Records required by ISO 9001:2015
List of required records for ISO 9001:2015, or documented information to be retained.
ISO 9001 requires records to be kept on certain activities. The phrase to look out for in the 2015 version of the quality management standard is documented information shall be retained.
Aside from auditing and certification purposes, keeping records provide important data for making fact-based decisions on changes in your business.
Here's the list of clauses that require you to retain documented information (i.e. keep records):
- QMS processes (4.4.2) "to the extent necessary"
- Monitoring and measuring resources (188.8.131.52)
- Measurement traceability (184.108.40.206)
- Competence (7.2)
- Operation (8.1) "to the extent necessary"
- Review of requirements for products & services (220.127.116.11) "as applicable"
- Design and Development Inputs (8.3.3)
- Design and Development Controls (8.3.4)
- Design and Development Outputs (8.3.5)
- Design and Development Changes (8.3.6)
- Control of externally provided processes, products and services (8.4.1)
- Identification and traceability (8.5.2)
- Property belonging to customers or external providers (8.5.3)
- Control of changes (8.5.6)
- Release of products and services (8.6)
- Control of nonconforming outputs (8.7)
- Monitoring, measurement, analysis and evaluation (9.1.1)
- Internal Audit (9.2.2)
- Management Review (9.3.3)
- Nonconformity and corrective action (10.2.2)
Clauses with the phrase "to the extent necessary" or "as applicable" allow some discretion for you to decide what records are needed.
There are couple of other clauses that require you to "monitor and review information":
- External and internal issues (4.1)
- Interested parties and their requirements (4.2)
which will be difficult to do without having documented the information in some way.
During an audit, these records provide necessary evidence for your auditor to determine whether you satisfy the requirements of the standard. Due to changes in required documentation for ISO 9001:2015, auditors are now much more interested in what you actually do (records), rather than what you say you do (procedures).