Craig Cochran
Published: Tuesday, November 10, 2015 - 17:33 ISO 9001:2015 does a lot of things right, but using clear language isn’t one of them. One of the most glaring examples is the transformation of the word “records” into “retained documented information.” That's right, the standard’s updaters took one word and turned it into three. And the three words aren’t nearly as intuitive as the one word they replaced. Regardless of what you call them, records are the proof of something happening. They are historical, referring to past events. As such, they aren’t revised. Records might be “corrected” in some cases, but they are never revised. Only documents are revised. (We’ll address documents and their status in ISO 9001:2015 in a future article.) The primary control method for records is one of housekeeping: knowing where they’re stored, who’s responsible for retaining them, and how long they’re kept. Here is a summary of records requirements in ISO 9001:2015: Don’t let anyone tell you that the “correct” terminology is “retained documented information.” If you like that term, then by all means use it. If you prefer the term “records,” you can use that in its place. Always remember that documents and records are two different things. That one fact alone will make any QMS easier to use and understand. Retained information (i.e., records) required in ISO 9001:2015 Section No. Category Requirement Qualifier 4.4.2 QMS and processes Retain information on processes carried out effectively (a blanket requirement) to the extent necessary 7.1.5.1 Calibration Retain information on fitness of purpose for measuring instruments none 7.1.5.2 Calibration Retain information on basis for calibration where no standards exist none 7.2. d Competence Retain information as evidence of competence none 8.1 e 1 Operations Retain evidence of processes being carried out as planned to the extent necessary 8.1.e 2 Operations Retain information to demonstrate conformity of products and services to the extent necessary 8.2.3.2 a Sales Retain information on the results of review of customer requirements as applicable 8.2.3.2 b Sales Retain information on any new requirements for products and services as applicable 8.3.3 Design Retain information on design inputs none 8.3.4 b Design Retain information on design reviews none 8.3.4 c Design Retain information on design verifications none 8.3.4 d Design Retain information on design validations none 8.3.5. Design Retain information on design outputs none 8.3.6 Design Retain information on design changes (e.g., reviews, authorization, and actions to prevent adverse impacts) none 8.4.1 Purchasing Retain information on the evaluation, selection, monitoring of performance, and reevaluation of external providers 8.5.2 Traceability Retain information to necessary to enable traceability none 8.5.3 External property Retain information on customer or external provider property that is lost, damaged, or unsuitable none 8.5.6 Change management Retain information on changes, i.e., review of changes, persons authorizing, and necessary actions arising none 8.6 Product release Retain documented information on the release of products and services, including evidence of conformity and traceability to person authorizing release none 8.7.2 Nonconforming products Retain information on nonconforming products, including description, actions taken, any concessions, and authority deciding on action. none 9.1.1 Monitor and measure Retain evidence of results of monitoring and measuring (a blanket requirement) none 9.2.2 f Internal audit Retain evidence of implementation of audit program and audit results none 9.3.3 Management review Retain evidence of the results of management review none 10.2.2 Corrective action Retain evidence of nature of nonconformity, any actions taken, and results none Craig Cochran is a project manager with Georgia Tech’s Enterprise Innovation Institute. Cochran is the author of The Seven Lessons: Management Tools for Success; Problem Solving in Plain English; ISO 9001 in Plain English; Customer Satisfaction: Tools, Techniques, and Formulas for Success; The Continual Improvement Process: From Strategy to the Bottom Line; and Becoming a Customer-Focused Organization, all available from Paton Professional. His most recent book is ISO 9001:2015 in Plain English, also available from Paton Professional.
Standards ‘Retained Document Information’ in ISO 9001:2015
You mean records?
• 24 records are required in ISO 9001:2015. This is compared to 21 records required in ISO 9001:2008. Some of the 24 records required by ISO 9001:2015 are actually repeat requirements, listed twice in the current version of the standard.
• 20 percent of all the record requirements come from section 8.3—“Design and development of products and services.” That amounts to five records, which is the same number required by ISO 9001:2008.
• A completely new record that is required in 9001:2015 is found in section 8.5.6, which concerns retained information on changes, including the review of changes, persons authorizing the change, and necessary actions arising from the change.
• ISO 9001 continues its redundant ways. In two separate places ISO 9001:2015 requires records of evidence of processes being carried out effectively, once in section 4.4.2 and again in section 8.1.e.1.
• More redundancy: ISO 9001:2015 requires records in two separate places that demonstrate conformity of products and services processes, once in section 8.1.e.2 and again in section 8.6. Why the redundancy? My personal opinion is that this wasn’t intended. Rather, I suspect it was sloppy editing. There’s no compelling reason to declare twice that inspection records must be maintained.
• Five of the records in ISO 9001:2015 have qualifiers. These are “to the extent necessary” and “as applicable.” They imply that it’s up to the organization to decide if it truly needs the records to demonstrate conformity. They aren’t absolute requirements.
• One item, design outputs, is listed as “retained documented information” (i.e., a record) when it’s actually a document. Design outputs are living information such as specifications, engineering drawings, recipes, formulas, and bills of material. Since they’re living, they’re subject to revision, meaning they are documents. Nonetheless, as long as the organization manages design outputs in a consistent manner (as either a document or a record), it should be fine.
• A handful of requirements would be virtually impossible to have evidence of without records, and yet ISO 9001:2015 doesn’t require records for them. These include context of the organization (4.1), interested parties (4.2), planning of changes (6.3), and customer feedback (9.1.2).
• One of the strangest record issues of all is the omission of calibration records in ISO 9001:2015. This has been replaced by the requirement to “retain information on fitness of purpose for measuring instruments,” which would include calibration, among other possible activities. I expect many people implementing ISO 9001:2015 will get a bit confused by this.
About The Author
Craig Cochran
© 2023 Quality Digest. Copyright on content held by Quality Digest or by individual authors. Contact Quality Digest for reprint information.
“Quality Digest" is a trademark owned by Quality Circle Institute, Inc.
Comments
calibration record requirements
Is there a place to find out the exact requirements for information to include on calibration records for IS0 9001:2015? It is my understanding the requirements are as follows: 1. As found/as left readings
2 calibration date
3 next calibration due date
4 instrument standard used
5 frequency of calibration
I was recently responsible for helping to create new calibration work instructions to be included on calibration records while my boss was out on medical leave. We use SAP software and it serves as our calibration records. When I created the work instructions, I included everything above, but left out #5 since it is on a master document containing a list of calibration instruments. We had a 3rd party audit soon afterwards and he said everything looked good. My boss got back a few weeks later and nailed me for not including #5 on each calibration record. Also, I left the instrument used field blank to be filled out by the technician at the time of calibration. My boss said the calibration instrument used field must be pre-populated (first time he told me this), even though we have multiple instruments that can be used to calibrate and the technician doing the calibration would fill this out at the time of calibration. The auditor only viewed calibration records already done, not the calibration form itself, so he didn't know the instrument field was blank.
Is the specified accuracy of the instrument being calibrated required to be part of the calibration record? It is on the same master document mentioned above with the frequency of calibration.
I have every intention of complying with my boss, but I would also like to verify the information he told me with a 3rd party such as yourself. Is the frequency required on the calibration itself or just need to be documented and easily found elsewhere?
Sorry for the delay
Sorry for the delay Chad. I heard back from one of our authors, Denise Robitaille:
You:Is the specified accuracy of the instrument being calibrated required to be part of the calibration record? It is on the same master document mentioned above with the frequency of calibration.
Denise: ISO 9001:2015 requires: "The organization shall ensure that the resources provided... are suitable for the specific type of monitoring and measurement activities being undertaken..." Example: If you have a scale that reads in ounces, it probably won't have the accuracy to verify a product in milligrams. How you document this is your choice.
You: Is the frequency required on the calibration itself or just need to be documented and easily found elsewhere?
Denise: ISO 9001:2015 requires: "...calibrated or verified, or both, at specified intervals.." It is reasonable to infer that if the intervals are to be specified, this information must be maintained in some form of documented information. The location is up to the organization.
Hope that helps
Dirk
re:calibration record requirements
Thanks Dirk. Basically it sounds like our requirement of documenting the same information in two places is above and beyond what ISO 9001:2015 requires. It was inferred to me that by not doing this we were going to have a CAR written against us. Since a lot of details are left up to the organization, I assume we are judged by our own standards as well as ISO 9001:2015 standards when getting audited or re-certified. Problem is I have not been able to find our standards in written form so I know exactly what to expect, I've had to take my boss' word for everything. Anyway, thanks again for your response.
Records
re:calibration record requirements
Dirk,
Have you had any responses from your sources on this?
Chad
Retained information (Records) required in ISO 9001:2015
Thanks a lot for wonderful information. However, how can an auditor verify if management reviews conducted periodically?
QMS
Good day please help me understand this
what are the most important criteria of good quality polity and good quality objectives
also what is the scope required by ISO 9001 2015
what are list for retaining documented information
Typically they will ask to
Typically they will ask to see a schedule for Management Review Meetings and/or dated Management Review Records which can verify if your Management Reviews are occuring at the frequency that you claim.