ISO Certification Process

ISO Certification Process Procedure of QRA Certification:

2.0   The Certification process shall consist of the following key stages,

         2.1 Application Review & Contract Review

        2.2 Initial Certification Audit: Stage 1 & Stage 2 Audit,

         2.3 Certification Decision

         2.4 Continual assessment (surveillance audit),

         2.5 Renewal Audit

         2.6 Suspending, Withdrawing, Extending or reducing scope of certification

3.0 ISO Certification Process Application Review & Contract Review:

3.1 ISO Certification Process Application Receipt:

ISO Certification Process Enquiry may be received in several forms, by telephone, letter, e-mail or Online Application.  Sometimes, QRA Certification, on its own may also approach prospective clients.

3.2 ISO Certification Process Applicant Information:

AM shall request the application organization to provide the following information in the questionnaire to enable QRA Certification to establish the following:

a) The desired scope of the certification;

b) The general features of the applicant organization, including its name and the address (es) of its physical location(s), significant aspects of its process and operations, and any relevant legal obligations;

c) general information, relevant for the field of certification applied for, concerning the applicant organization, such as its activities, human and technical resources, functions and relationship in a larger corporation, if any;

d) Information concerning all outsourced processes used by the organization that will affect conformity to requirements;

e) The standards or other requirements for which the applicant organization is seeking certification;

f) Information concerning the use of consultancy relating to the management system

3.3 ISO Certification Process Application Review:

3.3.1 On the receipt of the application questionnaire the details received shall be reviewed by AM for processing the certification. The review shall be conducted under Review of Application and contract review, if the same is found to be within QRA Certification scope of accreditation, AM forwards the application to Accounts Team for Contract Review and Quotation issuance process.

3.4 ISO Certification Process Contract Review:

3.4.1 Accounts Team shall prepare a quotation after the contract review based on requirements of Man Days, multi-site activities and other considerations. Estimation of man-days shall be as per QRA Certification procedure “Contract Review”. And after obtaining approval from Director Head Of Certification (HOC), the Accounts Team shall submit the same to the client. The matter shall be followed by the client for securing business.

3.4.2 If the client accepts the quotation of QRA Certification, he will forward the registration fee and On receipt of all these AM shall be required to verify the relevant details of the client’s application, fee quotation reconfirm Contract. He may consult Director (HOC) or any other officer of QRA Certification to carry out an accurate review. Including allocation of the scope sector of the client’s activities coming under the applied scope of registration with the original Questionnaire to check that there is no discrepancy. Any discrepancy shall be taken up with the client and differences resolved before acceptance of work.

 3.4.3 Based on the contract review for the Standards of ISO Certification Services is Applied for, QRA Certification shall determine the competencies needed to be included in its audit team and for the certification decision

3.4.4 Accounts Team /AM in consultation with Director (HOC) shall proceed for finalizing the audit team. The audit team shall be appointed and composed of auditors (and technical experts, as necessary) who, between them, have the totality of the competencies identified by QRA Certification in application review for the certification of the applicant organization. The selection of the team shall be performed concerning the designations of the competence of auditors and technical experts and may include the use of both internal and external human resources. The selection of the team comprising of Auditors/ Auditor Team including Technical Expert are selected as per QRA Certification Procedure.

3.4.5 The individual(s) who will be conducting the certification decision shall be appointed ensuring appropriate competence.

4.0 ISO Certification Process Initial Certification Audit ( Stage 1 Audit):

4.1 ISO Certification Process Stage 1 Audit:

QRA Certification proceeds with Initial Certification Audit (Stage-1) audit activity on completion of contract review and acceptance for QRA Certification Agreements. Stage 1 audit which is conducted before the Certification audit at client’s option to provide a macro-level assessment of the status of implementation and identification of any major deficiencies in the compliance of the documented quality system with the requirements of the certification standards, for corrective actions to be taken in advance of the certification audit.  It provides valuable inputs to give confidence to the clients and saves time for taking necessary corrective action, later. Stage 1 audit is done in all cases and it is also ensured that the auditor signs the conflict of interest before every visit.

Stage I audit is intended to:

a) Ensure that the clients management system documentation meets the requirements of the applicable standard/specification.

b) To collect information for the planning of the stage 2 audit and determine the client’s readiness for stage 2 audit including the interval between stage 1 and Stage 2 audits.

Stage 1 audit shall have an audit plan as per format QRA Certification. Normally the Stage 1 audit shall be performed at the client’s site. In exceptional cases stage 1 could be carried out without a visit (off-site). Such a decision shall be justified in the audit report, which may be based on the client’s size, location, risk consideration, previous knowledge, etc. In such a situation the client’s management shall be informed that the planning of stage 2 audit might not be accurate.

4.2 ISO Certification Process The stage 1 audit shall be conducted on-site as per the man-days defined in the Contract Review. The audit shall start with opening meetings and shall be concluded with a closing meeting in which the client shall be informed about the readiness for Stage 2 audit.

 The audit shall be performed:

1.      to audit the client’s management system documentation;

2.      to evaluate the client’s location and site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for the stage 2 audit.

3.      to review the client’s status and understanding regarding requirements of the standard, in particular concerning the identification of key performance or significant aspects, processes, objectives, and operation  of the management system;

4.      to collect necessary information regarding the scope of the management system, processes and location(s) of the client, and related statutory and regulatory aspects and compliance (e.g. quality, environmental, legal aspects of the client’s operation, associated risks, etc.);

5.      to review the allocation of resources for stage 2 audit and agree with the client on the details of the stage 2 audit;

6.      to provide a focus for planning the stage 2 audit by gaining a sufficient understanding of the client’s management system and site operations in the context of possible significant aspects;

7.      to evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage 2 audit.

8.      The OHSAS management system includes adequate processes to identify the organization’s OHS hazards and determine their significance as well.

9.      The OHS management system provides an adequate description of the organization and its on-site processes.

10.  An overview of the applicable regulations, agreement with approving authorities has been included in the OHSAS management system, also if there is any OHS license requirement in the application the relevant activities of the organization are in place.

11.  The OHSAS management system is designed to achieve the organization’s OHS policy.

12.  To verify that at least one cycle of Internal Audit & Management Review has been conducted and the OHSAS management system programmer is implemented properly and the preparedness for the conduction of Stage 2 audit. To collect necessary information for an on-site audit of temporary sites considering the sites as per the complexity category.

13.  To verify that the information derived from the Contract Review is complete and appropriate in all the terms for the OHS management system and verify the multi-site sampling plan if applicable.

14.  To collect necessary information and identify the issues which will need special attention during the stage 2 audit.

15.  The organization has identified PRPs appropriate to the business (e.g. regulatory and statutory requirements)

16.  The FSMS includes adequate processes and methods for the identification and assessment of the organization’s food safety hazards and subsequent selection and categorization of control measures (combinations)

17.  Food safety legislation is in place for the relevant sector(s) of the organization

18.  Food safety legislation is in place for the relevant sector(s) of the organization

19.  FSMS implementation programmer justifies proceeding to the Stage 2 audit

20.  The validation, verification and improvement programmes conform to the requirements of the FSMS standard

21.  The FSMS documents and arrangements are in place to communicate internally and with relevant suppliers, customers and interested parties

22.  Additional documentation needs to be reviewed and/or what knowledge needs to be obtained in advance.

23.  Where an organization has implemented an externally developed combination of control measures, the stage 1 audit shall review the documentation included in the FSMS to determine if the combination of control measures is suitable for the organization, was developed in compliance with the requirements of ISO 22000 and is kept up to date. The availability of relevant authorizations should be checked when collecting the information regarding compliance with regulatory aspects.

24.  For combined audits, the information gathered during Stage 1 must include the following points (in addition to the above objectives)

i) The level of integration of the organization’s management system (s)

ii) The ability of the organization’s personnel (at the time of the audit) to respond to questions relating to each management system standard covered by the combined audit

4.3 ISO Certification Process At the end of audit the team leader shall prepare an audit report declaring:

a)      Client’s status regarding readiness for stage 2 audit.

b)      Identified areas preventing the client being deemed ready.

c)      Areas of concern, which could be classified as non-conformity during stage 2 audit.

d)      During stage I audit no non-conformities shall be identified.

e)      In case it is concluded that the client is not ready for stage II audit then stage I audit shall be performed again.

f)       Team leader then shall prepare an audit plan for stage II audit based on defined processes of the client.

g)      Stage 1 audit findings documented and communicated to the client by the Team Leader

4.4 For most management systems, it is recommended that most parts of the stage 1 audit be carried out at the client’s premises to achieve the objectives stated above.

4.5 Stage 1 audit findings shall be documented and communicated to the client, including identification of any areas of concern that could be classified as nonconformity during the stage 2 audit.

4.6 In determining the interval between stage 1 and stage 2 audits, consideration shall be given to the needs of the client to resolve areas of concern identified during the stage 1 audit. QRA may also need to revise its arrangements for stage 2.

4.7 A detailed report shall be prepared by the Team Leader and a copy shall be given to the client. The report shall be evaluated by AM and the plan for the subsequent audits of the organization is discussed with the client.

4.8 It is expected that generally, the management system has been in place for at least about three months before the Pre-Audit is considered. However, time can be decided by the Director (HOC).

4.9 Any part of the management system audited at stage 1 audit and determined to be fully implemented, effective, and in conformity with requirements of FSMS can be left during the Stage 2 audit.

4.10 In case OHS Stage 1 & Stage 2 audit is carried out by different auditor, the auditor needs to take a copy of the report from QRA Certification, AM is responsible for confirming from the auditor.

5.0 ISO Certification Process Stage 2 Audit

Stage 2 audit is intended to:

a) Ensure that the client’s management system conforms to the requirements of the applicable standard/specification including its effectiveness.

b)  To provide guidelines for associated follow up audits/ surveillance audit and re-certification audit.

The purpose of the stage 2 audit is to evaluate the implementation, including effectiveness, of the client’s management system. The stage 2 audit plan is verified to ensure that the majority of the audit time is given to verify the effective implementation of the management system in the locations where the organization’s activities take place including on-site audits of temporary sites for OHSAS (In Management System Audit 80% of the audit time shall be given onsite).

QRA Certification ensures Stage 2 audit meets the following requirement

5.1 Stage 2 Audit shall take place at the site (s) of client

5.2 Stage 2 audit shall be conducted within maximum 90 days of completion of stage 1 audit

5.3 Team leader shall prepare an audit plan communicate to the client after completion of stage 1 audit

5.4 Stage 2 audit shall include at least the following:

  1. Information and evidence about conformity to all requirements of the applicable management system standard or another normative document
  2. Performance monitoring, measuring, reporting and reviewing against key, performance objectives and targets (consistent with the expectations in the applicable management system standard or another normative document).
  3. The client’s management system and performance as regards to legal and other requirements
  4. Operational control procedures of the client’s processes.
  5. Internal auditing and management review
  6. Management commitment and responsibility for the client’s policies
  7. Links between the normative requirements, policy, performance objectives and targets (consistent with the expectations in the applicable management system standard or another normative document), any applicable legal and other requirements, responsibilities, the competence of personnel, operations procedures, performance data, and internal audit findings and conclusions.
  8. Various mandatory records to ensure that the management system is operational
  9. Evidence of the monitoring of customer satisfaction
  10. The organization adheres to its own OHSAS policies, objectives and procedures.
  11. The OHS management system conforms to all the requirements of the OHS standard and is achieving the organization’s policy objectives for providing a safe and healthy working environment.
  12. Verify effective implementation of OHS including temporary sites.

5.5 Audit shall begin with an opening meeting followed by a site visit. If the audit is for more than one calendar day duration, a meeting shall be conducted to appraise the client on findings of the day including any non- conformities, the progress of audit, any problem faced and modification to the audit plan, if required

5.6 Before meeting the client/ closing meeting, the team leader shall have a meeting with the team members who will exchange findings and review the audit progress and system implementation status until that time.

5.7 Each team member shall ensure that the Auditor’s notes are legible, containing the name of the main audit, date and area/ process audited, what and where was seen, reference of documents/ records reviewed, any nonconformity identified with objective evidence, category of non- conformity, observations, etc.

5.8 As far as possible at least one member in the team shall possess the relevant code, who shall be assigned to audit core processes of the management system. In case of team members don’t have the competency, in such case a specialist with appropriate code shall be arranged.

5.9 It is the responsibility of the team leader to ensure that the audit is completed for areas/ processes by the team and all requirements are covered and that the team members have provided necessary inputs to him for completing the report.

5.10 If the audit is to be conducted in a language not known by any team member including team leader, a suitable interpreter should be arranged, ensuring impartiality.

5.11 If any non- conformity is identified, the auditor shall explain the same to the auditee to his satisfaction. In case of a Major non- conformity, the team leader shall be informed who will inform the management about the same and give them option either to terminate further audit or to continue.

5.12 While recording nonconformity, sufficient objective evidence, standard/specification clause number, client documents. Reference number (if any) in addition to the area where it was found shall be recorded in clear terms so that the auditee or any other person reading it can easily understand

5.13 In addition to non- conformity, any observation for improvement, positive issues should also be   recorded, in the report.

5.14 While deciding on recommendation, the issues like number and category of non- conformities, any concentration of non- conformities against any clause (s), view of team members shall be considered.

5.15 At the end of the assessment, a written report, duly signed by the team leader and client representative shall be prepared and handed over to the client which shall include nonconformities identified if any, the recommendation for certification or otherwise.

5.16 It is advisable to request the client to have a close look at the “Certification detail” in the report for any possible error in name, address, scope, spelling mistake, etc.

5.17 When a recommendation is made for certification the audit reports, confirmation of the information provided to the QRA Certification used in the application review, a recommendation whether or not to grant certification, together with any conditions or observations, the need for taking corrective action and need of verification of the corrective action taken (i.e. when there is nil or few minor non- conformities), by site visit or otherwise must be taken into account & explained.  The client should complete the corrective action within a maximum of 90 days from the date closing meeting.

5.18 A copy of the report should be given to the client and one copy with attendance record and auditors notes to be sent to the Head office of QRA Certification.

5.19 For multi- site certification “Procedure for selection site shall be followed.

5.20 Lead Auditor need to submit a copy of report to the client and accepted report to QRA Certification Head Office Bengaluru, Karnataka.

5.21 Lead Auditor shall identify the recommendations conditions with Non-Conformity or without Non-Conformity, the observations shall be well communicated in the report.

5.22 Nonconformities shall be classified as. Major or Minor according to their potential effects on the management system. The consequences of these shall be termed as follows:

6.0 ISO Certification Process Information For Granting Initial Certification

6.1 The information provided by the audit team to QRA Certification for the certification decision shall be as per the QRA Certification procedure “Procedure for the issue, change, and cancellation of certification. and shall include, as a minimum,

a) the audit reports,

b) comments on the non conformities and, where applicable, the correction and corrective actions taken by the client,

c) confirmation of the information provided to QRA Certification used in the application review,

d) a recommendation whether or not to grant certification, together with any conditions or observations. QRA shall make the certification decision based on an evaluation of the audit findings and conclusions and any other relevant information (e.g. public information, comments on the audit report from the client).

6.2 QRA Certification Committee shall analyze all information and audit evidence gathered during stage 1 and stage 2 audits to review the audit findings and agree on the audit conclusions.