ISO 9001:2000 -
Control of Records

Mark A. Randig

In order to comply with the ISO 9001:2000 standard, an organization is required to establish a
minimum of six documented “system” procedures. The second of these procedures, by order of
appearance, covers the Control of Records, and is identified in clause 4.2.4 of the standard as
follows:

Records shall be established and maintained to provide evidence of conformity to requirements

and the effective operation of the quality management system. Records shall remain legible,
readily identifiable and retrievable. A documented procedure shall be established to define the
controls needed for the identification, storage, protection, retrieval, retention time and
disposition of records.

What’s a Record?

In order to understand what a record is, we must begin with another standard in the family, ISO
9000:2000, Quality management systems – Fundamentals and vocabulary. In this standard, we
find the definition of a record. Simply put, a record is a document, and can be used as an input
from one process to another, but in contrast to documents that are purely informative, a record
is generated to state results achieved or to provide evidence of activities performed.

It is because of this difference that different rules apply to the control of records than for the
control of documents (clause 4.2.3). Records are not issued, revised or tracked by revision.
While a record could be amended to reflect new or updated information, the original record
would not be affected.

Types of Records

There are a total of 19 different types of records that are specifically addressed within the ISO
9001 standard. Needless to say, this isn’t all of the records that could be generated during the
operation of a quality management system, however these particular records are considered
essential to its effective operation.

The records that are identified within the ISO 9001 standard are listed below, along with their
corresponding clause number (shown in parenthesis):

- Management review records (5.6.1)

- Records of Education, training, skills and experience (6.2.2)
- Records needed to provide evidence that the realization process and resulting product
meet requirements (7.1)
- Records related to the review of customer requirements (7.2.2)
- Design and development inputs (7.3.2)
- Design and development review records (7.3.4)

17117 Westheimer Road Suite #1, Houston TX 77082

Tel: 281-494-4874 / Fax: 413-294-4874
Email: [email protected] / Website: www.masquality.com
  
 
- Design verification records (7.3.5)
- Design validation records (7.3.6)
- Design and development change review records (7.3.7)
- Supplier evaluation records (7.4.1)
- Validation arrangements for processes (7.5.2)
- Product identification records (7.5.3)
- Records related to customer property (7.5.4)
- Calibration and verification records (7.6)
- Internal audit records (8.2.2)
- Product conformity records (8.2.4)
- Records of the nature of nonconformities and any subsequent action taken (8.3)
- Results of Corrective Actions taken (8.5.2)
- Results of Preventative actions taken (8.5.3)

Controls Required

Creating a procedure to meet the requirements established in clause 4.2.4 is a fairly

straightforward task. In clause 4.2.4, the ISO 9001 standard provides us with a clear purpose
statement, by requiring that the organization ensure that records remain legible, readily
identifiable and retrievable. In addition, clause 4.2.4 also identifies what types of controls should
be addressed, giving us a basic outline of what needs to be covered in our procedure - record
identification, storage, protection, retrieval, retention time and disposition (disposal).

Being given a purpose statement and an outline, the only information we’re missing are the
specific controls used by the organization. In this case, the ISO 9001 standard is neither
prescriptive nor specific; it leaves the specific controls up to the implementing organization, to
define methods that are consistent with its business needs, quality objectives and customer
and/or regulatory requirements.

Mark Randig is the President and Founder of MAS Solutions LLC., a Houston Texas based
consulting firm that specializes in helping companies achieve breakthrough performance by
focusing on Quality Enhancement and Productivity Improvement. To get your FREE copy of
Mark’s newsletter "The Quality Specialist", go to http://www.masquality.com.

© 2008 MAS Solutions LLC. All Rights Reserved.

17117 Westheimer Road Suite #1, Houston TX 77082

Tel: 281-494-4874 / Fax: 413-294-4874
Email: [email protected] / Website: www.masquality.com