Re: Control of Quality Records
Help!
I am trying to create a "records policy" for 9001:2008, does any one have any sugestions on what to include or stay away from - should I include "all" business records or just records relating to 9001:2008?????
If you're going to the effort of creating a policy (and presumably a procedure?? because that's required), it may well be worth covering records that aren't strictly required by 9001 (eg, who's responsible for storing financial records?) but
are essential to your business. But that's purely an individual decision for each organisation to make.
Do keep it broad though, and don't aim to list each and every individual record, or you'll be here until next year creating it, let alone maintaining the damned thing.
Keep in mind the key points : ISO 9001 requires you (organisation) to know & manage:
1. What kinds of records you have
2. Who's responsible for them
3. That they're appropriately stored & managed, including kept confidential where needed, and protected (so they don't get wiped out by careless fingers on the Delete key f'rinstance)
4. That you can get 'em when you need 'em
5. When you no longer need 'em, you dispose of them suitably. (hence, retention periods & disposal methods).
And yes, it includes electronic records, backups etc, not just hardcopy.