© OnSafeLines 2003 : 2011 - Web Master : BGW
Registered Company in England and Wales : Company No 4836377
Single Word Searches Favourable
On Safe Lines
QHSE Specialist
Dedicated to Quality, Health & Safety, and Environmental Guidance and Support
OnSafeLines Free Advice on Quality Management Systems
ISO 9001:2008 section 4
4. Quality management system - ISO 9001:2008 section 4.2.4 Records
ISO 9001: 2008 4.2.4 Control of records
Basically you must keep records to prove that the quality management system is operating correctly.
Important note: Documentation may be in any form or medium suitable for the needs of the organization.
Control of records is the second clause under ISO 9001 2008 section 4.2 requiring a specific documented procedure, the other as mention on the previous pages being ISO 9001 2008 4.2.3 Control of documents.
ISO 9001 2008 4.2.4 is quite clear and straightforward and states "...Records shall be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, readily identifiable and retrievable. A documented procedure shall be established to define the controls needed for the identification, storage, protection, retrieval, retention time and affinity of records..." The clause itself does not specify what records are, it is left to the organization to identify these by examining both the specified and implied requirements throughout the ISO 9001:2008 standard.
Looking for key words would identify any procedure needs to establish how the organization;
- Controls records
- Identifies records
- Stores records (this may vary from paper to electronic etc)
- Protects records (this may vary from paper to electronic etc)
- Retrieves records (this may vary from paper to electronic etc)
- Allocates and controls retention times, including those needing
to be kept indefinitely - Method of deposition for records.
Disposal of records is especially important, records falling into the wrong hands can be devastating for an organization and many will look for a sacrificial lamb if the bad publicity becomes to overbearing... So its important to have robust controls for disposal, shredding and deleting of records (beyond recovery where necessary). This should include ensuring old equipment such as servers, PC, laptops, backup tapes etc are cleaned before disposal.
So what are records? A record is a special type of document that provides evidence of results for a process or activity performed (e.g. a sign-off record).
Records provide evidence of maintaining and demonstrating the effectiveness of your
quality management system. Requirements for records may originate from many sources,
such as suppliers, customers, regulators, legislation, or internally from within
your organization. All these records are subject to the controls listed above.
Readily identifiable relates to determining the purpose and scope of the record,
e.g. a sign-off record for a final inspection. The quality management system must
prevent confusion or ambiguity in the completion and use of records. Records must
be written legibly to be useful. They should also be secure from unauthorized access,
to prevent records being change or altered (the level of controls should be proportional
to the importance and sensitivity of the records).
For the duration that records
are kept, they needs be in locations and mediums that will protect against damage,
and organizations should regularly review the condition of their records. The indexing
and filing of records (whether hardcopy or computer) must ensure easy retrieval.
Thank you for taking the time to read this write-up by OnSafeLines. Feel free to browse through the vast amount of free advice included within the OnSafeLines website. Furthermore, please do come back soon, the site is growing every day
Note, this article is continued on the previous page...