ISO Certification Process

ISO Certification Procedure of QRA:

2.0   The Certification process shall consist of the following key stages,

         2.1 Application Review & Contract Review

        2.2 Initial Certification Audit: Stage 1 & Stage 2 Audit,

         2.3 Certification Decision

         2.4 Continual assessment (surveillance audit),

         2.5 Renewal Audit

         2.5 Suspending, Withdrawing, Extending or reducing scope of certification

3.0 Application Review & Contract Review:

3.1 Application Receipt:

ISO Certification Enquiry may be received in several forms, by telephone, letter, e-mail or facsimile.  Sometimes, QRA, on its own may also approach prospective clients.

3.2 Applicant Information:

AM shall request the application organization to provide the following information in questionnaire to enable QRA to establish the following:

a) The desired scope of the certification;

b) The general features of the applicant organization, including its name and the address (es) of its physical location(s), significant aspects of its process and operations, and any relevant legal obligations;

c) general information, relevant for the field of certification applied for, concerning the applicant organization, such as its activities, human and technical resources, functions and relationship in a larger corporation, if any;

d) Information concerning all outsourced processes used by the organization that will affect conformity to requirements;

e) The standards or other requirements for which the applicant organization is seeking certification;

f) Information concerning the use of consultancy relating to the management system

3.3 Application Review:

3.3.1 On the receipt of application questionnaire the details received shall be reviewed by AM for processing the certification. The review shall be conducted in accordance with Review of Application and contract review, if the same is found to be within QRA scope of accreditation, AM forwards the application to QM for Contract Review and Quotation issuance process.

3.4 Contract Review:

3.4.1 QM shall prepare a quotation after the contract review based on requirements of Man Days, multi site activities and other considerations. Estimation of man days shall be as per QRA procedure “Contract Review”. And after obtaining approval from Director Head Of Certification (HOC), shall submit the same to the client. The matter shall be followed with the client for securing business.

3.4.2 If the client accepts the quotation of QRA, he will forward the registration fee and On receipt of all these AM shall be required to verify the relevant details of the client’s application, fee quotation reconfirm Contract. He may consult Director (HOC) or any other officer of QRA to carry out an accurate review. Including allocation of the scope sector of the client’s activities coming under the applied scope of registration with the original Questionnaire to check that there is no discrepancy. Any discrepancy shall be taken up with the client and differences resolved prior to acceptance of work.

 3.4.3 Based on the contract review for the Standards of ISO Certification Services is Applied for, QRA shall determine the competences needed to be included in its audit team and for the certification decision

3.4.4 QM /AM in consultation with Director (HOC) shall proceed for finalizing the audit team. The audit team shall be appointed and composed of auditors (and technical experts, as necessary) who, between them, have the totality of the competences identified by QRA in application review for the certification of the applicant organization. The selection of the team shall be performed with reference to the designations of competence of auditors and technical experts and may include the use of both internal and external human resources. The selection of the team comprising of Auditors/ Auditor Team including Technical Expert are selected as per QRA Procedure.

3.4.5 The individual(s) who will be conducting the certification decision shall be appointed ensuring appropriate competence.

4.0 Initial Certification Audit ( Stage 1 Audit):

4.1 Stage 1 Audit:

 QRA proceeds with Initial Certification Audit (Stage-1) audit activity on completion of contract review and acceptance for QRA certification agreements. Stage 1 audit which is conducted before the Certification audit at client’s option to provide a macro level assessment of the status of implementation and identification of any major deficiencies in the compliance of the documented quality system with the requirements of the certification standards, for corrective actions to be taken in advance of the certification audit.  It provides valuable inputs to give confidence to the clients and saves time for taking necessary corrective action, later. Stage 1 audit is done in all cases and it is also ensured that the auditor signs the conflict of interest before every visit.

Stage I audit is intended to:

a) Ensure that the clients management system documentation meets the requirements of the applicable standard/specification.

b) To collect information for planning of stage II audit and determine the client’s readiness for stage II audit including interval between stage I and Stage II audits.

Stage I audit shall have an audit plan as per format QRA. Normally the Stage I audit shall be performed at client’s site. In exceptional cases stage I could be carried out without a visit (off site). Such decision shall be justified in audit report, which may be based on the client’s size, location, risk consideration, previous knowledge, etc. In such situation the client’s management shall be informed that the planning of stage II audit might not be accurate.

4.2 The stage 1 audit shall be conducted on site as per the man-days defined in the Contract Review. Audit shall start with opening meeting and shall be concluded with closing meeting in which client shall be informed about the readiness for Stage 2 audit.

 The audit shall be performed:

1.      to audit the client’s management system documentation;

2.      to evaluate the client’s location and site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for the stage 2 audit.

3.      to review the client’s status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or significant aspects, processes, objectives and operation  of the management system;

4.      to collect necessary information regarding the scope of the management system, processes and location(s) of the client, and related statutory and regulatory aspects and compliance (e.g. quality, environmental, legal aspects of the client’s operation, associated risks, etc.);

5.      to review the allocation of resources for stage 2 audit and agree with the client on the details of the stage 2 audit;

6.      to provide a focus for planning the stage 2 audit by gaining a sufficient understanding of the client’s management system and site operations in the context of possible significant aspects;

7.      to evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage 2 audit.

8.      The OHSAS management system includes adequate processes to identify the organizations OHS hazards and determine their significance as well.

9.      The OHS management system provides an adequate description of the organization and its on-site processes.

10.  An overview of the applicable regulations, agreement with approving authorities has been included in the OHSAS management system, also if there is any OHS license requirement in application the relevant activities of the organization are in place.

11.  The OHSAS management system is designed to achieve the organization’s OHS policy.

12.  To verify that at least one cycle of Internal Audit & Management Review has been conducted and the OHSAS management system programmer is implemented properly and the preparedness for the conduction of Stage 2 audit. To collect necessary information for on-site audit of temporary sites considering the sites as per the complexity category.

13.  To verify that the information derived from the Contract Review is complete and appropriate in all the terms for the OHS management system and verify the multi site sampling plan if applicable.

14.  To collect necessary information and identify the issues which will need special attention during the stage 2 audit.

15.  The organization has identified PRPs appropriate to the business (e.g. regulatory and statutory requirements)

16.  The FSMS includes adequate processes and methods for the identification and assessment of the organization’s food safety hazards, and subsequent selection and categorization of control measures (combinations)

17.  Food safety legislation is in place for the relevant sector(s) of the organization

18.  Food safety legislation is in place for the relevant sector(s) of the organization

19.  FSMS implementation programmer justifies proceeding to the Stage 2 audit

20.  The validation, verification and improvement programmes conform to the requirements of the FSMS standard

21.  The FSMS documents and arrangements are in place to communicate internally and with relevant suppliers, customers and interested parties

22.  Additional documentation needs to be reviewed and/or what knowledge needs to be obtained in advance.

23.  Where an organization has implemented an externally developed combination of control measures, the stage 1 audit shall review the documentation included in the FSMS to determine if the combination of control measures is suitable for the organization, was developed in compliance with the requirements of ISO 22000, and is kept up to date. The availability of relevant authorizations should be checked when collecting the information regarding the compliance to regulatory aspects.

24.  For combined audits the information gathered during Stage 1 must include the following points (in addition to the above objectives)

i) The level of integration of the organization’s management system (s)

ii) The ability of the organizations personnel (at the time of the audit) to respond to questions relating to each management system standard covered by the combined audit

4.3 At the end of audit the team leader shall prepare an audit report declaring:

a)      Client’s status regarding readiness for stage 2 audit.

b)      Identified areas preventing the client being deemed ready.

c)      Areas of concern, which could be classified as non-conformity during stage 2 audit.

d)      During stage I audit no non-conformities shall be identified.

e)      In case it is concluded that the client is not ready for stage II audit then stage I audit shall be performed again.

f)       Team leader then shall prepare an audit plan for stage II audit based on defined processes of the client.

g)      Stage 1 audit findings documented and communicated to the client by the Team Leader

4.4 For most management systems, it is recommended that most part of the stage 1 audit be carried out at the client’s premises in order to achieve the objectives stated above.

4.5 Stage 1 audit findings shall be documented and communicated to the client, including identification of any areas of concern that could be classified as nonconformity during the stage 2 audit.

4.6 In determining the interval between stage 1 and stage 2 audits, consideration shall be given to the needs of the client to resolve areas of concern identified during the stage 1 audit. QRA may also need to revise its arrangements for stage 2.

4.7 A detailed report shall be prepared by the Team Leader and a copy shall be given to the client. The report shall be evaluated by AM and plan for the subsequent audits of the organization is discussed with the client.

4.8 It is expected that the generally the management system has been in place for at least about three months before the Pre-Audit is considered. However, the time can be decided by Director (HOC).

4.9 Any part of management system audited at stage I audit and determined to be fully implemented, effective, and in conformity with requirements of FSMS can be left during the Stage 2 audit.

4.10 In case OHS Stage 1 & Stage 2 audit is carried out by different auditor, the auditor need to take a copy of the report from QRA, QM is responsible for confirming from the auditor.

5.0 Stage 2 Audit

Stage II audit is intended to:

a) Ensure that the clients management system conforms to the requirements of the applicable standard / specification including its effectiveness.

b)  To provide guidelines for associated follow up audits/ surveillance audit and re-certification audit.

The purpose of the stage 2 audit is to evaluate the implementation, including effectiveness, of the client’s management system. The stage 2 audit plan is verified to ensure that the majority of the audit time is given to verify the effective implementation of the management system in the locations where the organization’s activities takes place including on-site audits of temporary sites for OHSAS (In Management System Audit 80% of the audit time shall be given onsite).

QRA ensures Stage 2 audit meets the following requirement

5.1 Stage 2 Audit shall take place at the site (s) of client

5.2 Stage 2 audit shall be conducted within maximum 90 days of completion of stage 1 audit

5.3 Team leader shall prepare an audit plan communicate to the client after completion of stage 1 audit

5.4 Stage 2 audit shall include at least the following:

  1. Information and evidence about conformity to all requirements of the applicable management system standard or other normative document
  2. Performance monitoring, measuring, reporting and reviewing against key, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document).
  3. The client’s management system and performance as regards to legal and other requirements
  4. Operational control procedures of the client’s processes.
  5. Internal auditing and management review
  6. Management commitment and responsibility for the client’s policies
  7. Links between the normative requirements, policy, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document), any applicable legal and other requirements, responsibilities, competence of personnel, operations procedures, performance data and internal audit findings and conclusions.
  8. Various mandatory records to ensure that the management system is operational
  9. Evidence of the monitoring of customer satisfaction
  10. The organisation adheres to its own OHSAS policies, objectives and procedures.
  11. The OHS management system conforms to all the requirements of the OHS standard and is achieving the organization’s policy objectives for providing a safe and healthy working environment.
  12. Verify effective implementation of OHS including temporary sites.

5.5 Audit shall begin with an opening meeting followed by a site visit. If the audit is for more than one calendar day duration, a meeting shall be conducted to apprise the client on findings of the day including any non- conformities, progress of audit, any problem faced and modification to the audit plan, if required

5.6 Before meeting the client/ closing meeting, the team leader shall have a meeting with the team members who will exchange findings and review the audit progress and system implementation status till that time.

5.7 Each team member shall ensure that the Auditor’s notes are legible, containing name of main audit, date and area/ process audited, what and where was seen, reference of documents/ records reviewed, any nonconformity identified with objective evidence, category of non- conformity, observations etc.

5.8 As far as possible at least one member in the team shall possess the relevant code, who shall be assigned to audit core processes of the management system. In case team members doesn’t have competency, in such case a specialist with appropriate code shall be arranged.

5.9 It is the responsibility of the team leader to ensure that the audit is completed for areas/ processes by the team and all requirements are covered and that the team members have provided necessary inputs to him for completing the report.

5.10 If audit is to be conducted in a language not known by any team member including team leader, a suitable interpreter should be arranged, ensuring impartiality.

5.11 If any non- conformity is identified, the auditor shall explain the same to auditee to his satisfaction. In case of a Major non- conformity, the team leader shall be informed who will inform the management about the same and give them option either to terminate further audit or to continue.

5.12 While recording nonconformity, sufficient objective evidence, standard / specification clause number, client documents. Reference number (if any) in addition to area where it was found shall be recorded in clear terms so that the auditee or any other person reading it can easily understand

5.13 In addition to non- conformity, any observation for improvement, positive issues should also be   recorded, in the report.

5.14 While deciding on recommendation, the issues like number and category of non- conformities, any concentration of non- conformities against any clause (s), view of team members shall be considered.

5.15 At  the end of the assessment, a written report, duly signed by the team leader and client representative shall be prepared and handed over to the client which shall include non conformities identified if any, recommendation for certification or otherwise.

5.16 It is advisable to request client to have a close look at the “Certification detail” in the report for any possible error in name, address, scope, spelling mistake etc.

5.17 When recommendation is made for certification the audit reports, confirmation of the information provided to the QRA used in the application review, a recommendation whether or not to grant certification, together with any conditions or observations, the need for taking corrective action and need of verification of the corrective action taken (i.e. when there is nil or few minor non- conformities), by site visit or otherwise must be take into account & explained.  The client should complete the corrective action within maximum 90 days from the date closing meeting.

5.18 A copy of the report should be given to the client and one copy with attendance record and auditors notes to be sent to Head office of QRA.

5.19 For multi- site certification “Procedure for selection site shall be followed.

5.20 Lead Auditor need to submit a copy of report to the client and accepted report to QRA Head Office Bengaluru, Karnataka.

5.21 Lead Auditor shall clearly identify the recommendations conditions with Non Conformity or without Non Conformity, the observations shall be well communicated in the report.

5.22 Non conformities shall be classified as. Major or Minor according to their potential effects on the management system. The consequences of these shall be termed as follows:

6.0 Information For Granting Initial Certification

6.1 The information provided by the audit team to QRA for the certification decision shall be as per QRA procedure “Procedure for issue, change and cancellation of certification. and shall include, as a minimum,

a) the audit reports,

b) comments on the non conformities and, where applicable, the correction and corrective actions taken by the client,

c) confirmation of the information provided to QRA used in the application review,

d) a recommendation whether or not to grant certification, together with any conditions or observations. QRA shall make the certification decision on the basis of an evaluation of the audit findings and conclusions and any other relevant information (e.g. public information, comments on the audit report from the client).

6.2 QRA Certification Committee shall analyze all information and audit evidence gathered during the stage 1 and stage 2 audits to review the audit findings and agree on the audit conclusions.

ISO Certification