ISO 9001 Employee Training Records: Section 6.2.2 Requirements ISO 9001 training records are mandatory documented evidence that your employees are competent to perform work affecting product or service quality — not simply proof that they sat through a training session. That distinction matters more than most organizations realize.

Quality managers, HR professionals, and operations leaders preparing for certification or surveillance audits frequently misunderstand what the standard actually demands. Many have records that document attendance but prove nothing about competence, leaving them exposed to nonconformances that were entirely preventable.

This article walks through exactly what ISO 9001 Clause 7.2 requires, what a compliant training record must contain, and where organizations most often fall short.

TL;DR

  • ISO 9001:2015 Clause 7.2 requires organizations to determine competence, close gaps, and retain documented evidence that employees are qualified
  • Attendance records alone don't satisfy the requirement — records must capture effectiveness evaluation outcomes
  • A compliant record includes employee name and role, training topic and date, trainer/provider, and post-training assessment results
  • The standard prescribes no specific format — organizations define their own, provided records are accessible and auditable
  • Top audit failures: skipped effectiveness evaluations, undocumented contractor training, and informal on-the-job training with no written record

ISO 9001 Training Records: Understanding the Requirement

From Section 6.2.2 to Clause 7.2

Many organizations still encounter the "Section 6.2.2" reference because it was the training and competence clause in ISO 9001:2008, titled Competence, Training and Awareness. When ISO released the 2015 revision, that clause was restructured into two separate requirements: Clause 7.2 (Competence) and Clause 7.3 (Awareness). The core obligation carried forward unchanged: document that your people are competent.

The language, however, changed in a meaningful way:

  • ISO 9001:2008 required organizations to "maintain appropriate records of education, training, skills and experience."
  • ISO 9001:2015 Clause 7.2(d) requires organizations to "retain appropriate documented information as evidence of competence."

That shift — from records of training activities to evidence of competence — is the most consequential difference between the two versions.

Why the Language Shift Matters

The 2015 standard raised the bar. A training attendance log tells an auditor that someone was present. Evidence of competence tells them that person can actually perform the required work. The ISO/IAF Auditing Practices Group guidance on competence states explicitly that course participation alone does not itself constitute evidence that the trainee is competent.

This is a mandatory documented information requirement. Auditors will request these records as objective evidence during both Stage 2 certification audits and surveillance audits. Organizations that cannot produce them face nonconformances, not advisory comments.

What ISO 9001 Clause 7.2 Requires for Employee Training Records

The clause contains four sequential obligations. Most organizations handle the first two adequately. The last two are where audit findings concentrate.

Sub-clause Requirement
7.2(a) Determine the competence required for each person whose work affects QMS performance
7.2(b) Ensure those persons are competent based on education, training, or experience
7.2(c) Where applicable, take action to acquire competence and evaluate the effectiveness of those actions
7.2(d) Retain documented information as evidence of competence

ISO 9001 Clause 7.2 four sequential competence obligations comparison table infographic

Who Is Covered

"Persons doing work under the organization's control" extends beyond permanent employees. Contractors, temporary workers, and personnel from external providers whose work affects product or service quality all fall within scope. The ISO/IAF APG guidance also notes that Clause 8.4 may require communicating competence requirements to external providers when their personnel qualifications directly affect product or service outcomes. Overlooking this scope is one of the most common sources of nonconformances auditors flag in this clause.

The Effectiveness Evaluation Requirement

Clause 7.2(c) is the most frequently misunderstood element. Taking training alone is not sufficient. Organizations must define how they will assess whether training achieved its intended outcome — and record the result.

Acceptable effectiveness evaluation methods include:

  • Written or practical post-training tests
  • Supervisor observation and sign-off confirming demonstrated competency
  • Performance review results referencing specific competence criteria
  • Work output review against a defined standard

Without documented evaluation results, a training record only partially satisfies the standard's requirements.

The Built-In Flexibility

That obligation to evaluate and document does not come with a prescribed format. ISO 9001 does not mandate a specific training record structure, minimum training duration, or required retraining frequency. Organizations determine what is appropriate for each role based on the competence requirements they define. The flexibility is genuine — but it applies to how you document effectiveness, not whether you document it.

What Must Be Included in an ISO 9001 Training Record

Core Data Fields

A compliant training record should capture:

  • Employee name and job title, linking the record to a specific person and role
  • Training topic or course title that identifies the competence being addressed
  • Date, duration, and delivery method, establishing when and how training occurred
  • Trainer, instructor, or training provider who delivered the content
  • Post-training assessment or evaluation result — the outcome, not just the event

Supporting Fields That Add Audit Credibility

The standard does not explicitly require signatures, but including them is considered best practice:

  • Trainer or supervisor signature confirming the training was delivered and observed
  • Employee acknowledgment that the content was received and understood

These fields reduce disputes during audit and strengthen the record as objective evidence.

Formal vs. Informal Training Records

External training — courses, certifications, and provider-issued documentation — typically arrives with built-in records. The gap organizations consistently miss is internal on-the-job training.

When a supervisor walks a new operator through a process, or a senior technician demonstrates a procedure, that instruction counts as training under Clause 7.2. If it was not documented, it did not happen — at least not in the eyes of an auditor.

Organizations must create internal records for informal instruction using a defined format. These records do not need to be elaborate; a simple one-page form that captures the required fields is enough.

Record Retention

ISO 9001:2015 does not specify a minimum retention period for training records. Base retention decisions on:

  • Internal documented information controls
  • Duration of employment plus a defined period after separation
  • Sector-specific regulatory requirements, which can be stricter

For US-based organizations, regulatory minimums vary by industry:

  • Food manufacturing (21 CFR 117.315): at least 2 years after preparation
  • Medical device manufacturing (21 CFR 820.180): not less than 2 years from commercial release
  • Aerospace production (14 CFR 21.137): at least 5 years, and 10 years for critical components

Industry-specific training record retention periods food medical aerospace regulatory requirements

Do not use ISO 9001 as the retention rule when sector regulations are stricter.

Training Records vs. Evidence of Competence: Why It Matters at Audit

The Core Distinction

A training record documents that a training activity occurred. Evidence of competence demonstrates that the individual can perform the required work to the needed standard. ISO 9001:2015 requires the latter. Training records contribute to that evidence only when they include evaluation results.

Four Accepted Forms of Competence Evidence

Auditors accept any combination of these:

  1. Formal education credentials — degrees, diplomas, professional certifications
  2. Training records with effectiveness evaluations — the most common form
  3. Documented work experience — resumes, employment history, track records
  4. Performance reviews or supervisor competency assessments — direct evaluation of work output

ISO 9001 treats all four forms as equally valid evidence. An experienced machinist with 15 years on a particular process may have stronger competence evidence from a documented performance review than from a one-day course completion certificate.

Four accepted forms of ISO 9001 competence evidence auditor accepted documentation types

The Experience-Without-Records Problem

This is a scenario that many organizations handle incorrectly. When an employee is already competent through years of experience but has no formal training record, organizations often assume the competence is self-evident. To an auditor, it is not self-evident at all.

ISO 9001 allows experience to serve as the basis for competence under Clause 7.2(b). Clause 7.2(d) still requires retained documented information as evidence. The solution is a structured competency assessment or supervisor review that captures the observed competence on record. Simply noting that someone "has been doing this for 12 years" without a documented evaluation does not satisfy the requirement.

What Auditors Actually Trace

During a Clause 7.2 review, an auditor will :

  1. Select a job role within the QMS scope
  2. Ask for the defined competence requirements for that role
  3. Request documented evidence that the person currently in that role meets those requirements
  4. Look for evaluation results, not just training attendance

If that chain of evidence breaks at any point, it constitutes a nonconformance — regardless of how much training has been delivered.

How to Build and Maintain a Compliant Training Records System

The Training Matrix Foundation

A training matrix (also called a skills or competency matrix) that maps each job role to its required competencies and corresponding training requirements is the most effective organizational tool for managing Clause 7.2 compliance at scale.

A well-built matrix:

  • Makes competence gaps visible across the entire workforce
  • Drives training planning rather than reactive scheduling
  • Gives auditors a clear overview of workforce competence status in a single document
  • Provides cross-reference capability when auditors check Clauses 6.2 and 7.1.2 alongside 7.2

Synergistic Systems structures every client engagement around this model, centralizing training records, competency documentation, and related quality records in a cloud-based QMS intranet accessible across all sites from a single source.

Procedural Backbone

Individual training records are useful; a system for managing them is what auditors want to see. The supporting procedure should define:

  • Who is responsible for creating and storing records
  • What format is used (and where blank forms or templates are located)
  • Where records are stored and how they are retrieved
  • How long records are retained
  • Who has access and under what conditions

Without this procedural backbone, records may exist but cannot be systematically relied upon during audit.

Record Format and Technology Options

Organizations may use paper forms, spreadsheets, HRIS platforms, or dedicated QMS software. The standard has no preference. Whatever system is chosen must ensure records are:

  • Legible — readable now and at any future audit
  • Retrievable — findable within a reasonable timeframe during an audit
  • Protected — secured against unintended alteration or loss

For organizations managing records across multiple sites or departments, a cloud-based system with centralized storage and role-based access controls is the practical choice. Permission levels established per folder and records database ensure the right people access the right records — without exposing controlled documents to unintended users.

Common Mistakes That Cause Audit Findings

The most frequent Clause 7.2 nonconformances found during ISO 9001 audits:

  • Attendance-only records with no effectiveness evaluation — signing a roster proves presence, not competence
  • Contractor and temp worker records left out entirely — Clause 7.2 covers "persons under organizational control," not just direct employees
  • Outdated job descriptions that no longer match actual role requirements — records tied to obsolete competence criteria cannot demonstrate current qualification
  • Inconsistent coverage across a role — records for some employees but not others signal a system applied selectively, not systematically
  • Undocumented on-the-job training — verbal instruction and hands-on demonstration that was never captured in writing

Top five ISO 9001 Clause 7.2 audit nonconformances training records common mistakes

The last point deserves emphasis. In ISO 9001 audits, if it isn't documented, it didn't happen. That applies to formal classroom sessions and informal shop-floor walkthroughs equally — if there is no record, there is no evidence.

Frequently Asked Questions

Does ISO 9001 require training records?

Yes. ISO 9001:2015 Clause 7.2(d) explicitly requires organizations to "retain appropriate documented information as evidence of competence." Training records are the primary way this requirement is met, but they must demonstrate competence — including effectiveness evaluation results — not merely document that training took place.

What information must be included in an ISO 9001 training record?

A compliant record should capture the employee name and role, training topic and date, trainer or provider, delivery method, and post-training assessment result. The standard prescribes no specific format — but every record must be sufficient to serve as evidence of competence.

How do you keep track of employee training?

Most organizations use a training matrix linking job roles to required competencies, supported by individual training records and a documented procedure for maintaining them. Records can be managed via spreadsheets, HRIS software, or a QMS platform — Synergistic Systems' cloud-based QMS intranet centralizes training records across single and multi-site organizations.

What is the difference between ISO 9001 Section 6.2.2 and Clause 7.2?

Section 6.2.2 was the training and competence clause in ISO 9001:2008. Clause 7.2 is its equivalent in ISO 9001:2015. The 2015 version separated competence from awareness, shifted the language from "records of training activities" to "evidence of competence," and placed greater emphasis on demonstrating actual competence outcomes.

What happens if training records are missing during an ISO 9001 audit?

Missing or incomplete training records typically result in a nonconformance against Clause 7.2(d), which must be corrected before certification is issued or maintained. Auditors treat undocumented training as training that did not occur — the burden of proof rests entirely on the documented record.

Do ISO 9001 training records need to show that training was effective?

Yes. Clause 7.2(c) requires organizations to evaluate the effectiveness of actions taken to address competence gaps. Records should include a post-training assessment result, supervisor sign-off confirming observed competency, or equivalent documented evidence that the training achieved its intended outcome.