Guidance

Documentation requirements

The ISO Navigator™ database hyperlinks the ISO 9000:2005 principles and the ISO 9001:2008 requirements; and explains them in plain English with practical guidance.

This guidance has been superseded by ISO 9001:2015 Clause 7.5 Documented Information. If you want to see a comparison matrix that correlates the requirements of ISO 9001:2008 to the revised requirements of ISO 9001:2015, please click here to begin comparing.

Our range of ISO 9001:2015 quality manuals and integrated manual templates cover the requirements of ISO 14001:2015 and ISO 45001:2018, and offer an easy way to implement and document your organization's quality management system or integrated management system.

ISO 9001:2008: Control of records 4.2.4 (superseded)

Your organization must implement a documented procedure to define the controls needed for the identification, storage, protection, retrieval, retention and disposition of records and that these records must remain legible and identifiable throughout their retention period. Records prove the efficacy of the QMS.

  1. Records prove compliance against requirements
  2. Develop and implement the control of records procedure
  3. Maintain the legibility and accessibility of QMS documents and records

Implementing a document management system could mean keeping certain records that your organization might not be already keeping. Some of these records may seem a little confusing until you become more familiar with the quality standard.

Of course, you are free to keep more records than those listed below, if you feel your organization needs them, but as we always preach; keep your system simple. The fewer documents and records you keep, the fewer things that will be audited, and the more time you will have to actually run your business.

Keep in mind that you are free to combine some of these records where it makes sense, for example, you could combine the corrective and preventive action request log with a simple checkbox to note which one it is.

You could also combine both corrective and preventive action requests onto one form, again with a simple check box to designate its purpose. The following clauses of ISO 9001 contain the instruction 'see 4.2.4' which means that you must retain these 21 records:

  1. 5.6.1 Management review minutes
  2. 6.2.2 Records of education, training, skills and experience
  3. 7.1 Evidence that the realization processes and product fulfil requirements
  4. 7.2.2 Records of sales activities
  5. 7.3.2 Design and development inputs
  6. 7.3.4 Design and development reviews and any related actions
  7. 7.3.5 Design and development verification and any related actions
  8. 7.3.6 Design and development validation and any related actions
  9. 7.3.7 Design and development changes and any related actions
  10. 7.4.1 Results of supplier evaluations and any actions arising
  11. 7.5.2 Records to demonstrate the validation of special processes
  12. 7.5.3 Records of product identification where traceability is required
  13. 7.5.4 Customer property that is lost, damaged or found to be unsuitable
  14. 7.6 Basis used for calibration where no standards exist
  15. 7.6 Validity of the previous results when equipment is out of calibration
  16. 7.6 Results of calibration and verification of measuring equipment
  17. 8.2.2 Internal audit results and follow-up actions
  18. 8.2.4 Indication of the person(s) authorizing release of product
  19. 8.3 Records of the product non-conformities and any subsequent actions
  20. 8.5.2 Results of corrective action
  21. 8.5.3 Results of preventive action

Looking for ISO 9001 mandatory procedure templates? Our quality manual template provides a great foundation for establishing, implementing and documenting the six mandatory procedures that are required by the standard.

Want to know more?

SSL certification

A certificate guarantees the information your internet browser is receiving now originates from the expected domain - https://www.iso9001help.co.uk. It guarantees that when you make a purchase, sensitive data is encrypted and sent to the right place, and not to a malicious third-party.

Free PDCA guidance

ISO Navigator™ is our FREE online training tool that shows you how to apply the principles of PDCA to your operations. We also offer many helpful templates that get you on the road to documenting your management system, please visit the download page.

Planning

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
4.1 Organizational Context 4.1 Organizational Context 4.1 Organizational Context
4.2 Relevant Interested Parties 4.2 Relevant Interested Parties 4.2 Relevant Interested Parties
4.3 Management System Scope 4.3 Management System Scope 4.3 Management System Scope
4.4 QMS Processes 4.4 EMS Processes 4.4 OH&S Management System
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
5.1 Leadership & Commitment 5.1 Leadership & Commitment 5.1 Leadership & Commitment
5.2 Quality Policy 5.2 Environmental Policy 5.2 OH&S Policy
5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities 5.3 Roles, Responsibilities/Authorities
    5.4 Consultation & Participation
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities 6.1.1 Address Risks & Opportunities
6.2.1 Quality Objectives 6.1.2 Environmental Aspects 6.1.2 Hazard Identifcation
6.2.2 Planning to Achieve Objectives 6.1.3 Compliance Obligations 6.1.3 Legal & Other Requirements
6.3 Planning for Change 6.1.4 Planning Action 6.1.4 Planning Action
  6.2.1 Environmental Objectives 6.2.1 OH&S Objectives
  6.2.2 Planning to Achieve Objectives 6.2.2 Planning to Achieve Objectives
 

Doing

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
7.1.1 Resources - General
7.1 Resources 7.1 Resources
7.1.2 People 7.2 Competence 7.2 Competence
7.1.3 Infrastructure
7.3 Awareness 7.3 Awareness
7.1.4 Operational Environment 7.4.1 Communcation - General 7.4.1 Communcation - General
7.1.5 Monitoring & Measuring 7.4.2 Internal Communcation 7.4.2 Internal Communcation
7.1.6 Organizational Knowledge 7.4.3 External Communcation 7.4.3 External Communcation
7.2 Competence 7.5 Documented Information 7.5 Documented Information
7.3 Awareness    
7.4 Communcation    
7.5 Documented Information    
 
ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
8.1 Operational Planning & Control
8.1 Operational Planning & Control 8.1.1 General
8.2.1 Customer Communication 8.2 Emergency Preparedness 8.1.2 Eliminating Hazards
8.2.2 Determining Requirements
  8.1.3 Management of Change
8.2.3 Reviewing Requirements   8.1.4 Outsourcing
8.2.4 Changes in Requirements
  8.2 Emergency Preparedness
8.3.1 Design Development - General    
8.3.2 Design Development - Planning
   
8.3.3 Design Development - Inputs    
8.3.4 Design Development - Controls    
8.3.5 Design Development - Outputs    
8.3.6 Design Development - Changes    
8.4.1 External Processes - General    
8.4.2 Purchasing Controls    
8.4.3 Purchasing Information    
8.5.1 Production & Service Provision    
8.5.2 Identification & Traceability    
8.5.3 3rd Party Property    
8.5.4 Preservation    
8.5.5 Post-delivery Activities    
8.5.6 Control of Changes    
8.6 Release of Products & Services    
8.7 Nonconforming Outputs    
 

Checking

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
9.1.1 Performance Evaluation 9.1.1 Performance Evaluation 9.1.1 Performance Evaluation
9.1.2 Customer Satisfaction 9.1.2 Evaluation of Compliance 9.1.2 Evaluation of Compliance
9.1.3 Analysis & Evaluation 9.2 Internal Audit 9.2 Internal Audit
9.2 Internal Audit 9.3 Management Review 9.3 Management Review
9.3 Management Review    
 

Acting

ISO 9001:2015 ISO 14001:2015 ISO 45001:2018
10.1 Improvement - General 10.1 Improvement - General 10.1 Improvement - General
10.2 Nonconformity & Corrective Action 10.2 Nonconformity & Corrective Action 10.2 Incident, Nonconformity & Corrective Action
10.3 Continual Improvement 10.3 Continual Improvement 10.3 Continual Improvement