Procedure for Initial Certification audit, Surveillance activities, Recertification audit & Maintaining Certification

4.1     Execution of Initial audit

The audit plan are communicated and the dates of the audits is   upon, in advance, with the client organization. 

The three-year certification cycle begins with the initial assessment programme executed in two stages Stage-I & stage-II. With the subsequent surveillance audit on annual basis in the first and second year of the registration of the client. Before expiry of the registration period 2 months prior the operations manager issues a notification for recertification. 

 The determination of the audit programme and any subsequent adjustments considers the size of the client organization decide the audit programmes. and the scope and complexity of its management system, products and processes as well as demonstrated level of management system effectiveness and the result of any previous audit. Where the AMERICO is taking account of certification or other audits already granted to the client, it collects sufficient, verifiable information to justify and record any adjustments to the audit programme. 

• The AMERICO provides a written report for each audit. The report is based on relevant guidance provided in ISO/IEC 17021-1:2015. The audit team may identify opportunities   for improvements but does not recommend specific solution. Ownership of the audit report is maintained by the AMERICO.
• The AMERICO requires the client to analyse the cause and describe the specific correction and corrective action taken, or planned to be taken, to eliminate detected nonconformities, within a 10 working days of audit.
• The AMERICO reviews the correction and corrective action submitted by the client to determine if these are acceptable.

• The audited organization is informed if any addition full audit, an additional limited audit, or documented evidence ( to be confirmed during future surveillance audits) is needed to verify effective correction and corrective action.

• The AMERICO ensures that the persons or committee that make the certification or recertification decision are deferent from those who carried out the audits.

• The AMERICO confirms, prior to making a decision that,

• The information provided by the audit team is sufficient with respect to the certification requirements and the scope of certification.
• It has reviewed, accepted and verified the effectiveness of correction and corrective action, for all nonconformities that represent

•      failure to fulfil  one or more requirements of the management system        

           Standards, or

•      a situation that raises significant doubt ability of the clients management    

       System to achieve its intended outputs.  it has reviewed and accepted the   

       Clients planned correction and corrective action for any other   

       Nonconformities.

            The AMERICO provides the name of and, when requested, make available background information on each member of the audit team, with sufficient time for the client organization to object to the appointment of any particular auditor or technical expert and for the certification body to reconstitute the team in response to any valid objection.

4.2 Initial Audit and certification

4.2.1 Application

The AMERICO requires an authorized representative of the applicant organization to provide the necessary information; The Marketing manager of AMERICO sends the application form to the applicant client organization or if possible personal visits and gather the following information:

to enable it to established the following:

1. the desired of the certification
2. the general feature of the applicant organization, including its name and any relevant legal obligation;
3. general information, relevant to the field of certification applied for, concerning the applicant organization such as its activity, human and technical resources, functions and relationship in a larger corporation, if any;
4. Manpower in the organization and repetitive task
5. Information concerning about all outsourced processes used by the organization that affects conformity to requirements.
6. The standard or other requirements for which the applicant organization is seeking certification;
7. Information concerning the use of consultancy relating to the management system.
8. Scope of application for which a certification is sought.
9. Expected date of audits or readiness of organization to plan the activity as per auditors and client’s conveyance.
10. Sites or multisite covered by the scope.
11. Specific requirements of ISO  9001, 14001, 45001, 22000, 27001 required in order to understand client domain .
12. Integration level of client documentation.

4.2.2 Application review

  On receipt of the application form before proceeding with the audit, the operations manager of AMERICO reviews the application( Application review form ) and supplementary information for certification to  ensure that,

1. The information about the applicant organization and its management system is sufficient for the conduct of the audit.
2. The requirement for the certification is clearly defined and documented, and has been provided to the applicant organization.
3. Any known difference in understanding between the AMERICO and the applicant organization is resolved.
4.  Has the competence and ability to perform the certification activity,.
5. The scope of certification sought, the location (s) of the applicant organization’s operation, time required to complete audits and any other points inflecting the certification activity are taken into account (language, safety condition, threats to impartiality etc)
6. Record of the justification for the decision to undertake the audits are maintained.

• AMERICO reviews the applications for suitability and based on review either accepts or decline an application for certification once reviewed, and if declined the applicants notified of the reason for decline.

1.     

·         Based on the review, the AMERICO determines the competence it needs to include in it team   

  and for the certification decision. ( Certification registration status sheet)

1.     

·           The audit team is appointed and composed of auditors (and technical experts, as necessary) who, between them, have the totality of competence identified by the AMERICO  for the certification of the applicant organization. The selection of the team has been performed with reference to the designation of competence of auditors and technical experts made and may include the use of both internal and external human resources.

• The individual(s) who is conducting the certification decision has been appointed to ensure appropriate competence is available.

4.2.3 Initial certification audit

 The initial certification audit of a management system is conducted in two stages stage-1   and stage-2

4.2.3.1 Stage-1 audit

• The stage –1 audit are performed at the clients premises only :

• To audit the clients management systems documentation.
• To evaluate the client location and site specific conditions and to undertake the discussion with the client’s personnel to determine the preparedness for the stage-2 audit.
• To review the client’s status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or 
• Significant aspect, processes, objectives and operation of the management system.

•   To collect the necessary information regarding the scope of the management system,  

      Processes and location(s) of the client, and the related statutory and regulatory aspects and

• compliance (e.g. quality, legal aspects of the client’s operation, associated risk etc)
• To review the allocation of resources for stage-2 audit and agree with the client on the details of the stage-2 audit;

• To provide a focus for planning the stage-2 audit by gaining a sufficient understanding of the client’s management system and site operations 
• To evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiate that the client is ready for stage-2 audit.
• Stage 1 plan will be sent to client by email or hardcopy by courier or by hand delivery by marketing person (if required)

• Stage-1 audit findings are documented as Area of concern and communicated to the client, including identification of any area of concern that could be classified as nonconformity during the stage-2 audit.

• In determining the interval between the stage-1 and stage-2 audits, consideration is given to the needs of the client to resolve areas of concern identified during the stage-1 audit. The certification body may also need to revise its arrangements for stage-2.

•  There will be minimum 3 days gap between stage 1 and stage 2 audit. 

  Stage 1 Audit Report – AMERICO/CERT/F09

The Stage 1 audit report will be submitted by auditor/ team leader within 2 days of conducting the audit. Once report is received by operations manager , it is sent to qualified technical reviewer of the EA code for review . Once report is successfully reviewed by technical reviewer, stage 2 audit is planned in confirmation with client.

4.2.3.2 stage-2 audit

The purpose of the stage-2 audit is to evaluate the implementation, including effectiveness, of the client’s management system. The stage-2 audit takes place at the site(s) of the client. It includes at least the following:

• Information and evidence about the conformity to all requirements of the applicable management system standard or other normative document.
• Performance monitoring, measuring, reporting and reviving against key performance objectives and targets(consistent with the expectations in the  applicable management system standard or other normative document)
• The client management system and performance as regards legal compliance.
• Operational control of the client’s process.
• Internal auditing and management review.
• Management responsibility for the client’s policies;
• Links between the normative requirements policy, performance objectives and targets   (consistent with the expectations in the applicable management system standard or other normative document) any applicable legal requirements, responsibilities, competence of personnel, operations, procedures, performance data and internal audit finding and conclusions.
• The stage-II audit is performed at client premises and not more than 60 days from the date of stage-I audit.

The information can be gathered by interviewing peoples at relevant section, by monitoring the processes, by reviewing the documentary evidences.

Conduct the formal opening meeting which should include the following:

The meeting should be chaired by Team Leader of the audit.

• Introduce the audit team.
• Confirm the audit plan.
• Confirm the channel of communication between the audit team and Auditee.
• Confirm the language to be used during the audit.
• Take the attendance record for all present evidence.
• Explain Assessment criterion.
• Explain Assessment Schedule. 
• Explain the Confidentiality Requirements.

• Explain the Audit Methodology i.e. how the audit activities are undertaken.
• Explain the Audit Reporting Method. That is Nonconformity like – Minor, Major & Area for Improvement, Positive Observations (positive and negative ) 

Major Non conformity – Total lapse of an activity (Complete failure in fulfilment of the requirements i.e. no addressal of requirements of standards, series of minor non-conformities in the same area, or where the impact of non-conformity turns in complete failure of Management System in particular standard)

Minor Non conformity – Failures in isolation (Where the impact may not be immediate in complete failure of Management System in applicable standard)

Observations – Potential non-conformity which cannot be classified into non-conformity.

• Explain Audit plan and approach.

Outcome of the audit:

1. If the quality management system of the organisation meets all the requirements as per the standard for which the assessment is carried out i.e. ISO 9001:2015 without any non-conformity y(s) in this case the auditor/audit team recommends the organisation for certification to applicable standards.

1. If any minor non conformity(s) observed and concern organisation has submitted the corrective action plan. The Corrective plan submitted by organization is acceptable to the audit team in such instance the team leader can announce the conditional recommendation for ISO certification subject to submission of evidences of closure of non conformity to AMERICO office within four week of time frame. Corrective action and effectiveness of corrective action will be verified in next audit.

1. In case of major non conformity(s) observed in the assessment. In this case the team leader cannot recommend the organisation for ISO certification. The non conformity(s) observed are rectified by the organisation and would be verified by the auditor in subsequent follow up audit. Upon satisfaction of auditor he can recommend to organisation for ISO certification.

Only the area from where major nonconformity identified is audited in follow up audit.

·          

·         Confirm Safety/Emergency/Security related matters.

• Confirm the facilities available/ request.

In closing meeting cover the following points:

• Restate Confidentiality requirements.
• Make the verbal; comments and audit conclusions and findings.
• Discuss recommendation for certification.
• Discuss AMERICO policy on clearance of non-compliance.
• Discuss AMERICO policy on surveillance assessments.
• Discuss AMERICO process for certification decision, issuing certificate of registration and registered symbol.
• Discuss AMERICO policy on Certificate of Registration and use of registered symbol.
• Confirm that the audit plan is fully covered

Stage 2 Audit Report – AMERICO/CERT/F13

4.2.4 Initial certification audit conclusions

The audit team analyzes all information and audit evidence gathered during the stage 1 and stage 2 audits to review the audit findings and agree on the audit conclusions. The team leader announces the necessary recommendation of the audit conclusion at the time of closing meeting before the organization representative before exit.

 4.2.5 Information for granting initial certification

The information provided by the audit team to the certification body for the certification decision include as a minimum

• The audit report
• Comments on the nonconformities and where applicable, the correction and corrective actions taken by the client.

• Confirmation of the information provided to the AMERICO used in the applicable  review and
• A recommendation whether or not to grant certification, together with any conditions or observations.

•    The AMERICO makes  the certification decision on the basis of an evaluation of the audit       

   findings and conclusions and any other relevant information (public information, comments on  

   the audit report from the client)

The Stage 2 audit report will be submitted by auditor/ team leader within 2 days of conducting the audit. Once report is received by operations manager , it is sent to qualified technical reviewer of the EA code for review . Once report is successfully reviewed by technical reviewer, it is sent to certification committee. Certification committee reviews the certification records as per Certification decision committee report AMERICO/CERT/F17. Certification decision committee meets every saturday to review decisions.

Certificate is issued to client with re-certification date of 3 years and expiry date of 1 year . New certificate is isssed after successful surveillance is conducted.

 After the decision is made for the issue of Certificates to the audited organization, certification executive prepares the Certificate with all necessary relevant data and get it approved by the   

 Director Certification. Certificate Template AMERICO/CERT/F18

After the signature of Director certifications , the certificate is forwarded to the dispatch department for dispatch with relevant documents like Use of trademark/Logo, art work CD; and covering letter 

4.3        Surveillance activities

4.3.1       General 

• The AMERICO develops its surveillance activities so that representative areas and functions covered by the scope of the management system are monitors on a regular basis, and into account changes to its certified client and its management system.
• The surveillance activities includes on-site audits assessing the certified client’s management system’s fulfilment of specific requirements with respect to the standard to which the certification is granted. Other surveillance activities may include
• Enquiries from the certification body to the certified client on aspects of certification.
• Reviewing any clients statements with respect to its operations (e.g. promotional material, website)
• Request to the client to provide documents and records (on paper or electronic media) and
• Other means of monitoring the certified client’s performance.

4.3.2      Surveillance Audit 

Surveillance audits are on-site audits, but are not necessarily full system audits, and are planned together with the other surveillance activities so that the certification body can maintain confidence that the certified management system continues to fulfill requirements between recertification audits. The surveillance audit programme includes, at least

1.   Internal audit and management review
2.   A review of actions taken on non conformities identified during the previous audits,

1. c)   treatment of complaints,
2. d)  Effectiveness of the management system with regard to achieving the certified  

      objectives.

1. e)  Progress of planned activities aimed at continual improvement,
2. f)  Continuing operational control,
3. g)  Review of any changes, and
4. h)   Use of marks and/or any other reference to certification.

AMERICO has decided to conduct the surveillance audits once a year, the date of first surveillance audit following initial certification are not more than 12 months from the date of issue of registration certificate. 

   Key responsibility lies with Client Relations Manager. He/ She is responsible for Surveillance audit planning till execution.

Surveillance audit plan AMERICO/CERT/F19

Surveillance audit report AMERICO/CERT/F20

4.3.3 Maintaining Certification

The AMERICO maintains certification based on demonstration that the client continues to satisfy the requirements of the management system standard. It may contain a client’s certification based on a positive conclusion by the audit team leader without further independent review, provided that

1. For any nonconformity or other situation that may lead to suspension or withdrawal of certification, the AMERICO has a system that requires the audit team leader to report to the certification body the need to initiate a review by appropriately competent personnel different from those who carried out audit, to determine whether certification can be maintained.

1. Operation Manager/Director Certifications of the AMERICO monitor its surveillance activities, including monitoring the reporting by its auditors, to confirm that the certification activity is operating effectively.

4.3.4     Transfer Audit

The AMERICO takes cases of Transfer of Certification from other certification bodies to AMERICO as a fresh client and follow the same procedure mentioned in 03 for initial certification.

4.4       Re-Certification 

4.4.1 Recertification audit planning

Operational manager is responsible for planning and intimating or interacting with certified client for the recertification activity. A recertification audit is planned and conducted to evaluate the continued fulfilment all of the requirements of the relevant management system standard or other normative document. The purpose of the recertification audit is to confirm the continued conformity and effectiveness of the management system as a whole and its continued relevance and applicability for the scope of certification.

The recertification audit considers the performance of the management system over the period of certification, and include the previous surveillance audit reports.

Recertification audit activities may need to have a stage 1 audit in situations where there have been significant changes to the management system, the client, or the context in which the management system is operating. (e.g. change in legislation) in the case of multiple sites or certification to multiple management system standards being provided by the confidence in the certification.

Re – Certification audit has to be planned from 10 months of the date of surveillance 2 due audit. The re-certification audit is conducted in such a manner that any non – compliance reported during the re – Certification audit of the applicant organisation must be resolved before the expiry of the certificate or from 4 weeks from the date re-certification audit.

Re – certification audit is executed in such a manner to ensure the continuity of the certificate of registration issued to the applicant organisation 

In case , re-certification audit is not conducted before expiry date of certificate, stage 1 has to be conducted again with stage 2.

4.4.2    Recertification audit

The recertification audit includes an on-site audit that addresses the following:

1.    The effectiveness of the management system in its entirely in the light of internal and external changes and its continued relevance and applicability to the scope of certification;

2.    Demonstrated commitment to maintain the effectiveness and improvement of the management system in order to enhance overall performance.

• Whether the operation of the certified management system contributes to the achievement of the organizations policy and objectives.

When during a recertification audit, instances of nonconformity or lack of evidence of conformity are identified; the certification body has defined time limits of two weeks after the assessment audit, for correction and corrective actions to be implemented. The client has to submit the evidence of corrective actions to the AMERICO head office for closure of the NCR.

Information for granting recertification

          The AMERICO makes decision on renewing certification based on the result of the recertification audit, as well as the result of the review of the system over the period of certification and complaints received from users of certification. New certificate is issued with the re-certification date of three years from the date of decision of recertification and expiry date of 1 year.

Recertification audit plan AMERICO/CERT/F21

Recertification audit report AMERICO/CERT/F22

4.5 Special Audits

4.5.1 Extension of scope

The AMERICO , in response to an application for extension to the scope of a certification already granted, undertake a review of the application and determine any audit activities necessary to decide whether or not the extension may be granted. This may be conducted in conjunction with a surveillance audit. 

4.5.2    Short-notice audits

It may be necessary for the AMERICO to conduct audits of certified clients at short notice to investigate complaints, or in response to changes, or as follow up on suspended clients. In such cases;

1. The AMERICO describes and informs in advance to the certified clients  the conditions under which these short notice visits are to be conducted, and

1. The AMERICO exercises additional care in the assignment of the audit team because of the lack of opportunity for the client to object to audit team member