Purpose:
ISO Certification Process Of Management System Conforming To ISO 9001, ISO 14001, And ISO 45001 & ISO 13485 As Operated By TQMS
Scope: TQMS ISO Certification Process.
Responsibility: MD/QM
Procedure:
STEP 1:- Application
TQMS shall require an authorized representative of the applicant organization to provide the necessary information
STEP 2:- Application Review
TQMS shall conduct a review of the application and supplementary information for certification
STEP 3:- Audit Programme
An audit programme for the full certification cycle is developed to clearly identify the audit activities required to demonstrate that the client’s management system fulfils the requirements for certification to the selected standard or other normative document like IAF mandatory documents. The audit programme for the certification cycle shall cover the complete management system requirements.
The audit programme for the initial certification shall include a two-stage initial audit, surveillance audits in the first and second yeTQMS following the certification decision, and a recertification audit in the third year prior to the expiration of certification. The first three-year certification cycle begins with the certification decision. Subsequent cycles begin with the recertification decision
STEP 4:- Initial certification
The initial certification audit of a management system shall be conducted in two stages: stage 1 and stage 2.
Stage 1:-
Planning shall ensure that the objectives of stage 1 can be met and the client shall be informed of any “on site” activities during stage-1.
NOTE: Stage 1 does not require a formal audit plan
The objectives of stage 1 are to:
a) review the client’s management system documented information;
b) evaluate the client’s site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for stage 2;
c) review the client’s status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or significant aspects, processes, objectives and operation of the management system;
d) obtain necessary information regarding the scope of the management system, including:
— the client’s site(s);
— processes and equipment used;
— levels of controls established (particularly in case of multisite clients);
— applicable statutory and regulatory requirements
e) review the allocation of resources for stage 2 and agree the details of stage 2 with the client;
f) provide a focus for planning stage 2 by gaining a sufficient understanding of the client’s management system and site operations in the context of the management system standard or other normative document; (instead of significant aspects)
g) evaluate if the internal audits and management reviews are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for stage 2.
NOTE: If at least part of stage-1 is carried out at the client’s premises, this can help to achieve the objectives stated above.
Documented conclusions with regard to fulfilment of the stage-1 objectives and the readiness for
stage-2 shall be communicated to the client, including identification of any areas of concern that could be classified as nonconformity during stage 2.
NOTE: The stage 1 output does not need to meet the full requirements of a report
In determining the interval between stage-1 and stage-2, consideration shall be given to the needs of the client to resolve areas of concern identified during stage 1. TQMS may also need to revise its arrangements for stage 2. If any significant changes which would impact the management system occur, TQMS shall consider the need to repeat all or part of stage-1. The client shall be informed that the results of stage 1 may lead to postponement or cancellation of stage 2.
Stage 2
The purpose of stage 2 is to evaluate the implementation, including effectiveness, of the client’s management system. The stage 2 shall take place at the site(s) of the client. It shall include the auditing of at least the following:
a) information and evidence about conformity to all requirements of the applicable management system standard or other normative documents;
b) performance monitoring, measuring, reporting and reviewing against key performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document);
c) the client’s management system ability and its performance regarding meeting of applicable statutory, regulatory and contractual requirements;(instead of legal compliance)
d) operational control of the client’s processes;
e) internal auditing and management review;
f) management responsibility for the client’s policies.
Initial certification audit conclusions
The audit team shall analyses all information and audit evidence gathered during stage-1 and stage-2 to review the audit findings and agree on the audit conclusions.
Reference:
Sr. No. | Document Title |
01 | Quality Procedure for conducting Client’s audit /Onsite Audit |
09 | REPORT REVIEW AND CERTIFICATION DECISION |
Conducting audits
General
TQMS shall have a process for conducting on-site audits. This process shall include an opening meeting at the start of the audit and a closing meeting at the conclusion of the audit. Where any part of the audit is made by electronic means or where the site to be audited is virtual, TQMS shall ensure that such activities are conducted by personnel with appropriate competence. The evidence obtained during such an audit shall be sufficient to enable the auditor to take an informed decision on the conformity of the requirement in question.
NOTE: “On-site” audits can include remote access to electronic site(s) that contain(s) information that is relevant to the audit of the management system. Consideration can also be given to the use of electronic means for conducting audits.
Conducting the opening meeting
A formal opening meeting, shall be held with the client’s management and, where appropriate, those responsible for the functions or processes to be audited. The purpose of the opening meeting, usually conducted by the audit team leader, is to provide a short explanation of how the audit activities will be undertaken. The degree of detail shall be consistent with the familiarity of the client with the audit process and shall consider the following:
a) introduction of the participants, including an outline of their roles;
b) confirmation of the scope of certification;
c) confirmation of the audit plan (including type and scope of audit, objectives and criteria), any changes, and other relevant arrangements with the client, such as the date and time for the closing meeting, interim meetings between the audit team and the client’s management;
d) confirmation of formal communication channels between the audit team and the client;
e) confirmation that the resources and facilities needed by the audit team are available;
f) confirmation of matters relating to confidentiality;
g) confirmation of relevant work safety, emergency and security procedures for the audit team;
h) confirmation of the availability, roles and identities of any guides and observers;
i) the method of reporting, including any grading of audit findings;
j) information about the conditions under which the audit may be prematurely terminated;
k) confirmation that the audit team leader and audit team representing the certification body is responsible for the audit and shall be in control of executing the audit plan including audit activities and audit trails;
l) confirmation of the status of findings of the previous review or audit, if applicable;
m) methods and procedures to be used to conduct the audit based on sampling;
n) confirmation of the language to be used during the audit;
o) confirmation that, during the audit, the client will be kept informed of audit progress and any concerns;
p) opportunity for the client to ask questions.
Opening Closing Meeting Attendance
Communication during the audit
During the audit, the audit team shall periodically assess audit progress and exchange information. The audit team leader shall reassign work as needed between the audit team members and periodically communicate the progress of the audit and any concerns to the client.
Where the available audit evidence indicates that the audit objectives are unattainable or suggests the presence of an immediate and significant risk (e.g. safety), the audit team leader shall report this to the client and, if possible, to the TQMS to determine appropriate action. Such action may include reconfirmation or modification of the audit plan, changes to the audit objectives or audit scope, or termination of the audit. The audit team leader shall report the outcome of the action taken to the TQMS .
The audit team leader shall review with the client any need for changes to the audit scope which becomes apparent as on-site auditing activities progress and report this to the TQMS .
Obtaining and verifying information
During the audit, information relevant to the audit objectives, scope and criteria (including information relating to interfaces between functions, activities and processes) shall be obtained by appropriate sampling and verified to become audit evidence.
Methods to obtain information shall include, but are not limited to:
a) interviews;
b) observation of processes and activities;
c) review of documentation and records.
Identifying and recording audit findings
Audit findings summarizing conformity and detailing nonconformity shall be identified, classified and recorded to enable an informed certification decision to be made or the certification to be maintained.
Opportunities for improvement may be identified and recorded, unless prohibited by the requirements of a management system certification scheme. Audit findings, however, which are nonconformities, shall not be recorded as opportunities for improvement.
A finding of nonconformity shall be recorded against a specific requirement, and shall contain a clear statement of the nonconformity, identifying in detail the objective evidence on which the nonconformity is based. Nonconformities shall be discussed with the client to ensure that the evidence is accurate and that the nonconformities are understood. The auditor however shall refrain from suggesting the cause of nonconformities or their solution.
The audit team leader shall attempt to resolve any diverging opinions between the audit team and the client concerning audit evidence or findings, and unresolved points shall be recorded.
Preparing audit conclusions
Under the responsibility of the audit team leader and prior to the closing meeting, the audit team shall:
a) review the audit findings, and any other appropriate information obtained during the audit, against the audit objectives and audit criteria and classify the nonconformities;
b) agree upon the audit conclusions, taking into account the uncertainty inherent in the audit process;
c) agree any necessary follow-up actions;
d) confirm the appropriateness of the audit programme or identify any modification required for future audits (e.g. scope of certification, audit time or dates, surveillance frequency, audit team competence).
Conducting the closing meeting
A formal closing meeting, where attendance shall be recorded, shall be held with the client’s management and, where appropriate, those responsible for the functions or processes audited. The purpose of the closing meeting, usually conducted by the audit team leader, is to present the audit conclusions, including the recommendation regarding certification. Any non-conformities shall be presented in such a manner that they are understood, and the timeframe for responding shall be agreed.
NOTE: “Understood” does not necessarily mean that the nonconformities have been accepted by the client.
TQMS shall provide a written report for each audit to the client. The audit team may identify opportunities for improvement but shall not recommend specific solutions. Ownership of the audit report shall be maintained by the certification body.
The audit team leader shall ensure that the audit report is prepared and shall be responsible for its content. The audit report shall provide an accurate, concise and clear record of the audit to enable an informed certification decision to be made and shall include or refer to the following:
a) identification of the TQMS
b) the name and address of the client and the client’s representative;
c) the type of audit (e.g. initial, surveillance or recertification audit or special audits);
d) the audit criteria;
e) the audit objectives;
f) the audit scope, particularly identification of the organizational or functional units or processes
audited and the time of the audit;
g) any deviation from the audit plan and their reasons;
h) any significant issues impacting on the audit programme;
i) identification of the audit team leader, audit team members and any accompanying persons;
j) the dates and places where the audit activities (on site or offsite, permanent or temporary sites) were conducted;
k) audit findings (see 9.4.5), reference to evidence and conclusions, consistent with the requirements of the type of audit;
l) significant changes, if any, that affect the management system of the client since the last audit took place;
m) any unresolved issues, if identified;
n) where applicable, whether the audit is combined, joint or integrated;
o) a disclaimer statement indicating that auditing is based on a sampling process of the available information;
p) recommendation from the audit team
q) the audited client is effectively controlling the use of the certification documents and marks, if applicable;
r) verification of effectiveness of taken corrective actions regarding previously identified nonconformities, if applicable.
The report shall also contain:
a) a statement on the conformity and the effectiveness of the management system together with a summary of the evidence relating to:
— the capability of the management system to meet applicable requirements and expected outcomes;
— the internal audit and management review process;
b) a conclusion on the appropriateness of the certification scope;
c) confirmation that the audit objectives have been fulfilled.
Sr. No. | Document Title |
01 | Audit Report (Stage-1)-QMS |
02 | Audit Report (Stage-2)-QMS |
Cause analysis of nonconformities
TQMS shall require the client to analyse the cause and describe the specific correction and corrective actions taken, or planned to be taken, to eliminate detected nonconformities, within a defined time.
Effectiveness of corrections and corrective actions
TQMS shall review the corrections, identified causes and corrective actions submitted by the client to determine if these are acceptable. TQMS shall verify the effectiveness of any correction and corrective actions taken. The evidence obtained to support the resolution of nonconformities shall be recorded. The client shall be informed of the result of the review and verification. The client shall be informed if an additional full audit, an additional limited audit, or documented evidence (to be confirmed during future audits) will be needed to verify effective correction and corrective actions.
NOTE: Verification of effectiveness of correction and corrective action can be carried out based on a review of documented information provided by the client, or where necessary, through verification on-site. Usually this activity is done by a member of the audit team.
Sr. No. | Document Title |
01 | Quality Procedure for conducting Client’s audit /onsite Audit |
02 | Audit Finding Action Report |
03 | Corrective Action |
Certification decision
General
TQMS shall ensure that the persons or committees that make the decisions for granting or refusing certification, expanding or reducing the scope of certification, suspending or restoring certification, withdrawing certification or renewing certification are different from those who carried out the audits. The individual(s) appointed to conduct the certification decision shall have appropriate competence.
The person(s) [excluding members of committees (see 6.1.4)] assigned by the TQMS to make a certification decision shall be employed by, or shall be under legally enforceable arrangement with either the TQMS or an entity under the organizational control of the TQMS . A TQMS ’s organizational control shall be one of the following:
a) whole or majority ownership of another entity by the certification body;
b) majority participation by the TQMS on the board of directors of another entity;
c) a documented authority by the TQMS over another entity in a network of legal entities (in which the TQMS resides), linked by ownership or board of director control.
The persons employed by, or under contract with, entities under organizational control shall fulfill the same requirements of this part of ISO/IEC 17021 as persons employed by, or under contract with, the TQMS .
TQMS shall record each certification decision including any additional information or clarification sought from the audit team or other sources.
Actions prior to making a decision
TQMS shall have a process to conduct an effective review prior to making a decision for granting certification, expanding or reducing the scope of certification, renewing, suspending or restoring, or withdrawing of certification, including, that
a) the information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification;
b) for any major nonconformities, it has reviewed, accepted and verified the correction and corrective actions;
c) for any minor nonconformities it has reviewed and accepted the client’s plan for correction and corrective action.
Information for granting initial certification
The information provided by the audit team to the certification body for the certification decision shall include, as a minimum:
a) the audit report;
b) comments on the nonconformities and, where applicable, the correction and corrective actions taken by the client;
c) confirmation of the information provided to the certification body used in the application review (see 9.1.2);
d) confirmation that the audit objectives have been achieved;
e) a recommendation whether or not to grant certification, together with any conditions or observations.
If the TQMS is not able to verify the implementation of corrections and corrective actions of any major nonconformity within 6 months after the last day of stage-2, TQMS shall conduct another stage 2 prior to recommending certification.
When a transfer of certification is envisaged from one certification body to TQMS , TQMS shall have a process for obtaining sufficient information in order to take a decision on certification.
NOTE Certification schemes can have specific rules regarding the transfer of certification.
Information for granting recertification
TQMS shall make decisions on renewing certification based on the results of the recertification audit, as well as the results of the review of the system over the period of certification and complaints received from users of certification.
Maintaining certification
General
TQMS shall maintain certification based on demonstration that the client continues to satisfy the requirements of the management system standard. It may maintain a client’s certification based on a positive conclusion by the audit team leader without further independent review and decision, provided that:
a) for any major nonconformity or other situation that may lead to suspension or withdrawal of certification, the certification body has a system that requires the audit team leader to report to the certification body the need to initiate a review by competent personnel (see 7.2.8), different from those who carried out the audit, to determine whether certification can be maintained;
b) competent personnel of the certification body monitor its surveillance activities, including monitoring the reporting by its auditors, to confirm that the certification activity is operating effectively.
Reference:
Sr. No. | Document Title |
01 | Report Review and Certification Decisiont |
Surveillance activities
General
The certification body shall develop its surveillance activities so that representative areas and functions covered by the scope of the management system are monitored on a regular basis, and take into account changes to its certified client and its management system.
Surveillance activities shall include on-site auditing of the certified client’s management system’s fulfillment of specified requirements with respect to the standard to which the certification is granted. Other surveillance activities may include:
a) enquiries from the certification body to the certified client on aspects of certification;
b) reviewing any certified client’s statements with respect to its operations (e.g. promotional material, website);
c) requests to the certified client to provide documented information (on paper or electronic media);
d) other means of monitoring the certified client’s performance.
Surveillance audit
Surveillance audits are on-site audits, but are not necessarily full system audits, and shall be planned together with the other surveillance activities so that the TQMS can maintain confidence that the client’s certified management system continues to fulfill requirements between recertification audits. Each surveillance for the relevant management system standard shall include:
a) internal audits and management review;
b) a review of actions taken on nonconformities identified during the previous audit;
c) complaints handling;
d) effectiveness of the management system with regard to achieving the certified client’s objectives and the intended results of the respective management system (s);
e) progress of planned activities aimed at continual improvement;
f) continuing operational control;
g) review of any changes;
h) use of marks and/or any other reference to certification.
Reference:
Sr. No. | Document Title |
01 | Quality Procedure for conducting Client’s audit |
Recertification
Recertification audit planning
The purpose of the recertification audit is to confirm the continued conformity and effectiveness of the management system as a whole, and its continued relevance and applicability for the scope of certification. A recertification audit shall be planned and conducted to evaluate the continued fulfillment of all of the requirements of the relevant management system standard or other normative document. This shall be planned and conducted in due time to enable for timely renewal before the certificate expiry date.
The recertification activity shall include the review of previous surveillance audit reports and consider the performance of the management system over the most recent certification cycle.
Recertification audit activities may need to have a stage 1 in situations where there have been significant changes to the management system, the organization, or the context in which the management system is operating (e.g. changes to legislation).
NOTE: Such changes can occur at any time during the certification cycle and the TQMS might need to perform a special audit (see 9.6.4), which might or might not be a two-stage audit.
Recertification audit
The recertification audit shall include an on-site audit that addresses the following:
a) the effectiveness of the management system in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification;
b) demonstrated commitment to maintain the effectiveness and improvement of the management system in order to enhance overall performance;
c) the effectiveness of the management system with regard to achieving the certified client’s objectives and the intended results of the respective management system (s).
For any major nonconformity, the certification body shall define time limits for correction and corrective actions. These actions shall be implemented and verified prior to the expiration of certification.
When recertification activities are successfully completed prior to the expiry date of the existing certification, the expiry date of the new certification can be based on the expiry date of the existing certification. The issue date on a new certificate shall be on or after the recertification decision.
If the TQMS has not completed the recertification audit or the TQMS is unable to verify the implementation of corrections and corrective actions for any major nonconformity (see 9.5.2.1) prior to the expiry date of the certification, then recertification shall not be recommended and the validity of the certification shall not be extended. The client shall be informed and the consequences shall be explained.
Following expiration of certification, TQMS can restore certification within 6 months provided that the outstanding recertification activities are completed, otherwise at least a stage 2 shall be conducted. The effective date on the certificate shall be on or after the recertification decision and the expiry date shall be based on prior certification cycle.
Reference:
Sr. No. | Document Title |
01 | Quality Procedure for conducting Client’s audit /onsite Audit |
Special audits Expanding scope
TQMS shall, in response to an application for expanding the scope of a certification already granted, undertake a review of the application and determine any audit activities necessary to decide whether or not the extension may be granted. This may be conducted in conjunction with a surveillance audit.
Short-notice audits
It may be necessary for the TQMS to conduct audits of certified clients at short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended clients. In such cases:
a) the TQMS shall describe and make known in advance to the certified clients (e.g. in documents as described in 8.5.1) the conditions under which such audits will be conducted;
b) the TQMS shall exercise additional care in the assignment of the audit team because of the lack of opportunity for the client to object to audit team members.
Suspending, withdrawing or reducing the scope of certification
Purpose: This Quality Procedure has been established to provide guidance for issue and maintenance of the Certificate of conformity to the client’s management system against QMS audit standard.
Scope: This procedure is applicable over all activities related to issue and maintenance of certificate of conformities.
Responsibility: Managing Director/Quality Manager and Certification decision makers/Technical Committee.
Authority: This procedure has been authorized by the Managing Director and can be amended only by him.
TQMS shall have a policy and documented procedure(s) for suspension, withdrawal or reduction of the scope of certification, and shall specify the subsequent actions by the TQMS .
Receipt and review of Audit report
The team leader is responsible for submission of audit report to the Quality manager within 10 days of completion of the stage-2 audit.
This contains at least client signed audit report, corrective action plan for non-conformances. All audit reports (Stage 1, Stage 2, routine surveillances, follow-up, special audit, recertification etc) are reviewed by the Report reviewing authority at appropriate stages.
TQMS ensures that certificate of conformity is issued only on the basis of evidence based recommendation received from a competent audit team. The audit reports are reviewed at multiple stages, as described below-
It is ensured that the auditor who has carried out the audit, or the concerned Application reviewer/ audit programmer who planned the audit, do not participate in the certification decision making process.
The submitted set of documents is reviewed for completion by Report reviewer/ certification decision maker. Audit report review checklist (TQMS_F-034 Certificate issue checklist) is used to record the review and certification related decision. The audit report along with audit report review checklist (TQMS_F-034 Certificate issue checklist) is submitted to Certification committee for technical review which includes review of the information provided by the audit team is sufficient with respect to certification requirements, scope of accreditation and effectiveness of corrections and corrective actions are evidenced for all non conformances raised during the audit.
The decision making committee takes appropriate decision related to certification on the basis of audit report and recommendation submitted by the audit team leader.
If the committee feels that the audit report does not provide sufficient information required to make certification decision, additional audit, with specific objectives, by another audit team may be ordered. The Technical Committee & certification decision maker confirms, prior to making a decision on the following basis-
the information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification
it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all major nonconformities that represent failure to fulfil one or more requirements of the audit standard.
it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all major nonconformities that represent a situation that raises significant doubt about the ability of the client’s management system to achieve its intended outputs.
it has reviewed and accepted the client’s planned correction and corrective action for all minor nonconformities.
Closure of some of the minor non conformities may be verified by perusal of documentary evidence submitted to the TQMS office/ audit team leader.
Closure of some of the minor non conformities may be verified during subsequent surveillance audit.
Action prior to making a decision
The Technical Committee/Audit report reviewer & certification decision maker confirms, prior to making a decision, that –
The information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification.
It has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all major nonconformities that represent –
It has reviewed and accepted the client’s planned correction and corrective action for all minor nonconformities.
The Quality Manager review the printed certificate to detect any errors. The certificate with all attachments like logo rules, Soft copy of TQMS logo, cover letter etc is submitted to the Managing Director for his signature.
After approval signature of the MD, relevant information of the client and its certification status is put in the TQMS website (www.TQMScertification.com ).For certificate issued under scope of accreditation, The information about the certificate is updated on Client register by the Managing Director without any delay from the issuance of the certificate.
The signed certificate is updated on the client list and forwarded for dispatch. The QM verifies the appropriate updation on TQMS client register and records it on the certificate issue checklist of
TQMS.
The designating person verifies the certificate on TQMS Client register and prepares the covering letter for the certificate issue to the client.
The signed certificate is sent to the client at his address or any other address he has specifically requested. The certificate shall not be issued to any other person without a written approval from the client. The certificate docket shall contain at least the following-
Record of dispatch of certificate is maintained in the TQMS office. Safe delivery of the certificate at client’s address is also verified by the TQMS office by phone or E mail.
Change in Certificate
The client may request for change in certificate. This may be due to-
(In case of revision in the certificate suffix “-01” is added to the certificate no. In case of repeated revision in one certificate the suffix is revised in ascending order like -02, -03……..)
Client may request for change in certificate or reduction / expansion in scope to Quality Manager shall review the request and decide for a special audit if the next audit is not due in near future or if the next audit cannot be proposed. Quality Manager also determines if the changed scope is within accreditation scope of TQMS.
In case of change in name of company or location without any change in management, the client shall submit ROC approval for the change. Where the management has changed, the details of MOA and ROC approval shall be submitted along with the request.
The duration for the special visit shall be decided by Quality Manager and communicated to the client. The lead auditor submits a descriptive report detailing the changes, justification for reduction / expansion of scope and review of the impact of change in the scope (use of logos etc). Where expansion of scope is requested, the compliance to QMS for the respective activities and impact on other processes is verified. In case the special visit is carried out as a part of routine surveillance, the descriptive report is added to the surveillance report.
Certification document
TQMS provides certification documents to the certified clients normally by courier. When requested
scanned copy is also mailed to the client.
The certification document identifies the following:
TQMS exercises proper control of ownership over use of certificate, marks/ logo and audit reports. We make this clear in our contract/ agreement with clients that TQMS will take action to deal with incorrect references to certification status or misleading use of certification documents, marks (including accreditation symbol if applicable) or audit reports. This action could include requests for correction and corrective action, suspension, withdrawal of certification, publication of the transgression and, if necessary, legal action.