NADCAP-approved service centers and ASME-registered facilities share a documentation requirement that trips up most operations: you must be able to retrieve an MTC for any heat processed at your facility for the retention period specified by the customer — typically 10 to 25 years. For a service center processing 50,000 coils over that period, that's millions of documents.
Physical archives fail. Digital archives work — but only if they're structured correctly. A shared drive folder is not a compliant archive. The answer is digital, but it needs to be the right digital.
What the Requirements Actually Say
Three frameworks define MTC retention obligations for service centers serving aerospace and nuclear customers:
NADCAP (aerospace and special processes): Quality records, including material certifications, must be retained for the period specified by the customer. The customer's approved supplier requirements — often referencing AS9100 or customer-specific quality flow-down clauses — typically require 10–25 years. Some defense customers specify the life of the program.
ASME Section VIII Division 1 (pressure vessels): The Manufacturer's Data Report and supporting documentation must be retained by the manufacturer for a minimum of 3 years. Service centers supplying material to ASME-registered fabricators may be required by their customer contracts to retain documentation for the life of the vessel — potentially 30+ years.
AS9100 Rev D (aerospace quality management): The organization must determine and document quality record retention periods that meet customer and regulatory requirements. AS9100 does not specify a minimum period — it requires that the organization identify what applies and implement it.
In practice, any service center with aerospace or nuclear customers should plan for 25-year retention as a baseline. Some customers will require more.
Why Physical Archives Fail
The operational risks of physical archives are well-documented and consistently realized:
Water and fire damage. A single event — burst pipe, roof leak, fire — can destroy years of irreplaceable records. Insurance covers replacement cost in most categories. Mill test reports are originals. They cannot be reconstructed from insurance proceeds.
Building moves and reorganizations. Records that move with a building relocation frequently lose their organizational structure. Boxes mislabeled during a move become permanently inaccessible. This is especially acute for paper records accumulated before electronic filing became standard.
Staff turnover. The person who knew the filing system retires. Nobody documented the organizational logic. The archive remains physically intact but practically inaccessible.
Retrieval time. Finding a specific cert in a 25-year paper archive — when all that's known is the heat number and approximate date — can take hours. This fails the audit retrieval requirement.
What a Compliant Digital Archive Looks Like
A digital archive that meets NADCAP and ASME retrieval requirements has five structural characteristics:
1. Indexed by heat number and date. The primary search key must be the heat number — this is what an auditor will give you when performing a spot check. Secondary keys include material grade, customer order, and processing date. A compliant system retrieves a cert for a specific heat number in under 60 seconds from any workstation.
2. Original document quality. Documents must be scanned and stored at sufficient resolution to preserve all visible content — including inspector stamps, heat stamps, and handwritten annotations. Minimum 300 DPI. Compressed or faxed-quality scans that lose stamp detail do not satisfy the requirement to maintain a legible record.
3. Tamper-evident storage. The system must be able to demonstrate that a stored document is the same document that was originally filed — that it hasn't been modified, substituted, or deleted and replaced. This is a specific NADCAP concern. Hashing, audit trails, or other technical controls that demonstrate document integrity are required.
4. Geographically redundant backup. A single server or a single facility backup does not satisfy the intent of long-term records retention. Backup copies at a geographically separate location, with documented recovery procedures, are required. Cloud storage with redundant geographic zones satisfies this requirement if access control and tamper-evidence requirements are also met.
5. Access-controlled with audit trail. Only authorized personnel should be able to file or delete records. Every access event — who retrieved what document, when — should be logged. NADCAP auditors will ask about access control and will review logs.
What Doesn't Qualify
The most common non-compliant "digital archive" seen at service centers: a shared network drive with folders named by year — "Certs 2018–2019," "Certs 2020–2021." No search indexing. No access control. No tamper-evidence. No backup verification. Retrieval requires knowing where a file was saved years ago, and the retrieval time for a specific heat number is measured in minutes or hours, not seconds.
This fails the audit retrieval requirement before the auditor even tests it.
The Audit Retrieval Demonstration
Most NADCAP audits include a spot check: the auditor selects a processing record from the facility's traveler logs, identifies the heat number, and asks the facility to retrieve the corresponding MTC. The implicit clock starts when the request is made.
Facilities that maintain compliant digital archives indexed by heat number retrieve the cert within 60 seconds. Facilities relying on year-folder drives search through multiple folders for several minutes. The difference is observable to the auditor. A retrieval that takes more than a few minutes is a documentation control finding — regardless of whether the cert ultimately exists.
The investment in a compliant archive structure pays for itself the first time a NADCAP auditor performs this spot check.