Taken to the cleaners
Did you know that last year 4500 memory sticks were found in the pockets of clothes taken to the dry cleaners? And with the frequent high profile data leaks that now occur every few months, there is many a horror story concerning the most basic of ISO 9001 requirements – ‘Control of Records’.
Section 4.2.4 of ISO 9001 requires you to store, protect, retrieve, retain and (safely) dispose of records. But for such a relatively simple requirement, we all still seem to think of records as paper rather than electronic data. Here are some of the most common issues with electronic records/data we have seen recently…
Cheap Memory Sticks…
You can buy them from Amazon for less than a pound – you can even pick one up as a freebie next time a sales rep come to visit but do you really want to trust your data onto something that cheap?
Key issues with using memory sticks are – they are easy to lose, cheap sticks are not that reliable and can corrupt data and because they are so easy to use, people tend not to back them up. This year alone, QCS has seen critical company records that are required by law, lost because of the use of cheap memory sticks.
I always back up using a re writable CD…
Great idea – back up your company data on CDs so that if you accidently delete your records on your computer, you have a back up copy. You also have a handy archive.
Beware however…according to many IT professionals, rewritable CDs are good for about 4-5 years before data can start to corrupt on the disc so if you are relying on rewritable CDs for archive records of longer than 5 years you will need to think of another way to archive.
Damaged tapes…
I recently audited a company who had to retain records for 80 years and they took it very seriously due to the legal implications of loosing certain records and data. All data was stored on a central sever and data could not be stored on laptops, desktops of memory sticks. They religiously backed up their data on tapes and kept them locked away in a fire proof safe.
I asked if they ever did a data restore just to check the system was working – they never had so they gave it a go. None of the backup tapes worked!
The tapes were quite old and had not been replaced for years so when it came to recovering data, they did not work.
I’ve got a Big 1 Terabyte plug & play NAS drive…
I have one and I have no idea what it is other than it stores data! The bottom line is if you store data on hard drives, solid state drives, tapes, NAS drives or your laptop, you need to make sure that your electronic data is
- Stored securely
- Protected damage, corruption and loss
- You can retrieve it easily
- You retain it for however long you may need it
- You dispose of any data safely (what do you do to the hard drive when you throw a laptop away?)
Love them or not, the ISO gurus thought of this when they wrote ‘Control of records’ into ISO 9001, way before memory sticks were invented.