This SPC clarifies the business rules for recording and approval of documents generated by OSD during operational activities i.e. safety case assessment, inspection etc. The version of a document stored on COIN will now be considered to be the controlled i.e. ‘master version’, once marked as ‘completed’. Paper copies with signatures are now not normally required.
Operational records e.g. safety case reports, inspection reports, investigation reports etc are important safety related documents. It is incumbent on HSE to ensure that the issue of such documents is controlled according to a due process of approval. An audit trail of the approval process ensures that this is demonstrable.
The business needs for a system are:
Up until now, HSE has in many cases used paper versions of documents with signatures to demonstrate that management approval for issue has been given. Use of paper versions is however undesirable where the document is also filed electronically, as there is then an ambiguity as to which is the master version. The publication of this SPC is a recognition that for the future, the primary means of handling records will be ‘electronic’. However, there will always be some aspects of HSE’s business that involve non-electronic records and the handling of these is also clarified.
This section identifies how the business needs identified above are to be met.
HSE’s IT systems meet identified requirements for security, which include recovery of data following events such as fires etc. Documents placed on COIN (and EDRM/TRIM) can be put into a ‘completed’ state where they cannot be altered or deleted by users with standard levels of access to the system. Broadly, an audit trail is kept of all changes made to COIN records.
HID policy is that operational records to do with interactions with duty holders, i.e. those to do with safety cases, inspection, investigation etc are kept on COIN. This policy was developed to avoid the possibility of ‘version confusion’ that would exist if successive versions of documents are kept in different places. Documents placed on COIN are in any case subsequently transferred automatically to TRIM (in read-only form) and may be found by searching either system. Procedures are now in place for the use of COIN that removes ambiguity as to where records on particular subjects should be placed.
Some HSE documents require regular updating e.g. intervention plans. COIN allows such documents to be updated. Other documents e.g. safety case records are of the type that they only need to be written approved and then left unchanged.
In the latter case it normally takes only a few days for documents to move from being written by the author to being approved by their line manager (see below for definition of this term). As a principle, such documents should only be placed on COIN upon completion.
If the document is placed on COIN by the author, then their name will be recorded. Documents are sometimes placed on the system by those other than the author. There is nothing wrong with this, if the document’s author is clearly identifiable in the text. The process of line management approval then includes confirmation of authorship.
The mechanism by which a demonstration of management approval is granted is by use of the ‘completed’ box on the document attachment line. Annex A describes the full process of adding a document to COIN and ‘completing’ it. The ‘completed’ box needs to be ticked by the person granting management approval. This renders the document secure. It can no longer be removed by users with normal levels of access to the system. This function should only be delegated to others who are also able to grant management approval.
An audit trail then exists containing the name of the author and the name of the person who has granted management approval.
There is clearly an overhead associated with uploading documents and ‘ticking’ the completed box. This is balanced by the removal of the need to produce paper signed copies. Removal of the possibility of confusion between versions is a safety benefit. On occasion this can also save considerable time.
The prime means of access to records is thus by use of COIN, access to which is possible from any HSE site or via RAS. Documents may also be found by searches within TRIM/EDRM.
The granting of management approval is an indication that the relevant document has been judged as fit for purpose by HSE. It is thus a demonstration that HSE has taken responsibility for that document.
It is the responsibility of the person granting management approval to decide the extent of the consideration needed for any particular document. In some circumstances, it may be appropriate to provide a degree of checking, moderation or even correction. In other circumstances, it may be appropriate for the consideration to be cursory. It would normally be the line manager who provided the approval. Thus for a safety case completion report, prepared by a specialist, it would normally be the specialist team leader that provided approval etc.
Authority to grant approval can be delegated, but such a delegation should be recorded.
Checking of documents may be desirable in some circumstances, whatever job function the author performs. In this case, the requirement is for the checker to be competent, not necessarily more senior than the author. The record should be annotated, to indicate that such checking has taken place.
Reference 1 (ISO 9001:2000, section 4.2.3) explains typical requirements for control of documents. This includes procedures for approval of adequacy and for the prevention of use of obsolete documents. This SPC is thus in keeping with the requirements of ISO9001:2000, as well as those of other HSE guidance.
Users should familiarise themselves with HSE’s full definition of a record (Reference 2). A record is basically a document that is of sufficient importance that it needs to be kept. Most HSE records are now generated electronically. There are cases where that is not the situation i.e. where a paper version of a document has been issued. It is then necessary to keep a copy. It is however important for HSE to be able to trace such records and it would then be appropriate for a note to be placed on COIN referring to the physical location, effectively indexing the record.
Similar considerations apply to incoming correspondence i.e. duty holder documents. In these cases, there is not a need for management approval, but there is still a need for adequate indexing. Examples here would include duty holder replies. It is likely that a greater proportion of correspondence from duty holders will arrive as a paper version than for outgoing. However HSE should now encourage electronic submission of documents by dutyholders.
The processes described in this SPC are intended to apply generally to HSE’s operational business activities. There may be exceptions, such as expert witness reports, where it is inappropriate for management approval to be granted. Such an approval might conceivably be taken to imply interference with the independent judgement of an expert. In such cases, further advice should be taken.
There are also processes, such as long running investigations and prosecutions, where documents may be begun but not finished immediately. There are risks that such documents could be automatically deleted under the EDRM 90 day rules, unless kept on TRIM. For this reason it may be appropriate for such documents to be kept in TRIM folders clearly indicating their draft status. However, when finished the document must be uploaded into COIN and completed as discussed in this SPC.
Annex A demonstrates the process of adding documents and completing them. To summarise the process though:
The objective is to generate an audit trail showing the name of the author and the name of the person granting management approval.
The procedure is that:
Documents should be prepared as normal (probably being stored on post-EDRM H: drives or local disks). They may be passed around as paper copies or as email attachments at this stage.
When the document is finished it should be uploaded into COIN.
The ‘completed’ box should be ticked by the person giving management approval. Paper copies are no longer required.
If this process is prevented from being carried out (for example if the ‘completed’ box is ticked by the author by mistake), then any equivalent method that meets the above objective can be used. An equivalent method would be to add a one line document stating that management approval had been given.
Once documents have been completed on COIN i.e. created as records, earlier versions should not be used. Thus earlier versions should not be emailed round. Instead, reference should be made to the version on COIN (or the same version that is automatically transferred to EDRM). There is nothing wrong with printing versions of documents from COIN and referring to them. However, to guard against the possibility that the document has been updated, any printed version should be considered uncontrolled.
1 BS EN ISO 9001:2000 Quality management systems – requirements.
2 EDRM definition of a ‘record’.
Further information can be obtained from OSD2.5.
This process is described for the creation and completion of a safety case completion report. Such a document should be attached to a COIN service order. There is an equivalent process for documents to be attached to COIN Cases directly.
1) Write the document.
2) Agree the document with any others involved. Primarily this means gain the agreement from the person providing management approval, normally the line manager of the author. This can be done by passing paper copies or emailing the draft version.
3) When the document is in its final form. Mark the relevant Service Order line as completed. Note the line number.
4) Create a note on COIN, fill in all relevant fields including the service order line number and upload the document. More than one document can be uploaded for each note, should that be necessary.
5) Inform the line manager that the document needs to be approved (and state the location). This can be done verbally, by email or using the COIN notification facility.
Note, it may be acceptable for steps 3, 4 and 5 to be performed by a person other than the author. In that case, the document should contain the author’s name and the note should also name the author.
Line manager’s responsibilities (or the responsibilities of the person who is giving management approval)
6) Locate the relevant document, verify it is the correct document and that it is suitable for approval.
7) Tick the ‘completed’ box, click ‘OK’ to the warning message and then click on ‘save’.
8) Verify that the ‘completed’ box and the delete box has been ‘greyed out’ i.e. that the document can no longer be deleted.
Viewing the audit trail
To subsequently check that the author’s and line manager’s name have been correctly recorded, click on the audit details tab and then click on ‘view attachment history’.