ISO 14001 - Clause 4.4.5 - Record Retention Periods - How do I determine?

[matthew evans]

Clause 4.4.5 of ISO 14001 makes reference to documents "Retained for a specific period".
Can anyone help me to determine retention periods for the various documents. Everything seems to make reference to specified regulation retention times.

[Randy]

In my opinion "Specific period" would refer to either that which is stipulated by an organizations internal procedures and/or those periods stipulated by regulatory requirements. Some customer requirements may also contain periods they may want documents maintained.

Whatever the case, as an auditor I would look for conformancy to what you stipulate within your organizational procedures and not what I would presume or think I know.

Remember, it is the organization (auditee) that determines how it is to conduct business, not the auditor.

Randy Daily
EMS-LA #E052340

[This message has been edited by Randy (edited 11 December 2000).]

I concur with Randy.

Also, wherever the retention times are defined it can be helpful (to avoid a finding from a overly picky auditor) to state that the records are maintained for "at least" five years or whatever the specified time is. Otherwise, if there is a record that is onhand for five years and a day there is, technically, a nonconformance.

It may be OK from a "systems" viewpoint to audit against what the organization specifies, but retaining records for an incorrect (i.e. too short) period would be a regulatory noncompliance in many cases and, I believe, the EMS auditor should be expected to know this. It may also cause a QMS nonconformance for not meeting customer reqts, but that's a different story.

[Randy]

I understand what you are saying, but the bottom line is....you audit against conformance to the standard and not what you think there should be in place.

If an Auditee's procedure states that documentation will only be kept for 1 year and you know 5 years is required, as long as the Auditee keeps the documentation for 1 year conformance is satisfied.

An "Observation" may be in line or noted under this clause, but that's about it.



------------------
Randy Daily
EMS-LA #E052340

If regulations require a (minimum) time for specific records to be kept there is nonconformance in not meeting commitment to comply with regulatory reqts.

[Randy]

I agree, if the requirement has been previously stipulated "by the Auditee"as applying "to the Auditee" and not by what the auditor thinks or knows.

Yes, the standard requires compliance to regulatory requirements, but it is the Auditee who determines how that compliance is to be accomplished...not the auditor.

The auditor is charged with auditing to conformance to the standard and not compliance to the law. I personnaly do not agree with taking that stance, but I feel I have no choice. It is hard to talk of them as seperate issues, but they are.

Remember...as long as conformance to the standard is achieved there is no problem with a concrete lifesaver.

[This message has been edited by Randy (edited 11 December 2000).]

Randy - The "concrete preserver" analogy may work for a QMS, but its quite different for an EMS. The company must be aware of "applicable" regs - not just those it wants to comply with. If it didn't keep records required by law there is likely a system breakdown in how they obtain reg'y info and/or how they apply corrective actions, let alone not meeting their policy. Unless it was intentional, in which case there's a much bigger issue involved (getting a lot of attention these days). Either way, I'm not about to sign off on the system!