title regulation for the accreditation of management ... · complaints, reservations and appeals...

GENERAL REGULATION RG-01-01 rev.01 pag. 1/25

Date: 18-07-2017

Title Regulation for the accreditation of management system

certification bodies

Reference RG-01-01

Revision 01

Date 18-07-2017

NOTE: The present document represents the English version of document under

reference at the specified revision. In case of conflict, the Italian version will

prevail. To identify the revised parts reference must be made to version in Italian

language only.

Preparation Approval Authorization Application date

The Director Of the Department

The Directive Council The President 01-01-2018


Date: 18-07-2017

CONTENTS

0.1. SCOPE AND FIELD OF APPLICATION ......................................................... 4

0.2. REFERENCE STANDARDS ........................................................................ 4

0.3. TERMS AND DEFINITIONS ...................................................................... 4

0.4. ACRONYMS ........................................................................................... 5

PART 1 – REQUIREMENTS RELATING TO THE ACCREDITATION PROCESS ........... 6

1. REQUIREMENTS AND INFORMATION FOR ACCREDITATION ........................ 6

1.1. GENERAL INFORMATION ......................................................................... 6

1.2. PRESENTATION AND EXPLANATIONS REGARDING THE APPLICATION FOR

ACCREDITATION .................................................................................... 7

1.3. PROCESS OF ACCREDITATION ................................................................. 7

1.4. DECISION-TAKING PROCESS AND GRANTING OF ACCREDITATION .............. 8

1.5. SURVEILLANCE AND RENEWAL OF ACCREDITATION ................................... 9

1.6. EXTENSION OF ACCREDITATION ............................................................ 11

1.7. DECISION-TAKING PROCESS AND THE GRANTING OF EXTENSION OF

ACCREDITATION ................................................................................... 12

1.8. SUSPENSION, WITHDRAWAL AND REDUCTION OF ACCREDITATION ........... 12

1.9. COMPLAINTS, RESERVATIONS AND APPEALS ........................................... 13

1.10. OBLIGATIONS OF THE CB ...................................................................... 13

1.11. OBLIGATIONS OF ACCREDIA .................................................................. 13

2. PART 2 – REQUIREMENTS RELATING TO CBs OF MANAGEMENTS SYSTEMS

................................................................................................................. 14

2.1. COLLABORATION WITH ACCREDIA .......................................................... 14

2.2. ORGANIZATION AND PROCEEDINGS OF THE CERTIFICATION BODY ............ 15

2.3. PERFORMANCE OF CERTIFICATION ACTIVITIES ........................................ 16

2.4. SEPARATION BETWEEN CERTIFICATION ACTIVITIES AND CONSULTANCY

ACTIVITIES .......................................................................................... 18

3. PART 3 – REQUIREMENTS FOR THE ASSESSMENT OF THE COMPETENCE OF

MANAGEMENT SYSTEM AUDITORS AND EXPERTS ..................................... 19

4. PART 4 – REQUIREMENTS CONCERNING THE SCOPE OF CERTIFICATION AND

THE CONTENTS OF CERTIFICATES OF CONOFMIRTY ................................. 20

4.1. GENERAL ............................................................................................. 20

4.2. CRITERIA FOR THE DEFINITION OF THE SCOPE OF CERTIFICATION OF QUALITY

MANAGEMENT SYSTEMS ........................................................................ 23


Date: 18-07-2017

4.3. CRITERIA FOR ESTABLISHING THE SCOPE OF CERTIFICATION OF

ENVIRONMENTAL MANAGEMENT SYSTEMS .............................................. 24

4.4. CRITERIA FOR ESTABLISHING THE SCOPE OF CERTIFICATION OF WORKPLACE

HEALTH AND SAFETY MANAGEMENT SYSTEMS ......................................... 24

ANNEX 1 - IAF MD 17:2015 ISSUE 1 – WITNESSING ACTIVITIES FOR THE

ACCREDITATION OF MANAGEMENT SYSTEMNS CERTIFICATION BODIES .. 25


Date: 18-07-2017

0.1. SCOPE AND FIELD OF APPLICATION

The present Regulation is applicable to the accreditation of Certification Bodies (CBs) providing

certification of management systems, setting out the conditions and procedures for the issuance,

surveillance, extension, renewal, reduction/self-reduction, suspension/self-suspension, and

withdrawal of accreditation of the CB in accordance with the applicable standards and guides, with

the inclusion of specifications and details in cases where the reference standards for the scheme

provide only general requirements which are not covered by the General Regulation, RG-01.

The present Regulation shall not be applied separately from the General Regulation RG-

01.

0.2. REFERENCE STANDARDS

The normative references to be considered for the application of the present Regulation are detailed

in the version in force of the ACCREDIA LS-02 document: “Reference standards and documents for

the accreditation of certification bodies” in the current revision.

It follows that – within the framework of a given accreditation, certification or sector scheme the

present Regulation is integrated by specific technical regulations/documents (RT and DT) as well as

technical circulars, where such exist.

The application of the individual technical documents, RT/DT/technical circulars to certification

activities carried out abroad is to be considered optional unless otherwise specified in such

documents.

0.3. TERMS AND DEFINITIONS

The terms and definitions contained in General Regulation RG-01 and the following sector/scheme

specifications are applicable:

• Impartiality: the presence of objectivity.

Note 1: Objectivity means that there are no conflicts of interests, or that they have been

resolved in such a way that they do not impact negatively the activities of the CB;

Note 2: Other useful terms for transmitting the concept of impartiality include:

“independence”, “absence of conflicts of interest”, “absence of bias”, “neutrality”,

“honesty”, “open-mindedness”, “equity”, “detachment”, “equilibrium”.

• Consultancy activities related to the management system: Participation in the

definition, implementation or maintenance of a management system.

Examples:

- preparation or creation of manuals or procedures, and

- providing specific advice, instructions or solutions for the development and

implementation of a management system.


Date: 18-07-2017

With regard to the present Regulation, the wording regards activities concerning:

• the planning, creation and maintenance of management systems;

• training activities outside the limits set out in the applicable EA/IAF Guides.

Note 1: To organize training courses and take part as teacher is not considered consultancy

except in cases where courses refer to management systems or audit activities, they are

limited to providing information of a general nature and the teacher does not provide specific

solutions to the client.

Note 2: To provide general information but not specific solutions to the client to improve the

processes or systems is not considered consultancy. Such information may include:

- explaining the meaning and aims of the requirements for certification;

- identifying improvement opportunities;

- explaining theories, methods, techniques and related tools;

- sharing non-confidential information regarding best practices;

- other management issues which are not covered by the management system

undergoing audit.

• Risk-based approach

CBs shall take into consideration the risk associated with providing competent, coherent and

impartial certification. The risks may include, but are not limited to the following:

- the objectives of the audit;

- the sampling used in the audit process;

- real and perceived impartiality;

- questions related to mandatory legal responsibilities;

- the client’s organization undergoing audit and its operative area;

- the impact of the audit on the client and on its activities;

- the health and safety of the audit teams;

- the perception of interested parties;

- misleading declarations by the certified client;

- use of the mark.

• Related certification schemes: certification schemes related to one or more of the

following schemes: ISO 9001, ISO 14001, ISO 27001, OHSAS 18001.

0.4. ACRONYMS

• ACCREDIA–DC: ACCREDIA Dept. of Certification and Inspection;

• CB: Certification Body;

• CSA: Sector Accreditation Committee;

• DDC: Director of the Deptartment of Certification and Inspection;

• FT: Technical Officer;

• AIAD: Italian federation of aerospace, defense and security companies;

• CBMC: AIAD committee for the management CBs of management system.


Date: 18-07-2017

PART 1 – REQUIREMENTS RELATING TO THE ACCREDITATION PROCESS

1. REQUIREMENTS AND INFORMATION FOR ACCREDITATION

1.1. GENERAL INFORMATION

1.1.1. Accreditation and subsequent listing on the Register, are granted to CBs that perform the

certification of management systems in accordance with the standards and documents applicable to

them and detailed in the ACCREDIA document LS-02.

Accreditation for the certification of management systems is granted in accordance with the sector

classification defined in the international guides, in compliance with the EA and IAF multilateral

agreements.

All the IAF codes (see the document IAF ID1) are gathered in a series of technical clusters within

each of which there are critical sectors (as set out in IAF MD 17).

1.1.2. The conditions under which a CB can be accredited, are as follows:

• that it fulfills the requirements of General Regulation RG-01;

• that, at the initial assessment at its head office it shall be operative (either directly or with a

different name, if, for example, a branch of the organization has been transferred and has

issued certificates for at least 12 months, but this is not applicable to CBs already accredited

in other schemes).

1.1.3. The CB shall send annually to ACCREDIA-DC (by the end of the first semester of the year)

by means of the appropriate module, which is available in the area for bodies in ACCREDIA’s website,

the following data concerning activities conducted under accreditation, for each certification scheme:

• annual revenue (including non-accredited activities);

• annual revenue for each accreditation scheme;

• n° of internal staff in certification activities;

• n° of certified sites and n° of certificates;

• audit days used in the year for each certification scheme.

ACCREDIA-DC reserves the right to extend these applications to other activities performed by the

CB such as revenue from training activities.

The elements and data concerning the calculation of the above parameters shall be kept available to

ACCREDIA-DC and/or its assessors.

If such data is not received within the specific timeframe, ACCREDIA-DC may impose sanctions on

the CB.


Date: 18-07-2017

1.2. PRESENTATION AND EXPLANATIONS REGARDING THE APPLICATION FOR

ACCREDITATION

1.2.1. The provisions of General Regulation RG-01 are applicable for the application to be presented

by the CB to ACCREDIA-DC by means of the modules DA and DA-01, which are available on

ACCREDIA’s website, together with any other necessary document.

If the application is for new accreditation/certification schemes, § 1.2.3 of General Regulation RG-01

becomes applicable.

1.3. PROCESS OF ACCREDITATION

1.3.1. Document Review

The provisions of General Regulation RG-01 are applicable with the specification that for the

aerospace scheme, if, after the document review and after direct contact with the applicant CB, it is

apparent that the body is not yet sufficiently prepared to be accredited, a new application cannot be

made until at least 12 months later.

1.3.2. Assessments

1.3.2.1. The provisions of General Regulation RG-01, are applicable with the specification that the

duration of the on-site audit (*) depends on the specifics of the scheme (e.g. the number and

criticalities of the sectors and clusters of sectors of the application, the number of locations to be

audited) and other factors such as the number of findings from the document review, the language,

the transfer times, etc…).

Note (*): If the accreditation audit is conducted jointly with another scheme, ACCREDIA-DC will

decide if it is possible, bearing in mind the critical factors as mentioned above, to reduce the total

time.

1.3.2.2. Witness assessments have the following objectives:

• to verify that the CB’s certification program and procedures have been properly applied

(especially with regard to the appointment of a competent audit team and the adequate

duration of the audit) and to verify the correct formulation of the scope of certification;

• to observe the behavior of the CB’s auditors to ensure that:

- they follow the CB’s procedures;

- they are able to respect:

- the requirements of certification;

- the requirements of UNI CEI EN ISO/ IEC 17021-1;

- the mandatory IAF documents;

- any existing specific sector requirements, where applicable;

- to obtain a representative sampling of the CB’s competences regarding the scope

of accreditation.

Aspects such audit duration or auditor qualifications may require a check with the CB’s head office.


Date: 18-07-2017

The witness assessment, particularly if it is a renewal assessment, permits the evaluation of whether

the CB has formed a correct judgment which is in line with the actual state of the system.

The number and typology of the witness assessments may vary according to the number of critical

sectors within the technical clusters/categories/technical areas to be assessed.

For the initial accreditation in each management scheme ACCREDIA-DC performs a witness

assessment of both the Stage 1 and Stage 2 for at least one of the CB’s clients. Before the Stage 2

witness assessment of the same audit, the applicant CB shall submit the complete report and/or the

conclusions of the Stage 1 to the ACCREDIA-DC assessors. If the CB has no new clients it is possible

to perform the witness assessment on one renewal audit or on two surveillance audits as long as

they cover key processes.

The witness assessments are performed by at least one qualified ACCREDIA-DC assessor.

For accreditation schemes and/or sectors for which ACCREDIA-DC does not have available the

necessary competences concerning the processes and products of the organization where the audit

is conducted, the assessor is assisted by a technical expert who is selected from the list.

1.3.2.3. The CB shall allow the ACCREDIA-DC assessment team members to gain access to its

location and to the locations operative by sub-contract for any process, as well as to its

documentation, and it shall give them the maximum co-operation.

Likewise, the CB shall put in place measures which allow access by the ACCREDIA-DC assessment

team members to the locations of the applicant or certified organizations.

1.4. DECISION-TAKING PROCESS AND GRANTING OF ACCREDITATION

General Regulation RG-01 is applicable, with the following specifications:

• following the granting of accreditation, the CB may re-issue within one year the previously

issued certificates in the technical cluster or sector in question with the reference to the

ACCREDIA symbol;

• for QMS, EMS, EMAS and OHSAS schemes, accreditation is granted for technical clusters of

sectors;

• for the ISMS and ITSM schemes, accreditation is granted for all IAF sectors;

• for the EnMS scheme accreditation is granted for the technical areas;

• for the FSM scheme accreditation is granted for the category.

At the moment of the issue of accreditation ACCREDIA-DC shall send a copy of the decisions to AIAD-

CBMC for recognition of the issue of accreditation in the aerospace area.


Date: 18-07-2017

1.5. SURVEILLANCE AND RENEWAL OF ACCREDITATION

1.5.1. Surveillance of Accreditation

1.5.1.1. General

General Regulation RG-01 is applicable, with the following specifications:

• for surveillance audits all the CB’s locations as well as those of organizations certified by the

CB and also locations used by sub-contract for any process, shall be accessible for ACCREDIA-

DC’s assessment team;

• if, due to unexpected events preventing the performance of assessments, ACCREDIA-DC

applies the provisions contained in the document IAF ID3;

• the CB shall place, in the reserved area of ACCREDIA’s website in the section “Structure of

the CAB”, updated information regarding its organization and documents with respect to the

information and data provided with the initial application for accreditation (and subsequent

applications for extension) when there are significant changes in the human resources and

the procedures used for the certification activities. In particular, the CB is under an obligation

to transmit the updated editions of the quality manual, the certification regulations, the

controlled lists of qualified auditors for the various certification activities and the names of

members of internal committees.

1.5.1.2. Programmed Surveillance of Accreditation

General Regulation RG-01 is applicable as well as the requirements of point 4 of IAF MD 17 (see

Annex 1).

In cases of technical clusters (e.g. in some related schemes or in the ISMS and ITSM schemes, for

maintenance of accreditation, throughout the period of accreditation and except in particular cases

(e.g. handling of complaints, modifications to the certification scheme, changes to the CB’s structure

etc.), the following assessments shall be performed:

• if the CB has issued fewer than 50 certificates in the scheme, one witness and one on-site

assessment shall be performed;

• if the CB has issued between 51 and 200 certificates in the scheme, two witness assessments

and one on-site assessment shall be performed;

• if the CB has issued more than 201 certificates in the scheme, two witness and two on-site

assessments shall be performed.

For the aerospace scheme the duration of witness surveillance assessments is based on the

requirements contained in ACCREDIA document RT-18.

As stated in the document IAF MD 17, “for CBs which have shown sufficient experience and capacity

to be able to pass to a more evolved surveillance program” ACCREDIA-DC uses, only with the

agreement of the CB, market surveillance visit as an additional activity to cover the clusters not in

one cycle of accreditation, but in two.


Date: 18-07-2017

ACCREDIA, therefore, for every 2 cycles of accreditation, shall perform a witness assessment and a

market surveillance visit for every 2 clusters, with an upward round-off in cases of an odd number

of accredited clusters.

1.5.1.3. Non-programmed Surveillance of Accreditation

General Regulation RG-01 is applicable.

If ACCREDIA-DC performs assessments directly of auditing companies or other companies operating

by outsourcing agreement with the CB, any findings shall be reported against the CB and not against

the organization.

1.5.1.4. Decision-taking process and granting of Maintenance of Accreditation


1.5.1.5. Variations of the field of Accreditation and of the Accreditation Standards


1.5.1.6. Transfer of ownership of Accreditation


1.5.1.7. Transfer of Accreditation between Accreditation bodies

General Regulation RG-01 is applicable with the specification that for the aerospace scheme,

ACCREDIA-DC shall send a copy of the decisions to AIAD-CBMC for recognition of the transfer of

accreditation.

1.5.2. Renewal of Accreditation

1.5.2.1. Process of Renewal of Accreditation

General Regulation RG-01 is applicable with the following specifications:

• the document review for renewal takes into consideration any such reviews carried out during

the year in other schemes/sectors for which the CB is accredited. ACCREDIA-DC can decide

whether to carry out a document review for renewal during the on-site assessment;

• the duration of the on-site renewal audit (*) is determined depending on the specific

criticalities of the schemes and sectors in question e.g. the number of locations, criticalities

of the schemes and sectors in question and other factors such as the handling of complaints

and remarks, the number of findings to be closed, any sanctions imposed on the CB,

language, transfer times etc.

Note (*): If the renewal assessment takes place jointly with another scheme, ACCREDIA-DC will

decide if it is possible (bearing in mind the critical factors as mentioned above) to reduce the total

time.

For the aerospace scheme the duration of witness surveillance assessments depends on the

requirements contained in ACCREDIA technical regulation RT-18.


Date: 18-07-2017

If, due to unavailability of the CB, it is not possible to assess the competence of the CB for the entire

scope of accreditation during the accreditation cycle (sectors, clusters, technical areas or categories

depending on the type of management system), ACCREDIA-DC shall reduce the scope of

accreditation.

1.5.2.2. Decision-taking process and granting of Renewal of Accreditation

General Regulation RG-01 is applicable with the specification that at the time of the renewal

ACCREDIA-DC shall send a copy of the decisions to AIAD-CBMC for recognition of the granting of

renewal of accreditation.

1.6. EXTENSION OF ACCREDITATION

1.6.1. General information

As regards the application for an extension of accreditation to new sectors (e.g. new IAF sectors) –

always within the scheme which is already covered by accreditation – the CB shall fulfill the

requirements of General Regulation RG-01, unless otherwise specified in the technical

regulations/documents or technical circulars.

1.6.2. Presentation and explanation of the Application for Extension

1.6.2.1. General Regulation RG-01 is applicable with the specification that the application for

extension of accreditation of a CB shall be presented to ACCREDIA-DC, using the modules DA and

DA-01 (*) (section for extension), available on ACCREDIA’s website, together with all the necessary

documents.

If a CB is accredited for other schemes the modules for application for extension require the sending

of the documentation in simplified form.

The application cannot be submitted if a sanction blocking extension is in place, see § 1.8.

1.6.2.2. Flexible Scope

In accordance with § 1.5.1.5.2 of General Regulation RG-01, the following applies.

For the extension of accreditation to the flexible scope of accreditation, General Regulation RG-01 is

applicable.

In all cases the adoption of the flexible scope by a CB is subject to the approval of ACCREDIA-DC

which is granted in accordance with the requirements of technical regulation RT-37.

1.6.3. Document Review

General Regulation RG-01 is applicable with the specification that the document review takes account

of any document reviews performed during the year in sectors/clusters/technical areas categories

for which the CB is already accredited.


Date: 18-07-2017

1.6.4. Assessments

1.6.4.1. General Regulation RG-01 is applicable as well as point 4 of IAF MD 17 (see Annex 1).

For the aerospace scheme an assessment is performed at the CB’s location.

In exceptional cases, justified by objective difficulties in the organization of witness assessments,

ACCREDIA-DC may authorize such assessments before the document review has been completed.

In these cases the process of extension is suspended until the document review has been concluded.

The above does not apply if a sanction blocking extension is in place, see § 1.8.

1.6.4.2. The criteria regarding the composition of the assessment team for extensions shall be the

same as those for initial accreditation assessments.

1.6.4.3. If, during the witness assessment, one or more NCs are raised and formalized, § 1.6.4.3

of General Regulation RG-01 is applicable.

1.6.5. Extension to “related” Certification Schemes

If a CB applies for extension in a “related” scheme, such as Business Continuity, management of

events, road safety management, asset management, anti-corruption management etc., it shall

meet the requirements of General Regulation RG-01, § 1.6.1 and 1.6.2, as well as the requirements

of the technical circulars sent by ACCREDIA-DC.

1.7. DECISION-TAKING PROCESS AND THE GRANTING OF EXTENSION OF

ACCREDITATION

General Regulation RG-01 is applicable with the specification that at the time of the granting

of extension ACCREDIA-DC shall send a copy of the decisions to AIAD-CBMC for recognition of the

granting of extension of accreditation.

1.8. SUSPENSION, WITHDRAWAL AND REDUCTION OF ACCREDITATION

1.8.1. Minor sanctions measures


1.8.2. Major sanctions measures (Suspension, Reduction, Withdrawal)

General Regulation RG-01 is applicable with the specification that the decisions of the CSA

are communicated to the CB by registered post or certified electronic post, signed by the ACCREDIA

President and sent in copy to the competent authorities if required (e.g. AIAD-CBMC for accredited

CBs in the aerospace scheme, IAF for cases in accordance with MD-07).

1.8.3. Suspension requested by the CB



Date: 18-07-2017

1.8.4. Procedural Reduction of Scope and renunciation of Accreditation

General Regulation RG-01 is applicable with the specification that the certificates issued are

covered by accreditation for a period of six months starting from the date of withdrawal or

renunciation of accreditation.

1.8.5. Resumption of Accreditation

General Regulation RG-01 is applicable with the specification that for the aerospace scheme the

decisions of the CSA of the resumption of accreditation shall be sent in copy to AIAD-CBMC.

1.9. COMPLAINTS, RESERVATIONS AND APPEALS

1.9.1. Complaints

General Regulation RG-01 is applicable with the specification that for the aerospace scheme the

requirements of Technical Regulation RT-18 are applicable.

1.9.2. Reservations


1.9.3. Appeals

General Regulation RG-01 is applicable with the specification that ACCREDIA-DC commits to signal

to AIAD-CBMC any appeals received by accredited CBs operating in the aerospace sector, and to

respond regarding handling of the appeal.

1.10. OBLIGATIONS OF THE CB

1.10.1. With explicit reference to QMS, IAF sector 28, reference shall be made to the agreement

with AVCP. If data is not uploaded by the CBs, ACCREDIA shall impose sanctions on the CB, graded

according to the delay in providing such information as required.

Sanctions may be imposed only if the delays are the fault of the CB, and they shall be due to:

• one-month calendar delay in data update: ACCREDIA will send a reminder by certified email,

repeated on each subsequent day until the requirement is met or until sanctions are imposed;

• two-month delay in data update in data update: automatic temporary reduction of

accreditation for QMS, IAF sector 28, or total suspension in cases of failed update of all

sectors;

• four-month calendar delay in data update: permanent automatic reduction of accreditation

for QMS, IAF sector 28 or withdrawal in cases of failed update of all sectors.

1.11. OBLIGATIONS OF ACCREDIA



Date: 18-07-2017

2. PART 2 – REQUIREMENTS RELATING TO CBs OF MANAGEMENTS SYSTEMS

Part 2 contains a series of requirements regarding the organization and operation of management

system CBs, with which the CBs are under obligation to conform in the context of conformity to the

applicable normative references.

The EA/IAF documents and guidances are mandatory.

2.1. COLLABORATION WITH ACCREDIA

2.1.1. As already partially described, the CB shall allow ACCREDIA-DC to act as follows:

• to select the audit team set up by the CB, and/or the organization where the witness

assessments are to be performed and/or the personnel to be interviewed. For this purpose

the CB shall submit to ACCREDIA-DC the up-to-date and complete program relating to the

CB’s auditing activities and all other information necessary to enable ACCREDIA-DC to

perform the assessments, in a timely manner for planning;

• to obtain and view the accountancy documents during the on-site audit.

2.1.2. When the witness assessment is conducted at the CB’s location, the CB shall

organize a meeting between the ACCREDIA-DC assessors and an agreed sample of its

auditors to enable ACCREDIA-DC to carry out the necessary in-depth appraisals.

2.1.3. All information relating in any way to the relations between ACCREDIA-DC and

the accredited or applicant CBs or the relations between the CBs and the certified

organizations shall be confidential, in other words, it shall not be disclosed by ACCREDIA-

DC to third parties unless:

• publication is foreseen by the accreditation or certification rules;

• communication is in accordance with this Regulation or is deemed necessary by ACCREDIA-

DC to effectively perform its activities, however remaining limited to the appropriate

recipients;

• is otherwise established by law or provided for by the Legal Authorities;

• the request, giving reasons, is made by another AB signatory to the EA or IAF agreements;

• disclosure is made with the explicit and unanimous consent of all the parties involved.

Failure to observe the requirements outlined above leads to the imposition of sanctions, as defined

in § 1.8.


Date: 18-07-2017

2.2. ORGANIZATION AND PROCEEDINGS OF THE CERTIFICATION BODY

2.2.1. The CB’s statute, or equivalent document, shall include the provision that certification

activities are the object of its activities.

2.2.2. With regard to the certification of management systems the CB shall:

• verify, during the audits at the organizations, that they have identified and respect the

requirements for their products/services, including ones which are legally cogent (such as

authorization required for undertaking activities directly related to the object of certification

for which there must be evidence in the audit documents);

• provide for, in the regulations for certification, the suspension (also cautionary) and

withdrawal of certification if the certified management system does not ensure respect for

the mandatory product and/or service requirements.

The CB shall have the necessary competence and resources to obtain the reasonable trust that the

product or services provided are adequately taken into consideration by the organization and that

they are under control by means of the QMS.

The CB has the responsibility of verifying that the organization’s management system can effectively

manage respect for the laws and standards regarding products and services provided, whilst

assuming no direct responsibilities concerning the adequacy of technical choices made by the

organization (for which the organization retains sole responsibility) or regarding conformity

assessment against the legal requirements.

Failure to respect the applicable legal requirements covering the organization’s products and services

constitutes an NC with regard to the requirements of the MS, irrespective of the controls and

approvals of competence of the authorities in question.

Respect for the mandatory requirements is understood to be an appraisal of the will and capability

of the organization. The certification audit is not an audit of legal compliance (UNI CEI EN ISO/IEC

17021-1, § 9.1.2.2.2).

2.2.3. With regard to the assessment of conformity to mandatory requirements regarding the

certification of certain management systems, see also the scheme regulations/technical documents

(RT-09 for EMS and any other applicable regulations).

2.2.4. The ACCREDIA-DC assessors, if a infringement is found regarding a standard or contact

which is relevant to the certified management system and not raised by the CB, shall classify the

failure correctly so as to permit rapid and appropriate management by the CB and to conciliate the

audit team’s responsibility with the mandate received from the DDC. Below we offer some

clarifications.

If the failure to respect the standard/contract comes within the scope of the audit, the ACCREDIA-

DC assessor raises a NC or another finding which refers to the specific requirement which has not

been respected, if it has not been sufficiently noticed by the CB (e.g. a violation by the organization

of a safety standard during an OHSAS audit).


Date: 18-07-2017

If the failure to respect the standard or contract is only a related matter the ACCREDIA-DC assessor

raises a Comment in order to recommend that the CB keeps control of such matters during the

subsequent audits in this scheme. For example, the breach of a safety standard in the QMS scheme

which may influence the conformity of the product or service, as may happen in the case of an

educational institute or a hospital.

If the presumed violation of the standard or contract is not within the scope of the audit the

ACCREDIA-DC assessor is not obliged to refer to it in his assessment report because it does not come

within the scope of his assessment and because it is not possible to guarantee his competence

regarding all aspects of the standard which are beyond the scope of the audit (e.g. a violation of a

standard regarding safety or fiscal issues in the QMS scheme, if this has no influence on product or

service conformity).

2.3. PERFORMANCE OF CERTIFICATION ACTIVITIES

2.3.1. The documents or parts of the documents specifying the rights and tasks of the CB and of

the client organization, shall be sent to the client before or concurrently with the signing of the formal

certification application.

The CB shall include, in the contractual documentation covering relations with certified organizations,

the provisions of the present Regulation concerning the obligations of such organizations.

In the quotation for clients and potential clients, the CB shall include the number of audit days the

CB will need for the audits, specifying the tasks involved in terms of days for each phase: initial

audit, first and second surveillance and re-certification audits.

In cases of participation in public tenders the CB shall be very careful about the information it

provides in the bid for the tender, taking into consideration the indications made by ACCREDIA in

the guides developed by the Committee of Control and Guarantee, especially if there are

requirements which are in conflict with ACCREDIA regulations or other normative documents which

are applicable for accreditation, the CB shall inform ACCREDIA-DC of participation in the tender.

2.3.2. Where applicable, the CB shall inform the organization in advance with regard to the

presence of ACCREDIA-DC assessors by sending the ACCREDIA-DC presentation letter.

The CB shall also emphasize that a refusal to accept ACCREDIA-DC assessors will result in non-issue

of accredited certification, suspension or in the withdrawal of certification if it has already been

issued.

2.3.3. If renewal activities are not successfully completed within the expiry date of the certificate,

the CB shall proceed, when necessary, as follows:

- Renewal activities (assessment and decision) are started before or after the expiry date

and have been completed with positive result within 6 months of the expiry date of the

certificate.


Date: 18-07-2017

Following expiry of the certificate the CB may, also after 6 months, restore certification as long as

the remaining certification renewal activities have been completed (e.g. performance or completion

of the renewal audit, verification of the implementation of treatments and CAs by the organization

following any major NCs and the relative decision): in such cases, with evidence on it of the period

of non-validity (the period between the expiry date of the previous cycle and the date of decision for

resumption of certification) and with the date of expiry based on the previous cycle of certification.

The duration of the assessment is the same as that of a Stage 2 audit (and, as a minimum, not less

than the duration of a renewal.

It is also possible not to put the initial date of the certificate (of previous cycle/s) but also in this

case the expiry shall be in line with the previous cycle and the effective issue date shall be subsequent

to or the same as the date of decision for renewal after the expiry.

- Renewal activities (assessment and decision) are not completed within one year after

the date of expiry of the certificate.

The CB shall perform an initial audit (or integrate an audit which has already been begun, until the

duration time is the same as for a Stage 1 + Stage 2), issuing a new certificate without maintaining

the old one.

It is therefore not a renewal but a new certification.

- In all the previous cases, when the audit activity is started and/or completed after

expiry of the certificate, the CB may decide to perform an initial audit (Stage 1 + Stage

2), issuing a new certificate without retaining the old one.

In addition:

• in the certificate it is not necessary to specify any periods of suspension, but only periods of

non-validity due to failed renewal;

• also if the certificate has a duration of less than 3 years owing to postponed renewal, the

principle whereby, in the cycle of certification (from the decision for renewal, possibly

deferred, at the subsequent renewal) all the requirements and all the scope of certification

(see ISO 17021-1 § 9.1.3.1 e 9.1.3.2), with surveillance assessments conducted at least

annually, remain fully valid.

With regard to IAF sector 28, ISO 9001, and the relations with AVCPass/ANAC, if the renewal is not

performed within the expiry date of the certificate, the certificate automatically becomes invalid, with

the consequences for maintenance of the SOA attestation, even if the delay in the renewal is only

one day. If the certificate is re-activated with an assessment conducted and completed at the most

within one year after the expiry date, the organization may present the new certificate (with reduced

validity with respect to the usual three years) to the SOA and to the other competent bodies.

2.3.4. In case of transfer the CB shall undertake its activities in accordance with the

document IAF MD 2.


Date: 18-07-2017

2.3.5. Other requirements

2.3.5.1. For the performance of its certification activities concerning the geographical areas in which

it operates, the CB shall be able to demonstrate that it:

• has evaluated the risks deriving from its activities;

• has taken adequate measures (e.g. insurance or risk funds included in the balance sheet) to

cover professional risks of internal staff and collaborators (e.g. auditors, committees)

deriving from its activities, also with regard to the activities of its clients.

Records shall therefore be kept regarding

• the reasons for which the CB has chosen an insurance policy or instituted risk funds rather

than taking other actions;

• explanations with regard to the adequacy of:

- the ceilings of the insurance policy, or of

- risk funds included in the balance sheet; or

- other counter-measures.

In Italy, by law, companies are under obligation to sign policies of civil liability for all dependent staff

that, owing to their responsibilities, are exposed to greater risk with respect to third parties.

2.3.5.2. In order to increase the effectiveness of conformity assessment activities, CBs may use,

also according to the type of organization undergoing certification (e.g. if it is a case of services for

the public or for consumers), particular techniques such as mystery or undeclared audits.

The performance of these audits shall not take up over 50% of the total time for audits and it may

be performed before or after the usual audits and/or at a different time, and not necessarily

consecutively.

This type of modality shall be in agreement with the client, included in the contract and stated in the

audit plan, indicating, at least, the sampling (processes, locations etc.) the possible period in question

and the logistical arrangements.

2.4. SEPARATION BETWEEN CERTIFICATION ACTIVITIES AND CONSULTANCY

ACTIVITIES

2.4.1. The CB shall keep documents available for ACCREDIA which provide objective evidence of

the absolute separation between the certification activities and any consultancy activities (as defined

in § 0.3) performed by persons (either physical or juridical) in any way whatsoever related to it. This

separation shall be guaranteed in relation to every aspect and stage of the activities performed by

the CB, commencing from the definition of the policies, through the development of the entire

certification process, up to the granting, maintenance and renewal of the certifications.

In order to do this, the CB shall perform an appropriate risk analysis relating to the provision of

competent, consistent and impartial certification, documenting the outcomes and giving reasons for

conclusions and solutions adopted, especially with regard to problems related to use of

auditors/inspectors operating also as consultants.


Date: 18-07-2017

The CB should define the risk indicators for regular monitoring/verification to ascertain that the risk

level is eliminated or reduced.

A useful guidance is provided by the recommendations made by the ACCREDIA Committee of Control

and Guarantee with regard the definition of consistent criteria for the assessment of certain

requirements in UNI CEI EN ISO/IEC 17021-1 during the surveillance assessment of accredited CBs.

It is recommended to use the document issued by the above Committee as a checklist for the

development of its risk analysis.

Violation of the above requirements leads to the imposition of sanctions in accordance with § 1.8.

2.4.2. Regarding company management systems, any relations between the CB and consultants

or consultancy companies shall be managed in conformity with the IAF decisions of Oct. 24-25, 2010

and in compliance with the applicable legislation.

If a payment has been made for acquiring a certification contract between the CB and the company

or person which/who has performed a consultancy service, the CB shall demonstrate that it respects

the following requirements:

• transparency – all the documentation regarding this relation shall be kept and made available

to ACCREDIA-DC on request. The client and the personnel of the CB shall be aware of this

matter and of the payment involved and that this situation does not put the client in an

advantageous position concerning certification;

• the CB’s management shall sign a declaration of impartiality which also refers to these

situations and the handling of them;

• the risk analysis shall include these factors. Special care shall be given to threats arising from

this type of relation at both individual and corporate level;

• the interested parties, after consultation with the CB, shall verify the effectiveness of the

measures undertaken to reduce risks which may derive from this type of relation with

consultants.

• a procedure shall be adopted ensuring that no unfair or inappropriate behavior takes place

during the certification process;

• any attempt to exert pressure or influence by the CB, the consultant or the client shall be

reported and dealt with.

3. PART 3 – REQUIREMENTS FOR THE ASSESSMENT OF THE COMPETENCE OF MANAGEMENT SYSTEM AUDITORS AND EXPERTS

For the definition of the requirements of competence and the identification of the technical areas for

the schemes regarding management systems of organizations, refer to the applicable standards and

related mandatory documents, e.g. ISO/IEC TS 17021-2, ISO/IEC TS 17021-3 etc), IAF MD-10, ISO

19011 and other applicable EA/IAF guidances.

The qualification requirements for QMS auditors may also be more strictly defined for certain sectors

in accordance with sector technical regulations, e.g. RT-05.

Regarding EMS auditors further requirements are defined in regulation RT-09.


Date: 18-07-2017

For other management systems, e.g. OHSAS, the qualification criteria for auditors are also given in

the relative scheme regulations.

The certification of auditors is not obligatory but it is strongly recommended because it demonstrates

the competence of auditors and minimizes the audit modalities and times needed by ACCREDIA-DC

assessors.

4. PART 4 – REQUIREMENTS CONCERNING THE SCOPE OF CERTIFICATION AND THE CONTENTS OF CERTIFICATES OF CONOFMIRTY

4.1. GENERAL

If the field of application of a scope o fan organization includes processes of delivery of, for example,

training courses, cleaning services, catering, work management and so on, the CB shall audit them

by means of direct observation during the initial certification audit and at least once in each cycle of

certification.

In order to obtain the necessary clarity and competences, the certificate, apart from respecting the

requirements of UNI CEI EN ISO/IEC 17021-1, shall contain as follows:

• reference to the applicable scheme/sector technical regulation, where there is one. Non-

accredited CBs shall not carry this reference;

• the IAF sector (primary, secondary…) or other specific sector classification (where

applicable).

In the scope of a management system certification the CB shall not make reference to voluntary

standards, regulations or laws containing the requirements regarding the product if such product

requirements are subject to different conformity assessment activities.

The intention of this rule is to avoid confusion between a management system certification and

product certification, or even with an authorization issued by a Public Authority.

Below there are some examples to help clarify how to interpret this paragraph. The examples are all

real cases, taken from the database of certified companies and published on ACCREDIA’s website.

The column “scheme” gives the scheme of the certificate and not that the error is applicable only to

that scheme.

N° Scheme INCORRECT scope CORRECT scope

1 QMS Delivery of third party service

(suppliers) of a business and of the

maintenance of heating system in

compliance with DPR 412/93 and

subsequent amendments

Delivery of third party service

(supplier) of a business and of the

maintenance of heating system


Date: 18-07-2017

2 QMS Assessment for the issue of certification

of port craft and components in

compliance with the directives

94/25/CE and 2004/44/CE

(implemented by D.Lgs. 171/05)

Assessment for the issue of certification

of port vessels and components

3 QMS Periodical and extraordinary checks of

third party service (suppliers) on

electricity systems in compliance with

D.P.R 462/2001

Periodical and extraordinary audits of

third party service (suppliers) on

electricity systems

4 QMS Checks and control tests of lifts in

compliance with DPR 162/99 and with

the lift directive CE 95/16

Checks and control tests of lifts

5 OHSAS Management of general contractor

activities undertaken in compliance

with art. 176 of Law Decree dated 12

April 2006 n. 163 and subsequent

amendments

Management of general contractor

activities of public tenders or services

6 EMS Preparation and performance of pest

control services in compliance with the

in compliance with the HACCP and BRC

FOOD standards

Preparation and performance of pest

control services


Date: 18-07-2017

In addition:

• the scope of a management system certification may make reference to laws only if the law

is a legal requirement (e.g. management system certification of tachographs);

• it is possible to state the denomination of a product if it is in compliance with regulated

provisions (e.g. the denomination Parmigiano Reggiano is regulated and any reference

means that it is subject to the PDO – reg. 118/12 system), provided that the certificate

specifies that the law or regulation are not the object of evaluation by the CB which has

issued the management system certification. With regard to this, the scopes of certification

(for example those related to certifications issued in compliance with ISO 9001, ISO 22000,

ISO 22005) shall not make explicit reference to characteristics of the product if these are not

the object a audit by the CB and, in particular, if the CB does not possess the necessary

qualifications for such declaration.

The field of application of the certification regarding the type of activity, product or service as

applicable in each site shall not be misleading or ambiguous.

Below there are some cases with respect to use of the term marketing:

Marketing (QMS scheme)

Case A – Marketing by design of the client

Some companies do not market only standardized products, but also by design of the client, using

external suppliers for design and production.

In such cases, if the production of other processes carried out by third parties, is the responsibility

of the producer, it is necessary to specify on the certificate that the producer has control over this

process. The CB shall also audit the controls of these processes performed by the organization.

Example:

• incorrect scope: “Marketing of screws designed by the client”;

• correct scope: “Marketing of screws and control of production of screws designed by the

client”.

Case B – Marketing with processing of the product

Some companies do not market only standardized products, but also carry out operations on the

product to adapt it to client requirements.

Below is the example of companies which market and process flanges.

The term “production” has been found in the scope of certification of this type of company, but it

must be remembered that to produce flanges it is necessary to print or forge the billets obtaining

the forged flange for final processing: such cases include that the forgers and printers are involved,

the only persons for whom it is possible to grant certification against UNI EN 10204 Metal products

– types of control documents 3.1.

The use of the term “production” for companies marketing and processing flanges is not correct

because it penalizes companies which really do perform production activities. In such cases the

wording should be “Marketing and processing (or assembly etc…) of flanges”.


Date: 18-07-2017

Generic terms such as “production” shall be avoided or clearly defined in detail according to their

components, as applicable.

Regarding transfers, if it is intended to retain the data of first issue on the certificate issued by

another CB, it shall be specified that it is not the first issue of the current CB, but of the previous

one.

4.2. CRITERIA FOR THE DEFINITION OF THE SCOPE OF CERTIFICATION OF

QUALITY MANAGEMENT SYSTEMS

4.2.1. The certificate shall indicate the accreditation sector(s) (IAF sector/s) in the area in which

the scope of certification is most appropriate. The first sector indicated is to be deemed the

“prevailing” sector. The scope of certification shall refer exclusively to the processes/products audited

by the CB.

In consideration of the fact that an accredited certification shall carry the accreditation mark (or

reference to accreditation), the certificate shall not give non-accredited processes or sectors. It is

necessary to have issued at least two certificates. It is neither permitted to issue only one certificate,

including a non-accredited part of the scope, nor to make a note or similar to specify that one part

of the scope is not accredited.

The accredited CB of management systems for a certain scope of certification, also if it has been

suspended, shall not issue accredited certifications in the same scope.

In cases of groups, consortiums and similar, it is possible to indicate, as well as the data of the

certified organization, also the data regarding the parent organization, taking care to avoid

ambiguous wording which extends inappropriately the applicability of the certificate. For this the CB

shall have specific and formalized audit procedures.

4.2.2. The operative units (production sites, plants, departments, divisions, etc. and the relative

addresses) where the activities which are included in the framework of the quality management

system subject to assessment are performed, shall be specified in the terms required by the need

for clarity and transparency. If the activity is performed in different production sites, these sites shall

be specified, if necessary, differentiating the respective competences or roles within the overall

production process.

If the processes are undertaken by the organization at temporary external sites (such as construction

sites, catering sties, training sites etc...) these temporary sites shall not be referred to in the scope

of the certificate.


Date: 18-07-2017


ENVIRONMENTAL MANAGEMENT SYSTEMS

4.3.1. The requirements detailed in § 4.2 above are applicable, in general, and subject to the

appropriate adjustments. In addition, the provisions outlined below are also applicable.

4.3.2. In formulating the scope of certification of each production location, it is necessary to

specify the activities undertaken and the results, highlighting the characteristics of the processes and

products corresponding to the most significant aspects from the environmental point of view.

Further information can be obtained by referring to the scheme Regulation RT-09.

4.3.3. Any violation of the provisions outlined above leads to the imposition of the sanction

measures defined in § 1.8.


WORKPLACE HEALTH AND SAFETY MANAGEMENT SYSTEMS

4.4.1. The requirements detailed in § 4.2 above are applicable, in general, and subject to the

appropriate adjustments. In addition, the provisions outlined below are also applicable.

4.4.2. The formulation of the scope of certification shall state the ongoing activities at each site

in question, with references to the risks for workplace health and safety related to the corporate

processes carried out at the site, including sub-contracted activities.

4.4.3. Any violation of the provisions outlined above leads to the imposition of the sanction

measures defined in § 1.8.


Date: 18-07-2017

ANNEX 1 - IAF MD 17:2015 ISSUE 1 – WITNESSING ACTIVITIES FOR THE ACCREDITATION OF MANAGEMENT SYSTEMNS CERTIFICATION BODIES

Please see the EA MD 17:2015 mandatory document “Witnessing Activities for the Accreditation of

management Systems Certification Bodies”, that can be downloaded, from IAF’s website, at the

following link

http://www.iaf.nu/upFiles/IAF_MD172014WitnessingActivitiesIssue1Version2PublicationVersion.pdf

.

title regulation for the accreditation of management ... · complaints, reservations and appeals...

Documents