It is important for an ISO audit that you have a document retention policy. You must document all of your work and make sure that all documents are saved properly, secured [access controls] and backed up, etc. When they look at a document, you must be able to show them how it got to this point, who touched it, who changed it, who had access to it, etc.
When PLM Software manages all of your data
PLM software will manage all of the information generated by all of your processes that encompass your entire ‘quote to collect’ process. The ‘quote to collect’ process encompasses all of the information created, changed and managed from sales providing a quote through and including shipping the product, billing and collecting revenue.
Two main components make up that strategy – your user community and your PLM software.
When creating documents, your user community MUST check the file into their PLM implementation. Upon check in, users will be required to supply some attributes while others may be optional.
When changing [editing] documents, the user community MUST check out the file from their PLM implementation. Upon completing the change, they MUST check the file back into their PLM. Users should be required to supply the reason for the change and a description of the change.
Your PLM implementation is your secure vault.
All documentation will reside in your PLM software and access will be controlled by that software.
Access will be controlled by the document type and where it resides in its governing process [procedure]. The PLM administrator will assign access privileges.
No files can be deleted – they will always reside in the PLM vault unless they have been archived. If they have been archived, the PLM software will have the information needed to restore the file. Your company will develop a procedure to refresh the archived media at a specified interval.
Your company will have a secure backup plan that will ensure access to files even when a server is down.
When PLM Software isn’t your only software
The same 2 components above still exist, but now you have added other components.
In this case, you will have multiple secure vaults.
Users of these other enterprise software packages will have processes to follow that allow them to create, edit and manage information. The auditor will need to see what this process looks like and you will need to be able to prove that you follow that process. In any environment with more than 1 enterprise software package that stores information, the handoff from one to the other [integration] is critical.
As you can see, the complexity increases greatly with multiple enterprise software packages. It is important to have your processes accurately mapped out.
I can help with that…