SlideShare una empresa de Scribd logo

Usando ISO 15489 como herramienta de auditoria

Radar Información y Conocimiento
Radar Información y Conocimiento

Extraordinario documento sobre la Norma ISO 15489 empleada como herramienta de auditoría de los procesos de la gestión documental

TecnologíaEmpresariales
1 de 7
Descargar para leer sin conexión
46 The Information Management Journal • July/August 2004 LessonsLearned tion and covers all media. The standard is intended to provide a framework for planning and implement- ing a records management program. The comprehensive nature of the standard with regard to current and non-current records and the clear categorization of its requirements also makes it an obvious choice on which to base audits of records management programs. A critical review of the standard as a basis for an audit is important. It is crit- ical to walk through the preparation phases for the audit, including the development of assessment tools based on the standard, the audit process itself, and audit report writing. To ensure its newly implemented records manage- ment program complied with industry best-practices, one small European pharmaceutical company used ISO 15489 to help guide it through those critical processes. Examples from an actual audit of a newly developed records management program involv- ing the pharmaceutical company’s non- current, clinical trials department records provide many lessons for any organization that wants to use or test the standard in its own records manage- ment program. Methodology, Background Research, and Scoping The methodology for an audit has four main components: 1. Initial background research and scoping of project 2. Preparation, including familiariza- tion with the company’s records management program documenta- tion, and development of audit tools to establish compliance with ISO 15489 3. Audit information gathering 4. Report writing The first component involves dialog Using ISO 15489 as an Audit Tool ISO 15489, the first international standard devoted to records management, provides a comprehensive and practical basis for auditing full and partial records management programs Margaret Crockett and Janet Foster At the Core This article • examines using ISO 15489 as the basis for auditing a records man- agement program • discusses complying with stan- dards and regulations when auditing a records program • provides tips on audit information gathering and report writing SO 15489 (1:2001 Information and Documentation – Records Management – Part 1: General) is the first international standard devoted to records management. It was developed from the Australian standard (AS 4390.1 - 1996) and pro- vides detailed specifications for the structure, content, and implementation of records management programs. The guidance it contains is applicable to records management for any organiza- I
July/August 2004 • The Information Management Journal 47 with the records manager to gather enough data to estimate the project’s size and time requirements. The data required includes information about the company, its mission, and func- tions; the number of employees; details about the records management opera- tion; and the context of the audit. This information is crucial to scoping the project, estimating time required, and allocating time to the various phases of the audit process. In this instance, the audit scope contained: • The records of one department of the organization (although there was a realization that good records manage- ment practices could be transferred to other parts of the company) • The non-current phase of the records life cycle • Paper records only, because the records management program did not yet include digital media The audit context was: • A young pharmaceutical company • Limited functions to be considered The records management system had not yet been implemented; conseq- uently, the audit would not be large or lengthy, there would be few record series to cover, and there would be no user base to canvass. So why was the audit undertaken? There were two main rea- sons: the pharmaceutical company’s records manager was new to records management and wanted to make sure she had set up a system that was compli- ant with accepted best practices; and the pharmaceutical industry’s strong audit culture. The records manager intended to roll out the system to other areas and wanted to ensure that it was a good one before doing so. Since the audit, the pharmaceutical company has been searching for a full- time qualified records manager – a need that was identified in the audit report as a result of the records manager only spending about 10 percent of her time on records management. That was not necessarily something the company expected to come out of the audit, but the company has since taken advantage of the findings to improve its records management program. Preparation Preparation for auditing a records management program consists of: • Reading and evaluating record man- agement documentation provided by the records manager (See Table 1) • Developing an evaluation tool that will map collected data to ISO 15489 (See Table 2) Reading through the assembled records management program docu- mentation has a dual purpose: it pro- vides a complete overview of the pro- gram and its components, and it allows the auditor to assess the documentation for compliance. Mapping audit findings to the stan- dard can be done through use of a form or checklist designed for this purpose. Developing such a checklist, or audit assessment tool (AAT), involves turning the relevant requirements of ISO 15489 into a series of questions. The checklist Table 1: Checklist of Documentation Required for Records Management Audit Relevant organizational structure chart Mission statements for organization and/or department Records management mission statement Records management policy Records management procedures (might be a manual) used by the records management team,including any in-house training material or details of other training Specifications for automated records management systems for paper records Specifications of records management systems for digital records Retention schedules Access authorizations Accession records Documentation on records destruction or contracted-out services Written specifications for shelving,boxing,and storage facilities Vital records inventory Vital records protection procedures,including recovery in event of disaster Business continuity plan Agreements with any third-party service providers for business continuity services Surrogacy program (digitization or microfilm/fiching) documentation Staff job descriptions both within and outside records management team
48 The Information Management Journal • July/August 2004 or form will need to be modified to reflect what the records management program covers, whether the full records life cycle or only a segment of it. Do not underestimate the length of time this can take; allow at least two days. The AAT can be divided into two parts: the first focuses on assessing com- pliance with the standard proper in terms of records management; the sec- ond reflects the requirement for compli- ance with any relevant regulatory bod- LessonsLearned ies’ guidance on recordkeeping. The final product can be quite long and should be very detailed. Tables 2, 3, and 4 provide examples of an AAT devel- oped for the audit undertaken. Comparison with ISO 15489 gives an idea of the tool’s practical use (see “ISO 15489-1:2001 Sections Useful for Audit- ing” on page 52). Auditing Regulatory Environment Section 5 of the standard specifies recordkeeping practice. It deals with the regulatory environment, including those regulatory obligations and standards of practice pertaining to the industry/sector, as well as national/international law, best practice,codes of conduct and ethics,and identifiable community expectations. Because this is an international standard meant to be applied globally, it does not give detailed guidance on which legisla- tion or regulations have a bearing on records management,so research into the relevant regulatory environment will be needed.It is useful to compile a list of leg- islation and regulations likely to pertain to the particular recordkeeping environ- ment in which the audit is operating.The list can be reviewed by the records man- ager and other interested colleagues, such as the legal team and the quality control department, so that their knowledge and expertise can be fed into the AAT. The list for the pharmaceutical industry, for example, included items such as: • International law/agreements • European Union (EU) directives • National Archives law • National Freedom of Information legislation • Data protection legislation • Environmental legislation pertaining to recordkeeping • Legislation covering businesses and how they are constituted and run • Industry-specific regulation (in this case, FDA regulations and the EU Directive 2001/83/EC relating to medicinal products for human use) • Healthandsafetylegislation/regulations Other factors considered included: • ISO 9000 registration • Electronic records management sys- tem specifications (such as the EU- funded Model Requirements) Table 2 shows the AAT section that deals with the regulatory environment. Table 2: SectionfromPart1oftheAuditAssessmentToolDealingwiththe RegulatoryEnvironment Statutes,Case Laws,Standards Considerations • Records Any national archival law covering • Archives records,including storage standards • Access Any legislation governing access to records • Privacy and data protection Concerned with records containing personal data • Evidence If required as evidence in court of law, are records available? Do they meet requirements to be used as evidence? (Should be addressed later in the AAT.) • Electronic commerce Do the records meet the requirements of legislation pertaining to electronic commerce? • Access to public information “Access to information”legislation that may affect the way records are kept and access obligations • Environmental recordkeeping Are records required by environmental legislation legislation being created and retained? • Regulations governing What industry-specific regulations affect sector-specific environment recordkeeping? • Regulations governing general Health and safety business environment • Mandatory standards of practice These could be industry-specific or department-specific (for example,legal counsels in the United Kingdom need to maintain records of continuing professional development)
50 The Information Management Journal • July/August 2004 In an assessment tool tailored for a specific organization, regulatory requirements should be listed with cross-references to other AAT sections regarding compliance. For example, “access” to records of certain industry sectors may be governed by regulation; environmental legislation might oblige organizations to make records available; and the public may also have a right to access government information. That the company provides appropriate access will be recorded in the standard’s sections dealing with access in detail, which are: 7.2.5 Records management require- ments: characteristics of a record: usability 8.3.6 Design and implementation of a records system: designing and implementing records systems: access, retrieval, and use 9.7 Access Section 9.2 of ISO 15489, “Deter- mining How Long to Retain Records,” outlines good practice with respect to development of retention schedules. Not surprisingly, it does not stipulate what the retention schedule format LessonsLearned checklist of required records and enable an assessment of the record creation phase of the records management pro- grams being audited. The pharmaceuti- cal industry, for example, must comply with FDA regulations and an EU direc- tive from the International Committee on Harmonisation. The FDA Guide- lines for Good Clinical Practice Section 8 sets out “Essential Documents for the Conduct of a Clinical Trial.”The section gives detailed and stringent require- ments for the types of documents that must be created by both sponsors of and investigators participating in clini- cal trials. The European Union, in Directive 2001/83/EC and “Detailed Guidelines on the Trial Master File and Archiving (2002),” adopts this defini- should be or give any detailed retention data. The standard’s guidance can be turned into a set of questions, as shown in Table 3. When it comes to assessing compli- ance with respect to records retention, the auditor needs to refer back to the regulatory environment and consider general business requirements as well as the needs of individual record creators and users. Industry-Specific Compliance Assessment Heavily regulated industries have to comply with very detailed specifica- tions for the types and content of records to be created and kept. Such specifications provide the basis for a Table 3: Section from Part 1 of the Audit Assessment Tool Dealing with Retention • Is the retention schedule appropriate? • Is retention schedule compliant with legislation and regulation? • Are all stakeholders’needs met by retention schedule? (What are their needs?) • Are records of no continuing value being destroyed promptly? • Is how to properly destroy records properly documented in the manual/ procedures? Table 4: Checklist of Required Records Title of Document FDA Regulations/ICH Directive Sponsor’s file Investigator’s file Retention Period Investigator’s brochure 8.2.1 Signed protocol and amendments (if any) and sample case report form (CRF) 8.2.2 Information given to trial subject,including informed consent form advertisement (if used) 8.2.3 Financial agreement(s) between sponsor and investigator 8.2.4
July/August 2004 • The Information Management Journal 51 tion of essential documents as its mini- mum. Therefore, only a detailed analy- sis of the FDA requirements would be required, augmented by attention to the EU archiving requirements to create a table that • lists the documents to be created • references the regulation that requires them • specifies who should create them • notes any specified retention period Table 4 (page 50) suggests a format for such an initial listing. From the table, it is possible to extrapolate two checklists of documents to be created by sponsors and investiga- tors. The lists can be used to show that the clinical trial documentation being created is compliant with FDA and EU Good Clinical Practice regulations gov- erning the sector as required by ISO 15489. Furthermore, the analysis of reg- ulatory retention requirements and EU procedural requirements for accession, tracking, and destruction of essential documents provides a baseline that can be used for observing whether the appropriate records are being retained for the required time and whether pro- cedures are in place to comply with the EU archiving requirements. Such com- parison highlights conformance with the ISO requirement to observe the sec- tor-specific regulatory environment. Analyzing regulations to establish the essential foundation for sector-specific recordkeeping is a time-consuming exer- cise. However, it greatly assists in under- standing the nature of the records in the program and provides useful checklists for auditors and audited alike. Such checklists can be an appendix to the final report and used for future reference. Audit Information Gathering The audit itself can be divided into several parts. First, the record manage- ment program documentation provided prior to the audit can be checked against the AAT.This is a two-way process,as the documentation provides answers to the audit questions, and the AAT also lists program expectations. For example, the policy’s objective is to create and manage authentic, reliable, useable records, capa- ble of supporting business functions and activities for as long as required. Expectations include that the policy • is communicated to and implemented by the whole organization • is endorsed by high-level manager/ committee Table 5: AuditQuestionsfor Staff Questions for records creators: Do you know about the records management policy? Yes No Have you had records management training? Yes No Do you have access to a manual or set of procedures for records management? Yes No Describe how you create records. Describe how you file records. Describe how you retrieve records. Describe how you review or destroy records. Do you know what records you are expected to create to comply with legislation? Yes No Do you know what records you are expected to create to comply with industry regulations? Yes No Do you know what records you are responsible for making sure others (either within the organization or outside contractors) create and retain? Yes No Do you know what a retention schedule is and how to use it? Yes No Do your records meet your requirements and needs? Yes No Questions for records management staff: Do you have enough authority? Yes No Do you get enough support from management? Yes No How long have you been doing records management work in this organization? Have you had records management work experience in previous employment? Yes No What training have you had? What training (if any) do you feel you need? • has compliance responsibility assigned • includes a definition of legislation, regulation, and standards governing records management • makes provision for a review process The second stage of the audit is a series of interviews with stakeholders in the records management process. These might include: • Senior manager • Records manager
52 The Information Management Journal • July/August 2004 LessonsLearned • Records management staff member • Records creator • Representative from an interested department (e.g.,quality management) Table 5 (page 51) lists questions to ask staff as part of the audit. Questions can be tailored to suit the particular legal and regulatory environment. Finally,the audit must involve observ- ing the processing and storage areas and using the audit tool as a checklist to assess compliance with relevant sections of the standard. Report Writing Strictly speaking,the audit itself can be documented solely by the completed audit tool form. However, this may not be the most helpful way of communicat- ing to the operating staff what the audit has discovered, and it is always worth Records management programs should encompass: • Setting policies and standards • Assigning responsibilities and authorities • Establishing and promulgating procedures and guidelines • Providing records management services • Designing,implementing,and administering specialized records management systems • Integrating records management into business systems and processes • Appropriate staff training Regulatoryenvironmentsmustbeidentified,including: • National and international law and regulations • Sector-specific regulation • Standards and codes of best practice Main principles of records management include: • Records are created to support business activity,provide accountability,and comply with regulatory environments. • Records management rules should be embedded in all business processes requiring documentation. • Business continuity should ensure identification and protection of vital records. The characteristics of records as defined in the standard: • Records should accurately reflect the communication, action,or decision. • Records need to be linked to metadata such as format and business and documentary context. • Records should be authentic,reliable,usable,complete, and unaltered. Functionality and components of records systems: • Ability to document records transactions • Control of physical storage • Support of a range of distributed storage and custody options • Facility for controlled conversion and migration of digital records • Provision for controlled access,retrieval,and use • Facilitation and implementation of retention and disposition decisions Records management processes and controls: • Determining records to be captured into the system • Specifying metadata that needs to be linked to or embedded in the records • Deciding how long to keep records (retention schedule development and operation) • Registration of records • Classification (within business context,vocabulary controls,indexing and referencing.) • Storage and handling • Access • Tracking • Implementing retention and disposition • Documenting records management processes Monitoring and auditing should encompass: • Internal monitoring of system to ensure compliance with it as well as required outcomes • Internal or external audit • Appropriate modifications to system • Documentation of compliance,monitoring,and audit ISO 15489-1:2001 Sections Useful for Auditing
July/August 2004 • The Information Management Journal 53 Margaret Crockett and Janet Foster are freelance archivists and records managers who are directors of the Archive-Skills Consultancy. The partnership is based in London and operates mainly in the United Kingdom, but has carried out a significant number of projects overseas. They may be contacted at margaret@archive-skills.com or janet@archive-skills.com. considering producing a report as well. This allows the auditors to make specific recommendations, expand on audit findings as necessary, and perhaps most importantly, highlight good prac- tice that is already in place. The com- pleted AAT then has a context and the organization receives some pointers as to ways forward. Examples of audit report content based on the standard include: • Introduction • Management Support • Role of Records Manager • Records Management Staff • Vital Records and Disaster Planning • Retention Scheduling • Record Transfer • Record Retrieval • Records Management Database • Box Labels • Location Register • Procedures and Documentation • Storage • Next Steps • Conclusion • Recommendations • Appendices Using the Standard as a Basis for Audit: Lessons Learned The AAT essentially turns the stan- dard’s requirements into a series of questions that are tailored to the partic- ular business sector as required. In practice, these questions cannot usually be satisfied by a “yes” or “no” option. Completion of the AAT, therefore, requires substantial interrogation of the records management program docu- mentation, onsite inspection of proce- dures and processes, as well as face-to- face interviews in order to determine and document compliance with the standard. Analysis of the records man- agement program documentation can be done prior to the site visit, which will allow both assessment of compliance (with respect to documentation) and raise questions to be answered during interviews and in situ inspection. By its nature the standard is pitched at a high level, but it is comprehensive in its coverage of requirements for records management systems and, therefore, provides a sound basis for an audit. The standard’s only self-con- fessed omission is its lack of coverage for those records selected as archives. If management of records is to be totally integrated from conception to disposal, then the archive cycle must be included. This is especially relevant in countries where archive legislation is in place. In order to use the standard as an evaluation tool, the auditor must be able to relate its specifications to the details of the records management pro- gram in question. The auditor must be able to analyze the findings as itemized in the AAT and assess whether the pro- gram is compliant with the standard (or at least to what degree). Most audits should also include recommendations of how the program might be improved. The standard does not assist with this step, as it provides definitions and required elements rather than strategies and methodologies. For example, in the course of investi- gations, the auditor may learn that a new IT system is being piloted. This may not fit into the AAT framework suggested by the standard, but it may impact the records management pro- gram.An experienced records manager/ auditor will realize the IT system’s importance and include analysis and recommendations on its possible effect in the audit report. It is the auditor and the records manager who are in a posi- tion to evaluate the context and specifics of the individual RM program and develop plans for improvement. This small European pharmaceutical company required the audit to validate the policies, procedures, and operating framework for a records management program that, at the time of audit, cov- ered only the non-current paper records of one department. Therefore, issues of auditing digital records man- agement, current records, and wider use of the AAT outside the records management team cannot be discussed directly. For example, there was no opportu- nity to investigate and develop assess- ment criteria for the requirements specified in the standard relating to characteristics of electronic records, their authenticity, reliability, integrity, and usability. But it was possible to determine whether records remained complete in their non-current records management regime. The question of how to test compliance with these requirements for current records remains to be answered. Additionally, some records manage- ment activities had not yet been required – for example, the destruction of documents at the end of the overall retention period – but the AAT will measure whether compliant procedures are in place for activities that will be needed in the future. The structure of the standard is such that it is easy to identify sections that are directly rele- vant to the scope of an audit and those sections that are not applicable. ISO 15489 provides a comprehensive and practical basis for auditing both full and partial records management pro- grams. Approaching the standard from this perspective and using it to develop an AAT also provided the opportunity to thoroughly test the standard itself.

Recomendados

Tiêu chuẩn GMP EU chương 4. Tiêu chí về hệ thống Tài liệu
Tiêu chuẩn GMP EU chương 4. Tiêu chí về hệ thống Tài liệuTiêu chuẩn GMP EU chương 4. Tiêu chí về hệ thống Tài liệu
Tiêu chuẩn GMP EU chương 4. Tiêu chí về hệ thống Tài liệuCông ty Cổ phần Tư vấn Thiết kế GMP EU
 
11070_AP_NA
11070_AP_NA11070_AP_NA
11070_AP_NATodd McAdams, CPA, CGMA, MAcc
 
Measuring Up To The G200 Distribution Standard
Measuring Up To The G200 Distribution StandardMeasuring Up To The G200 Distribution Standard
Measuring Up To The G200 Distribution StandardDan Barr
 
ACTD- ASEAN
ACTD- ASEANACTD- ASEAN
ACTD- ASEANNaila Kanwal
 
Haccp
HaccpHaccp
Haccpahmedbiya597
 
ACTD Guidelines Overview
ACTD Guidelines OverviewACTD Guidelines Overview
ACTD Guidelines OverviewMuhammad Ali Jehangir
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System ValidationGMP EDUCATION : Not for Profit Organization
 
Presentation on US FDA Data Integrity Guidance.
Presentation on US FDA Data Integrity Guidance.Presentation on US FDA Data Integrity Guidance.
Presentation on US FDA Data Integrity Guidance.GMP EDUCATION : Not for Profit Organization
 

Recomendados

Tiêu chuẩn GMP EU chương 4. Tiêu chí về hệ thống Tài liệu
Tiêu chuẩn GMP EU chương 4. Tiêu chí về hệ thống Tài liệuTiêu chuẩn GMP EU chương 4. Tiêu chí về hệ thống Tài liệu
Tiêu chuẩn GMP EU chương 4. Tiêu chí về hệ thống Tài liệuCông ty Cổ phần Tư vấn Thiết kế GMP EU
 
11070_AP_NA
11070_AP_NA11070_AP_NA
11070_AP_NATodd McAdams, CPA, CGMA, MAcc
 
Measuring Up To The G200 Distribution Standard
Measuring Up To The G200 Distribution StandardMeasuring Up To The G200 Distribution Standard
Measuring Up To The G200 Distribution StandardDan Barr
 
ACTD- ASEAN
ACTD- ASEANACTD- ASEAN
ACTD- ASEANNaila Kanwal
 
Haccp
HaccpHaccp
Haccpahmedbiya597
 
ACTD Guidelines Overview
ACTD Guidelines OverviewACTD Guidelines Overview
ACTD Guidelines OverviewMuhammad Ali Jehangir
 
Computer System Validation
Computer System ValidationComputer System Validation
Computer System ValidationGMP EDUCATION : Not for Profit Organization
 
Presentation on US FDA Data Integrity Guidance.
Presentation on US FDA Data Integrity Guidance.Presentation on US FDA Data Integrity Guidance.
Presentation on US FDA Data Integrity Guidance.GMP EDUCATION : Not for Profit Organization
 
Presentation: Prescription medicine registration process performance
Presentation: Prescription medicine registration process performancePresentation: Prescription medicine registration process performance
Presentation: Prescription medicine registration process performanceTGA Australia
 
Audit manual
Audit manualAudit manual
Audit manualIbrahim Jimalle
 
List of required HACCP document
List of required HACCP document List of required HACCP document
List of required HACCP document Global Manager Group
 
CTD Guidelines Overview
CTD Guidelines OverviewCTD Guidelines Overview
CTD Guidelines OverviewMuhammad Ali Jehangir
 
HACCCP document manual procedure
HACCCP document manual procedureHACCCP document manual procedure
HACCCP document manual procedureGlobal Manager Group
 
Industrial pharmacy prathap
Industrial pharmacy prathapIndustrial pharmacy prathap
Industrial pharmacy prathapMalla Reddy College of Pharmacy
 
Presentation: Medical Devices Single Audit Program (MDSAP) Pilot Program
Presentation: Medical Devices Single Audit Program (MDSAP) Pilot ProgramPresentation: Medical Devices Single Audit Program (MDSAP) Pilot Program
Presentation: Medical Devices Single Audit Program (MDSAP) Pilot ProgramTGA Australia
 
SMART rules, 2001
SMART rules, 2001SMART rules, 2001
SMART rules, 2001MoonaRaja2
 
CTD & E-CTD
CTD & E-CTDCTD & E-CTD
CTD & E-CTDApoorva Bauskar
 
Update to CAA: How the EPA's Refrigerant Management Program Has Changed
Update to CAA: How the EPA's Refrigerant Management Program Has ChangedUpdate to CAA: How the EPA's Refrigerant Management Program Has Changed
Update to CAA: How the EPA's Refrigerant Management Program Has ChangedTriumvirate Environmental
 
Overcoming the stress of non-prescription medicine application screening - Co...
Overcoming the stress of non-prescription medicine application screening - Co...Overcoming the stress of non-prescription medicine application screening - Co...
Overcoming the stress of non-prescription medicine application screening - Co...TGA Australia
 
MHRA Data Integrity Requirements
MHRA Data Integrity RequirementsMHRA Data Integrity Requirements
MHRA Data Integrity RequirementsGMP EDUCATION : Not for Profit Organization
 
Ch07 cma
Ch07 cmaCh07 cma
Ch07 cmaIbrahim Jimalle
 
GMP documentation
GMP documentationGMP documentation
GMP documentationkamyar faghihi
 
NQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA
 
NQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNA Putra
 
Audit prsentation
Audit prsentationAudit prsentation
Audit prsentationlogyonetimi
 
THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...
THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...
THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...sonamchuzin
 
Documentation in pharmaceutical industry
Documentation in pharmaceutical industryDocumentation in pharmaceutical industry
Documentation in pharmaceutical industryDevipriya Viswambharan
 
Digital Records Management & Preservation
Digital Records Management & PreservationDigital Records Management & Preservation
Digital Records Management & Preservationvictor Nduna
 
PECB Webinar: Overview of ISO 13485 - Medical Devices
PECB Webinar: Overview of ISO 13485 - Medical DevicesPECB Webinar: Overview of ISO 13485 - Medical Devices
PECB Webinar: Overview of ISO 13485 - Medical DevicesPECB
 
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINESAT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINESRenee Lewis
 

Más contenido relacionado

La actualidad más candente

Presentation: Prescription medicine registration process performance
Presentation: Prescription medicine registration process performancePresentation: Prescription medicine registration process performance
Presentation: Prescription medicine registration process performanceTGA Australia
 
Presentation: Medical Devices Single Audit Program (MDSAP) Pilot Program
Presentation: Medical Devices Single Audit Program (MDSAP) Pilot ProgramPresentation: Medical Devices Single Audit Program (MDSAP) Pilot Program
Presentation: Medical Devices Single Audit Program (MDSAP) Pilot ProgramTGA Australia
 
SMART rules, 2001
SMART rules, 2001SMART rules, 2001
SMART rules, 2001MoonaRaja2
 
Update to CAA: How the EPA's Refrigerant Management Program Has Changed
Update to CAA: How the EPA's Refrigerant Management Program Has ChangedUpdate to CAA: How the EPA's Refrigerant Management Program Has Changed
Update to CAA: How the EPA's Refrigerant Management Program Has ChangedTriumvirate Environmental
 
Overcoming the stress of non-prescription medicine application screening - Co...
Overcoming the stress of non-prescription medicine application screening - Co...Overcoming the stress of non-prescription medicine application screening - Co...
Overcoming the stress of non-prescription medicine application screening - Co...TGA Australia
 

La actualidad más candente (13)

Presentation: Prescription medicine registration process performance
Presentation: Prescription medicine registration process performancePresentation: Prescription medicine registration process performance
Presentation: Prescription medicine registration process performance
 
Audit manual
Audit manualAudit manual
Audit manual
 
List of required HACCP document
List of required HACCP document List of required HACCP document
List of required HACCP document
 
CTD Guidelines Overview
CTD Guidelines OverviewCTD Guidelines Overview
CTD Guidelines Overview
 
HACCCP document manual procedure
HACCCP document manual procedureHACCCP document manual procedure
HACCCP document manual procedure
 
Industrial pharmacy prathap
Industrial pharmacy prathapIndustrial pharmacy prathap
Industrial pharmacy prathap
 
Presentation: Medical Devices Single Audit Program (MDSAP) Pilot Program
Presentation: Medical Devices Single Audit Program (MDSAP) Pilot ProgramPresentation: Medical Devices Single Audit Program (MDSAP) Pilot Program
Presentation: Medical Devices Single Audit Program (MDSAP) Pilot Program
 
SMART rules, 2001
SMART rules, 2001SMART rules, 2001
SMART rules, 2001
 
CTD & E-CTD
CTD & E-CTDCTD & E-CTD
CTD & E-CTD
 
Update to CAA: How the EPA's Refrigerant Management Program Has Changed
Update to CAA: How the EPA's Refrigerant Management Program Has ChangedUpdate to CAA: How the EPA's Refrigerant Management Program Has Changed
Update to CAA: How the EPA's Refrigerant Management Program Has Changed
 
Overcoming the stress of non-prescription medicine application screening - Co...
Overcoming the stress of non-prescription medicine application screening - Co...Overcoming the stress of non-prescription medicine application screening - Co...
Overcoming the stress of non-prescription medicine application screening - Co...
 
MHRA Data Integrity Requirements
MHRA Data Integrity RequirementsMHRA Data Integrity Requirements
MHRA Data Integrity Requirements
 
Ch07 cma
Ch07 cmaCh07 cma
Ch07 cma
 

Similar a Usando ISO 15489 como herramienta de auditoria

NQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA
 
NQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNA Putra
 
Audit prsentation
Audit prsentationAudit prsentation
Audit prsentationlogyonetimi
 
THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...
THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...
THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...sonamchuzin
 
Documentation in pharmaceutical industry
Documentation in pharmaceutical industryDocumentation in pharmaceutical industry
Documentation in pharmaceutical industryDevipriya Viswambharan
 
Digital Records Management & Preservation
Digital Records Management & PreservationDigital Records Management & Preservation
Digital Records Management & Preservationvictor Nduna
 
PECB Webinar: Overview of ISO 13485 - Medical Devices
PECB Webinar: Overview of ISO 13485 - Medical DevicesPECB Webinar: Overview of ISO 13485 - Medical Devices
PECB Webinar: Overview of ISO 13485 - Medical DevicesPECB
 
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINESAT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINESRenee Lewis
 
DIA Reference Model a Guidance for Good Document Management and eTMF
DIA Reference Model a Guidance for Good Document Management and eTMFDIA Reference Model a Guidance for Good Document Management and eTMF
DIA Reference Model a Guidance for Good Document Management and eTMFSagar Ghotekar
 
ISO-TC46-SC11_Model presentation on 2nd ed ISO 15489-1-2016.pdf
ISO-TC46-SC11_Model presentation on 2nd ed ISO 15489-1-2016.pdfISO-TC46-SC11_Model presentation on 2nd ed ISO 15489-1-2016.pdf
ISO-TC46-SC11_Model presentation on 2nd ed ISO 15489-1-2016.pdfssuser8ddc09
 
GMP compliances of Audit
GMP compliances of AuditGMP compliances of Audit
GMP compliances of AuditMegha bhise
 
Documentation relating to product development,sop's,cleaning methods,quality ...
Documentation relating to product development,sop's,cleaning methods,quality ...Documentation relating to product development,sop's,cleaning methods,quality ...
Documentation relating to product development,sop's,cleaning methods,quality ...swrk
 
Documentation assignment
Documentation assignmentDocumentation assignment
Documentation assignmentAtul Chaudhary
 
quality assurance audits
quality assurance audits quality assurance audits
quality assurance audits rasikawalunj
 
quality assurance audits
quality assurance audits quality assurance audits
quality assurance audits rasikawalunj
 
quality assurance audits
quality assurance audits quality assurance audits
quality assurance audits rasika walunj
 
Quality assurance audits in pharma industries
Quality assurance audits in pharma industries Quality assurance audits in pharma industries
Quality assurance audits in pharma industries rasika walunj
 

Similar a Usando ISO 15489 como herramienta de auditoria (20)

GMP documentation
GMP documentationGMP documentation
GMP documentation
 
NQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap GuideNQA ISO 22000 Food Safety Transition Gap Guide
NQA ISO 22000 Food Safety Transition Gap Guide
 
NQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap GuideNQA ISO 22000:2018 Transition Gap Guide
NQA ISO 22000:2018 Transition Gap Guide
 
Audit prsentation
Audit prsentationAudit prsentation
Audit prsentation
 
THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...
THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...
THE DOCUMENTATION AND QUALITY POLICY IN PREPARATION OF MINOR LABORATORY OR I...
 
Documentation in pharmaceutical industry
Documentation in pharmaceutical industryDocumentation in pharmaceutical industry
Documentation in pharmaceutical industry
 
Digital Records Management & Preservation
Digital Records Management & PreservationDigital Records Management & Preservation
Digital Records Management & Preservation
 
PECB Webinar: Overview of ISO 13485 - Medical Devices
PECB Webinar: Overview of ISO 13485 - Medical DevicesPECB Webinar: Overview of ISO 13485 - Medical Devices
PECB Webinar: Overview of ISO 13485 - Medical Devices
 
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINESAT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
AT-5908 CPA REVIEW SCHOOL OF THE PHILIPPINES
 
DIA Reference Model a Guidance for Good Document Management and eTMF
DIA Reference Model a Guidance for Good Document Management and eTMFDIA Reference Model a Guidance for Good Document Management and eTMF
DIA Reference Model a Guidance for Good Document Management and eTMF
 
ISO-TC46-SC11_Model presentation on 2nd ed ISO 15489-1-2016.pdf
ISO-TC46-SC11_Model presentation on 2nd ed ISO 15489-1-2016.pdfISO-TC46-SC11_Model presentation on 2nd ed ISO 15489-1-2016.pdf
ISO-TC46-SC11_Model presentation on 2nd ed ISO 15489-1-2016.pdf
 
GMP compliances of Audit
GMP compliances of AuditGMP compliances of Audit
GMP compliances of Audit
 
IEMA ISO14001 - External Auditors viewpoint
IEMA ISO14001 - External Auditors viewpoint IEMA ISO14001 - External Auditors viewpoint
IEMA ISO14001 - External Auditors viewpoint
 
Documentation relating to product development,sop's,cleaning methods,quality ...
Documentation relating to product development,sop's,cleaning methods,quality ...Documentation relating to product development,sop's,cleaning methods,quality ...
Documentation relating to product development,sop's,cleaning methods,quality ...
 
Documentation assignment
Documentation assignmentDocumentation assignment
Documentation assignment
 
How to Audit Non Financial Information
How to Audit Non Financial InformationHow to Audit Non Financial Information
How to Audit Non Financial Information
 
quality assurance audits
quality assurance audits quality assurance audits
quality assurance audits
 
quality assurance audits
quality assurance audits quality assurance audits
quality assurance audits
 
quality assurance audits
quality assurance audits quality assurance audits
quality assurance audits
 
Quality assurance audits in pharma industries
Quality assurance audits in pharma industries Quality assurance audits in pharma industries
Quality assurance audits in pharma industries
 

Más de Radar Información y Conocimiento

Seminario - Taller: La gestión documental en los Sistemas de Gestion y
Seminario - Taller: La gestión documental en los Sistemas de Gestion y Seminario - Taller: La gestión documental en los Sistemas de Gestion y
Seminario - Taller: La gestión documental en los Sistemas de Gestion y Radar Información y Conocimiento
 
Buenas practicas para inicar procesos de bpm - BonitaBPM - Radar
Buenas practicas para inicar procesos de bpm - BonitaBPM - RadarBuenas practicas para inicar procesos de bpm - BonitaBPM - Radar
Buenas practicas para inicar procesos de bpm - BonitaBPM - RadarRadar Información y Conocimiento
 
Infografía Integrando gestión de contenidos y procesos de negocio
Infografía Integrando gestión de contenidos y procesos de negocioInfografía Integrando gestión de contenidos y procesos de negocio
Infografía Integrando gestión de contenidos y procesos de negocioRadar Información y Conocimiento
 
Infografía 8 pasos para la Implementación de sistemas de gestión de documentos
Infografía 8 pasos para la Implementación de sistemas de gestión de documentos Infografía 8 pasos para la Implementación de sistemas de gestión de documentos
Infografía 8 pasos para la Implementación de sistemas de gestión de documentos Radar Información y Conocimiento
 
Archivamiento web: conceptos básicos, estrategias y mejores practicas
Archivamiento web: conceptos básicos, estrategias y mejores practicasArchivamiento web: conceptos básicos, estrategias y mejores practicas
Archivamiento web: conceptos básicos, estrategias y mejores practicasRadar Información y Conocimiento
 
Infografía Sistema de Gestión de Documentos Electrónicos de Archivo SGDEA
Infografía Sistema de Gestión de Documentos Electrónicos de Archivo SGDEAInfografía Sistema de Gestión de Documentos Electrónicos de Archivo SGDEA
Infografía Sistema de Gestión de Documentos Electrónicos de Archivo SGDEARadar Información y Conocimiento
 

Más de Radar Información y Conocimiento (20)

Seminario - Taller: La gestión documental en los Sistemas de Gestion y
Seminario - Taller: La gestión documental en los Sistemas de Gestion y Seminario - Taller: La gestión documental en los Sistemas de Gestion y
Seminario - Taller: La gestión documental en los Sistemas de Gestion y
 
Decreto 2364 de 2012
Decreto 2364 de 2012Decreto 2364 de 2012
Decreto 2364 de 2012
 
SuiteCRM - Radar Grupo Gmpresarial
SuiteCRM - Radar Grupo GmpresarialSuiteCRM - Radar Grupo Gmpresarial
SuiteCRM - Radar Grupo Gmpresarial
 
Resolucion SIC 723 2015
Resolucion SIC 723 2015Resolucion SIC 723 2015
Resolucion SIC 723 2015
 
Buenas practicas para inicar procesos de bpm - BonitaBPM - Radar
Buenas practicas para inicar procesos de bpm - BonitaBPM - RadarBuenas practicas para inicar procesos de bpm - BonitaBPM - Radar
Buenas practicas para inicar procesos de bpm - BonitaBPM - Radar
 
Gestion de correspondencia con Alfresco Radar
Gestion de correspondencia con Alfresco RadarGestion de correspondencia con Alfresco Radar
Gestion de correspondencia con Alfresco Radar
 
Infografia Grado de uso de las tecnologias en los museos
Infografia Grado de uso de las tecnologias en los museosInfografia Grado de uso de las tecnologias en los museos
Infografia Grado de uso de las tecnologias en los museos
 
Infografía Integrando gestión de contenidos y procesos de negocio
Infografía Integrando gestión de contenidos y procesos de negocioInfografía Integrando gestión de contenidos y procesos de negocio
Infografía Integrando gestión de contenidos y procesos de negocio
 
Infografía 8 pasos para la Implementación de sistemas de gestión de documentos
Infografía 8 pasos para la Implementación de sistemas de gestión de documentos Infografía 8 pasos para la Implementación de sistemas de gestión de documentos
Infografía 8 pasos para la Implementación de sistemas de gestión de documentos
 
Manual de acceso a la informacion
Manual de acceso a la informacionManual de acceso a la informacion
Manual de acceso a la informacion
 
Archivamiento web: conceptos básicos, estrategias y mejores practicas
Archivamiento web: conceptos básicos, estrategias y mejores practicasArchivamiento web: conceptos básicos, estrategias y mejores practicas
Archivamiento web: conceptos básicos, estrategias y mejores practicas
 
Formulación del Plan Institucional de Archivos PINAR
Formulación del Plan Institucional de Archivos PINARFormulación del Plan Institucional de Archivos PINAR
Formulación del Plan Institucional de Archivos PINAR
 
Implementación de un Programa de Gestión Documental
Implementación de un Programa de Gestión Documental Implementación de un Programa de Gestión Documental
Implementación de un Programa de Gestión Documental
 
Guia de metadatos 2
Guia de metadatos 2Guia de metadatos 2
Guia de metadatos 2
 
Compilación normativa 2014
Compilación normativa 2014Compilación normativa 2014
Compilación normativa 2014
 
Infografía Sistema de Gestión de Documentos Electrónicos de Archivo SGDEA
Infografía Sistema de Gestión de Documentos Electrónicos de Archivo SGDEAInfografía Sistema de Gestión de Documentos Electrónicos de Archivo SGDEA
Infografía Sistema de Gestión de Documentos Electrónicos de Archivo SGDEA
 
Interoperabilidad de comunicaciones oficiales
Interoperabilidad de comunicaciones oficialesInteroperabilidad de comunicaciones oficiales
Interoperabilidad de comunicaciones oficiales
 
Plan Institucional de Archivos PINAR
Plan Institucional de Archivos PINARPlan Institucional de Archivos PINAR
Plan Institucional de Archivos PINAR
 
Instrumentos archivisticos
Instrumentos archivisticosInstrumentos archivisticos
Instrumentos archivisticos
 
Expedientes de archivo
Expedientes de archivoExpedientes de archivo
Expedientes de archivo
 

Último

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI AgeCprime
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditSkynet Technologies
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity PlanDatabarracks
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesKari Kakkonen
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...Wes McKinney
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationKnoldus Inc.
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 

Último (20)

A Framework for Development in the AI Age
A Framework for Development in the AI AgeA Framework for Development in the AI Age
A Framework for Development in the AI Age
 
Manual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance AuditManual 508 Accessibility Compliance Audit
Manual 508 Accessibility Compliance Audit
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
How to write a Business Continuity Plan
How to write a Business Continuity PlanHow to write a Business Continuity Plan
How to write a Business Continuity Plan
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Testing tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examplesTesting tools and AI - ideas what to try with some tool examples
Testing tools and AI - ideas what to try with some tool examples
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
The Future Roadmap for the Composable Data Stack - Wes McKinney - Data Counci...
 
Data governance with Unity Catalog Presentation
Data governance with Unity Catalog PresentationData governance with Unity Catalog Presentation
Data governance with Unity Catalog Presentation
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 

Usando ISO 15489 como herramienta de auditoria

  • 1. 46 The Information Management Journal • July/August 2004 LessonsLearned tion and covers all media. The standard is intended to provide a framework for planning and implement- ing a records management program. The comprehensive nature of the standard with regard to current and non-current records and the clear categorization of its requirements also makes it an obvious choice on which to base audits of records management programs. A critical review of the standard as a basis for an audit is important. It is crit- ical to walk through the preparation phases for the audit, including the development of assessment tools based on the standard, the audit process itself, and audit report writing. To ensure its newly implemented records manage- ment program complied with industry best-practices, one small European pharmaceutical company used ISO 15489 to help guide it through those critical processes. Examples from an actual audit of a newly developed records management program involv- ing the pharmaceutical company’s non- current, clinical trials department records provide many lessons for any organization that wants to use or test the standard in its own records manage- ment program. Methodology, Background Research, and Scoping The methodology for an audit has four main components: 1. Initial background research and scoping of project 2. Preparation, including familiariza- tion with the company’s records management program documenta- tion, and development of audit tools to establish compliance with ISO 15489 3. Audit information gathering 4. Report writing The first component involves dialog Using ISO 15489 as an Audit Tool ISO 15489, the first international standard devoted to records management, provides a comprehensive and practical basis for auditing full and partial records management programs Margaret Crockett and Janet Foster At the Core This article • examines using ISO 15489 as the basis for auditing a records man- agement program • discusses complying with stan- dards and regulations when auditing a records program • provides tips on audit information gathering and report writing SO 15489 (1:2001 Information and Documentation – Records Management – Part 1: General) is the first international standard devoted to records management. It was developed from the Australian standard (AS 4390.1 - 1996) and pro- vides detailed specifications for the structure, content, and implementation of records management programs. The guidance it contains is applicable to records management for any organiza- I
  • 2. July/August 2004 • The Information Management Journal 47 with the records manager to gather enough data to estimate the project’s size and time requirements. The data required includes information about the company, its mission, and func- tions; the number of employees; details about the records management opera- tion; and the context of the audit. This information is crucial to scoping the project, estimating time required, and allocating time to the various phases of the audit process. In this instance, the audit scope contained: • The records of one department of the organization (although there was a realization that good records manage- ment practices could be transferred to other parts of the company) • The non-current phase of the records life cycle • Paper records only, because the records management program did not yet include digital media The audit context was: • A young pharmaceutical company • Limited functions to be considered The records management system had not yet been implemented; conseq- uently, the audit would not be large or lengthy, there would be few record series to cover, and there would be no user base to canvass. So why was the audit undertaken? There were two main rea- sons: the pharmaceutical company’s records manager was new to records management and wanted to make sure she had set up a system that was compli- ant with accepted best practices; and the pharmaceutical industry’s strong audit culture. The records manager intended to roll out the system to other areas and wanted to ensure that it was a good one before doing so. Since the audit, the pharmaceutical company has been searching for a full- time qualified records manager – a need that was identified in the audit report as a result of the records manager only spending about 10 percent of her time on records management. That was not necessarily something the company expected to come out of the audit, but the company has since taken advantage of the findings to improve its records management program. Preparation Preparation for auditing a records management program consists of: • Reading and evaluating record man- agement documentation provided by the records manager (See Table 1) • Developing an evaluation tool that will map collected data to ISO 15489 (See Table 2) Reading through the assembled records management program docu- mentation has a dual purpose: it pro- vides a complete overview of the pro- gram and its components, and it allows the auditor to assess the documentation for compliance. Mapping audit findings to the stan- dard can be done through use of a form or checklist designed for this purpose. Developing such a checklist, or audit assessment tool (AAT), involves turning the relevant requirements of ISO 15489 into a series of questions. The checklist Table 1: Checklist of Documentation Required for Records Management Audit Relevant organizational structure chart Mission statements for organization and/or department Records management mission statement Records management policy Records management procedures (might be a manual) used by the records management team,including any in-house training material or details of other training Specifications for automated records management systems for paper records Specifications of records management systems for digital records Retention schedules Access authorizations Accession records Documentation on records destruction or contracted-out services Written specifications for shelving,boxing,and storage facilities Vital records inventory Vital records protection procedures,including recovery in event of disaster Business continuity plan Agreements with any third-party service providers for business continuity services Surrogacy program (digitization or microfilm/fiching) documentation Staff job descriptions both within and outside records management team
  • 3. 48 The Information Management Journal • July/August 2004 or form will need to be modified to reflect what the records management program covers, whether the full records life cycle or only a segment of it. Do not underestimate the length of time this can take; allow at least two days. The AAT can be divided into two parts: the first focuses on assessing com- pliance with the standard proper in terms of records management; the sec- ond reflects the requirement for compli- ance with any relevant regulatory bod- LessonsLearned ies’ guidance on recordkeeping. The final product can be quite long and should be very detailed. Tables 2, 3, and 4 provide examples of an AAT devel- oped for the audit undertaken. Comparison with ISO 15489 gives an idea of the tool’s practical use (see “ISO 15489-1:2001 Sections Useful for Audit- ing” on page 52). Auditing Regulatory Environment Section 5 of the standard specifies recordkeeping practice. It deals with the regulatory environment, including those regulatory obligations and standards of practice pertaining to the industry/sector, as well as national/international law, best practice,codes of conduct and ethics,and identifiable community expectations. Because this is an international standard meant to be applied globally, it does not give detailed guidance on which legisla- tion or regulations have a bearing on records management,so research into the relevant regulatory environment will be needed.It is useful to compile a list of leg- islation and regulations likely to pertain to the particular recordkeeping environ- ment in which the audit is operating.The list can be reviewed by the records man- ager and other interested colleagues, such as the legal team and the quality control department, so that their knowledge and expertise can be fed into the AAT. The list for the pharmaceutical industry, for example, included items such as: • International law/agreements • European Union (EU) directives • National Archives law • National Freedom of Information legislation • Data protection legislation • Environmental legislation pertaining to recordkeeping • Legislation covering businesses and how they are constituted and run • Industry-specific regulation (in this case, FDA regulations and the EU Directive 2001/83/EC relating to medicinal products for human use) • Healthandsafetylegislation/regulations Other factors considered included: • ISO 9000 registration • Electronic records management sys- tem specifications (such as the EU- funded Model Requirements) Table 2 shows the AAT section that deals with the regulatory environment. Table 2: SectionfromPart1oftheAuditAssessmentToolDealingwiththe RegulatoryEnvironment Statutes,Case Laws,Standards Considerations • Records Any national archival law covering • Archives records,including storage standards • Access Any legislation governing access to records • Privacy and data protection Concerned with records containing personal data • Evidence If required as evidence in court of law, are records available? Do they meet requirements to be used as evidence? (Should be addressed later in the AAT.) • Electronic commerce Do the records meet the requirements of legislation pertaining to electronic commerce? • Access to public information “Access to information”legislation that may affect the way records are kept and access obligations • Environmental recordkeeping Are records required by environmental legislation legislation being created and retained? • Regulations governing What industry-specific regulations affect sector-specific environment recordkeeping? • Regulations governing general Health and safety business environment • Mandatory standards of practice These could be industry-specific or department-specific (for example,legal counsels in the United Kingdom need to maintain records of continuing professional development)
  • 4. 50 The Information Management Journal • July/August 2004 In an assessment tool tailored for a specific organization, regulatory requirements should be listed with cross-references to other AAT sections regarding compliance. For example, “access” to records of certain industry sectors may be governed by regulation; environmental legislation might oblige organizations to make records available; and the public may also have a right to access government information. That the company provides appropriate access will be recorded in the standard’s sections dealing with access in detail, which are: 7.2.5 Records management require- ments: characteristics of a record: usability 8.3.6 Design and implementation of a records system: designing and implementing records systems: access, retrieval, and use 9.7 Access Section 9.2 of ISO 15489, “Deter- mining How Long to Retain Records,” outlines good practice with respect to development of retention schedules. Not surprisingly, it does not stipulate what the retention schedule format LessonsLearned checklist of required records and enable an assessment of the record creation phase of the records management pro- grams being audited. The pharmaceuti- cal industry, for example, must comply with FDA regulations and an EU direc- tive from the International Committee on Harmonisation. The FDA Guide- lines for Good Clinical Practice Section 8 sets out “Essential Documents for the Conduct of a Clinical Trial.”The section gives detailed and stringent require- ments for the types of documents that must be created by both sponsors of and investigators participating in clini- cal trials. The European Union, in Directive 2001/83/EC and “Detailed Guidelines on the Trial Master File and Archiving (2002),” adopts this defini- should be or give any detailed retention data. The standard’s guidance can be turned into a set of questions, as shown in Table 3. When it comes to assessing compli- ance with respect to records retention, the auditor needs to refer back to the regulatory environment and consider general business requirements as well as the needs of individual record creators and users. Industry-Specific Compliance Assessment Heavily regulated industries have to comply with very detailed specifica- tions for the types and content of records to be created and kept. Such specifications provide the basis for a Table 3: Section from Part 1 of the Audit Assessment Tool Dealing with Retention • Is the retention schedule appropriate? • Is retention schedule compliant with legislation and regulation? • Are all stakeholders’needs met by retention schedule? (What are their needs?) • Are records of no continuing value being destroyed promptly? • Is how to properly destroy records properly documented in the manual/ procedures? Table 4: Checklist of Required Records Title of Document FDA Regulations/ICH Directive Sponsor’s file Investigator’s file Retention Period Investigator’s brochure 8.2.1 Signed protocol and amendments (if any) and sample case report form (CRF) 8.2.2 Information given to trial subject,including informed consent form advertisement (if used) 8.2.3 Financial agreement(s) between sponsor and investigator 8.2.4
  • 5. July/August 2004 • The Information Management Journal 51 tion of essential documents as its mini- mum. Therefore, only a detailed analy- sis of the FDA requirements would be required, augmented by attention to the EU archiving requirements to create a table that • lists the documents to be created • references the regulation that requires them • specifies who should create them • notes any specified retention period Table 4 (page 50) suggests a format for such an initial listing. From the table, it is possible to extrapolate two checklists of documents to be created by sponsors and investiga- tors. The lists can be used to show that the clinical trial documentation being created is compliant with FDA and EU Good Clinical Practice regulations gov- erning the sector as required by ISO 15489. Furthermore, the analysis of reg- ulatory retention requirements and EU procedural requirements for accession, tracking, and destruction of essential documents provides a baseline that can be used for observing whether the appropriate records are being retained for the required time and whether pro- cedures are in place to comply with the EU archiving requirements. Such com- parison highlights conformance with the ISO requirement to observe the sec- tor-specific regulatory environment. Analyzing regulations to establish the essential foundation for sector-specific recordkeeping is a time-consuming exer- cise. However, it greatly assists in under- standing the nature of the records in the program and provides useful checklists for auditors and audited alike. Such checklists can be an appendix to the final report and used for future reference. Audit Information Gathering The audit itself can be divided into several parts. First, the record manage- ment program documentation provided prior to the audit can be checked against the AAT.This is a two-way process,as the documentation provides answers to the audit questions, and the AAT also lists program expectations. For example, the policy’s objective is to create and manage authentic, reliable, useable records, capa- ble of supporting business functions and activities for as long as required. Expectations include that the policy • is communicated to and implemented by the whole organization • is endorsed by high-level manager/ committee Table 5: AuditQuestionsfor Staff Questions for records creators: Do you know about the records management policy? Yes No Have you had records management training? Yes No Do you have access to a manual or set of procedures for records management? Yes No Describe how you create records. Describe how you file records. Describe how you retrieve records. Describe how you review or destroy records. Do you know what records you are expected to create to comply with legislation? Yes No Do you know what records you are expected to create to comply with industry regulations? Yes No Do you know what records you are responsible for making sure others (either within the organization or outside contractors) create and retain? Yes No Do you know what a retention schedule is and how to use it? Yes No Do your records meet your requirements and needs? Yes No Questions for records management staff: Do you have enough authority? Yes No Do you get enough support from management? Yes No How long have you been doing records management work in this organization? Have you had records management work experience in previous employment? Yes No What training have you had? What training (if any) do you feel you need? • has compliance responsibility assigned • includes a definition of legislation, regulation, and standards governing records management • makes provision for a review process The second stage of the audit is a series of interviews with stakeholders in the records management process. These might include: • Senior manager • Records manager
  • 6. 52 The Information Management Journal • July/August 2004 LessonsLearned • Records management staff member • Records creator • Representative from an interested department (e.g.,quality management) Table 5 (page 51) lists questions to ask staff as part of the audit. Questions can be tailored to suit the particular legal and regulatory environment. Finally,the audit must involve observ- ing the processing and storage areas and using the audit tool as a checklist to assess compliance with relevant sections of the standard. Report Writing Strictly speaking,the audit itself can be documented solely by the completed audit tool form. However, this may not be the most helpful way of communicat- ing to the operating staff what the audit has discovered, and it is always worth Records management programs should encompass: • Setting policies and standards • Assigning responsibilities and authorities • Establishing and promulgating procedures and guidelines • Providing records management services • Designing,implementing,and administering specialized records management systems • Integrating records management into business systems and processes • Appropriate staff training Regulatoryenvironmentsmustbeidentified,including: • National and international law and regulations • Sector-specific regulation • Standards and codes of best practice Main principles of records management include: • Records are created to support business activity,provide accountability,and comply with regulatory environments. • Records management rules should be embedded in all business processes requiring documentation. • Business continuity should ensure identification and protection of vital records. The characteristics of records as defined in the standard: • Records should accurately reflect the communication, action,or decision. • Records need to be linked to metadata such as format and business and documentary context. • Records should be authentic,reliable,usable,complete, and unaltered. Functionality and components of records systems: • Ability to document records transactions • Control of physical storage • Support of a range of distributed storage and custody options • Facility for controlled conversion and migration of digital records • Provision for controlled access,retrieval,and use • Facilitation and implementation of retention and disposition decisions Records management processes and controls: • Determining records to be captured into the system • Specifying metadata that needs to be linked to or embedded in the records • Deciding how long to keep records (retention schedule development and operation) • Registration of records • Classification (within business context,vocabulary controls,indexing and referencing.) • Storage and handling • Access • Tracking • Implementing retention and disposition • Documenting records management processes Monitoring and auditing should encompass: • Internal monitoring of system to ensure compliance with it as well as required outcomes • Internal or external audit • Appropriate modifications to system • Documentation of compliance,monitoring,and audit ISO 15489-1:2001 Sections Useful for Auditing
  • 7. July/August 2004 • The Information Management Journal 53 Margaret Crockett and Janet Foster are freelance archivists and records managers who are directors of the Archive-Skills Consultancy. The partnership is based in London and operates mainly in the United Kingdom, but has carried out a significant number of projects overseas. They may be contacted at margaret@archive-skills.com or janet@archive-skills.com. considering producing a report as well. This allows the auditors to make specific recommendations, expand on audit findings as necessary, and perhaps most importantly, highlight good prac- tice that is already in place. The com- pleted AAT then has a context and the organization receives some pointers as to ways forward. Examples of audit report content based on the standard include: • Introduction • Management Support • Role of Records Manager • Records Management Staff • Vital Records and Disaster Planning • Retention Scheduling • Record Transfer • Record Retrieval • Records Management Database • Box Labels • Location Register • Procedures and Documentation • Storage • Next Steps • Conclusion • Recommendations • Appendices Using the Standard as a Basis for Audit: Lessons Learned The AAT essentially turns the stan- dard’s requirements into a series of questions that are tailored to the partic- ular business sector as required. In practice, these questions cannot usually be satisfied by a “yes” or “no” option. Completion of the AAT, therefore, requires substantial interrogation of the records management program docu- mentation, onsite inspection of proce- dures and processes, as well as face-to- face interviews in order to determine and document compliance with the standard. Analysis of the records man- agement program documentation can be done prior to the site visit, which will allow both assessment of compliance (with respect to documentation) and raise questions to be answered during interviews and in situ inspection. By its nature the standard is pitched at a high level, but it is comprehensive in its coverage of requirements for records management systems and, therefore, provides a sound basis for an audit. The standard’s only self-con- fessed omission is its lack of coverage for those records selected as archives. If management of records is to be totally integrated from conception to disposal, then the archive cycle must be included. This is especially relevant in countries where archive legislation is in place. In order to use the standard as an evaluation tool, the auditor must be able to relate its specifications to the details of the records management pro- gram in question. The auditor must be able to analyze the findings as itemized in the AAT and assess whether the pro- gram is compliant with the standard (or at least to what degree). Most audits should also include recommendations of how the program might be improved. The standard does not assist with this step, as it provides definitions and required elements rather than strategies and methodologies. For example, in the course of investi- gations, the auditor may learn that a new IT system is being piloted. This may not fit into the AAT framework suggested by the standard, but it may impact the records management pro- gram.An experienced records manager/ auditor will realize the IT system’s importance and include analysis and recommendations on its possible effect in the audit report. It is the auditor and the records manager who are in a posi- tion to evaluate the context and specifics of the individual RM program and develop plans for improvement. This small European pharmaceutical company required the audit to validate the policies, procedures, and operating framework for a records management program that, at the time of audit, cov- ered only the non-current paper records of one department. Therefore, issues of auditing digital records man- agement, current records, and wider use of the AAT outside the records management team cannot be discussed directly. For example, there was no opportu- nity to investigate and develop assess- ment criteria for the requirements specified in the standard relating to characteristics of electronic records, their authenticity, reliability, integrity, and usability. But it was possible to determine whether records remained complete in their non-current records management regime. The question of how to test compliance with these requirements for current records remains to be answered. Additionally, some records manage- ment activities had not yet been required – for example, the destruction of documents at the end of the overall retention period – but the AAT will measure whether compliant procedures are in place for activities that will be needed in the future. The structure of the standard is such that it is easy to identify sections that are directly rele- vant to the scope of an audit and those sections that are not applicable. ISO 15489 provides a comprehensive and practical basis for auditing both full and partial records management pro- grams. Approaching the standard from this perspective and using it to develop an AAT also provided the opportunity to thoroughly test the standard itself.