Yes, it’s called Recordocumenoia. You might have never heard of it because I have just invented this word! Now, I know that it sounds weird and somewhat implausible to your ears but deep inside the subconscious of ISO consultants, Recordocumenoia is the state entanglement both the notions of records and documents are really in. Let’s call it the Recordocumenoia syndrome. I am going to “try” (Between two quotes for all the people who are saying who does the kid think he is by bravely curing us from Recordocumenoia) to make some key point differences between the two notions by analyzing the 4.2.3 and 4.2.4 clauses of the 2008 revision line by line. Hopefully, by the end of this article, you will be able to decouple records from documents and vice versa.
Information (We need a time machine for this section, anyone?)
Ever since humans discovered the art writing, the benefits yielded were massive. One must wonder about the pyramids of Egypt and how such an engineering marvel came to existence, yet, not ask the question about the role documentation played in this project. Chief engineers had to put all of their meaningful data in writing either on clay boards or by inking them down on animal skins (documentation technology of the time), for fear of loss obviously, but more importantly because writing made it easier to exchange valuable information and knowledge. We, then, gradually became more reliant on writing. Proof of this? Our money is nothing but writing on paper! Now, that’s a document.
At the time being, people were aware of two things: Information or knowledgeand the support that carries them, the document.
Things have evolved slightly ever since (Psst, ‘slightly’! This guy is probably writing this in 582. B.C). Nowadays, we live in a world where documentation, in its various forms, plays a major role in every aspect of business.
Entire systems for the purpose of information and knowledge management were created. The ISO 9001:2008, the backbone standard of many QMS in the business world, has its take on documentation. Of course, as the law of imperfectness must be respected, ISO’s thoughts on how an organization should manage its documents were never short on confusion. I remember one experienced auditor telling me that the documentation clauses were so badly writing that one can point, during an audit, as many non-conformities as the number of stars in a clear night sky. Maybe that's an over-exaggeration, I don't know. So what does ISO 9001 says about ‘writing stuff’?
Documentation according to ISO 9001? (Oh, wait! I mean 9000)
The ISO 9001:2008 points us to ISO 9000:2005 for definitions. Here, we have a few notions to begin with:
Information: Meaningful data – Because numbers, figures and words do not make sense if not properly articulated.
Document: Information and its supporting medium – Paper, a black board, Computer. Literally anything.
Record: Document stating results are achieved or provides evidence of activities performed
b) to review and update as necessary and re-approve documents,
c) to ensure that changes and the current revision status of documents are identified,
d) to ensure that relevant versions of applicable documents are available at points of use,
e) to ensure that documents remain legible and readily identifiable,
f) to ensure that documents of external origin determined by the organization to be necessary for the planning and operation of the quality management system are identified and their distribution controlled, and g) to prevent the unintended use of obsolete documents, and to apply suitable identification to them if they are retained for any purpose.” ISO 9001:2008, §4.2.3
Your procedure must state how you approve documents before issuing them. Think of a meeting where you explain a work procedure to your fellow colleagues and your boss signs it – I mean signs it- before it goes effective. The way a) is carried out can be very different from one organization to another. In large organizations, you may need a few signatures to issue a document while in companies of few people, you may not need signatures, not even one.
A document is not rigid. It may be updated and even replaced so it has to go through a re-approval process. You need to say how you do that.
This goes to say every document through, its life, from conception to recycling must be identified. The identification is here left to the discretion of the end-users. I have a surprise for you: Using complicated identifiers made of number and letters to identify documents is NOT the only way. Wink Wink at boilerplate consultants ;)
You must ensure that the documents used are updated to the latest issue or version and that they are available to those who use them.
Your document must readable. If you use hand-writing, make sure it’s readable. Properly photocopy your documents is you’re making dozen of copies.
Documents of external origins must be handled with special care. Your customers’ or supplier documents’ for instance are an example. Some documents can be confidential to some employee. Your customer might not want to your entire company reading through their stuff. Your procedure must say something about that too.
Prevent unintended use of documents. How do you do that? I regularly audit my organization’s documents. Making your co-workers aware of the importance of using the latest issue and having them agree to it even in writing. This can be useful when you cannot audit 500 people for obsolete documents.
So our foundation begins with information –meaningful obviously-, goes on the support, gets called a ‘the document’, wait for until it proves that an activity occurred and then we call it a record?
Pretty simple, huh? So a record is a document and a document is not a record. A record can be a complete chart, a minute review or leave of absence signed your employee, all of those are documents in essence. So all records start out as a document which means that documents are empty records? Yes and no? ISO 9001 provides two separate clauses for documents and records. Why? Ask TC 176/SC2.
ISO 9001 expands on documentation
“Documents required by the quality management system shall be controlled. Records are a special type of document and shall be controlled according to the requirements given in 4.2.4.” ISO 9001:2008, §4.2.4
The standard establishes that records need to be controlled separately. This does not mean that records are only subject to 4.2.4. Well, in the beginning there was light but then all records are documents so 4.2.3 also applies to all records and not the other way around. Note the standard does not say anything this but logic implies it. Now, the real question comes in here. When does a document become a record? The answer is evidently provided by the definitions. A document becomes a record when its content provide evidence that an activity is performed. The evidence must be meaningful.
We have established somewhere of a difference now. Let’s go ahead and read on.
“A documented procedure shall be established to define the controls needed…”,ISO 9001:2008, §4.2.3
A document procedure is a document that states how your documents are managed (documents but also records which are documents, forget about records for now! Don’t.):
“a) to approve documents for adequacy prior to issue,
So let’s go one by one:
Now most used documents used in companies get filled either manually or electronically with information, potentially stamped and even signed. This does as we said before transforms a document to a record. Due to the sheer volume of records and their importance in demonstrating conformity to customer, internal, regulatory and statutory requirements, ISO 9001 could not help but to say something about records.
Now, let’s jump to 4.2.4, shall we?
“Records established to provide evidence of conformity to requirements and of the effective operation of the quality management system shall be controlled. The organization shall establish a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention and disposition of records. Records shall remain legible, readily identifiable and retrievable.”, ISO 9001:2008, §4.2.4
A documented procedure that says how you control your records must be established. A documented procedure is document and eventually it will abide by 4.2.3 but not by 4.2.4. In simple terms, this documented procedure establishes a method on how record control is done (consider it an ideal) but does not provide proof that the control did occur. We may consider, for example, that an audit report on 4.2.4 a to be record which is at the same time a document. And a record.
By the way, congratulations if you’ve been reading this far! Boo to all the other quitters who think they are too smart. Alright, we’re also done here.
These are the key additional points that address the record as per the information in it not as its being a document because we’ve already been through that now.
Identification: You may ask: What am I to identify here, I have already identified the document? Isn't a record a document? Why do I have to do it twice? I think you are right about that and you don’t have to do it twice. Just remember this is more about the information inside the record rather the document the record is. I personally believe that identification is with regards to the evidence we are providing that an activity was or is performed. Identification can be the name of operator in charge, the batch number, the client’s name, the time and date, any useful remarks. That makes the record identifiable with regards to the activity we are trying to prove its occurrence. I can tell you one thing though: It surely is not another identifier.
Legible: They need to be readable. Records must be readable by a third party; otherwise, they are not readable.
Storage: Well, meaningful data is precious. That’s what all data miners will tell you. Err, wrong reference. So the way we store it is also important. Storage does not necessarily invoke archiving. Storage is simply how you store your records.
Retrieval: Imagine yourself in a 500 employee size company, wouldn’t indexing your stored records make it a whole lot easier to retrieve them. Not everyone can retrieve records, right? Do you need a clearance for that? Some records can be confidential? Are you going to give away the original or a copy of the original? These are sample questions that might address the retrieval process of a record in a giving organization.
Retention: When do you terminate your records? For how long do you keep records? Most people would say after my product expires or get recycled. Legal requirements of your state can have a say in this as well. So it’s up to the end-users to define the process of retention.
Disposal: The way you dispose your record must be described in this procedure. It’s up to the end user to define it.
That was quick, right? *Chuckling sound effect insert here*. I hope that I have helped you decouple documents from records even if one is the other and the other is not the other. Your comments and critics are welcomed with an open-heart.