Oct 12, 2017

Control of Records made Practical in ISO 9001

People implementing an ISO 9001 quality management system often feel that a documented procedure for records is going too far, and fail to see why this is such an important requirement.

When people feel this way and you look at why they do so, they usually think that every single piece of paper or information that is generated by an organization should be kept as a record, but this is not what the standard requires. You are simply required to maintain controls for records you create that prove that you conform to requirements for products and services, and any other requirements that the organization identifies. In addition, you must have records that show the effectiveness of the QMS Review. To meet these requirements, the organization needs to determine what records they need to keep.

Why keep records?

The main purpose of records is to be able to show compliance if you receive questions on faulty products or services. The second reason in terms of ISO 9001 is to make data available that can be used to improve processes. By ensuring that you have records of your relevant data, you can return to analyze the data to help you improve the processes your company uses. Keep in mind that one of the main reasons for implementing and maintaining a Quality Management System is to have a framework that will help you drive improvement in your business processes. ISO 9001 quality management systems (QMS) software is implemented using MyEasyISO in San Francisco (US), while ISO 14001 & OHSAS 18001 Health Safety Management Systems HSE software is implemented in Bangkok (Thailand). In all cases, the companies involved derive great value from their records and use these to drive continuous improvement.

Why do procedures need to be documented?

Controls are defined by documented procedures. The procedure can consist of text, but a flowchart or any other form of documentation that the company can use is acceptable. The point is that it needs to be documented, and the controls for the following list of six attributes of the process need to be defined.

  • Identification

You need to ensure that you can find the right record when it is needed. One method to do this involves filing like records of a product or service together, but you can use any other a way to identify all records that have to be compiled when you look at a given product or service. You also need to define a mechanism to identify any missing records. This could involve some type of numbering system.

  • Storage

Decide if you will keep your records in electronic, or paper format. Are you going to keep them onsite, or offsite? If you decide to move them offsite at some stage, you need to determine how long they will be kept onsite before moving them.

  • Protection

Your records need to be protected from loss and damage. If the records are paper, the area where they are stored should be controlled properly. Don’t, for example, store them in a basement where they might be exposed to moisture, or eaten by rodents. If you keep electronic records, you will need to back them up regularly. It’s also always a good idea to keep at least one backup copy offsite.

  • Retrieval

How often you need to use a record will determine how and where they are stored to some extent. You also need to look at how quickly you need to access a specific record. There might even be legal requirements that need to be taken into account. One example of this would be where the FAA in the United States require that suppliers of aircraft components provide records to assist with an investigation within 24 hours in the event of an airplane crash.

  • Retention

You need to decide how long records need to be kept. Legislation could once again affect the retention period. You also need to know if the retention period relates to when the record was created, or when the life of the product or service ends.

  • Disposition

At the end of the retention period, it might be that they are disposed of outright. It is however also possible that records need to be reviewed before they are destroyed. If this is the case, you need to decide who has to do the review.

Other considerations

Apart from controls mentioned above, three other things need to be considered for all records. Although these may seem obvious, it’s worthwhile to make sure that you look at these to prevent records being lost.

  • Legibility

A record only has value if it is legible. Handwriting that’s difficult to read or a record in a language that the intended audience does not understand are two examples of records that are not useful. Paper copies or scans could also become faint or blurred, and some types of paper (e.g. thermal) will become illegible with time.

  • Identifiable

Although record identification is one of the controls that was discussed, this does not mean that identifying the record will be easy, or in some cases, even possible. If you have an identification control in place, but the identification is difficult to read, or can’t be found easily in the document, you’ll still not be able to identify the record you need.

  • Retrievable

Will you be able to retrieve the record when you need to? When a paper record is stored in an inaccessible place it won’t be of any use to you. With electronic records, things to consider include possible degradation of storage media, computer hardware development making certain types of media redundant and software upgrades that could result in records saved in older formats not being readable anymore.

Making Record Control work

The main purpose of records is to use the data to help improve your processes. If your record control is so difficult to use that you can’t get the data you need easily, it becomes easier to make decisions based on instinct rather than on facts. Although the ISO9001 standard specifies the points of the process that need control, you decide what those controls should be and how to implement them.

With MyEasyISO, record control is easy as this is fully integrated into the relevant modules. Each record is uniquely identified and stored electronically on our cloud servers. This makes them legible, identifiable and retrievable without you having to design anything. The hard work has been done for you. All that’s left is for you to utilize the power of the system and reap the rewards.

Sree vidhya

You may also like...

Most Popular
Digitize Your Calibration Management with Effivity Pro

Unlock efficiency in your calibration processes with Effivity's calibration management software.

Why Industry Leaders Choose Effivity for their EHS Software

Learn how Effivity's Environment Management Systems software offers innovative, user-friendly solutions.

Talked About
Effivity is Proud to Be A Part of Idea Pattarai

Effivity, with its user-friendly and scalable software solutions, is glad to be a part of Idea Pattarai.

Global Giants of Chemical Industry joins with Effivity Pro to enhance QHSE Compliance

Discover how Global Giants of Chemical Industry partnered with Effivity PRO to revolutionise QHSE.


Effivity is a leading QMS software for Quality Management System automation as per ISO 9001 standard, HSE software for Health – Safety - Environment Management System as per ISO 14001 & ISO 45001 standards and FSMS – HACCP software for food safety management system automation as per ISO 22000 / FSSC 22000 standards.