10.1 Receipt and review of Audit report
The team leader is responsible for submission of audit report documents and can be given in electronic media to the client and the office. This contains at least corrective action plan for non-conformances, where ever applicable and assessor notes.
All audit reports (Stage 1, Stage 2, routine surveillances, follow-up, special audit, recertification etc) are reviewed at multiple stages.
includes administrative review. The submitted set of documents is reviewed for completion (also called administrative review) by AE. Audit report review checklist (F101) is used to record the review in case of Stage 1, Stage 2, Follow Up, Scope Extension, Special Audit, Recertification Audit and any cases where a certificate change is involved). AE issues a deviation note against the team leader (F102 Deviation note) if he / she finds one while administration review. AE submits his findings to Director Ops.
includes technical review. The audit report (corrected if possible) along with audit report review checklist (F101) in case of Stage 1, Stage 2, Follow Up, Scope Extension, Special Audit, Recertification Audit and any cases where a certificate change is involved is submitted to Certification committee member for technical review which includes review of the information provided by the audit team is sufficient with respect to certification requirements, scope of accreditation and effectiveness of corrections and corrective actions are effective for all non conformances raised during the audit. Stage 2 Review shall be carried out by the auditor qualified for the specific EAC sector, provided he has not participated in the audit and has not declared any conflict w.r.t. the client. Technical reviewer will be allotted who does not have a conflict of interest. It is the responsibility of the auditor to pro-actively declare of any conflict. The technical review may lead to a deviation note (F102), which is issued against the team leader, if a deviation is found. All auditors are trained for the review process. In cases where technical expert is used for the audit, the technical reviewer may discuss with the technical expert on the NC / observations used. The reviewer may also discuss any particular part of the report with the team leader / specific auditor. The reviewer also identifies if correction to deviation note (F102) issued needs to be completed prior to Stage 3. In case the audit report does not require review by certification committee chairman, the report is returned to AE for Stage 4.
includes decision making by certification committee chairman. Any audit report requiring issue of certificate (Stage 2 audit, change in scope or address, triennial audit etc) requires review and approval by certification committee chairman. For routine surveillance, the review by certification committee chairman is not required and the reviewer records his / her signature on the “Report Reviewed by” column of the audit report. The technical reviewer shall decide whether the report needs submission to certification committee chairman. Certification committee chairman reviews the findings of Stage 1 and 2 in addition to review of audit report prior to taking the decision. Correspondence related to the client (e.g. Complaints received against the client, changes in scope, media reports etc) are also reviewed during recertification decision. The decision taken is recorded on F101 form. For stage 1 audit, the stage 2 audit may be planned after technical review, however the certification committee chairman shall review the stage 1 audit report along with stage 2 audit before making his decision. The certification committee may ask for specific inputs from the client or send any auditor to the client to verify any part of the report.
In case Certification committee chairman is involved in the audit or is not available or has declared conflict w.r.t. any client, any other director reviews the audit report and takes the decision.
Involvement of the decision maker / technical reviewer / admin reviewer in audit means any type of audits which includes Stage 01, Stage 02, Surveillance, Renewal, and Special Audits. Report Reviewers (Admin and Technical), Certification Decision Makers should not be involved in any of these audits
includes further action by Account Executive. AE reviews the decision taken by technical review member and / or certification committee chairman for the following –
- Preparing the certificate as per process detailed below.
- Updating the client data base w.r.t. changes in client details, NC’s issued in the audit, planning for next audit etc.
- Filing the report in the client file along with all relevant papers like audit notes, corrective actions submitted by client etc. Auditor performance evaluation sheets etc are filed in respective files. Alternately the electronic copies of this documents to be saved in respective client folders.
- Verify compliance to all ISOQAR quality and certification requirements
10.2 Certificate preparation and issue
This involves preparation and review of certificate, certificate signature by Managing Director and updating the registrar of firms. In absence of Managing Director, Executive Director / Operations Director can sign the certificate.
Certificates are issued to clients following initial audit, extension to accredited scope, triennial audit, upgrade on surveillance or change in company details (name, address etc).
Certification documents are normally sent to the certified client in paper format though the postal system, however provision exists for the certificate to be sent electronically in a format that prevents alteration.
The certificates will be numbered sequentially starting with I001 followed by the global client code of ISOQAR
AE prepares the certificate:
- No certificate will be issued unless ISOQAR has evidence that all non-conforming notices raised have been closed out.
- Select the appropriate blank certificate(s) based on the standard as indicated on the audit report. Be sure to check for any changes indicated on Comment Sheets attached to audit report.
- Set the issue date to be the date of approval by certification committee chairman indicated on the F101 Audit report review checklist. Set the expiration date to be three years later. (An issue date of 15/10/11 would result in an expiration date of 14/10/14.)
- The expiry date may vary from above for transfer cases, where the expiry date shall be the same as earlier certificate. Also refer to any specific instructions given by Director Ops w.r.t. expiry dates e.g. during transition to revised standard, the expiry of old standard may be pre-decided by the accreditation board.
- The expiry date will be 14 Sept 2018 in case of all ISO 9001:2008 version certificates
- The initial registration date shall be the issue date for first 3 year cycle. In the triennial / renewal case, the initial registration date shall be the issue date of first certificate issued. Re Issue date will be the date the recertification audit report was approved by the certification committee and the expiry date will be an addition of three years from the previous expiry date or 14 Sept 2018 in case the renewal audit is carried out as per ISO 9001:2008 standard. The certificate number shall continue to be the same. The scope and address shall be the same as in earlier certificate unless changed at time of recertification audit.
- In case the client goes for second cycle but not as triennial (i.e. a gap between expiry of first cycle and second initial date), the certificate shall be considered as fresh and initial registration date shall be the same as issue date. The earlier certificate shall not be considered. A new certificate number shall be awarded.
- On each certificate to be issued, fill in the client organization's name, base office, address, standard (including issue year of standard), and scope, initial issue date, re issue date, expiry / valid until date based on the information on the audit report and certification review check list. Be sure to check for any changes indicated on Comment Sheets included in the audit report. The certificate will also include the name, address and certification mark of the certification body and other marks (e.g. accreditation symbol)
- Have the Director Ops review the certificate for any errors. In case the Director Ops is involved in the audit then Managing Director / Technical Director will review the certificate for any errors. In case the MD/OD/TD are involved in the audit, then a person from the certification committee will review the certificate for any errors. Submit the corrected and final certificate to Managing Director / Technical Director / Operations Director for his signature.
- Multiple sites each operating a common system with the same scope of certification shall have all the addresses on the same certificate. The client may request for individual certificates. In such cases, each site is issued with its own certificate with the same certificate number and a suffix is added. The certificate number shall be I/001A, I/001B etc.
- In cases of group of companies, the locations may have different scopes of certification or trading names, each is issued with respective names, addresses and scope. The certificate shall have the same certificate number with a suffix (as explained above).
- In the event of issuing any revised certification documents, then the original certificate number will have a suffix of revision number. E.g. I/001/07 – R1, for first revision. The expiry date of the certificate does not change and continues the same as the original. Issue date shall be the date of C.C. Chairman Approval. Initial Registration date shall be the same as original.
- In case of transfer of certificates, takeover of at time of renewal audits from other certifying bodies, the initial issue date / certified since can be the date when the client was initially granted certification
Client database shall be amended as per the database management process. The completed certificate with the audit report is reviewed by Director Ops for correctness and completeness of the certificate.
The certificate with all attachments like logo rules, cover letter etc is submitted to Managing Director / Technical Director / Operations Director for his signature.
Managing Director has no authority to reject / deny the issue of certificate. He may return the certificate to Chairman of Certification Committee clearly stating the reason for holding the issue. Chairman of Certification Committee shall review the reason and investigate on the same. However, if the Chairman has satisfied himself and re-sends the certificate to MD for approval, MD shall sign the certificate. A computer generated signature may also be used. The above process can be carried out by ED in absence of MD.
The signed certificate shall be sent to the client at his address or any other address he has specifically requested. The certificate shall not be issued to any other person without a written approval from the client. The certificate docket shall contain at least the following –
- Cover letter from ISOQAR
- Rules accompanying the logo (F103)
- CD containing soft copy of the logos / Hard Copies of the Logo.
- Customer survey form (F104)
A copy of the certificate together with all other documents supporting the approval shall be placed in the client's file or scanned in and stored on the doc server.
ISOQAR will verify in subsequent audits the usage of logo to ascertain incorrect references to certification status or misleading use of certification documents, marks or audit reports.
Actions which can include requests for correction and corrective action, suspension, withdrawal of certification, publication of the transgression and, if necessary, legal action.
10.3 Change in Certificate
The client may request for change in certificate. This may be due to –
- Change in ownership
- Change in name of the company
- Change in location
- Increase or decrease in scope (products, services offered etc.)
- Increase or decrease in locations (opening / closing of site etc.)
- Change in the version of the standard certified
Client shall request for change in certificate or reduction / expansion in scope to Director Ops. Director Ops shall review the request and decide for a special audit if the next audit is not due in near future or if the next audit cannot be preponed. Director Ops shall also determine if the changed scope is within accreditation scope of ISOQAR.
In case of change in name of company or location without any change in management, the client shall submit ROC approval / any other regulatory approval for the change. Where the management has changed, the details of M&A and ROC approval / any other regulatory approval shall be submitted along with the request.
The duration for the special visit shall be decided by Director Ops and communicated to the client. The lead auditor submits a descriptive report detailing the changes, justification for reduction / expansion of scope and review of the impact of change in the scope (use of logos etc). Where expansion of scope is requested, the compliance to QMS for the respective activities and impact on other processes is verified. In case the special visit is carried out as a part of routine surveillance, the descriptive report is added to the surveillance report.
The report is reviewed as detailed in 10.1 and 10.2 above. A new certificate is issued with the reissue date (this distinguishes the revised certificate) but having the same expiry date on successful completion of the above process. Director Ops shall review the contract to determine change in contract w.r.t. duration for further visits etc.
Certificates will be refused if there are any major non-conformances identified at time of certification or recertification audit until the time the corrections and corrective actions are verified.
Client will be informed about this at the time of opening and closing meeting.
Refusal to take business:
The Director Ops assesses a prospective client with respect to the risk of supplying services. Director Ops may refuse to provide the service for any of the following reasons
- Client business is out of accreditation scope
- Non availability of competent staff
- Commercial reasons
- Questionable reputation of client
10.4 Suspension and withdrawal or cancellation of certificates
This instruction covers suspension procedures through withdrawal or cancellation of the certification certificate and revision of the register of approved firms.
- Grounds for action are brought to the attention of the Director (Ops), who reviews the information and decides whether to proceed. Either way, the he / she issues a letter to the client via registered mail / courier advising them of the details of the grounds for action and the decision on whether to proceed.
- If the Director Ops decides to proceed, the client must reply to ISOQAR India within fourteen days of receipt of letter.
- If the Director Ops determines that the action or position contained in the client reply is satisfactory, he issues a letter stating this, and mails it to the client via registered mail.
- If actions are required, due dates must be set and Director Ops must review the actions at those times to ensure that they are effectively completed in order to prevent suspension or cancellation.
- If the client does not reply in fourteen days, if the reply is not satisfactory, or if the actions required are not effectively completed in the allowed time, the Director Ops determines whether to suspend or cancel certification.
- If the decision is made to cancel certification, the MD is responsible for suspending the client or canceling the client from the Register of Approved Firms, advising the client by registered mail / courier, and publicizing the cancellation, if necessary. MD cannot over-rule the decision made by Director Ops.
The following reasons are considered grounds for suspension:
- Effective corrective action for major nonconformance is not implemented within a specified time period of sixty days from the date of non-conformance issued.
- Improper or misuse of the certificate, symbol or logo not remedied to the satisfaction of ISOQAR India.
- Client ceases to supply product or service of the certified quality system for an extended period of time.
- Client’s certified management system has persistently fails to meet any of the requirements for certification including requirements for the effectiveness of the management system.
- Client does not allow surveillance / recertification audits to be conducted as per defined frequencies.
- Client fails to meet financial obligations to ISOQAR India.
- Client is unable or unwilling to ensure conformance to revisions of standards.
- Existence of a serious complaint, or a large number of second- or third-party complaints, which indicate that the quality management system is not being maintained.
- Client voluntarily request a suspension
An intimation (verbal / written) will be sent to the client fifteen days prior to suspending and issuing the suspension letter
Suspension period will be maximum of six months.
If the client has taken actions for the reasons they were suspended then these actions will be reviewed and if found satisfactory the certificate will again be restored.
The following reasons are considered grounds for de registration:
- The client fails to take effective corrective action within the maximum suspension period.
- Client makes a formal request to withdraw certification.
- Infringement by the client of any contractual conditions between the client and ISOQAR.
- Failure to comply with the deadline for transition to ISO 9001:2015 / ISO 14001 : 2015
An intimation (verbal / written) will be sent to the client fifteen days prior to deregistration and issuing the deregistration letter
The suspension or deregistration can be initiated if the client does not allow the routine surveillance to be conducted at the required frequency. The first surveillance audit is carried out not more than 12 months from the certification decision date. The subsequent routine surveillance is carried out not more than 12 months from the last surveillance audit with a grace period of one month given under special circumstances. In case the audit is not done as per above defined time lines the certificate is suspended and a suspension letter is sent to the client and also requesting him to agree for the audit. In case of client not conducting the surveillance audit within the suspension period, then the client is de registered. Successful completion of the audit within the suspension period shall not impact the certification and the suspension is revoked.
In case the audit is not done within within the suspension period, the certificate is deregistered / cancelled and the client shall be considered as a fresh case for certification. In this scenario the Operations Director will study such cases and make a decision whether a Stage 01 Audit again needs to be conducted or not.
Special circumstances might be like strike, natural calamities, business operations (case to case basis) etc.
Conditions for Suspension or Cancellation of Client Certification*
Subject to actions by the client, the following steps will be taken leading to possible suspension or cancellation of the client's certification:
- Unless a reply is received to the letter accompanying notification within 14 days, certification will be suspended and a notification of suspension may be published at the discretion of ISOQAR India.
- The client's response to the accompanying letter will be reviewed and the proceedings may be put on hold while clarification is sought.
- Where mutually agreed-upon corrective action is to be implemented, a time period for implementation will be specified and a review of the corrective action undertaken at the appointed time. This may be the subject of a special surveillance visit or of review of submitted objective evidence, at the discretion of ISOQAR India. Should the corrective action not be considered adequate or not be completed by the appointed time, certification will be automatically suspended.
- In the case of serious circumstances, ISOQAR India may invoke suspension during the period pending the implementation of corrective action.
- Where suspension has been invoked due to failure to conduct surveillance audit, the client shall give justification for failure and offer suitable date. The date shall not be later than six months from last audit. Failure to offer for audit within six months shall result in cancellation of certification. In case the surveillance audit is conducted within six months then the suspension will be revoked.
- When corrective action to resolve the problem(s) taken by the client has been verified, certification will be resumed. The period of certification will not be revised to cover the period of suspension.
- During the period of suspension the client shall not make claims that they are certified and will withdraw usage of the certification marks from all places where ever used.
- Cancellation of certification will be invoked where, following suspension of certification, the client fails to respond to ISOQAR India communications within the 14-day grace period or fails to implement corrective action within the appointed time period or fails to complete the routine audits within the time frame under which they are under suspension.
- In extreme circumstances ISOQAR India may invoke the cancellation of certification with immediate effect without recourse to initial certification suspension.
- Cancellation of certification will require the client to assume the status of non-approval and return all certification documentation to ISOQAR India.
- Use of certification documents, symbols, or logos by the client following certification suspension / cancellation may result in legal action being taken against the client.
- Re-approval after certification cancellation will be on the same basis, and follow the same process, as that of initial application for a new client. This will require a full assessment, with optional stage one review at the discretion of ISOQAR India.
- The de-certification will be published as a separate list and will be available at the ISOQAR India office and made available upon request.
- The client has the right to appeal any decisions of ISOQAR India and a copy of the appeals procedures will be made available upon request.
- AE shall remove the companies where the certificate has been cancelled. During suspension, suspension remark shall be placed in the registered of approved firms.
- The client files for all cancelled cases shall be archived for a period of 3 months and then destroyed.
- Expanding / Reduction in scope of Certificates issued
ISOQAR India shall wherever applicable and as requested by the certified organization expand the scope of certification if during the time of routine surveillance audits / Re approval or Renewal audits it finds that the certified client has added more parts to the existing scope of certification. This will be done after the successful completion onsite audit at time of routine surveillance audits / Re approval or Renewal or as a special scope extension audit if required by the client. The expansion in scope will be approved by the Director Ops.
ISOQAR India shall wherever applicable reduce the scope of certification if during the time of routine surveillance audits / Re approval or Renewal audits it finds that the certified client has continually / seriously failed to meet the certification requirements for those parts of the scope of certification. The reduction in scope will be approved by the Director Ops.
List of Registered Firms / Suspended Firms / De Registered Firms is updated as and when any new certificate or revised certificate is issued, revoking of suspension, any certificate is suspended or de registered and these are available upon request to ISOQAR Office by any party .