ISO Certification Process
2.0 ISO Certification Procedure of TNV:
2.1 The Certification process shall consist of the following key stages,
2.1 Application Review & Contract Review
2.2 Initial Certification Audit: Stage-1 & Stage 2 Audit),
2.3 Certification Decision
2.4 Continual assessment (surveillance audit),
2.5 Renewal Audit
2.5 Suspending, Withdrawing, Extending or reducing scope of certification
3.0 Application Review & Contract Review (Refer Procedure P05 for detailed information):
3.1 Application Receipt:
ISO Certifiction Enquiry may be received in several forms, by telephone, letter, e-mail or facsimile. Sometimes, TNV, on its own may also approach prospective clients.
3.2 Applicant Information:
AM shall request the application organization to provide the following information in questionnaire TNV-F-001 to enable TNV to establish the following:
a) The desired scope of the certification;
b) The general features of the applicant organization, including its name and the address (es) of its physical location(s), significant aspects of its process and operations, and any relevant legal obligations;
c) general information, relevant for the field of certification applied for, concerning the applicant organization, such as its activities, human and technical resources, functions and relationship in a larger corporation, if any;
d) Information concerning all outsourced processes used by the organization that will affect conformity to requirements;
e) The standards or other requirements for which the applicant organization is seeking certification;
f) Information concerning the use of consultancy relating to the management system
3.3 Application Review:
3.3.1 On receipt of the application questionnaire, the details received shall be reviewed by the AM against NACE / ANZSIC Codes and the accredited codes of IAF to check TNV’s capability for processing the certification. The review shall be conducted in accordance with Procedure No. P-06, “Procedure for Review of Application and Contract Review.” If the same is found to be within TNV’s scope of accreditation, the AM forwards the application to the QM for Contract Review and Quotation issuance process.
3.4 Contract Review:
3.4.1 QM shall prepare a quotation after the contract review, based on the requirements of mandays, multi-site activities, and other considerations. Estimation of mandays shall be as per TNV's procedure “Contract Review.” After obtaining approval from the CEO, the quotation shall be submitted to the client. The matter shall then be followed up with the client for securing the business.
3.4.2 If the client accepts the quotation of TNV, they will forward the registration fee. On receipt of all these, the AM shall verify the relevant details of the client’s application, the fee quotation, and reconfirm the contract. The AM may consult the CEO or any other officer of TNV to carry out an accurate review, including allocation of the scope sector of the client’s activities falling under the applied scope of registration. The original questionnaire shall be checked to ensure there is no discrepancy. Any discrepancy shall be taken up with the client, and differences shall be resolved prior to acceptance of the work.
3.4.3 Based on the contract review for the Standards of ISO Certification Services is Applied for, TNV shall determine the competences needed to be included in its audit team and for the certification decision
3.4.4 QM /AM in consultation with CEO shall proceed for finalizing the audit team. The audit team shall be appointed and composed of auditors (and technical experts, as necessary) who, between them, have the totality of the competences identified by TNV in application review for the certification of the applicant organization. The selection of the team shall be performed with reference to the designations of competence of auditors and technical experts and may include the use of both internal and external human resources. The selection of the team comprising of Auditors/ Auditor Team including Technical Expert are selected as per TNV Procedure.
3.4.5 The individual(s) who will be conducting the certification decision shall be appointed ensuring appropriate competence.
4.0 Initial Certification Audit ( Stage 1 Audit):
4.1 Stage 1 Audit:
TNV proceeds with the Initial Certification Audit (Stage-1) upon completion of the contract review and acceptance of the TNV certification agreement. The Stage-1 audit, conducted prior to the Certification Audit, provides a macro-level assessment of the implementation status and helps identify any major deficiencies in the compliance of the documented quality system with the requirements of the certification standards. This allows the client to take corrective actions in advance of the Certification Audit.
Stage-1 audit offers valuable input, builds client confidence, and saves time by allowing necessary corrective actions to be taken early. It is conducted in all cases, and it is also ensured that the auditor signs a Conflict of Interest declaration before every visit.
Stage I audit is intended to:
a) Ensure that the clients management system documentation meets the requirements of the applicable standard/specification.
b) To collect information for planning the Stage-II audit and to determine the client’s readiness for the Stage-II audit, including the interval between Stage-I and Stage-II audits.
The Stage-I audit shall have an audit plan as per format TNV-F-005. Normally, the Stage-I audit shall be performed at the client’s site. In exceptional cases, Stage-I may be conducted without a site visit (off-site). Such a decision shall be justified in the audit report and may be based on factors such as the client’s size, location, risk considerations, previous knowledge, etc. In such situations, the client’s management shall be informed that the planning of the Stage-II audit might not be entirely accurate.
4.2
The stage 1 audit shall be conducted on site as per the man-days defined in the Contract Review. Audit shall start with opening meeting and shall be concluded with closing meeting in which client shall be informed about the readiness for Stage 2 audit.
The audit shall be performed:
1. to audit the client's management system documentation;
2. to evaluate the client's location and site-specific conditions and to undertake discussions with the client's personnel to determine the preparedness for the stage 2 audit and a) Verify Quotation Information;
3. to review the client's status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or significant aspects, processes, objectives and operation of the management system;
4. to collect necessary information regarding the scope of the management system, processes and location(s) of the client, and related statutory and regulatory aspects and compliance (e.g. quality, environmental, legal aspects of the client's operation, associated risks, etc.);
5. to review the allocation of resources for stage 2 audit and agree with the client on the details of the stage 2 audit;
6. to provide a focus for planning the stage 2 audit by gaining a sufficient understanding of the client's management system and site operations in the context of possible significant aspects;
7. to evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage 2 audit.
8. The OHSAS management system includes adequate processes to identify the organizations OHS hazards and determine their significances as well.
9. The OHS management system provides an adequate description of the organization and its on-site processes.
10. An overview of the applicable regulations, agreement with approving authorities has been included in the OHSAS management system, also if there is any OHS license requirement in application the relevant activities of the organization are in place.
11. The OHSAS management system is designed to achieve the organization’s occupational health and safety (OHS) policy.
12. To verify that at least one cycle of Internal Audit & Management Review has been conducted and the OHSAS management system programme is implemented properly and the preparedness for the conduction of Stage 2 audit. To collect necessary information for on-site audit of temporary sites considering the sites as per the complexity category.
13. To verify that the information derived from the Contract Review is complete and appropriate in all the terms for the OHS management system and verify the multisite sampling plan if applicable.
14. To collect necessary information and identify the issues which will need special attention during the stage 2 audit.
15. The organization has identified PRPs appropriate to the business (e.g. regulatory and statutory requirements)
16. The FSMS includes adequate processes and methods for the identification and assessment of the organization’s food safety hazards, as well as the subsequent selection and categorization of control measures (or their combinations).
17. Food safety legislation is in place for the relevant sector(s) of the organization
18. Food safety legislation is in place for the relevant sector(s) of the organization
19. FSMS implementation programme justifies proceeding to the Stage 2 audit
20. The validation, verification and improvement programmes conform to the requirements of the FSMS standard
21. The FSMS documents and arrangements are in place to communicate internally and with relevant suppliers, customers and interested parties
22. Additional documentation needs to be reviewed and/or what knowledge needs to be obtained in advance.
23. Where an organization has implemented an externally developed combination of control measures, the stage 1 audit shall review the documentation included in the FSMS to determine if the combination of control measures is suitable for the organization, was developed in compliance with the requirements of ISO 22000, and is kept up to date. The availability of relevant authorizations should be checked when collecting the information regarding the compliance to regulatory aspects.
24. For combined audits the information gathered during Stage 1 must include the following points (in addition to the above objectives)
i) The level of integration of the organization’s management system(s)
ii) The ability of the organizations personnel (at the time of the audit) to respond to questions relating to each management system standard covered by the combined audit
4.3 At the end of audit the team leader shall prepare an audit report declaring:
a) Client’s status regarding readiness for the Stage-2 audit.
b) Identified areas preventing the client being deemed ready.
c) Areas of concern, which could be classified as non-conformity during stage II audit.
d) During stage I audit no non-conformities shall be identified.
e) In case it is concluded that the client is not ready for stage II audit then stage I audit shall be performed again.
f) Team leader then shall prepare an audit plan for stage II audit based on defined processes of the client.
g) Stage 1 audit findings documented and communicated to the client by the Team Leader
4.4 For most management systems, it is recommended that most part of the stage 1 audit be carried out at the client's premises in order to achieve the objectives stated above.
4.5 Stage 1 audit findings shall be documented and communicated to the client, including identification of any areas of concern that could be classified as nonconformity during the stage 2 audit.
4.6 In determining the interval between stage 1 and stage 2 audits, consideration shall be given to the needs of the client to resolve areas of concern identified during the stage 1 audit. TNV may also need to revise its arrangements for stage 2.
4.7 A detailed report shall be prepared by the Team Leader and a copy shall be given to the client. The report shall be evaluated by AM and plan for the subsequent audits of the organization is discussed with the client.
4.8 It is expected that the generally the management system has been in place for at least about three months before the Pre-Audit is considered. However, the time can be decided by CEO.
4.9 Any part of management system audited at stage I audit and determined to be fully implemented, effective, and in conformity with requirements of FSMS can be left during the Stage 2 audit.
4.10 In case OHS Stage 1 & Stage 2 audit is carried out by different auditor, the auditor need to take a copy of the report from TNV, QM is responsible for confirming from the auditor.
5.0 Stage 2 Audit
Stage II audit is intended to:
a) Ensure that the clients management system conforms to the requirements of the applicable standard/specification including its effectiveness.
b) To provide guidelines for associated follow up audits/ surveillance audit and recertification audit.
The purpose of the Stage-2 audit is to evaluate the implementation, including the effectiveness, of the client’s management system. The Stage-2 audit plan is verified to ensure that the majority of the audit time is allocated to verifying the effective implementation of the management system at locations where the organization’s activities take place, including on-site audits of temporary sites for OHSAS. In Management System Audits, 80% of the audit time shall be allocated to on-site activities.
TNV ensures Stage 2 audit meets the following requirement
5.1 Stage 2 Audit shall take place at the site (s) of client
5.2 Stage 2 audit shall be conducted within maximum 90 days of completion of stage 1 audit
5.3 Team leader shall prepare an audit plan communicate to the client after completion of stage 1 audit
5.4 Stage 2 audit shall include at least the following:
1. Information and evidence about conformity to all requirements of the applicable management system standard or other normative document
2. Performance monitoring, measuring, reporting and reviewing against key, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document).
3. The client’s management system and performance regarding legal and other requirements.
4. Operational control procedures for the client’s processes..
5. Internal auditing and management review
6. Management commitment and responsibility for the client’s policies.
7. Links between the normative requirements, policy, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document), any applicable legal and other requirements, responsibilities, competence of personnel, operations procedures, performance data and internal audit findings and conclusions.
8. Various mandatory records to ensure that the management system is operational
9. Evidence of the monitoring of customer satisfaction
10. The organisation adheres to its own OHSAS policies, objectives and procedures.
The OHS management system conforms to all the requirements of the OHS standard and is achieving the organization’s policy objectives for providing a safe and healthy working environment.
Verify effective implementation of OHS including temporary sites.5.5 Audit shall begin with an opening meeting followed by a site visit. If the audit is for more than one calendar day duration, a meeting shall be conducted to apprise the client on findings of the day including any non- conformities, progress of audit, any problem faced and modification to the audit plan, if required
5.6 Before meeting the client/ closing meeting, the team leader shall have a meeting with the team members who will exchange findings and review the audit progress and system implementation status till that time.
5.7 Each team member shall ensure that the auditor’s notes are legible and contain the name of the main auditee, the date, the area/process audited, what and where was observed, references to documents/records reviewed, any nonconformity identified with objective evidence, the category of nonconformity, observations, etc.
5.8As far as possible, at least one member of the team shall possess the relevant code and be assigned to audit the core processes of the management system. In case the team members do not have the required competency, a specialist with the appropriate code shall be arranged.
5.9 It is the responsibility of the team leader to ensure that the audit is completed for areas/ processes by the team and all requirements are covered and that the team members have provided necessary inputs to him for completing the report.
5.10 If audit is to be conducted in a language not known by any team member including team leader, a suitable interpreter should be arranged, ensuring impartiality.
5.11 If any non- conformity is identified, the auditor shall explain the same to auditee to his satisfaction. In case of a Major non- conformity, the team leader shall be informed who will inform the management about the same and give them option either to terminate further audit or to continue.
5.12 While recording nonconformity, sufficient objective evidence, standard/ specification clause number, client documents. Reference number (if any) in addition to area where it was found shall be recorded in clear terms so that the auditee or any other person reading it can easily understand
5.13 In addition to non- conformity, any observation for improvement, positive issues should also be recorded, in the report.
5.14 While deciding on recommendation, the issues like number and category of non- conformities, any concentration of non- conformities against any clause (s), view of team members shall be considered.
5.15 At the end of the assessment, a written report, duly signed by the team leader and client representative shall be prepared and handed over to the client which shall include non conformities identified if any, recommendation for certification or otherwise.
5.16 It is advisable to request the client to carefully review the "Certification Details" in the report for any possible errors in name, address, scope, spelling mistakes, etc.
5.17 When recommendation is made for certification the audit reports, confirmation of the information provided to the TNV used in the application review, a recommendation whether or not to grant certification, together with any conditions or observations, the need for taking corrective action and need of verification of the corrective action taken (i.e. when there is nil or few minor non- conformities), by site visit or otherwise must be take into account & explained. The client should complete the corrective action within maximum 90 days from the date closing meeting.
5.18 A copy of the report should be given to the client and one copy with attendance record and auditors notes to be sent to Head office of TNV.
5.19 For multi-site certification, the "Procedure for Selection of Sites" (P06) shall be followed.
5.20 Lead Auditor need to submit a copy of report to the client and accepted report to TNV Head Office Lucknow, Uttar Pradesh.
5.21 Lead Auditor shall clearly identify the recommendations conditions with Non Conformity or without Non Conformity, the observations shall be well communicated in the report.
5.22 Non conformities shall be classified as. Major or Minor according to their potential effects on the management system. The consequences of these shall be termed as follows:
Type of NC
Pre- Audit
Certification Audit
Surveillance or recertification audit
Major
- No certification
- Completion
- time scale open
- Full certification audit
-No certification until completion within 60 days or new full audit verification based on objective evidence (on documents or on site)
- Next surveillance audit within 6/9 months
- Completion within 15 days
- Verification based on objective evidence (on documents or on site)
- Certification suspended: Information to the customers.
- New verification based on objective evidence
- Next surveillance audit within 6/9 months
Minor
No certification
- Certification completion effective or effectively planned within 30 days
- Verification based on objective evidence (on documents or on site)
Completion effective or effectively planned within 30 days
- Verification based on objective evidence (on documents or in site)
- Certification suspended: information to customers
6.0 Information For Granting Initial Certification
6.1The information provided by the audit team to TNV for the certification decision shall be in accordance with TNV Procedure No. P-07, "Procedure for Issue, Change, and Cancellation of Certification," and shall include, at a minimum,
a) the audit reports,
b) comments on the nonconformities and, where applicable, the correction and corrective actions taken by the client,
c) confirmation of the information provided to TNV used in the application review , and
d) a recommendation whether or not to grant certification, together with any conditions or observations. TNV shall make the certification decision on the basis of an evaluation of the audit findings and conclusions and any other relevant information (e.g. public information, comments on the audit report from the client).
6.2 TNV Certification Committee shall analyze all information and audit evidence gathered during the stage 1 and stage 2 audits to review the audit findings and agree on the audit conclusions.
