Disposition of ISO 9001 records

Disposition of ISO 9001 records


Disposition in this context means the disposal of records once their useful life has ended. The requirement should not be confused with that on the retention of records. Retention times are one thing and disposal procedures quite another.

The standard does not specifically require records to be authenticated, certified or validated other than product verification records in clause 8.2.4. A set of results without being endorsed with the signature of the person who captured them or other authentication lacks credibility. Facts that have been obtained by whatever means should be certified for three reasons:

They provide a means of tracing the result to the originator in the event of problems.
They indicate that the provider believes them to be correct.
They enable you to verify whether the originator was appropriately qualified.
They give the results credibility.

If the records are generated by computer and retained in computerized form, a means needs to be provided for the results to be authenticated. This can be accomplished through appropriate process controls by installing provisions for automated data recording or reventing unauthorized access.