Record Control – Basic and Extended

You may know the ISO 9001 record control requirements, but what about the industry extensions for AS9100, ISO/TS 16949, ISO 14001, as well as, ISO 15489? They may suggest good practices beyond the basic ISO 9001 record control requirements.

According to ISO 9001:2000, clause 4.2.4, the record control process must:

  • Establish and maintain records as evidence of conformity to requirements
  • Use records to show effective operation of the quality management system
  • Keep records that remain legible, readily identifiable, and retrievable

A documented procedure must be established to define the controls for the identification, storage, protection, retrieval, retention time, and disposition of records.

Aerospace:
AS9100:2001, Revision A, clause 4.2.4, adds that the documented procedure must define the method for controlling records that are created by and/or retained by suppliers.  Records must be made available for review by customers and regulatory authorities in accordance with contract or regulatory requirements.

Automotive:
ISO/TS 16949:2002, clause 4.2.4.1, requires organizations to satisfy regulatory and customer requirements for control of records.

Telecommunications:
TL 9000:2001, Release 3.0, clause 4.2.4, doesn’t add any additional requirements for record control.

Environmental:
ISO 14001:1996, clause 4.5.3, requires the inclusion of training records and the results of audits and reviews (note: already covered by ISO 9001 in other clauses). Environmental records must be maintained that are traceable to the involved activity, product, or service. Retention times must be recorded.

Records Management:
ISO 15489-1:2001 is an information and documentation standard on records management. The technical report, ISO/TR 15489-2:2001, provides further explanation and guidance on implementation options.

Records are created, received, and used to conduct business activities. These records should be authentic, reliable, and usable.

A comprehensive records management program should:

  • determine what records to create for each process
  • decide what information to include in the records
  • decide on the form and structure, and the technologies to be used
  • decide how to retrieve, use, and transmit the records
  • decide on retention periods and the disposition process
  • decide how to organize the records to support their use

Preserve the records and make them accessible to meet requirements. Ensure they comply with policies, standards, and legal requirements. Maintain the records in a safe and secure environment. Keep them only as long as needed or required. See article 4 on ISO 15489 in this newsletter issue.