STAGE 1 AUDIT PROCESS:
The Stage 1 audit shall be carried out at client's site. In exceptional circumstances part of stage 1 audit can take place off site, but it shall be fully justified and evidence provided, demonstrating that stage 1 objectives are fully achieved.
Stage 1 audit shall start with opening meeting and shall be concluded with closing meeting in which client shall be informed about the readiness for Stage 2 audit.
The Team Leader will give a documented conclusion and communicate to client organization that the Objective of stage 1 is fulfilled and client organization is ready to stage 2. The Findings of the Stage 1 shall be documented in the Stage 1 audit report and the same shall be communicated to the client by signing the audit report which shall include the identification of any areas of concern that could be classified as nonconformity during the stage 2 audit.
Stage 2 audits shall be initiated within maximum 60 days from the last day of stage 1 audit. Between the specified time client is said resolve areas of concern identified during the stage 1 audit. In case stage 2 audit is not initiated due to area of concern not been resolved within time frame or any significant changes occur which will impact the management system then stage 1 audit shall be performed again & Impartial Assessments Private Limited (IAPL) shall also need to revise its arrangements for stage 2. The Team Leader also communicates to the client organization that the result of stage 1 may postpone or cancellation of stage 2.
STAGE 2 AUDIT PROCESS:
The stage 2 audit shall take place at the site(s) of the client. At the end of the stage 1 audit, the Team leader shall prepare an audit plan for stage 2 and discuss with the client regarding the time frame of closing of non-conformities and area of the concern, if any.
Stage 2 audit shall include at least the following:
a) Information and evidence about conformity to all requirements of the applicable management system standard or other normative document
b) Performance monitoring, measuring, reporting and reviewing against key, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document).
c) The client's management system and performance as regards to meeting of the applicable statutory, regulatory and contractual requirements.
d) Operational control the client's processes.
e) Internal auditing and management review
f) Management commitment and responsibility for the client's policies.
The audit team shall gather the audit evidences during the initial audit i.e. stage 1 and 2 and analyse and review the audit findings and agree on the audit conclusions.
The audit team shall provide the following information to IAPL for the certification decision:
a) The audit reports of stage 1 and stage 2,
b) Non conformities raised with comments and correction and corrective action taken by client, if any
c) Confirmation of the information provided to the IAPL used in the application review and
d) A recommendation whether or not to grant certification, together with any conditions or observations.
IAPL shall make the certification decision on the basis of an evaluation of the audit findings and conclusions and any other relevant information (e.g. public information, comments on the audit report from the client).
Surveillance audit shall be conducted once in every calendar year. IAPL shall ask the client organization to provide the updated data before planning of the surveillance audit. First and second Surveillance audit shall be perform with in 12 and 24 months respectively from the date of certification decision. Therefore the surveillance audit shall be identified 1 month prior to the due date. The client shall be communicated through a Notice of Surveillance about the due date and proposed date of Surveillance audit. Scheme Manager shall monitor the effectiveness of Surveillance audits on monthly basis. If the client does not confirm the Surveillance Audit on due date then a Notice of suspension shall be served to the client company. In case client doesn't response then after 15 days letter of suspension is send to client. Suspension shall be valid for the next 3 months. After lapsing of the Suspension period the Notice of Withdrawn shall be issued to client. In case there is still no response from client or client is not complying with the certification terms and conditions, the Letter of Withdrawn shall be issued and the name of the client shall be removed from the Client Directory. Any valid justification provided by the client for the postponement of the audit can be considered and shall be recorded which has to be approved by Certification Manager and shall be communicated to the client.
Surveillance audits shall be on-site audits, but are not necessarily full system audits and IAPL shall plan the surveillance activities together with the other surveillance activities in such a way that representative areas and functions covered by the scope of the management system are monitored on a regular basis, and take into account changes to its certified client and its management system and assessing and creating the confidence the certified client's management system's fulfillment of specified requirements with respect to the standard to which the certification is granted between recertification audits.
Other Surveillance Activities includes:
a) Enquiries from the IAPL to the certified client on aspects of certification,
b) Reviewing of the promotional material, websites, letter head etc of any client's statements with respect to its operations,
c) Requests to the client to provide documents and records in any medium whether on paper or electronic media), and
d) Other means of monitoring the certified client's performance
The surveillance audit is to ensure following:
a) Internal audits and management review
b) A review of actions taken on nonconformities identified during the previous audit
c) Complaint Handling
d) Effectiveness of the management system with regard to achieving the objectives and intended result of applicable management system
e) Progress of planned activities aimed at continual improvement
f) Continuing operational control
g) Review of any changes
h) Use of Logo
i) Verify the OHS for the respective objectives and targets
j) Hazard Identification & Assessment Controls
k) Compliance towards Legal & Other requirement including customer requirements
Re-Certification Audit Notice shall be communicated to the client before the 90 days of the expiry of the certification. Recertification audit shall be planned and completed before the expiration of the certificate. IAPL shall ask the client organization to provide the updated data before planning of the recertification audit. The recertification audit shall be conducted onsite and shall be planned to evaluate the continued fulfillment of all of the requirements of the relevant management system standard or other normative document.
During the Recertification if any nonconformity or lack of evidence of conformity are identified then correction and corrective action shall be implemented within 30 days of the recertification audit or before the date of expiry of certification whichever is earlier.
IAPL shall take decisions on renewing certification based on the results of the recertification audit, as well as the results of the review of the system over the period of recent certification cycle and complaints received from party interested in certification.
In case of the major non conformity found during the recertification audit the correction and corrective action shall be taken with 60 days but before the expiration of the certification. The expiry date of new certification shall be based on expiry date of existing certification. The issue date on new certificate shall be on or after the recertification decision. In case IAPL has not completed the recertification audit or the IAPL is unable to verify the implementation of the correction and corrective action for any major non conformities prior to the expiry date of the certification, then recertification shall not be recommended and the validity of the certification shall not be extended. The client organization shall be informed and the consequences shall be explained.
After the expiration of the certification IAPL can restore the certification within 6 months subject to the outstanding certification activities are completed otherwise at least the stage 2 shall be conducted.
The effective date on the certificate shall be on or after the recertification decision and expiry date shall be on the basis on the previous certification cycle.
Recertification shall include the following:
a) The performance of the management system over the period of certification, and include the review of previous surveillance audit reports.
b) Stage 1 audit shall be conducted in the Recertification audit in the situation when there are significant changes to the client, management system, changes in the legislation or the context in which the management system operating.
c) In case of multisite or Integrated Management system the planning of the audit shall ensure adequate onsite coverage to provide a confidence in the certification.
d) the effectiveness of the management system in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification;
e) Commitment to maintain the effectiveness and improvement of the management system in order to enhance overall performance.
f) The effectiveness of the management system with regard to the achieving the certified client objectives and the intended results of the respective management system demonstrated.
g) Compliance towards Legal & Other requirement including customer requirements
h) The nonconformities that are found to exist at previous surveillance and reassessment audited effectively corrected within a time agreed by IAPL and the client organization. In case correction is not made within the time agreed then Has IAPL reduced the scope of certification or the certificate suspended or withdrawn.
EXPANDING OF SCOPE:
IAPL shall expand the scope as getting the application for expanding the scope of a certification already granted. After getting the application, IAPL shall plan a full audit or Limited audit. The audit can be in the conjugation with the surveillance audit. After the result of the audit IAPL shall take the decision that the scope can be extended or not. In case of refusal of the extension of scope the full reason shall be intimated to the client organization.
SHORT NOTICE AUDIT:
The Certification Manager (CM) can conduct an audit on short notice or unannounced audit to verify handling of customer's complaints, important modification within the organization or any reason leading to withdrawal or suspension of the certificate.
The CM, based on the nature of complaint, shall take decision on the time frame within which the audit is to be conducted. In case of Short Notice Audit because of Customer Complaint, the audit team shall not disclose the name of the complainant.
The CM shall assign an auditor to perform the short notice audit and informs the organization about the identity of the auditor. The organization may refuse the appointed auditor and request once for a substitute. After the audit, the auditor shall report about the results of his investigation and shall make his recommendation to the CM.
What is Suspension / Withdrawal of Certificate?
1. Impartial Assessments Private Limited (IAPL) has the authority to suspend certification in cases where on reviewing the audit reports and subsequent verification, reviewer(s) arrives to a conclusion that the:-
Client's certified management system has persistently or seriously failed to meet certification requirements, including requirements for the effectiveness of the management system in the surveillance audits.
The certified client does not allow surveillance or recertification audits to be conducted at the required frequencies as mentioned in the agreement.
The certified client has voluntarily requested a suspension in writing to IAPL.
2. Under suspension, the client's management system certification becomes temporarily invalid. IAPL ensures through enforceable arrangements with its client that in the period of the suspension the client cannot use or promote the certification. The suspension shall be communicated to the client and the suspension status of the client shall be updated in the client directory maintained and on the website of IAPL. It shall be communicated by sending a notice to the client that in case the suspension is not revoked or issue not resolved within 6 months time from the date of suspension then the certificate shall be withdrawal/cancelled or scope shall be reduced or certificate shall be cancelled.
3. Upon verification of audit reports and subsequent on-site verification, the IAPL may reduce the client's scope of certification to exclude the parts not meeting the requirements, when the client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification. IAPL ensures the reduction shall be in the line with the requirements of the standards used for certification.
4.IAPL ensures that there is an enforceable agreement signed by certified client concerning conditions of withdrawal ensuring upon notice of certification that the client discontinues its use of all advertising matter that contains any reference to a certified status as per agreement.
IAPL ensures that the correct status of the client i.e. active, suspended, withdrawal or cancelled shall be updated on website.