Control of records is one of the most important requirements in the ISO 9001 standard.

Records must be identified, filed, protected and controlled throughout their lifecycle. Importance of Records The discipline of maintaining your QMS records ensures that you will have an objective means of assessing QMS effectiveness. With this historical evidence you can:

y y y y y

Understand how well your QMS is performing and its effectiveness Trace back to the source of problems Demonstrate compliance to requirements of the standard Evaluate trends in QMS performance Monitor improvement in the organization and processes

With your quality records you can answer questions such as "why did this happen?", "when did this problem first appear?" and "is the problem gone?". With such valuable information at your fingertips, your records should be treated as invaluable. Additionally, your quality records are a primary reference for your internal and external auditors to assess your compliance to requirements. As each record is filed, keep in mind that an auditor may want to retrieve it in order to evaluate the effectiveness of the QMS. WHAT RECORDS SHOULD BE KEPT? The ISO 9001 standard has a built-in reference to all required records wherever the phrase "see 4.2.4" is found (4.2.4 is the paragraph dealing with Control of Records). The 20 mandatory ISO 9001 records are: 1. 2. 3. 4. 5. 6. 7. 8. 9. Document Control (4.2.3) Management Review (5.6.1) Education, Training, Skills and Experience (6.2.2) Product Realization (7.1) Customer Requirements Review (7.2.2) Design and Development Inputs (7.3.2) Design and Development Review (7.3.4) Design and Development Verification (7.3.5) Design and Development Validation (7.3.6) 10. Design and Development Changes (7.3.7) 11. Supplier Evaluations (7.4.1) 12. Production/Service Processes (7.5.2) 13. Identification and Traceability (7.5.3) 14. Damaged/Lost Customer Property (7.5.4) 15. Calibration (7.6) 16. Internal Audit (8.2.2) 17. Product Conformity (8.2.4) 18. Nonconforming Product (8.3) 19. Corrective Action (8.5.2) 20. Preventive Action (8.5.3)

Lets briefly clarify each requirement: Legible You must ensure handwritten records can be easily read and that you protect paper records from deterioration that might affect their readability. Readily Identifiable Each record should be uniquely identified through a number, code, title, date, storage location or other appropriate method. Anyone looking at the records should be able to easily tell what they are looking at. Retrievable Every record should be filed and stored in such as way as to be easy to find and access when needed. In addition, you must have a documented procedure for controlling records. In the procedure you must address how your organization handles the following: Identification What minimum information must be added to every record for identifcation (see i "Readily Identifiable" above). Storage How hardcopy and electronic records are stored to protect them. Protection What methods must be used to preserve records from loss or deterioration. For hardcopy records, you may want to include where files are kept, in what types of storage containers and any environmental concerns (moisture, temperature, etc.). For electronic records, be sure to include how the data is backed-up regularly. Retrieval Describe how records are indexed or otherwise organized to facilitate easy access (see "Retrievable" above).

Retention Time Specify minimum and/or maximum retention requirements for each type of record. Be sure to establish a schedule to review your records according to your requirements. Disposition Determine how you will dispose of records when scheduled. For confidential records, be sure you are explicit about how you intend to destroy the records.

By keeping your record keeping as simple as possible, you'll keep your costs down, prepare for seamless audits and keep your ISO compliance effective and efficient.