Disposition of ISO 9001 Records

Disposition of ISO 9001 Records

Disposition in this context means the disposal of records once their useful life
has ended. The requirement should not be confused with that on the retention
of records. Retention times are one thing and disposal procedures quite
another.
The ISO 9001 standard does not specifically require records to be authenticated, certified
or validated other than product verification records in clause 8.2.4. A set of
results without being endorsed with the signature of the person who captured
them or other authentication lacks credibility. Facts that have been obtained by
whatever means should be certified for three reasons:

They provide a means of tracing the result to the originator in the event of
problems.
They indicate that the provider believes them to be correct.
They enable you to verify whether the originator was appropriately
qualified.
They give the results credibility.

If the records are generated by computer and retained in computerized form,
a means needs to be provided for the results to be authenticated. This can be
accomplished through appropriate process controls by installing provisions for
automated data recording or preventing unauthorized access.