There are a few themes to the changes in BRC Issue 8, the first we’re going to cover is the storage of digital data for document control, whether it be in document or record format.
This change appears in many places through the standard, but the intention in all cases is the same. We’ll use clause 3.2.1 for control of documents and 3.3.1 for control of records.
In both clauses the BRC have said that we need to make sure that documents or records that are held in digital format must be:
- stored securely
- controlled like we would if they were in hard format
- backed up
Document and record security
So, what do we mean by this? Well, it means that anyone who shouldn’t be able to get to them, shouldn’t be able to. This is to make sure that they don’t alter the document or records, without following the correct change control procedure. And, when they talk about records, they mean both the record template itself and also, the data that goes into the record. So, for example, if your site uses SAP or another system for recording data – this clause applies to that too.
How do we secure documents, records and data then?
There’s a number of ways to do this – you can make sure that you need a login to get access. Just make sure that everyone isn’t using the same login, because that defeats the purpose of giving people logins. If we’re talking about data stored on a machine in the factory, such as a check weigher or a metal detector, you may need a key to access the information. Or you may store documents or data in a folder system which is locked down by IT, so that only certain people can access it.
Which ever method you choose, you just need to make sure that it’s robust enough to ensure that only authorised personnel can get to the digital files.
So, when we have documents in hard format, we make sure they are controlled, following the document control process. This means that where a change takes place, it can only be done by authorised personnel (as we’ve talked about above), that the changes are recorded as amendments and that it goes through an approval process. Documents and records held digitally are no different.
When changing digital documents and record templates we need to ensure that the changes are recorded, you can do this in digital format too, or in hard copy – it’s up to you. But remember, we’re not just talking about digitally held documents like we normally would hold in word or excel format. A document or a record template may be held on a piece of software. You may have an LIM system which holds all your lab data. If you change a record template in this, that needs to be recorded. If you change settings in the check weigher, that’s a change which needs recording as an amendment.
Plus, don’t forget – before the changes go live, they need to go through an approval process!
Having hard copies of records is fairly out-dated now. Yes, we sometimes like to print them out and have them in a folder to show the auditor, but generally they’re stored digitally. With cyber crime becoming more and more common now, it’s important we have a backup.
I know a company who were hacked and they lost everything and I mean everything! The technical manager had to write everything again from scratch. Can you imagine? You may think that you’ve got a backup in place and you’re ok. So, did that technical manager. Their backup happened every 24 hours – which was great. But, when it backed up, it would overwrite the previous backup. Which meant, that by the time they’d realised what had happened, the backup had backed up the corrupted system, over writing the good backup from the day before – not so great.
So, find out the detail of your backup system in place. It might be a dull thing to do, but if you’re ever put in that situation, you’ll be glad you did it!
If you’ve been a victim of cyber crime and can add anything to this, to advise of things to look for when holding and backing up digital files – we’d love to hear what you learnt from it! Please share by adding your comments to the reply box below.