ISO 9001:2015 Clause 7.5 Documented Information p3
Clause 7.5 Overview
ISO 9000:2015 defines a record as a 'document' stating results achieved or providing evidence of activities performed,
where a 'document' is defines as information and the medium on which it is contained
where 'information' is defines as meaningful data,
where 'data' is defined as facts about the object,
where an 'object is defined as entity, item, anything perceivable or conceivable
Records need to be established and maintained to provide evidence of conformity to requirements and of the effective operation of the quality management system. Records shall remain legible, identifiable and retrievable. Controls need to be established for the identification, storage, protection, retrieval, retention time of records..." The clause 7.5 itself does not specify what records are, it is left to the organisation to identify these by examining both the specified and implied requirements throughout the ISO 9001:2015 standard.
Disposal of records is especially important, records falling into the wrong hands can be devastating for an organisation and many will look for a sacrificial lamb if the bad publicity becomes to overbearing... So its important to have robust controls for disposal, shredding and deleting of records (beyond recovery where necessary). This should include ensuring old equipment such as servers, PC, laptops, backup tapes etc., are electronically cleaned / shredded before disposal.
So what are records? A record is a special type of documented information that provides evidence of results for a process or activity performed (e.g. a sign-off record).
Records provide evidence of maintaining and demonstrating the effectiveness of your quality management system. Requirements for records may originate from many sources, such as suppliers, customers, regulators, legislation, or internally from within your organisation.
The quality management system must prevent confusion or ambiguity in the completion and use of records. Records must be written legibly to be useful. They should also be secure from unauthorised access, to prevent records being change or altered (the level of controls should be proportional to the importance and sensitivity of the records).
For the duration that records are kept, they need to be in locations and mediums that will protect against damage, and organisations should regularly review the condition of their records. The indexing and filing of records (whether hard-copy or computer) must always ensure easy retrieval.
All of the requirements of this clause can be met using DICS - Document Issuing and Control system my On Safe Lines QHSE Software Ltd, see link below to learn more.
In the example below it shows a software program Audited Manager being controlled and issued to three locations.
On Safe Lines QHSE Software Help file v1.071.0093 : Copyright © 2018 Brian G. Welch MSc(QHSE), NVQ4(OH&S), CMIOSH
FREE H&S Risk Assessment Software
click <here> to learn more