API Specification Q1 Tenth Edition 4.5 Control of Records

QMS for Oil and gas 15 Minutes

Records, including those originating from outsourced activities, shall be established and controlled to provide evidence of conformity to requirements and the organization’s quality management system. The organization shall maintain a documented procedure to identify the controls and responsibilities for records. The procedure shall address record:

  1. identification.
  2. collection.
  3. legibility.
  4. correction.
  5. storage.
  6. protection from unintended alteration, damage, or loss.
  7. retrieval.
  8. retention time.
  9. disposition.

Records shall be retained for a minimum of ten years or as required by customer, legal, and other applicable requirements, whichever is longer.

Controlling documents in accordance with API Specification Q1, which sets forth the quality management system (QMS) requirements for organizations within the petroleum and natural gas industry, is a critical component for ensuring consistent and reliable operations. Here’s a comprehensive approach on how an organization can effectively control documents as per the stipulations of API Q1:

1. Document Approval and Revision Control

  • Approval Before Release: Ensure that all documents related to the QMS are reviewed and approved by authorized personnel prior to their issue and use. This should include not just new documents but also significant revisions to existing documents.
  • Document Revisions: Establish a clear procedure for updating documents. Every change made should be reviewed and approved by the same authorities responsible for the original documents, unless otherwise specified. Document revisions should be clearly marked with the revision number, date of revision, and details of the changes made.

2. Document Identification

  • Unique Identification: Assign a unique identification number or code to each document, which may include document type, creation date, and revision number. This helps in tracking and retrieval.
  • Current Revision Status: Maintain clear records of the current revision status of documents to prevent the use of obsolete documents. This includes listing the revision number prominently on the document.

3. Accessibility and Distribution

  • Accessibility: Ensure that documents are available at points of use. They should be easily accessible to those who need them to perform their tasks, while also being protected from unauthorized access or alterations.
  • Controlled Distribution: Control the distribution of documents within the organization to ensure that personnel are using the latest, approved versions of the documents. This involves removing outdated documents from all points of use or clearly marking them as obsolete.

4. External Documents

  • External Document Control: Identify and control documents of external origin that are necessary for the planning and operation of the QMS. This includes standards, customer specifications, statutory and regulatory requirements.
  • Accessibility and Review: Make sure these external documents are accessible where needed and are reviewed periodically to ensure they remain current and relevant.

5. Document Legibility and Preservation

  • Legibility: Ensure that documents are legible and can be readily identified. This applies to both printed and electronic documents.
  • Preservation: Protect documents from loss, damage, or deterioration. In the case of electronic documents, this includes maintaining appropriate backups and secure storage systems.

6. Electronic Document Management

  • Use of Technology: Leverage electronic document management systems (EDMS) to automate many of the controls and facilitate document retrieval, version control, archiving, and security measures.
  • Security Measures: Implement robust security measures to protect electronic documents, including access controls, encryption, and regular audits.

7. Monitoring and Review

  • Regular Audits: Conduct regular audits to ensure that the document control processes are being adhered to and are effective. This helps identify areas for improvement.
  • Feedback Mechanism: Establish a mechanism for receiving feedback on document management practices and for resolving any issues related to document control.

8. Training and Awareness

  • Training Programs: Regularly train all relevant personnel on the document control procedures to ensure that they understand how to access and use the documents appropriately.
  • Awareness Campaigns: Run awareness campaigns to emphasize the importance of using approved and current documents, and the risks associated with not following document control procedures.

By implementing these practices, an organization can ensure that its document control system complies with API Q1 requirements, thereby supporting effective quality management, enhancing operational reliability, and maintaining compliance with industry regulations.

Records, including those originating from outsourced activities, shall be established and controlled to provide evidence of conformity to requirements and the organization’s quality management system.

Maintaining proper control over records is a foundational element in API Specification Q1, which sets standards for the quality management systems (QMS) in the petroleum and natural gas industry. Records not only prove compliance with API Q1 but also demonstrate adherence to an organization’s internal procedures and processes. Here’s how organizations can effectively establish and control records to ensure evidence of conformity:

1. Definition and Identification of Records

  • Define What Constitutes a Record: Clearly identify what types of documents qualify as records under API Q1. These typically include all documentation related to product specifications, manufacturing processes, quality control tests, inspection results, calibration data, personnel qualifications, and audit reports.
  • Record Identification System: Develop a system for categorizing and labeling records in a systematic way. This could involve a numeric or alphanumeric system that might include date codes, department codes, or project codes for easy retrieval.

2. Creation and Format

  • Standardized Formats: Establish standardized formats for records to ensure consistency across all documentation. These formats should be designed to capture all necessary information clearly and concisely.
  • Electronic Records: Where possible, use electronic record-keeping systems that meet regulatory requirements for integrity, confidentiality, and availability. Ensure electronic systems are validated to prove they are fit for their intended use.

3. Record Accessibility and Retrieval

  • Accessibility: Ensure that records are accessible to authorized personnel when needed. Define who has access to what records and under what circumstances.
  • Efficient Retrieval: Implement an organizational system (like a digital management system or a physical filing system) that allows for quick and easy retrieval of records. This is crucial during audits or reviews.

4. Storage and Preservation

  • Physical and Digital Storage Solutions: Determine appropriate storage solutions for physical and digital records. Physical records should be stored in a secure, environmentally controlled area to prevent damage. Digital records should be backed up regularly and protected against cyber threats.
  • Retention Periods: Establish and enforce record retention periods based on legal, regulatory, and operational requirements. After the retention period, ensure records are disposed of in a secure and controlled manner.

5. Protection and Security

  • Confidentiality and Integrity: Protect records from unauthorized access and alteration. Implement access controls and audit trails to track who accesses or modifies records.
  • Backup Procedures: For digital records, implement regular backup procedures and test them periodically to ensure data integrity.

6. Monitoring and Auditing

  • Regular Audits: Regularly audit record-keeping practices to ensure compliance with API Q1 and internal QMS requirements. Audits should also check for accuracy and completeness of records.
  • Continuous Improvement: Use audit results, feedback from process users, and other relevant sources to continuously improve record management practices.

7. Training and Awareness

  • Employee Training: Regularly train employees on the importance of proper record management, how to create and maintain records, and how to handle confidential or sensitive information.
  • Awareness Programs: Run awareness programs to reinforce the significance of record integrity and compliance within the organization.

Implementing these guidelines helps ensure that records are accurate, accessible, secure, and effectively managed. This not only supports organizational efficiency and compliance with API Q1 but also enhances decision-making and promotes continuous improvement within the quality management system.

The organization shall maintain a documented procedure to identify the controls and responsibilities for records.

In API Specification Q1, organizations are required to establish and maintain a documented procedure for controlling records. This procedure must clearly define how records are identified, controlled, maintained, and the responsibilities assigned to various roles within the organization regarding record handling. The procedure is vital to ensure the integrity, accessibility, and confidentiality of records, and to demonstrate conformity to the requirements of the QMS and external regulations. Here’s how an organization can develop a comprehensive documented procedure to manage records according to API Q1 requirements:

1. Document Creation and Approval

  • Drafting: The procedure should be drafted by qualified personnel, typically from the quality department, who understand the intricacies of API Q1 requirements and the specific needs of the organization.
  • Review and Approval: The draft must be reviewed and approved by designated authorities within the organization (such as the Quality Manager) to ensure that it meets all regulatory and internal requirements.

2. Scope and Purpose

  • Scope: Clearly define the scope of the procedure, specifying which records are covered. This typically includes all quality-related records such as inspection results, calibration data, personnel qualifications, and audit reports.
  • Purpose: State the purpose of the procedure, which should focus on ensuring the creation, maintenance, and disposal of records in compliance with API Q1 and other applicable standards.

3. Responsibilities

  • Assignment of Responsibilities: Assign specific responsibilities related to record control to various roles within the organization. This might include responsibilities for creating records, maintaining record integrity, ensuring accessibility, protecting confidentiality, and disposing of records.
  • Quality Manager: Typically responsible for overseeing the overall management of records and ensuring compliance with API Q1.
  • Document Controller: Usually tasked with the day-to-day management of record storage, retrieval, and destruction processes.
  • IT Department: If records are stored electronically, the IT department may also play a role in managing electronic records, ensuring data security, and performing regular backups.

4. Record Identification and Traceability

  • Identification System: Implement a system to uniquely identify each record. This might include a unique numbering system, the use of barcodes, or electronic tags.
  • Traceability: Ensure that each record can be traced back to the relevant activity, process, or product. This includes documenting the origin of the record, relevant dates, and the identity of the person or equipment that generated the record.

5. Accessibility and Retrieval

  • Accessibility: Define how records are to be made accessible to authorized personnel and how confidentiality will be maintained. Specify the systems or procedures that will be used to control access.
  • Retrieval: Describe the process for retrieving records, including the locations where records are stored and any tools or systems used to manage retrieval.

6. Record Retention and Disposal

  • Retention Times: Establish the minimum retention times for different types of records, based on legal, regulatory, and operational requirements.
  • Disposal Procedures: Define secure and appropriate procedures for disposing of records that are no longer required, ensuring that confidential information is adequately protected.

7. Protection of Records

  • Physical and Digital Protection: Outline measures for protecting both physical and digital records from loss, damage, unauthorized access, and corruption.
  • Backup Procedures: For digital records, specify how backups will be performed, including frequency, storage methods, and responsibilities.

8. Monitoring and Auditing

  • Regular Audits: Schedule regular audits to ensure that the records control procedures are properly implemented and maintained.
  • Continuous Improvement: Use audit results and feedback to improve record management practices continually.

By maintaining this documented procedure, organizations not only comply with API Q1 but also enhance their ability to monitor and improve their QMS, thereby ensuring high levels of quality and compliance in their operations.

The procedure shall address record identification, collection, legibility, correction, storage, retrieval, retention time, disposition, protection from unintended alteration, damage, or loss.

the control of records is a crucial component of the quality management system (QMS) for organizations in the petroleum and natural gas industry. An effective record management system ensures that all necessary documentation is accessible, correct, secure, and retains its integrity throughout its lifecycle. Here’s a breakdown of how each aspect of record management should be addressed according to the requirements:

1. Record Identification

  • Establish a unique identification system for all records. This system might include a combination of a unique number, the creation date, and a descriptor indicating the record’s purpose or origin.
  • Ensure every record can be easily traced to the related activity, project, or product.

2. Record Collection

  • Define the processes for generating, capturing, and entering records into the system. This includes specifying who is responsible for each type of record.
  • Implement checks to ensure records are complete and accurately reflect the documented information at the time of collection.

3. Legibility

  • Ensure all records are legible and understandable by anyone who may need to access them. This includes using clear handwriting, print, or digital text.
  • Establish standards for document formatting to maintain consistency across all records.

4. Correction

  • Specify a method for making corrections to records that maintains the integrity of the original information. Typically, corrections should be made by drawing a single line through the incorrect entry, writing the correct information nearby, and initialing and dating the change.
  • Prohibit the use of methods that obscure the original entry, such as using correction fluid or excessive scribbling.

5. Storage

  • Determine appropriate storage methods for physical and electronic records to protect them from environmental damage, unauthorized access, or loss.
  • For electronic records, use secure, backed-up data storage solutions. For physical records, use secure, environmentally controlled areas.

6. Retrieval

  • Develop a system that allows for quick and efficient retrieval of records. This system should be able to locate any record rapidly based on its unique identifier or other indexing criteria.
  • Train personnel on how to retrieve records effectively and securely.

7. Retention Time

  • Clearly define the retention time for different types of records, based on legal, regulatory, and operational requirements.
  • Regularly review retention times to ensure they remain appropriate and compliant with current laws and regulations.

8. Disposition

  • Outline procedures for the secure disposal of records that are no longer required to be retained. For physical records, this may involve shredding or incineration. For electronic records, ensure data is permanently erased.
  • Keep records of the disposition process to verify that documents are disposed of in a compliant manner.

9. Protection from Unintended Alteration, Damage, or Loss

  • Implement measures to prevent unauthorized alteration of records. This includes controlling access to records and using features like audit trails in electronic systems to track changes.
  • Protect records from damage and loss by ensuring appropriate physical security and data redundancy measures are in place. This may include fireproof storage for physical records and regular backups for electronic records.

Continuous Improvement and Monitoring

  • Regularly audit the records management system to ensure compliance with API Q1 and the effectiveness of the implemented procedures.
  • Use feedback from audits and user input to continuously improve the record management system, addressing any deficiencies or opportunities for enhancement.

By rigorously implementing these guidelines, organizations can ensure that their records management system supports compliance with API Q1, enhances the reliability and traceability of records, and contributes effectively to the overall quality management system.

Records shall be retained for a minimum of ten years or as required by customer, legal, and other applicable requirements, whichever is longer.

Retaining records for a minimum of ten years or as required by customer, legal, and other applicable requirements, whichever is longer, is a critical practice in industries such as petroleum and natural gas, where compliance with regulations and standards like API Q1 is mandatory. There are several reasons why this retention period is essential:

1. Regulatory Compliance: Many industries are subject to governmental regulations that dictate how long certain records must be kept. These regulations are in place to ensure that an organization maintains proof of compliance with safety, environmental, financial, and other operational standards over significant periods. Failure to retain these records for the required duration can result in fines, penalties, or legal actions against the organization.

2. Legal Protection: Records serve as vital evidence in the event of legal disputes or claims related to product liability, contractual obligations, or compliance with regulations. Having a comprehensive archive of records can protect the organization by providing irrefutable evidence of past actions, decisions, and compliance. For example, if a safety issue arises long after a product has been delivered, detailed records can be crucial in defending the company against claims of negligence.

3. Customer Requirements: Customers, especially in highly regulated industries like oil and gas, may have specific contractual requirements that include longer record retention periods. These requirements are often set to align with the lifecycle of the product or the duration of the risk associated with it. Maintaining records for the duration specified by the customer helps in sustaining good business relationships and compliance with contractual obligations.

4. Operational and Historical Reference: Records provide a historical account of operations, decisions, and methodologies that can be invaluable for future reference. They allow for the review and analysis of past performance, which can inform continuous improvement efforts, strategic planning, and training initiatives. For industries that have long project cycles or extended product lifetimes, such as infrastructure or energy, long-term records retention ensures that valuable data is accessible throughout the product or project lifecycle.

5. Audit Requirements: Regular audits are a part of maintaining compliance with industry standards and certifications, such as API Q1. Auditors may need to access several years of records to verify that quality management processes are consistent and compliant over time. Retaining records for an extended period ensures that the organization can demonstrate adherence to quality standards throughout the audit period.

6. Research and Development: Records of past projects, experiments, tests, and designs can provide a rich resource for research and development efforts. Long-term retention of these records enables organizations to leverage historical data to support innovation, avoid past mistakes, and build on previous successes.

7. Insurance Claims: In the event of an insurance claim, having detailed records can expedite the claim process and substantiate the organization’s account of events, financial claims, or losses. This is particularly important in industries susceptible to high-risk scenarios, where insurance claims can be substantial and complex.

Retaining records for ten years or longer as mandated by various stakeholders ensures that the organization remains compliant, legally secure, operationally intelligent, and historically rich. It is a fundamental aspect of risk management and corporate governance that supports the organization’s long-term sustainability and success.

Records Required by API Q1 standard

  1. records of education, training, skills, and experience
  2. records to ensure the effective planning, operation, and control of its processes and compliance with specified requirements
  3. record of customer requirements, when the customer provides no documented statement of requirements
  4. Records of contract review including resulting actions
  5. records needed to provide evidence that the product realization processes meet requirements (for eg inspection record)
  6. Records of risk assessment and management including actions taken
  7. Contingency plan
  8. Records of design inputs
  9. Records of design outputs
  10. Records of design review
  11. Records of design and development verification and the final review
  12. Records of the design and development validation, approval, and any necessary actions
  13. Records of design and development changes,
  14. Records of supplier evaluation
  15. Records of outsourced activities
  16. Records of verification of Purchased Products or Activities
  17. Records of product realization plan
  18. records of review/verification, validation, monitoring, measurement, inspection, and test activities, including criteria for product acceptance
  19. Records of validation of Processes for Production and Servicing
  20. Records of identification and traceability
  21. Records for the control and disposition of customer-supplied property
  22. Records of the results of assessments of products kept in storage
  23. Records of required inspection and testing
  24. Records of preventive maintenance
  25. Records of assessment of the validity of previous measurements and actions to be taken on the equipment and product, when the equipment is found to be out of calibration.
  26. Records of the results of calibration and verification
  27. Records shall be maintained to enable identification of the individual releasing the product
  28. Records of notification to customers of products not conforming to DAC or contract requirements
  29. Records of the nature of nonconformities of non-conforming products and any subsequent actions taken
  30. Records of MOC activities
  31. Records of customer satisfaction
  32. Records of internal audit
  33. Records of the Corrective Action
  34. Records of Management Review

Examples of Procedure for Control of Records

Document Title: Procedure for Control of Records
Document Number: QMS-DOC-005
Revision: 03
Effective Date: [Date]
Approved by: [Quality Manager’s Name]

1. Purpose

This procedure is established to ensure that all necessary records are properly identified, handled, stored, protected, and disposed of, according to the requirements of API Specification Q1 and the organizational needs. This ensures evidence of conformity with specified requirements and supports effective management reviews and decision-making.

2. Scope

This procedure applies to all records generated within the scope of the QMS, including manufacturing records, test and inspection results, training records, audit results, and corrective and preventive actions.

3. Responsibilities

  • Quality Manager: Overall responsibility for the implementation of this procedure.
  • Document Control Officer: Responsible for the day-to-day management of records including their identification, storage, retrieval, retention, and disposal.
  • Department Heads: Ensure compliance with this procedure within their departments and oversee the proper creation and maintenance of records.
  • IT Department: Responsible for managing electronic records and ensuring appropriate backups, data security, and recovery methods are in place.

4. Procedure

4.1 Record Identification
  • All records shall be uniquely identified using a document control number, which includes information on the origin, creation date, and version.
  • A master log shall be maintained by the Document Control Officer, which lists all records, their unique identifier, and their location.
4.2 Record Collection and Creation
  • Records must be created at the time the associated activity is performed.
  • All records must be legible, identifiable, and traceable to the associated activity or product.
4.3 Record Storage and Preservation
  • Physical records must be stored in a secure environment that protects them from damage, deterioration, or loss.
  • Electronic records must be stored in systems that are regularly backed up and protected by adequate security measures (e.g., access controls, firewalls).
4.4 Record Retrieval
  • Records must be easily retrievable to support operational needs and compliance audits.
  • A retrieval process that outlines how records can be accessed and by whom must be defined and controlled.
4.5 Record Retention
  • Retention times for records are defined based on legal, regulatory, and operational requirements.
  • The Document Control Officer ensures the retention schedule is adhered to and reviewed annually.
4.6 Record Disposition
  • Upon expiration of the retention period, records are to be disposed of in a manner that protects sensitive information.
  • Physical records are to be shredded or incinerated. Electronic records are to be permanently deleted or destroyed using methods that ensure data cannot be reconstructed or retrieved.

5. Monitoring and Auditing

  • The effectiveness of the record control procedure will be audited annually as part of the internal audit program.
  • Findings from audits will be reviewed during management reviews and used as a basis for process improvement.

6. Record of Changes

  • Any changes to this procedure must be recorded in the change log section of this document and approved by the Quality Manager.

Published by Pretesh Biswas

Pretesh Biswas has wealth of qualifications and experience in providing results-oriented solutions for your system development, training or auditing needs. He has helped dozens of organizations in implementing effective management systems to a number of standards. He provide a unique blend of specialized knowledge, experience, tools and interactive skills to help you develop systems that not only get certified, but also contribute to the bottom line. He has taught literally hundreds of students over the past 5 years. He has experience in training at hundreds of organizations in several industry sectors. His training is unique in that which can be customized as to your management system and activities and deliver them at your facility. This greatly accelerates the learning curve and application of the knowledge acquired. He is now ex-Certification body lead auditor now working as consultancy auditor. He has performed hundreds of audits in several industry sectors. As consultancy auditor, he not just report findings, but provide value-added service in recommending appropriate solutions. Experience Consultancy: He has helped over 100 clients in a wide variety of industries achieve ISO 9001,14001,27001,20000, OHSAS 18001 and TS 16949 certification. Industries include automotive, metal stamping and screw machine, fabrication, machining, assembly, Forging electrostatic and chrome plating, heat-treating, coatings, glass, plastic and rubber products, electrical and electronic equipment, assemblies & components, batteries, computer hardware and software, printing, placement and Security help, warehousing and distribution, repair facilities, consumer credit counseling agencies, banks, call centers, etc. Training: He has delivered public and on-site quality management training to over 1000 students. Courses include ISO/TS -RAB approved Lead Auditor, Internal Auditing, Implementation, Documentation, as well as customized ISO/TS courses, PPAP, FMEA, APQP and Control Plans. Auditing: He has conducted over 100 third party registration and surveillance audits and dozens of gap, internal and pre-assessment audits to ISO/QS/TS Standards, in the manufacturing and service sectors. Other services: He has provided business planning, restructuring, asset management, systems and process streamlining services to a variety of manufacturing and service clients such as printing, plastics, automotive, transportation and custom brokerage, warehousing and distribution, electrical and electronics, trading, equipment leasing, etc. Education & professional certification: Pretesh Biswas has held IRCA certified Lead Auditor for ISO 9001,14001 and 27001. He holds a Bachelor of Engineering degree in Mechanical Engineering and is a MBA in Systems and Marketing. Prior to becoming a business consultant 6 years ago, he has worked in several portfolios such as Marketing, operations, production, Quality and customer care. He is also certified in Six Sigma Black belt .

Published

Leave a ReplyCancel reply