ISO 9001 Training

Understanding ISO 9001:2008
Requirements for Quality Management Systems

4.2.4 Control of Records 

ISO 9001 Training - Key Explanation Points and Tips:

A record is a special type of document that provides written evidence of results achieved or activity performed (e.g. an inspection record).

Records provide one of the strongest forms of evidence of maintaining and demonstrating the effectiveness of your QMS. Ensure that your documentedprocedure for control of QMS records addresses each of the control requirements specified in this clause, in terms of who, what when, where and how. These controls apply to all QMS records whether they are hardcopy or computerized.

ISO 9001 calls for many records. Some records are specified, while others are implied. The onus is on you to demonstrate or provide evidence (records) of conformity to requirements, whether the specific clauses ask for records or not. As we go through the clauses, I will identify specific and implied records. Make a list for yourself as we go along.

Requirements for records may originate from the customer, regulatory, industry, or within your organization. Ensure you maintain records to conform to all of these as applicable. Records may also come from suppliers and outsourcers. All these records are subject to the above controls.

The comments under document control regarding legibility, being identifiable and retrievable apply equally to QMS records.

Readily identifiable - relates to easily determining the purpose and scope of the record, e.g. an inspection record for a product at final inspection. The design of QMS records must prevent confusion or ambiguity in the completion and use of records. Records must be written legibly to be useful. Also make sure that they are not exposed to unauthorized change or alteration.

For the duration that they are kept, store records in locations and mediums that will protect against unauthorized access and environmental damage - (covered in oil, dust, acid eaten, weather-beaten, etc.). Regularly review the condition of records. The indexing and filing of records (hardcopy or computer) must ensure easy retrieval.

Keep a listing of all the different categories of records and define the retention times associated with each category (inspection and test; sales and purchasing; management review; calibration; training; etc).  Retention times are typically determined by customer, regulatory, industry or organizational requirements and policies.

Records must eventually be disposed off once past their defined retention times. Disposition could range from permanent destruction of records to permanent storage in a secure onsite or off-site archive. The intent here is to remove the risk of inadvertent use and availability for current activities and unauthorized access. Depending upon the industry, specific records may be kept indefinitely.

There are some who would argue that disposition means the permanent destruction of records. The ISO ‘Guidance on terminology” defines disposition as the action of getting rid of or making over, to arrange, a putting in order. This supports the interpretation I have taken.

Nonconformities against the process for control of records arise frequently. Develop appropriate performance indicators to demonstrate effective implementation of your record control process. Examples of indicators could include - number of instances of inability to retrieve records; amount of time spent looking for records; number of instances of incomplete records; number of instances of damaged records found; etc. Track trends in these indicators and use this information to tighten your controls and continually improve your record control process.

As mentioned in clause 4.1, use the PDCA to plan, implement, measure and improve your process for record control. Your procedure should describe this approach.