4.2.4 Control of records

Control of records is a mandatory procedure. The control of records procedure is required to specify :

  • Which records are kept
  • By whom
  • For how long
  • and how they are disposed of

Our Quality Manual Template includes the control of records procedure already documented for you.

>> View Quality Manual Template sample

21 records required by ISO 9001:2008

The following clauses of ISO 9001 contain the instruction "...see 4.2.4" which means that you must retain these 21 records:

5.6.1 Management review minutes
6.2.2 Records of education, training, skills and experience
7.1 Evidence that the realization processes and product fulfil requirements
7.2.2 Records of sales activities

7.3.2 Design and development inputs
7.3.4 Design and development reviews and any related actions
7.3.5 Design and development verification and any related actions
7.3.6 Design and development validation and any related actions
7.3.7 Design and development changes and any related actions

7.4.1 Results of supplier evaluations and any actions arising
7.5.2 Records to demonstrate the validation of special processes
7.5.3 Where traceability is required, the unique identification of the product is recorded
7.5.4 Customer property that is lost, damaged or otherwise found to be unsuitable
7.6 Basis used for calibration of measuring equipment where no international or national standards exist
7.6 Validity of the previous measuring results when measuring equipment is found to be out of calibration
7.6 Results of calibration and verification of measuring equipment

8.2.2 Internal audit results and follow-up actions
8.2.4 Indication of the person(s) authorizing release of product.
8.3 Records of the product nonconformities and any subsequent actions
8.5.2 Results of corrective action
8.5.3 Results of preventive action

4.2.4 Control of Records

Clause 4.2.4 demands that an organisation must implement a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention and disposition of records and that these records must remain legible and identifiable throughout their retention period.

This is because records are an important organisational asset; they provide the primary route for evidence based verification and traceability, and are able to demonstrate compliance with customer requirements. Records also prove the efficacy of the quality management system.

Records Required By ISO 9001

Implementing a compliant document management system could mean keeping certain records that your organisation might not be already keeping. Some of these records may seem a little confusing until you become more familiar with the quality standard.

Of course, you might decide to keep more records than those listed below, if you feel your organisation needs them, but as we always preach; keep your system simple. The fewer documents and records you keep, the fewer things that will be audited, and the more time you will have to actually run your business.

>> Review our Checklist of the 21 records required by ISO 9001:2008

Keep in mind that you are free to combine some of these records where it makes sense, for example, you could combine the corrective action request and preventive action request records with a simple checkbox to note which one it is. You could also combine both corrective action and preventive action requests onto one form, again with a check box to designate if it is a corrective or preventive action request.

Please note this is a list of the records you will be required to keep. This does not deal with the mandatory documents, comprising of the quality manual, policy and procedures.