In Reply to Parent Post by QAMTY
Please explain, Is not mandatory the identification, 4.2.4 Control of Records?
"The organization shall establish a documented procedure to define the controls needed for the identification,storage, protection, retrieval, retention and disposition of records."
This is another bit of obscure language in the standard. In this context, "identification" is widely construed to mean that records have to be marked or individually identified somehow. What it actually means is that what records must be kept must be determined.
In this case the auditor is wrong, wrong, wrong.