Tuesday 9 May 2017

Retained Document Information’ in ISO 9001:2015

You mean records?


One of the most glaring examples is the transformation of the word “records” into “retained documented information.” That's right, the standard’s updaters took one word and turned it into three. And the three words aren’t nearly as intuitive as the one word they replaced.
Regardless of what you call them, records are the proof of something happening. They are historical, referring to past events. As such, they aren’t revised. Records might be “corrected” in some cases, but they are never revised. Only documents are revised. (We’ll address documents and their status in ISO 9001:2015 in a future article.) The primary control method for records is one of housekeeping: knowing where they’re stored, who’s responsible for retaining them, and how long they’re kept.
Here is a summary of records requirements in ISO 9001:2015:
• 24 records are required in ISO 9001:2015. This is compared to 21 records required in ISO 9001:2008. Some of the 24 records required by ISO 9001:2015 are actually repeat requirements, listed twice in the current version of the standard.
• 20 percent of all the record requirements come from section 8.3—“Design and development of products and services.” That amounts to five records, which is the same number required by ISO 9001:2008.
• A completely new record that is required in 9001:2015 is found in section 8.5.6, which concerns retained information on changes, including the review of changes, persons authorizing the change, and necessary actions arising from the change.
• ISO 9001 continues its redundant ways. In two separate places ISO 9001:2015 requires records of evidence of processes being carried out effectively, once in section 4.4.2 and again in section 8.1.e.1.
• More redundancy: ISO 9001:2015 requires records in two separate places that demonstrate conformity of products and services processes, once in section 8.1.e.2 and again in section 8.6. Why the redundancy? My personal opinion is that this wasn’t intended. Rather, I suspect it was sloppy editing. There’s no compelling reason to declare twice that inspection records must be maintained.
• Five of the records in ISO 9001:2015 have qualifiers. These are “to the extent necessary” and “as applicable.” They imply that it’s up to the organization to decide if it truly needs the records to demonstrate conformity. They aren’t absolute requirements.
• One item, design outputs, is listed as “retained documented information” (i.e., a record) when it’s actually a document. Design outputs are living information such as specifications, engineering drawings, recipes, formulas, and bills of material. Since they’re living, they’re subject to revision, meaning they are documents. Nonetheless, as long as the organization manages design outputs in a consistent manner (as either a document or a record), it should be fine.
• A handful of requirements would be virtually impossible to have evidence of without records, and yet ISO 9001:2015 doesn’t require records for them. These include context of the organization (4.1), interested parties (4.2), planning of changes (6.3), and customer feedback (9.1.2).
• One of the strangest record issues of all is the omission of calibration records in ISO 9001:2015. This has been replaced by the requirement to “retain information on fitness of purpose for measuring instruments,” which would include calibration, among other possible activities. I expect many people implementing ISO 9001:2015 will get a bit confused by this.
Don’t  let anyone tell you that the “correct” terminology is “retained documented information.” If you like that term, then by all means use it. If you prefer the term “records,” you can use that in its place. Always remember that documents and records are two different things. That one fact alone will make any QMS easier to use and understand.
Retained information (i.e., records) required in ISO 9001:2015
Section No.
Category
Requirement
Qualifier
4.4.2
QMS and processes
Retain information on processes carried out effectively (a blanket requirement)
to the extent necessary
7.1.5.1
Calibration
Retain information on fitness of purpose for measuring instruments
none
7.1.5.2
Calibration
Retain information on basis for calibration where no standards exist
none
7.2. d
Competence
Retain information as evidence of competence
none
8.1 e 1
Operations
Retain evidence of processes being carried out as planned
to the extent necessary
8.1.e 2
Operations
Retain information to demonstrate conformity of products and services
to the extent necessary
8.2.3.2 a
Sales
Retain information on the results of review of customer requirements
as applicable
8.2.3.2 b
Sales
Retain information on any new requirements for products and services
as applicable
8.3.3
Design
Retain information on design inputs
none
8.3.4 b
Design
Retain information on design reviews
none
8.3.4 c
Design
Retain information on design verifications
none
8.3.4 d
Design
Retain information on design validations
none
8.3.5.
Design
Retain information on design outputs
none
8.3.6
Design
Retain information on design changes (e.g., reviews, authorization, and actions to prevent adverse impacts)
none
8.4.1
Purchasing
Retain information on the evaluation, selection, monitoring of performance, and reevaluation of external providers

8.5.2
Traceability
Retain information to necessary to enable traceability
none
8.5.3
External property
Retain information on customer or external provider property that is lost, damaged, or unsuitable
none
8.5.6
Change management
Retain information on changes, i.e., review of changes, persons authorizing, and necessary actions arising
none
8.6
Product release
Retain documented information on the release of products and services, including evidence of conformity and traceability to person authorizing release
none
8.7.2
Nonconforming products
Retain information on nonconforming products, including description, actions taken, any concessions, and authority deciding on action.
none
9.1.1
Monitor and measure
Retain evidence of results of monitoring and measuring (a blanket requirement)
none
9.2.2 f
Internal audit
Retain evidence of implementation of audit program and audit results
none
9.3.3
Management review
Retain evidence of the results of management review
none
10.2.2
Corrective action
Retain evidence of nature of nonconformity, any actions taken, and results
non

1 comment: