ISO 9001:2015 Control of Records - QMS Communications?

[giavannatabbs]

Hi all!

[ISO 9001:2015]

Is it necessary to include internal and external communications relevant to the QMS (clause 7.4) in your Control of Records Procedure?

Do internal and external communications relevant to the QMS need to be controlled and stored as records?

Most all communications relevant to the QMS for my organization are distributed via email and "stored" in Microsoft Outlook like all other emails, and my team is wondering if these emails need to be retained in a more robust way.

Please let me know what you think - thank you!

 

[yodon]

Nothing in the standard itself requires such records. If you have something in your procedure that requires such records be kept, then you would need to keep them.

To answer your question about storing (controlled) records in Outlook: I don't think that would meet the minimum requirements of preservation. A user could easily delete that record. You can save the email outside of Outlook in a secure location ... or print it to PDF. Either of those would give a bit more protection.

 

[tariq18]

Well it depends, standard does not say to control and keep record of everything.

You need to control what can effect your QMS and that you need to define for your organization.

 

[Big Jim]

Well it depends, standard does not say to control and keep record of everything.

You need to control what can effect your QMS and that you need to define for your organization.

Where does it say that?

 

[Mike S.]

Why isn't Outlook/email storage adequate? If Outlook contains a record that needs to be stored/retained, and you store that Outlook file, what's the problem?

 

[Jen Kirley]

Welcome to The Cove!

As you have been advised, ISO 9001:2015 does not require a record of communications. Please read the standard carefully and do not extrapolate. The requirement (7.4) is to determine the what, when, with whom, how and who of internal and external communications. Boom, that's it.

How to do this? There are many venues, but I have seen very effective determination in matrices shown to me simply as plans for how the communication would be accomplished. Let us keep in mind that external communications can include regulators as appropriate, as well as other officials whose receipt of information happens in specific ways.

We in The Cove have no way of knowing what that is, but you do. So, make a list of your interested parties for starters and work from there. What needs to be communicated with them? When? How? Who does it? The idea is that you have this in control. When the auditor asks about it you can show what these communications look like because the plan you make will provide a guide.

I hope this helps.

 

[tariq18]

Where does it say that?

ISO9001 -Clause 7.5 , 7.5.1, 7.5.3

 

[Randy]

Some Mandatory Records ISO 9001:2015 (many resulting from or involving internal/external communication)

7.1.5.1 Maintenance and Calibration of Monitoring and Measuring Equipment

7 .2 Competence

8.2.3.2 Product/Service Requirements Review

8.2.3.2 New Requirements for Product or Service

8.3.3 Design and Development Inputs

8.3.4 Design and Development Controls

8.3.5 Design and Development Outputs

8.3.6 Design and Development Changes

8.4.1 Evaluation of External Provider (supplier)

8.5.1 Product/Service Characteristics

8.5.3 Changes on Customer’s Property

8.5.6 Changes in Production/Service Provision

8.6 Evidence of Product/Service Conformity

8.7.2 Nonconforming output

9.1.1 Monitoring Performance Information

9.2.2 Internal Audit Program and Results

9.3 Management Review Results

10.2.2 Nonconformities and Corrective Action

 

[Big Jim]

Well it depends, standard does not say to control and keep record of everything.

You need to control what can effect your QMS and that you need to define for your organization.

First of all, I misread your first line. I didn't see the not. So your first line is correct, the standard does not say to control and keep record of everything.

I'm still not understanding what you are trying to say in your second line. I certainly don't see how you can get that out of anything in any part of 7.5.

 

[Dazzur]

First of all, I misread your first line. I didn't see the not. So your first line is correct, the standard does not say to control and keep record of everything.

I'm still not understanding what you are trying to say in your second line. I certainly don't see how you can get that out of anything in any part of 7.5.

I think he's saying you need to determine what needs/should be controlled.

b)DOCUMENTED INFORMATION determined by the organization as being necessary for the effectiveness of the quality management system.