ISO Certification Process Of Management System Conforming To ISO 9001, ISO 14001, And ISO 45001 & ISO 13485 As Operated By ARS
ARS ISO Certification Process.
STEP 1:- Application
ARS shall require an authorized representative of the applicant organization to provide the necessary information
STEP 2:- Application Review
ARS shall conduct a review of the application and supplementary information for certification
STEP 3:- Audit Programme
An audit programme for the full certification cycle is developed to clearly identify the audit activities required to demonstrate that the client’s management system fulfils the requirements for certification to the selected standard or other normative document like IAF mandatory documents. The audit programme for the certification cycle shall cover the complete management system requirements.
The audit programme for the initial certification shall include a two-stage initial audit, surveillance audits in the first and second years following the certification decision, and a recertification audit in the third year prior to the expiration of certification. The first three-year certification cycle begins with the certification decision. Subsequent cycles begin with the recertification decision
STEP 4:- Initial certification
The initial certification audit of a management system shall be conducted in two stages: stage 1 and stage 2.
Planning shall ensure that the objectives of stage 1 can be met and the client shall be informed of any “on site” activities during stage-1.
NOTE: Stage 1 does not require a formal audit plan
The objectives of stage 1 are to:
- a) review the client’s management system documented information;
- b) evaluate the client’s site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for stage 2;
- c) review the client’s status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or significant aspects, processes, objectives and operation of the management system;
- d) obtain necessary information regarding the scope of the management system, including:
— the client’s site(s);
— processes and equipment used;
— levels of controls established (particularly in case of multisite clients);
— applicable statutory and regulatory requirements
- e) review the allocation of resources for stage 2 and agree the details of stage 2 with the client;
- f) provide a focus for planning stage 2 by gaining a sufficient understanding of the client’s management system and site operations in the context of the management system standard or other normative document; (instead of significant aspects)
- g) evaluate if the internal audits and management reviews are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for stage 2.
NOTE: If at least part of stage-1 is carried out at the client’s premises, this can help to achieve the objectives stated above.
Documented conclusions with regard to fulfilment of the stage-1 objectives and the readiness for stage-2 shall be communicated to the client, including identification of any areas of concern that could be classified as nonconformity during stage 2.
NOTE: The stage 1 output does not need to meet the full requirements of a report
In determining the interval between stage-1 and stage-2, consideration shall be given to the needs of the client to resolve areas of concern identified during stage 1. ARS may also need to revise its arrangements for stage 2. If any significant changes which would impact the management system occur, ARS shall consider the need to repeat all or part of stage-1. The client shall be informed that the results of stage 1 may lead to postponement or cancellation of stage 2.
The purpose of stage 2 is to evaluate the implementation, including effectiveness, of the client’s management system. The stage 2 shall take place at the site(s) of the client. It shall include the auditing of at least the following:
- a) information and evidence about conformity to all requirements of the applicable management system standard or other normative documents;
- b) performance monitoring, measuring, reporting and reviewing against key performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document);
- c) the client’s management system ability and its performance regarding meeting of applicable statutory, regulatory and contractual requirements;(instead of legal compliance)
- d) operational control of the client’s processes;
- e) internal auditing and management review;
- f) management responsibility for the client’s policies.
Initial certification audit conclusions
The audit team shall analyses all information and audit evidence gathered during stage-1 and stage-2 to review the audit findings and agree on the audit conclusions.
|Sr. No.||Document Title|
|01||Quality Procedure for conducting Client’s audit /Onsite Audit|
|09||REPORT REVIEW AND CERTIFICATION DECISION|
ARS shall have a process for conducting on-site audits. This process shall include an opening meeting at the start of the audit and a closing meeting at the conclusion of the audit. Where any part of the audit is made by electronic means or where the site to be audited is virtual, ARS shall ensure that such activities are conducted by personnel with appropriate competence. The evidence obtained during such an audit shall be sufficient to enable the auditor to take an informed decision on the conformity of the requirement in question.
NOTE: “On-site” audits can include remote access to electronic site(s) that contain(s) information that is relevant to the audit of the management system. Consideration can also be given to the use of electronic means for conducting audits.
Conducting the opening meeting
A formal opening meeting, shall be held with the client’s management and, where appropriate, those responsible for the functions or processes to be audited. The purpose of the opening meeting, usually conducted by the audit team leader, is to provide a short explanation of how the audit activities will be undertaken. The degree of detail shall be consistent with the familiarity of the client with the audit process and shall consider the following:
- a) introduction of the participants, including an outline of their roles;
- b) confirmation of the scope of certification;
- c) confirmation of the audit plan (including type and scope of audit, objectives and criteria), any changes, and other relevant arrangements with the client, such as the date and time for the closing meeting, interim meetings between the audit team and the client’s management;
- d) confirmation of formal communication channels between the audit team and the client;
- e) confirmation that the resources and facilities needed by the audit team are available;
- f) confirmation of matters relating to confidentiality;
- g) confirmation of relevant work safety, emergency and security procedures for the audit team;
- h) confirmation of the availability, roles and identities of any guides and observers;
- i) the method of reporting, including any grading of audit findings;
- j) information about the conditions under which the audit may be prematurely terminated;
- k) confirmation that the audit team leader and audit team representing the certification body is responsible for the audit and shall be in control of executing the audit plan including audit activities and audit trails;
- l) confirmation of the status of findings of the previous review or audit, if applicable;
- m) methods and procedures to be used to conduct the audit based on sampling;
- n) confirmation of the language to be used during the audit;
- o) confirmation that, during the audit, the client will be kept informed of audit progress and any concerns;
- p) opportunity for the client to ask questions.
Opening Closing Meeting Attendance
Communication during the audit
During the audit, the audit team shall periodically assess audit progress and exchange information. The audit team leader shall reassign work as needed between the audit team members and periodically communicate the progress of the audit and any concerns to the client.
Where the available audit evidence indicates that the audit objectives are unattainable or suggests the presence of an immediate and significant risk (e.g. safety), the audit team leader shall report this to the client and, if possible, to the ARS to determine appropriate action. Such action may include reconfirmation or modification of the audit plan, changes to the audit objectives or audit scope, or termination of the audit. The audit team leader shall report the outcome of the action taken to the ARS .
The audit team leader shall review with the client any need for changes to the audit scope which becomes apparent as on-site auditing activities progress and report this to the ARS .
Obtaining and verifying information
During the audit, information relevant to the audit objectives, scope and criteria (including information relating to interfaces between functions, activities and processes) shall be obtained by appropriate sampling and verified to become audit evidence.
Methods to obtain information shall include, but are not limited to:
- a) interviews;
- b) observation of processes and activities;
- c) review of documentation and records.
Identifying and recording audit findings
Audit findings summarizing conformity and detailing nonconformity shall be identified, classified and recorded to enable an informed certification decision to be made or the certification to be maintained.
Opportunities for improvement may be identified and recorded, unless prohibited by the requirements of a management system certification scheme. Audit findings, however, which are nonconformities, shall not be recorded as opportunities for improvement.
A finding of nonconformity shall be recorded against a specific requirement, and shall contain a clear statement of the nonconformity, identifying in detail the objective evidence on which the nonconformity is based. Nonconformities shall be discussed with the client to ensure that the evidence is accurate and that the nonconformities are understood. The auditor however shall refrain from suggesting the cause of nonconformities or their solution.
The audit team leader shall attempt to resolve any diverging opinions between the audit team and the client concerning audit evidence or findings, and unresolved points shall be recorded.
Preparing audit conclusions
Under the responsibility of the audit team leader and prior to the closing meeting, the audit team shall:
- a) review the audit findings, and any other appropriate information obtained during the audit, against the audit objectives and audit criteria and classify the nonconformities;
- b) agree upon the audit conclusions, taking into account the uncertainty inherent in the audit process;
- c) agree any necessary follow-up actions;
- d) confirm the appropriateness of the audit programme or identify any modification required for future audits (e.g. scope of certification, audit time or dates, surveillance frequency, audit team competence).
Conducting the closing meeting
A formal closing meeting, where attendance shall be recorded, shall be held with the client’s management and, where appropriate, those responsible for the functions or processes audited. The purpose of the closing meeting, usually conducted by the audit team leader, is to present the audit conclusions, including the recommendation regarding certification. Any non-conformities shall be presented in such a manner that they are understood, and the timeframe for responding shall be agreed.
NOTE: “Understood” does not necessarily mean that the nonconformities have been accepted by the client.
The closing meeting shall also include the following elements where the degree of detail shall be consistent with the familiarity of the client with the audit process:
- a) advising the client that the audit evidence obtained was based on a sample of the information; thereby introducing an element of uncertainty;
- b) the method and timeframe of reporting, including any grading of audit findings;
- c) ARS ’s process for handling nonconformities including any consequences relating to the status of the client’s certification;
- d) the timeframe for the client to present a plan for correction and corrective action for any nonconformities identified during the audit;
- e) ARS ’s post audit activities;
- f) Information about the complaint and appeal handling processes.
Opening Closing Meeting Attendance
The client shall be given opportunity for questions. Any diverging opinions regarding the audit findings or conclusions between the audit team and the client shall be discussed and resolved where possible. Any diverging opinions that are not resolved shall be recorded and referred to the ARS .
ARS shall provide a written report for each audit to the client. The audit team may identify opportunities for improvement but shall not recommend specific solutions. Ownership of the audit report shall be maintained by the certification body.
The audit team leader shall ensure that the audit report is prepared and shall be responsible for its content. The audit report shall provide an accurate, concise and clear record of the audit to enable an informed certification decision to be made and shall include or refer to the following:
- a) identification of the ARS
- b) the name and address of the client and the client’s representative;
- c) the type of audit (e.g. initial, surveillance or recertification audit or special audits);
- d) the audit criteria;
- e) the audit objectives;
- f) the audit scope, particularly identification of the organizational or functional units or processes
audited and the time of the audit;
- g) any deviation from the audit plan and their reasons;
- h) any significant issues impacting on the audit programme;
- i) identification of the audit team leader, audit team members and any accompanying persons;
- j) the dates and places where the audit activities (on site or offsite, permanent or temporary sites) were conducted;
- k) audit findings (see 9.4.5), reference to evidence and conclusions, consistent with the requirements of the type of audit;
- l) significant changes, if any, that affect the management system of the client since the last audit took place;
- m) any unresolved issues, if identified;
- n) where applicable, whether the audit is combined, joint or integrated;
- o) a disclaimer statement indicating that auditing is based on a sampling process of the available information;
- p) recommendation from the audit team
- q) the audited client is effectively controlling the use of the certification documents and marks, if applicable;
- r) verification of effectiveness of taken corrective actions regarding previously identified nonconformities, if applicable.
The report shall also contain:
- a) a statement on the conformity and the effectiveness of the management system together with a summary of the evidence relating to:
— the capability of the management system to meet applicable requirements and expected outcomes;
— the internal audit and management review process;
- b) a conclusion on the appropriateness of the certification scope;
- c) confirmation that the audit objectives have been fulfilled.
|Sr. No.||Document Title|
|01||Audit Report (Stage-1)-QMS|
|02||Audit Report (Stage-2)-QMS|
Cause analysis of nonconformities
ARS shall require the client to analyse the cause and describe the specific correction and corrective actions taken, or planned to be taken, to eliminate detected nonconformities, within a defined time.
Effectiveness of corrections and corrective actions
ARS shall review the corrections, identified causes and corrective actions submitted by the client to determine if these are acceptable. ARS shall verify the effectiveness of any correction and corrective actions taken. The evidence obtained to support the resolution of nonconformities shall be recorded. The client shall be informed of the result of the review and verification. The client shall be informed if an additional full audit, an additional limited audit, or documented evidence (to be confirmed during future audits) will be needed to verify effective correction and corrective actions.
NOTE: Verification of effectiveness of correction and corrective action can be carried out based on a review of documented information provided by the client, or where necessary, through verification on-site. Usually this activity is done by a member of the audit team.
|Sr. No.||Document Title|
|01||Quality Procedure for conducting Client’s audit /onsite Audit|
|02||Audit Finding Action Report|
ARS shall ensure that the persons or committees that make the decisions for granting or refusing certification, expanding or reducing the scope of certification, suspending or restoring certification, withdrawing certification or renewing certification are different from those who carried out the audits. The individual(s) appointed to conduct the certification decision shall have appropriate competence.
The person(s) [excluding members of committees (see 6.1.4)] assigned by the ARS to make a certification decision shall be employed by, or shall be under legally enforceable arrangement with either the ARS or an entity under the organizational control of the ARS . A ARS ’s organizational control shall be one of the following:
- a) whole or majority ownership of another entity by the certification body;
- b) majority participation by the ARS on the board of directors of another entity;
- c) a documented authority by the ARS over another entity in a network of legal entities (in which the ARS resides), linked by ownership or board of director control.
The persons employed by, or under contract with, entities under organizational control shall fulfill the same requirements of this part of ISO/IEC 17021 as persons employed by, or under contract with, the ARS .
ARS shall record each certification decision including any additional information or clarification sought from the audit team or other sources.
Actions prior to making a decision
ARS shall have a process to conduct an effective review prior to making a decision for granting certification, expanding or reducing the scope of certification, renewing, suspending or restoring, or withdrawing of certification, including, that
- a) the information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification;
- b) for any major nonconformities, it has reviewed, accepted and verified the correction and corrective actions;
- c) for any minor nonconformities it has reviewed and accepted the client’s plan for correction and corrective action.
Information for granting initial certification
The information provided by the audit team to the certification body for the certification decision shall include, as a minimum:
- a) the audit report;
- b) comments on the nonconformities and, where applicable, the correction and corrective actions taken by the client;
- c) confirmation of the information provided to the certification body used in the application review (see 9.1.2);
- d) confirmation that the audit objectives have been achieved;
- e) a recommendation whether or not to grant certification, together with any conditions or observations.
If the ARS is not able to verify the implementation of corrections and corrective actions of any major nonconformity within 6 months after the last day of stage-2, ARS shall conduct another stage 2 prior to recommending certification.
When a transfer of certification is envisaged from one certification body to ARS , ARS shall have a process for obtaining sufficient information in order to take a decision on certification.
NOTE Certification schemes can have specific rules regarding the transfer of certification.
Information for granting recertification
ARS shall make decisions on renewing certification based on the results of the recertification audit, as well as the results of the review of the system over the period of certification and complaints received from users of certification.
ARS shall maintain certification based on demonstration that the client continues to satisfy the requirements of the management system standard. It may maintain a client’s certification based on a positive conclusion by the audit team leader without further independent review and decision, provided that:
- a) for any major nonconformity or other situation that may lead to suspension or withdrawal of certification, the certification body has a system that requires the audit team leader to report to the certification body the need to initiate a review by competent personnel (see 7.2.8), different from those who carried out the audit, to determine whether certification can be maintained;
- b) competent personnel of the certification body monitor its surveillance activities, including monitoring the reporting by its auditors, to confirm that the certification activity is operating effectively.
|Sr. No.||Document Title|
|01||Report Review and Certification Decision|
The certification body shall develop its surveillance activities so that representative areas and functions covered by the scope of the management system are monitored on a regular basis, and take into account changes to its certified client and its management system.
Surveillance activities shall include on-site auditing of the certified client’s management system’s fulfillment of specified requirements with respect to the standard to which the certification is granted. Other surveillance activities may include:
- a) enquiries from the certification body to the certified client on aspects of certification;
- b) reviewing any certified client’s statements with respect to its operations (e.g. promotional material, website);
- c) requests to the certified client to provide documented information (on paper or electronic media);
- d) other means of monitoring the certified client’s performance.
Surveillance audits are on-site audits, but are not necessarily full system audits, and shall be planned together with the other surveillance activities so that the ARS can maintain confidence that the client’s certified management system continues to fulfill requirements between recertification audits. Each surveillance for the relevant management system standard shall include:
- a) internal audits and management review;
- b) a review of actions taken on nonconformities identified during the previous audit;
- c) complaints handling;
- d) effectiveness of the management system with regard to achieving the certified client’s objectives and the intended results of the respective management system (s);
- e) progress of planned activities aimed at continual improvement;
- f) continuing operational control;
- g) review of any changes;
- h) use of marks and/or any other reference to certification.
|Sr. No.||Document Title|
|01||Quality Procedure for conducting Client’s audit|
Recertification audit planning
The purpose of the recertification audit is to confirm the continued conformity and effectiveness of the management system as a whole, and its continued relevance and applicability for the scope of certification. A recertification audit shall be planned and conducted to evaluate the continued fulfillment of all of the requirements of the relevant management system standard or other normative document. This shall be planned and conducted in due time to enable for timely renewal before the certificate expiry date.
The recertification activity shall include the review of previous surveillance audit reports and consider the performance of the management system over the most recent certification cycle.
Recertification audit activities may need to have a stage 1 in situations where there have been significant changes to the management system, the organization, or the context in which the management system is operating (e.g. changes to legislation).
NOTE: Such changes can occur at any time during the certification cycle and the ARS might need to perform a special audit (see 9.6.4), which might or might not be a two-stage audit.
The recertification audit shall include an on-site audit that addresses the following:
- a) the effectiveness of the management system in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification;
- b) demonstrated commitment to maintain the effectiveness and improvement of the management system in order to enhance overall performance;
- c) the effectiveness of the management system with regard to achieving the certified client’s objectives and the intended results of the respective management system (s).
For any major nonconformity, the certification body shall define time limits for correction and corrective actions. These actions shall be implemented and verified prior to the expiration of certification.
When recertification activities are successfully completed prior to the expiry date of the existing certification, the expiry date of the new certification can be based on the expiry date of the existing certification. The issue date on a new certificate shall be on or after the recertification decision.
If the ARS has not completed the recertification audit or the ARS is unable to verify the implementation of corrections and corrective actions for any major nonconformity (see 184.108.40.206) prior to the expiry date of the certification, then recertification shall not be recommended and the validity of the certification shall not be extended. The client shall be informed and the consequences shall be explained.
Following expiration of certification, ARS can restore certification within 6 months provided that the outstanding recertification activities are completed, otherwise at least a stage 2 shall be conducted. The effective date on the certificate shall be on or after the recertification decision and the expiry date shall be based on prior certification cycle.
|Sr. No.||Document Title|
|01||Quality Procedure for conducting Client’s audit /onsite Audit|
ARS shall, in response to an application for expanding the scope of a certification already granted, undertake a review of the application and determine any audit activities necessary to decide whether or not the extension may be granted. This may be conducted in conjunction with a surveillance audit.
It may be necessary for the ARS to conduct audits of certified clients at short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended clients. In such cases:
- a) the ARS shall describe and make known in advance to the certified clients (e.g. in documents as described in 8.5.1) the conditions under which such audits will be conducted;
- b) the ARS shall exercise additional care in the assignment of the audit team because of the lack of opportunity for the client to object to audit team members.
Suspending, withdrawing or reducing the scope of certification
Purpose: This Quality Procedure has been established to provide guidance for issue and maintenance of the Certificate of conformity to the client’s management system against QMS audit standard.
Scope: This procedure is applicable over all activities related to issue and maintenance of certificate of conformities.
Responsibility: Managing Director/Quality Manager and Certification decision makers/Technical Committee.
Authority: This procedure has been authorized by the Managing Director and can be amended only by him.
ARS shall have a policy and documented procedure(s) for suspension, withdrawal or reduction of the scope of certification, and shall specify the subsequent actions by the ARS .
Receipt and review of Audit report
The team leader is responsible for submission of audit report to the Quality manager within 10 days of completion of the stage-2 audit.
This contains at least client signed audit report, corrective action plan for non-conformances. All audit reports (Stage 1, Stage 2, routine surveillances, follow-up, special audit, recertification etc) are reviewed by the Report reviewing authority at appropriate stages.
ARS ensures that certificate of conformity is issued only on the basis of evidence based recommendation received from a competent audit team. The audit reports are reviewed at multiple stages, as described below-
a. A competent Technical committee constituting one or more members is selected by the application reviewer from among the approved list of auditors (ARS_F-032 Auditors with IAF/NACE Code). If the competent auditor (who had not participated in the audit of this client) is not available, appropriate auditor who is competent to conduct industry of similar or higher complexity is selected along with a competent technical expert.
It is ensured that the auditor who has carried out the audit, or the concerned Application reviewer/ audit programmer who planned the audit, do not participate in the certification decision making process.
b. The Quality manager submits the clients audit file containing all relevant information starting from initial application, client contract, stage-1 audit report, stage-2 audit report, NC findings and corrective action closure reports and audit teams recommendations, to the certification decision making person/ committee.
- The submitted set of documents is reviewed for completion by Report reviewer/ certification decision maker. Audit report review checklist (ARS_F-034 Certificate issue checklist) is used to record the review and certification related decision.
- The audit report along with audit report review checklist (ARS_F-034 Certificate issue checklist) is submitted to Certification committee for technical review which includes review of the information provided by the audit team is sufficient with respect to certification requirements, scope of accreditation and effectiveness of corrections and corrective actions are evidenced for all non conformances raised during the audit.
- The decision making committee takes appropriate decision related to certification on the basis of audit report and recommendation submitted by the audit team leader.
If the committee feels that the audit report does not provide sufficient information required to make certification decision, additional audit, with specific objectives, by another audit team may be ordered. The Technical Committee & certification decision maker confirms, prior to making a decision on the following basis-
- the information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification
- it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all major nonconformities that represent failure to fulfill one or more requirements of the audit standard.
- it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all major nonconformities that represent a situation that raises significant doubt about the ability of the client’s management system to achieve its intended outputs.
- it has reviewed and accepted the client’s planned correction and corrective action for all minor nonconformities.
- Closure of some of the minor non conformities may be verified by perusal of documentary evidence submitted to the ARS office/ audit team leader.
- Closure of some of the minor non conformities may be verified during subsequent surveillance audit.
Action prior to making a decision
The Technical Committee/Audit report reviewer & certification decision maker confirms, prior to making a decision, that –
The information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification.
It has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all major nonconformities that represent –
failure to fulfill one or more requirements of the audit standard
a situation that raises significant doubt about the ability of the client’s management system to achieve its intended outputs
It has reviewed and accepted the client’s planned correction and corrective action for all minor nonconformities.
Closure of some of the minor non conformities may be verified by perusal of documentary evidence submitted to the ARS office/ audit team leader.
Closure of some of the minor non conformities may be verified during subsequent surveillance audit.
The Quality Manager review the printed certificate to detect any errors. The certificate with all attachments like logo rules, Soft copy of ARS logo, cover letter etc is submitted to the Managing Director for his signature.
After approval signature of the MD, relevant information of the client and its certification status is put in the ARS website (www.arscert.com ).For certificate issued under scope of accreditation, The information about the certificate is updated on Client register by the Managing Director without any delayfrom the issuance of the certificate.
The signed certificate is updated on the client list and forwarded for dispatch. The QM verifies the appropriate updation on ARSclient register and records it on the certificate issue checklist of ARS. Ref. ARS-F_034 Certificate Issue Checklist
The designating person verifies the certificate on ARS Client register and prepares the covering letter for the certificate issue to the client.
The signed certificate is sent to the client at his address or any other address he has specifically requested. The certificate shall not be issued to any other person without a written approval from the client. The certificate docket shall contain at least the following-
Covering letter from ARS.
Rules accompanying the logo
CD containing soft copy of the logos
Record of dispatch of certificate is maintained in the ARS office. Safe delivery of the certificate at client’s address is also verified by the ARS office by phone or E mail.
Change in Certificate
The client may request for change in certificate. This may be due to-
Change in ownership
Change in name of the company
Change in location
Increase or decrease in scope (products, services offered etc.)
Increase or decrease in locations
(In case of revision in the certificate suffix “-01” is added to the certificate no. In case of repeated revision in one certificate the suffix is revised in ascending order like -02, -03……..)
Client may request for change in certificate or reduction / expansion in scope to Quality Manager shall review the request and decide for a special audit if the next audit is not due in near future or if the next audit cannot be proposed. Quality Manager also determines if the changed scope is within accreditation scope of ARS.
In case of change in name of company or location without any change in management, the client shall submit ROC approval for the change. Where the management has changed, the details of MOA and ROC approval shall be submitted along with the request.
The duration for the special visit shall be decided by Quality Manager and communicated to the client. The lead auditor submits a descriptive report detailing the changes, justification for reduction / expansion of scope and review of the impact of change in the scope (use of logos etc). Where expansion of scope is requested, the compliance to QMS for the respective activities and impact on other processes is verified. In case the special visit is carried out as a part of routine surveillance, the descriptive report is added to the surveillance report.
ARS provides certification documents to the certified clients normally by courier. When requested scanned copy is also mailed to the client.
The certification document identifies the following:
The name and geographical address/ location of the certified organization.
The name and location of the headquarter and any site/s within the
scope of a multi-site certification) In case where the site addresses or scope details can’t be accommodated in one page, these are documented as schedules to the certificate and are referenced in the certificate.
Dates of granting, extending or renewing certification/Planned surveillance audit dates and the expiry date or recertification due date consistent with the recertification cycle.
ARS exercises proper control of ownership over use of certificate, marks/ logo and audit reports. We make this clear in our contract/ agreement with clients that ARS will take action to deal with incorrect references to certification status or misleading use of certification documents, marks (including accreditation symbol if applicable) or audit reports. This action could include requests for correction and corrective action, suspension, withdrawal of certification, publication of the transgression and, if necessary, legal action.
Maintaining certification: ARS has established a system which requires that for any nonconformity or other situation that may lead to suspension or withdrawal of certification, the Technical Committee appropriately decides the line of action, to determine whether certification can be maintained. ARSmaintains certification based on demonstration that the client continues to satisfy the requirements of the audit standard. It maintains a client’s certification based on a positive conclusion by the audit team leader.
Reassessment is a requirement of ISO17021-1:2015 and is intended to verify overall continuing effectiveness of the organization’s applicable management system in its totality.The reassessment provides for a review of the past performance of the quality management system over the period of previous certification, including examination of the documents/records relating to the internal audits, management review and effectiveness of corrective and preventive actions, etc.
The process of recertification would include a reassessment of the organization’s documented quality management system including a review of the Management System, where necessary, to be conducted before the expiry of three years term of validity. The recertification audits planned and conducted to evaluate the continued fulfillment of all of the requirements of the relevant management system standard or other normative document.
Reassessment is normally carried out at the end of three year cycle within one year from the last day of the last surveillance audit. However in the case of 9 month/Six month frequency the reassessment audit can be done at agreed interval but certainly before expiry of the certificate.
The process of Re-certification is planned by the competent application reviewer, in consultation with the Quality Manager. Notice is sent to the client, at least two months before the expiry of the certificate validity. If the client agrees for the recertification, updated status is captured in fresh application form, quotation is sent and application review is re done, and new contract is signed.
Information about any substantial change in management, machinery, and process and QMS scope is gathered, and if substantial change is reported, stage-1 audit is planned to assess suitability of the documentation with current process status of the client.
Objective of the recertification audit
- To assess the extent of the effectiveness of the management system in the light of internal and external changes with reference to the scope of the QMS certification.
- To assess whether the operation of the certified management system contributes to the achievement of the organization’s policy and objectives.
- To verify that the client is following the conditions of certification.
- Demonstrated commitment to maintain the effectiveness of the system.
- This reassessment activity can be divided under following headings covering the points listed below.
- Summary of Previous Audit Reports.
- Whether all areas/ processes/ clauses have been audited at least once in the last three year cycle.
- Any concentration of non-conformities against particular clauses/areas and effectiveness of corrective actions taken on nonconformities identified by ARS shall be closed as earlier.
- Quality Objectives and Continual Improvement.
Whether the operation of the certified management system contributes to the achievement of the organization’s policy and Objective
Surveillance audits are on-site audits, but are not necessarily full system audits. Surveillance audits planned together with the other surveillance activities so that the certification body can maintain confidence that the certified management system continues to fulfill requirements between recertification audits. The surveillance audits conducted at least once a year and the date of the first surveillance audit following initial certification shall not be more than 12 months from the last day of the stage 2 audit.
The Assigned team leader is responsible for conducting and managing the assessment along with other team member, if any. The Team Leader shall be of Auditor status as a minimum. As far as possible, same team should be sent for surveillance audit for the certification cycle. The team leader also ensures that any Technical Expert / Specialist are not allowed to function independently and are always accompanied by Auditor/ Lead Auditor.
The objective of surveillance audit is to:
- Ensure that the client’s management system which was basis of grant of certificate has been maintained on continuous basis.
- Verify and ensure that any changes to management system which might have taken place since last audit meet the requirement of the standard/ specification and implemented effectively
- Ensure on-site audits assessing the certified client’s management system’s fulfillment of specified requirements with respect to the standard to which the certification is granted.
- Ensure that the management system continues to be appropriate to the product/ process/ service offered by client, with the capability of managing and improving performance.
- Assess continual improvement in client’s management systems
The team leader shall review the client file, specially the last audit report to make note of any issues to be followed up, including the non conformities and corrective action plan. Audit plan shall be sent to clients in advance so that they can seek any changes with respect to timing etc, if found inconvenient due to administrative reasons. Audit should be conducted (at least annually and it shall be ensured that the date of first surveillance audit shall not be more than 12 months from the last day of stage 2 audit.) as per Surveillance audit plan given in the last audit report but if there is any change due to any justified reasons, the same should be recorded in auditor notes and surveillance audit plan shall be updated in the report. During opening and closing meeting, the attendance record sheet is circulated for recording name and designation of the client representative present. Either each person can record their name & designation or one person can do so
for all present. During each surveillance audit, client’s management systems shall be audited in adequate depth to ensure continued effectiveness of implemented system. All areas shall be audited at least once over a period of the certification cycle of three years however mandatory areas shall be audited every time. Following parameters are verified during each surveillance audit.
Additionally clients statements with respect to its operations (e.g. promotional material, website). Also reviewed during each surveillance audit.
enquiries from the certification body to the certified client on aspects of certification,
requests to the client to provide documents and records (on paper or electronic media),
other means of monitoring the certified client’s performance.
Internal audits and management review.
A review of actions taken on nonconformities identified during the previous audit
Actions taken on customer complaints.
Effectiveness. Of the management system with regard to achieving the objectives
Progress of planned activities aimed at continual improvement.
Continuing operational control.
Review of any changes and use of CB & AB marks.
The corrective action taken on non-conformities identified during last audit should be verified for its effectiveness. If the corrective action taken is not satisfactory/ non taken, the severity of the minor NC shall be re-issued escalated to Major and client shall be advised accordingly. In such a case, further action would be taken. Non-conformity reporting, report preparation, report distribution, requirement of CAP (in case NC is raised) shall be similar to certification audit procedure. In case a major NC is identified, the team leader shall review to look for the possibility whether the corrective action taken can be verified off site (i.e. on site verification is not required). In such case the suitable recommendation shall be made in the report.
Suspension, withdrawing or Cancellation of Client Certification
ARS have the authority to suspend certification in cases where on reviewing the audit reports and subsequent verification, he arrives to a conclusion that the-
a. Client’s certified management system has persistently or seriously failed to meet certification requirements, including requirements for the effectiveness of the management system in the surveillance Audit
b. the client’s management system has persistently lost the effectiveness of the management system
c. The certified client does not allow surveillance or recertification audits to be conducted at the required frequencies as mentioned in the contract no.
d. The certified client has voluntarily requested a suspension in writing to ARS.
Under suspension, the client’s management system certification is declared temporarily invalid. ARS makes enforceable agreement with its clients to ensure that in case of suspension the client refrains from further promotionof its certification.
Quality Manager ensures that the suspended status of the certification is publicly accessible on the website and also communicated to the client in writing.
ARS ensures that the suspended status of the certification is publicly accessible on the ARS’s website (www.arscerts.com).
ARS will Suspend the Client after 15 Days from Due Date of Surveillance and Withdraw the Clients after 06 Months from the Suspension.
ARS has established a policy to reduce the client’s scope of certification to exclude the parts not meeting the requirements of the audit standard, when the client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification.
ARShas established a policy to reduce the client’s scope of certification to exclude the parts not meeting the requirements of the audit standard, when the client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification.The scope of the certification and communicates in writing to the client and the list is updated on the website.
ARShas established legally enforceable arrangements with the certified client concerning conditions of withdrawal. As per this agreement, upon getting the notice of withdrawal, the client has to discontinue its use of all advertising matters that contain any reference to its certified status.
This Process correctly state the status of certification of a client’s management system as being suspended, withdrawal or reduced in ARS website andmay publish status of certification in newspaper as necessary.
|Sr. No.||Document Title|
|01||Issue of Certificate, Suspension, Reduction and Withdrawal|
ARS shall have a documented process to receive, evaluate and make decisions on appeals.
ARS shall be responsible for all decisions at all levels of the appeals-handling process. ARS shall ensure that the persons engaged in the appeals-handling process are different from those who carried out the audits and made the certification decisions.
Submission, investigation and decision on appeals shall not result in any discriminatory actions against the appellant.
The appeals-handling process shall include at least the following elements and methods:
- a) an outline of the process for receiving, validating and investigating the appeal, and for deciding what actions need to be taken in response to it, taking into account the results of previous similar appeals;
- b) tracking and recording appeals, including actions undertaken to resolve them;
- c) ensuring that any appropriate correction and corrective action are taken.
ARS receiving the appeal shall be responsible for gathering and verifying all necessary information to validate the appeal.
ARS shall acknowledge receipt of the appeal and shall provide the appellant with progress reports and the result of the appeal.
The decision to be communicated to the appellant shall be made by, or reviewed and approved by, individual(s) not previously involved in the subject of the appeal.
ARS shall give formal notice to the appellant of the end of the appeals handling process.
|Sr. No.||Document Title|
|01||MANAGEMENT OF APPEAL|
ARS shall be responsible for all decisions at all levels of the complaints handling process.
Submission, investigation and decision on complaints shall not result in any discriminatory actions against the complainant.
Upon receipt of a complaint, ARS shall confirm whether the complaint relates to certification activities that it is responsible for and, if so, shall deal with it. If the complaint relates to a certified client, then examination of the complaint shall consider the effectiveness of the certified management system.
Any valid complaint about a certified client shall also be referred by the ARS to the certified client in question at an appropriate time.
ARS shall have a documented process to receive, evaluate and make decisions on complaints. This process shall be subject to requirements for confidentiality, as it relates to the complainant and to the subject of the complaint.
The complaints-handling process shall include at least the following elements and methods:
- a) an outline of the process for receiving, validating, investigating the complaint, and for deciding what actions need to be taken in response to it;
- b) tracking and recording complaints, including actions undertaken in response to them;
- c) ensuring that any appropriate correction and corrective action are taken.
Whenever possible, ARS shall acknowledge receipt of the complaint, and shall provide the complaint with progress reports and the result of the complaint.
The decision to be communicated to the complainant shall be made by, or reviewed and approved by, individual(s) not previously involved in the subject of the complaint.
Whenever possible, ARS shall give formal notice of the end of the complaints-handling process to the complainant.
ARS shall determine, together with the certified client and the complainant, whether and, if so to what extent, the subject of the complaint and its resolution shall be made public.
|Sr. No.||Document Title|
|01||COMPLAINT HANDLING MANAGEMENT|
ARS shall maintain records on the audit and other certification activities for all clients, including all organizations that submitted applications, and all organizations audited, certified, or with certification suspended or withdrawn.
Records on certified clients shall include the following:
- a) application information and initial, surveillance and recertification audit reports;
- b) certification agreement;
- c) justification of the methodology used for sampling of sites, as appropriate;
NOTE: Methodology of sampling includes the sampling employed to audit the specific management system and/or to select sites in the context of multi-site audit.
- d) justification for auditor time determination (see 9.1.4);
- e) verification of correction and corrective actions;
- f) records of complaints and appeals, and any subsequent correction or corrective actions;
- g) committee deliberations and decisions, if applicable;
- h) documentation of the certification decisions;
- i) certification documents, including the scope of certification with respect to product, process or
service, as applicable;
- j) related records necessary to establish the credibility of the certification, such as evidence of the
competence of auditors and technical experts;
- k) audit programmes.
ARS shall keep the records on applicants and clients secure to ensure that the information is kept confidential. Records shall be transported, transmitted or transferred in a way that ensures that confidentiality is maintained.
ARS shall have a documented policy and documented procedures on the retention of records. Records of certified clients and previously certified clients shall be retained for the duration of the current cycle plus one full certification cycle.
|Sr. No.||Document Title|
|03||Quality Procedure for conducting Client’s audit/Onsite Audit|