Record keeping is one of the most painstaking, and important, requirements in the ISO9001:2000 standard. Painstaking, because records must be identified, filed, protected and controlled throughout their lifecycle. Important, because they contain the history of how your quality management system (QMS) is functioning. The energy, effort and expense of keeping up your quality records are ongoing investments in building a reference-base for analysis, compliance and improvement.

WHY KEEP RECORDS?

The discipline of maintaining your QMS records ensures that you will have an objective means of assessing QMS effectiveness. With this historical evidence you can:

" The energy, effort and expense of keeping up your quality records are ongoing investments in building a reference-base for analysis, compliance and improvement. "

With your quality records you can answer questions such as "why did this happen?", "when did this problem first appear?" and "is the problem gone?". With such valuable information at your fingertips, your records should be treated as invaluable.

Additionally, your quality records are a primary reference for your internal and external auditors to assess your compliance to requirements. As each record is filed, keep in mind that an auditor may want to retrieve it in order to evaluate the effectiveness of the QMS.

WHAT RECORDS SHOULD BE KEPT?

The ISO9001:2000 standard has a built-in reference to all required records wherever the phrase "see 4.2.4" is found (4.2.4 is the paragraph dealing with Control of Records). The 20 mandated ISO9001:2000 records are:

1. Document Control (4.2.3)
2. Management Review (5.6.1)
3. Education, Training, Skills and Experience (6.2.2)
4. Product Realization (7.1)
5. Customer Requirements Review (7.2.2)
6. Design and Development Inputs (7.3.2)
7. Design and Development Review (7.3.4)
8. Design and Development Verification (7.3.5)
9. Design and Development Validation (7.3.6)
 10. Design and Development Changes (7.3.7)
11. Supplier Evaluations (7.4.1)
12. Production/Service Processes (7.5.2)
13. Identification and Traceability (7.5.3)
14. Damaged/Lost Customer Property (7.5.4)
15. Calibration (7.6)
16. Internal Audit (8.2.2)
17. Product Conformity (8.2.4)
18. Nonconforming Product (8.3)
19. Corrective Action (8.5.2)
20. Preventive Action (8.5.3)

In addition, you might give careful consideration to other records you might need to include in your QMS that would give you an important historical reference for critical areas. You may want to include records for maintenance (6.3) and customer satisfaction (8.2.1), for example.

WHAT ARE THE ISO9001:2000 REQUIREMENTS?

All 20 required quality records that are applicable to your organization’s processes, and any additional records you decide are important to maintain, must be kept according to the "Control of Records" requirements in the ISO9001:2000 standard:

Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of records. (ref. 4.2.4)

Let’s briefly clarify each requirement:

Legible – You must ensure handwritten records can be easily read and that you protect paper records from deterioration that might affect their readability.

Readily Identifiable – Each record should be uniquely identified through a number, code, title, date, storage location or other appropriate method. Anyone looking at the records should be able to easily tell what they are looking at.

Retrievable – Every record should be filed and stored in such as way as to be easy to find and access when needed.

In addition, you must have a documented procedure for controlling records. In the procedure you must address how your organization handles the following:

Identification – What minimum information must be added to every record for identification (see "Readily Identifiable" above).

Storage – How hardcopy and electronic records are stored to protect them.

Protection – What methods must be used to preserve records from loss or deterioration. For hardcopy records, you may want to include where files are kept, in what types of storage containers and any environmental concerns (moisture, temperature, etc.). For electronic records, be sure to include how the data is backed-up regularly.

Retrieval – Describe how records are indexed or otherwise organized to facilitate easy access (see "Retrievable" above).

Retention Time – Specify minimum and/or maximum retention requirements for each type of record. Be sure to establish a schedule to review your records according to your requirements.

Disposition – Determine how you will dispose of records when scheduled. For confidential records, be sure you are explicit about how you intend to destroy the records.

HOW CAN WE KEEP IT SIMPLE?

With at least 20 types of quality records to maintain according to the ISO9001:2000 requirements, organizations are often seeking to simplify their approach to record keeping. Here are some suggestions:

By keeping your record keeping as simple as possible, you’ll keep your costs down, prepare for seamless audits and keep your ISO-life somewhat manageable.

***
Scott Dawson is a Senior Consultant and President of Core Business Solutions and has more than 20 years experience in manufacturing with the past 8 years consulting with organizations seeking ISO 9001 certification.