ISO 9001 does not define specific retention periods for most quality records. Instead, it requires that you:
- Identify which records are needed to demonstrate conformity and effective QMS operation.
- Define how long each record type will be retained.
- Control those records so they are legible, retrievable, and protected for the entire retention period.
What ISO 9001 actually requires
ISO 9001:2015 refers to quality records as “documented information” that must be retained to provide evidence of conformity and of the effective operation of the QMS. It requires you to:
- Maintain documented information on your processes, including how records are handled.
- Retain documented information for as long as it is needed for evidence.
- Control retention and disposition (e.g., through a retention schedule or procedure).
However, it does not state a universal number of years for retaining nonconformance reports, inspection reports, training records, or similar artifacts.
Key drivers for record retention periods
In a regulated, long-lifecycle manufacturing environment, retention time is driven more by external and business requirements than by ISO 9001 itself. Typical drivers include:
- Legal and liability requirements: Product liability and contract law in your jurisdiction may effectively require retention for the full product life plus a defined period (often several years). This is highly jurisdiction-specific and requires legal input.
- Customer and contract clauses: Many aerospace, defense, and medical customers specify minimum retention times (e.g., 10, 15, 25 years, or life-of-program). These usually override your default QMS rules.
- Regulatory and sector standards: Other standards (AS9100, IATF 16949, medical device regulations, etc.) and regulatory bodies may define explicit retention requirements for certain record types.
- Product and fleet lifecycle: In aerospace and similar sectors, products are in service for decades. Records that support configuration, conformity, and investigations often need to be available for the entire expected life plus a buffer.
- Internal risk appetite: Organizations with high risk exposure or complex failure modes often choose retention longer than the minimum to support incident investigation and trend analysis.
Typical retention practices by record type
The exact numbers must come from your own legal, customer, and regulatory analysis, but in aerospace and other high-liability sectors it is common to see:
- Design & configuration records (drawings, models, BOMs, ECNs): Life of product + many years, often life-of-fleet or indefinitely, to support traceability and investigations.
- Manufacturing and inspection records (travelers, inspection reports, test data, certificates of conformity): Frequently 10–25 years or life-of-program; sometimes life-of-product where required by contract or regulation.
- Nonconformance, MRB, and CAPA records: Typically aligned with related product/lot records, often 10+ years in aerospace-grade environments.
- Calibration and equipment qualification: Long enough to cover the use of the equipment plus an investigation window (for example, equipment life + 5–10 years), especially where measurement error could affect fielded product.
- Training and competence: At least for the employment period plus a defined number of years, and at minimum for the duration of product realization activities relevant to that operator’s work.
- Internal audit and management review: Often a rolling multi-year period (for example, 3–10 years), with longer retention if required by customer or sector standards.
These are descriptive of common practice, not prescriptive rules. They may be insufficient in some regulatory contexts and excessive in others.
Brownfield and system coexistence considerations
Long retention times are often at odds with how legacy MES, ERP, PLM, and file systems were originally configured. Practical issues include:
- Archival vs. online storage: You may need a layered approach where recent records remain online in MES/ERP and older records are migrated to an archive or records-management system with controlled access and metadata for retrieval.
- System replacement risk: Full replacement of legacy systems purely to “fix” retention often fails in aerospace-grade environments due to validation burden, downtime risk, and the effort required to migrate and re-qualify historical data. Incremental digitization and targeted archival projects are usually more realistic.
- Data integrity and format obsolescence: For multi-decade retention, you need a plan to maintain readability as software and formats change, including controlled migrations under change control.
- Linkage across systems: Records often span QMS, MES, ERP, PLM, and LIMS. Your retention strategy has to preserve traceability across system boundaries, not just within a single application.
How to define retention in your QMS
To operationalize ISO 9001 requirements, most organizations create a documented retention schedule or matrix that:
- Lists key record types (e.g., travelers, FAI reports, calibration certificates, NC/CAPA, training, audits).
- Specifies the required retention period for each, with references to the sources (legal, customer, regulatory, internal policy).
- Identifies the system of record (QMS, MES, ERP, PLM, document management, etc.).
- Defines ownership (who is responsible for ensuring retention and controlled disposition).
- Describes the method of disposal once the retention period ends, including required protections for confidential and export-controlled data.
This retention schedule should be maintained under document control and updated through formal change control when requirements change (for example, a new customer contract with stricter terms).
Validation and change control
Any change that affects how and where quality records are stored, archived, or disposed should be handled under your normal change control and, where applicable, computer system validation processes. This is particularly important when:
- Migrating records from paper to digital or between digital systems.
- Introducing new archival technologies or cloud storage.
- Decommissioning legacy systems that contain historically significant quality records.
The goal is to demonstrate continued integrity, traceability, and retrievability of records throughout the retention period, despite technology changes.
Bottom line
ISO 9001 requires you to define and follow retention rules for quality records, but it does not provide universal timeframes. In long-lifecycle, regulated manufacturing, retention often extends into decades and must be aligned with legal, customer, and regulatory obligations, supported by a realistic strategy for coexistence of legacy and modern systems.
