Does ISO 9001 requires the Control of All Records generated?

[iqkh76]

Hi!

My question is does ISO says to control all the records generated in an organization. For eg. my org issues certificates to the clients, do I need to control them with format numbers and version?????


Regards

 

[Gert Sorensen]

Re: Record Control

You only need to control the documents that are necessary for your Q-system.

 

[iqkh76]

Thank you for the reply


I would like to know that, my org issues testing certificates to the customers do I need to put format number to this or if I leave this documents without the format numbers will it be a NC in the Audit.

I have controlled all other reports related to our jobs but not the certificates which is also a part of the final documents given to the customer.

Rgds

 

[Ted Schmitt]

Thank you for the reply


I would like to know that, my org issues testing certificates to the customers do I need to put format number to this or if I leave this documents without the format numbers will it be a NC in the Audit.

I have controlled all other reports related to our jobs but not the certificates which is also a part of the final documents given to the customer.

Rgds

You only need to the control records that are stated in the standard (search for all the "see 4.2.4"). You might want to control other records generated by your system which you judge be beneficial to your QMS. In regards to your specific question, my organization has a test certificate also, we number each certificate and store them on our network... I don´t treat it as a record (under clause 4.2.4), but I do save them in case a client needs another copy or misplaces his...

 

[potdar]

Hi!

My question is does ISO says to control all the records generated in an organization. For eg. my org issues certificates to the clients, do I need to control them with format numbers and version?????


Regards

No.

The standard talks of of what records 'shall' be maintained. Your sytem defines what records fall within that scope. 4.2.4 defines how these shall be controlled. Your system details it. You are free to add any additional record under the scope if it helps.

Its all a very nice concise idea. Unless the auditor starts getting better ideas.

 

[James Gutherson]

Your certificates are a product - you need to make a descision whether you need to keep track of which customer has which certificate or what the contents of the certificate are - for recall, marketing, other...

What you might look at controlling is the template that is used to produce the certificate - so that you can ensure that all certificates are produced using the correct template and has the current approved terminology and information.

 

[harry]

I am in agreement with James. Long before ISO came into the picture, good practices had been introduced where certificates are concerned.

Most certificates such as share certificates, testing or educational/training certificates are frequently subjected to forgery and therefore there is a need for traceability and control. A log book is normally maintained with records of each certificate - whom they were issued, when issued and other details such as replacement, destroyed due to error, etc.

Serial numbers are good because if one or two pieces of certificates are stolen, you can straight away find out from your records and account for it. I noticed from your profile that you are in testing services. Don't you practice the same?

 

[iqkh76]

Thank you James & Harry for such a detailed explaination.

Our organization maintaines a log book for all the certificates issued and/or scrapped in case of errors in the certificates.

Since this certificates are a part of the service we provide to the customers does it become necessary to include the certificates into the QMS system since this become a records as mentioned in the process documents.

Do I need to make a standard format for the certificates and give them a format number and a version no.

OR

Can I exclude this certificates from the control of records clause of ISO 9001:2000?

Also to mention the contents of the certificate always vary as per the requirements so do I make this contents a standard format or should I exclude this records completely?

your comments on the above are very much appreciated.

Regards

 

[potdar]

Our organization maintaines a log book for all the certificates issued and/or scrapped in case of errors in the certificates.

Since this certificates are a part of the service we provide to the customers does it become necessary to include the certificates into the QMS system since this become a records as mentioned in the process documents.

If you are maintaining copies of the certificates provided, the copies are your records - not the certificates. If details given in the certificate are maintained in the log book or some separate register / database, they will be the records.

Do I need to make a standard format for the certificates and give them a format number and a version no.

OR

Can I exclude this certificates from the control of records clause of ISO 9001:2000?

Some confusion needs to be cleared here. Formats are documents - not records. So, control of these shall fall under document control - not record control.

Also to mention the contents of the certificate always vary as per the requirements so do I make this contents a standard format or should I exclude this records completely?

If the contents vary, it may not be feasible to have a specific standardised format. A generalised format is still feasible. A record can even be maintained on plain paper (the most generalised format). You are the best judge to decide how specific a format you can or cannot (need or need not) maintain.

Hope this helps.

 

[James Gutherson]

Forget the control of Records clause in ISO - do what make sense for your business.

Your log book sounds like you are tracking the certificates (which is actually controlling product) - the question is how much do you want to track. Do you need to know exactly what is on the certificate that is in the customers hand, or do you just need to know they have a certificate - and maybe some further info like an expiry date etc. ?

How are the certificates produced? Are they a report from a Database, or something like individual documents?

As for version control of the certificate 'layout', I am in favour of it, particularly if the certificates are individual documents. It is a way of ensuring that the certificate has been created in the current approved format using the approved information (this is something I am dealing with currently).

Summary of what you need to control:

Product - the certificate: You need to in your case, be able to identify product - so the certificates need a unique identifier like a serial number, or a combination of Issue Date & Customer, some thing that identifies that particular certificate.

Documents: The policies, procedures, work instructions etc used to conduct the testing and produce the certificates.

Equipment: You need to ensure that your testing equipment is calibrated obviously for your buisiness, but also the supporting systems like databases, spreadsheets etc are producing the correct output.

Records: You need to keep records that show you followed your approved procedures to produce your final product (the testing results and certificate). You also need to keep records that show your equipment is working correctly (calibration records and testing records of the databases and spreadsheets etc.)

There are other supporting systems like Management Review, Audit and CAPA that will have their own document and record requirements for an ISO system.

I'm starting to ramble a bit here.