Records Management

    The ISO 9001:2000 quality standard addresses the control of records, but only includes three sentences of requirements:

    1. Records must be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system.
    2. Records must remain legible, readily identifiable and retrievable.
    3. A documented procedure must be established to define the controls needed for the identification, storage, protection, retrieval, retention time, and disposition of records.

    If you want to know more about records management than included in ISO 9001:2000, you should look at ISO 15489-1:2001, Information and Documentation – Records Management.

    According to ISO 15489-1:2001, records are information created, received, and maintained as evidence in pursuance of legal obligations or in the transaction of business. Records contain information that is a valuable resource and an important business asset. A systematic approach to managing these records is essential to protect and preserve them as evidence of actions.

    A records management system results in a source of information about business activities that support subsequent activities and business decisions, as well as, ensure accountability to present and future stakeholders.

    Records Management
    ISO 15489-1 defines records management as the field of management responsible for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records, including processes for capturing and maintaining evidence of, and information about, business activities and transactions in the form of records.

    Organizations should define and document a policy for records management. The objective of the policy should be to create and manage authentic, reliable and usable records that are capable of supporting business functions and activities for as long as they are required.

    An authentic record is one that can be proven to 1) be what it claims to be, 2) be created or sent by the person purported to have created or sent it, and 3) be created or sent at the time indicated.To ensure the authenticity of records, an organization should implement and document policies and procedures that control the creation, receipt, transmission, maintenance, and disposition of records.
    Record policies and procedures should ensure that record creators are identified and authorized, and that records are protected against unauthorized addition, deletion, alteration, use, and concealment.

    A reliable record is one whose contents can be trusted as a full and accurate representation of the applicable transactions, activities, or facts. They can be depended upon during subsequent transactions or activities as being reliable. Records should be created at the time of the related transaction or incident, or soon afterwards, by individuals who have direct knowledge of the facts, or by instruments routinely used within the business to conduct the transaction.

    The system that manages the records should be capable of continuous and regular operation in accordance with applicable procedures and provide ready access to all relevant records.

    The integrity of a record refers to its being complete and unaltered. Records must be protected against unauthorized changes. Policies and procedures should specify what additions or annotations may be made to a record after it is created, under what circumstances they may be authorized, and who is authorized to make them. Any annotation, addition, or deletion of a record should be explicitly indicated and traceable.

    The record system should include controls for access monitoring, user verification, authorized destruction, and security to prevent unauthorized access, destruction, alteration, or removal of records.

    A usable record is one that can be located, retrieved, presented, and interpreted. The record should be capable of being connected to the business activity or transaction that produced it.

    You can order ISO 15489-1:2001 at the ANSI eStandards Store.

    Risk Management for Medical Devices

    The second edition of ISO 14971:2007, Application of Risk Management to Medical Devices, has been released. The revised version aligns better with ISO 13485:2003 requirements and provides an improved model for implementing a risk management system.

    ISO 14971:2007 specifies a process for a manufacturer to identify the hazards associated with medical devices, including in vitro diagnostic (IVD) medical devices, to estimate and evaluate the associated risks, to control these risks, and to monitor the effectiveness of the controls. The requirements of ISO 14971:2007 are applicable to all stages of the life- cycle of a medical device.

    ISO/TR 14969:2004 provides guidance for applying the requirements for quality management systems contained in ISO 13485. It does not add to, or otherwise change, the requirements of ISO 13485. It does not include requirements to be used as the basis of regulatory inspection or certification assessment activities. However, its guidance can be used to better understand the ISO 13485 requirements and to illustrate some of the methods and approaches available for meeting those requirements.

    Purchase the Standard for $160 at the ANSI Site

    FMEA Quality Tool

    Have you heard about FMEA, but remain unsure of its use as a quality tool?

    Well, FMEA is the acronym for Failure Modes and Effects Analysis. failure Modes are the ways in which something might fail. The failures are actual or potential errors or defects, especially those affecting the customer. Effects Analysis refers to studying the consequences or effects of those failures.

    Failures are prioritized according to the seriousness of their consequences, the frequency of their occurrence, and likelihood of their detection. The purpose of FMEA is to take actions to eliminate or reduce failures, starting with the higher priority ones.

    FMEA is used during design to prevent failures. Later, it is used for control before and during operation of the process. Ideally, FMEA begins during the earliest conceptual stages of design and continues throughout the life of the product or service. It is a step- by-step approach for identifying all possible failures in a design, a manufacturing or assembly process, or a product or service.

    To see an FMEA example, go to this ASQ web page

    Getting the CE Mark

    The CE Mark is mandatory for a wide range of products sold in the European Union. The CE Mark has been described as a “passport” that allows manufacturers to trade industrial products freely within the internal EU market. The CE Mark indicates the manufacturer has undertaken all assessment procedures required for the product. The CE Mark is not a quality mark and does not indicate conformity to a standard; it indicates conformity to the legal requirements of the EU directives.

    General Steps for Getting the CE Mark

    1. Identify all applicable EU directives (laws).
    2. Assess your product to the “essential requirements” of the directives.
    3. Choose the appropriate conformity assessment.
    4. Determine the applicable standards.
    5. If required, choose a competent body in US to perform product tests.
    6. If desired, choose an authorized representative for your company in EU.
    7. Prepare a technical file, including a users manual, for products with high risk hazards.
    8. Assemble the required approvals and certificates.
    9. Prepare a Declaration of Conformity for each applicable directive.
    10. Affix the CE Mark in accordance with the laws.

    Obtaining authority to attach the CE Mark is often thought to be difficult and time-consuming. However, in many cases it is not.

    view the CE Mark PDF brochure at the NIST web site.

    Training Courses

    Our October-December course schedule is now posted on our website

    To see the course description, schedule, and on-line registration click on the course title below. Courses are awarded Continuing Education Units.

    Understanding & Implementing ISO9001:2000
    ISO 9001:2000 Process Based Internal Auditor
    Documenting Your Quality Management System

    Understanding & Implementing AS9100B:2004
    AS9100B: 2004 Process Based Internal Auditor
    Documenting Your Quality Management System

    Understanding and Implementing ISO/TS16949:2002
    ISO/TS16949:2002 Process Based Internal Auditor
    Documenting Your Quality Management System

    Understanding and Implementing ISO14001:2004
    ISO14001:2004 Process Based Internal Auditor

    The Five Pillars of a Lean Workplace Organization
    Continuous Process Improvement
    Lean Six Sigma

    All courses can be delivered at your company. Don’t see a course, location, or date that fits your needs?

    Contact Us

    Quick Links

    phone: 888-572-9642


    Comments are closed.