ISO Records

Many people get confused by records versus documents. In general:

* Documents are the future they tell you what to do or how something is done.
* Records are the history of what you have done. Records are the proof you need to show that you follow your quality system.

Records need to be legible. As a result you should consider things like the use of white correction fluid, erasing and crossing out. How are these used to keep the history legible and accurate?

Many registrars like to have a "records table". This is a table that tells them which records are available for the different clauses of the quality standard.

The ISO 9001 standard specifically requires records for the following items. Other standards require additional records.

* Management reviews
* Education, training, skills and experience
* Evidence that processes and product or service meet requirements
* Review of customer requirements and any related actions
* Design and development including: inputs, reviews, verification, validation and changes
* Results of supplier evaluations
* Traceability where it is an industry requirement
* Notification to customer of damaged or lost property
* Calibration
* Internal audit
* Product testing results
* Nonconforming product and actions taken
* Corrective action
* Preventive action
* Records you need to provide evidence of following your processes.

Record retention and disposition are up to you. You make keep records a day or forever with some exceptions. There may be regulatory requirements for keeping records. Also registrars generally like to see three to six months of records at the surveillance audits and they like three years of records for corrective action, preventive action, management review and internal audits. Check with your registrar for specific requirements.