The ISO 9000 family of quality management systems standards is designed to help organizations ensure that they meet the needs of customers and other stakeholders while meeting statutory and regulatory requirements related to a product.
|ISO Application Process|
ISO Certification Procedure of TNV:
2.1 The Certification process shall consist of the following key stages,
2.1 Application Review & Contract Review
2.2 Initial Certification Audit: Stage-1 & Stage 2 Audit),
2.3 Certification Decision
2.4 Continual assessment (surveillance audit),
2.5 Renewal Audit
2.5 Suspending, Withdrawing, Extending or reducing scope of certification
3.0 Application Review & Contract Review (Refer Procedure P05 for detailed information):
3.1 Application Receipt:
ISO Certifiction Enquiry may be received in several forms, by telephone, letter, e-mail or facsimile. Sometimes, TNV, on its own may also approach prospective clients.
3.2 Applicant Information:
AM shall request the application organization to provide the following information in questionnaire TNV-F-001 to enable TNV to establish the following:
- a) The desired scope of the certification;
- b) The general features of the applicant organization, including its name and the address (es) of its physical location(s), significant aspects of its process and operations, and any relevant legal obligations;
- c) general information, relevant for the field of certification applied for, concerning the applicant organization, such as its activities, human and technical resources, functions and relationship in a larger corporation, if any;
- d) Information concerning all outsourced processes used by the organization that will affect conformity to requirements;
- e) The standards or other requirements for which the applicant organization is seeking certification;
- f) Information concerning the use of consultancy relating to the management system
3.3 Application Review:
3.3.1 On the receipt of application questionnaire the details received shall be reviewed by AM against NACE / ANZSIC Codes and the accredited codes of IAF check TNV’s capability for processing the certification. The review shall be conducted in accordance with procedure no P 06. “Procedure for Review of Application and contract review”, if the same is found to be within TNV’s scope of accreditation, AM forwards the application to QM for Contract Review and Quotation issuance process.
3.4 Contract Review:
3.4.1 QM shall prepare a quotation after the contract review based on requirements of Mandays, multi site activities and other considerations. Estimation of man days shall be as per TNV’S procedure “Contract Review”. And after obtaining approval from CEO, shall submit the same to the client. The matter shall be followed with the client for securing business.
3.4.2 If the client accepts the quotation of TNV, he will forward the registration fee and On receipt of all these AM shall be required to verify the relevant details of the client’s application, fee quotation reconfirm Contract. He may consult CEO or any other officer of TNV to carry out an accurate review. Including allocation of the scope sector of the client’s activities coming under the applied scope of registration with the original Questionnaire to check that there is no discrepancy. Any discrepancy shall be taken up with the client and differences resolved prior to acceptance of work.
3.4.3 Based on the contract review for the Standards of ISO Certification Services is Applied for, TNV shall determine the competences needed to be included in its audit team and for the certification decision
3.4.4 QM /AM in consultation with CEO shall proceed for finalizing the audit team. The audit team shall be appointed and composed of auditors (and technical experts, as necessary) who, between them, have the totality of the competences identified by TNV in application review for the certification of the applicant organization. The selection of the team shall be performed with reference to the designations of competence of auditors and technical experts and may include the use of both internal and external human resources. The selection of the team comprising of Auditors/ Auditor Team including Technical Expert are selected as per TNV Procedure.
3.4.5 The individual(s) who will be conducting the certification decision shall be appointed ensuring appropriate competence.
4.0 Initial Certification Audit ( Stage 1 Audit):
4.1 Stage 1 Audit:
TNV proceeds with Initial Certification Audit (Stage-1) audit activity on completion of contract review and acceptance for TNV certification agreements. Stage 1 audit which is conducted before the Certification audit at client’s option to provide a macro level assessment of the status of implementation and identification of any major deficiencies in the compliance of the documented quality system with the requirements of the certification standards, for corrective actions to be taken in advance of the certification audit. It provides valuable inputs to give confidence to the clients and saves time for taking necessary corrective action, later. Stage 1 audit is done in all cases and it is also ensured that the auditor signs the conflict of interest before every visit.
Stage I audit is intended to:
- a) Ensure that the clients management system documentation meets the requirements of the applicable standard/specification.
- b) To collect information foe planning of stage II audit and determine the client’s readiness for stage II audit including interval between stage I and Stage II audits.
Stage I audit shall have an audit plan as per format TNV-F-005. Normally the Stage I audit shall be performed at client’s site. In exceptional cases stage I could be carried out without a visit (off site). Such decision shall be justified in audit report, which may be based on the client’s size, location, risk consideration, previous knowledge, etc. In such situation the client’s management shall be informed that the planning of stage II audit might not be accurate.
The stage 1 audit shall be conducted on site as per the man-days defined in the Contract Review. Audit shall start with opening meeting and shall be concluded with closing meeting in which client shall be informed about the readiness for Stage 2 audit.
The audit shall be performed:
- to audit the client’s management system documentation;
- to evaluate the client’s location and site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for the stage 2 audit and a) Verify Quotation Information;
- to review the client’s status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or significant aspects, processes, objectives and operation of the management system;
- to collect necessary information regarding the scope of the management system, processes and location(s) of the client, and related statutory and regulatory aspects and compliance (e.g. quality, environmental, legal aspects of the client’s operation, associated risks, etc.);
- to review the allocation of resources for stage 2 audit and agree with the client on the details of the stage 2 audit;
- to provide a focus for planning the stage 2 audit by gaining a sufficient understanding of the client’s management system and site operations in the context of possible significant aspects;
- to evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage 2 audit.
- The OHSAS management system includes adequate processes to identify the organizations OHS hazards and determine their significances as well.
- The OHS management system provides an adequate description of the organization and its on-site processes.
- An overview of the applicable regulations, agreement with approving authorities has been included in the OHSAS management system, also if there is any OHS license requirement in application the relevant activities of the organization are in place.
- The OHSAS management system is designed to achieve the organization’s OHS policy.
- To verify that at least one cycle of Internal Audit & Management Review has been conducted and the OHSAS management system programme is implemented properly and the preparedness for the conduction of Stage 2 audit. To collect necessary information for on-site audit of temporary sites considering the sites as per the complexity category.
- To verify that the information derived from the Contract Review is complete and appropriate in all the terms for the OHS management system and verify the multisite sampling plan if applicable.
- To collect necessary information and identify the issues which will need special attention during the stage 2 audit.
- The organization has identified PRPs appropriate to the business (e.g. regulatory and statutory requirements)
- The FSMS includes adequate processes and methods for the identification and assessment of the organization’s food safety hazards, and subsequent selection and categorization of control measures (combinations)
- Food safety legislation is in place for the relevant sector(s) of the organization
- Food safety legislation is in place for the relevant sector(s) of the organization
- FSMS implementation programme justifies proceeding to the Stage 2 audit
- The validation, verification and improvement programmes conform to the requirements of the FSMS standard
- The FSMS documents and arrangements are in place to communicate internally and with relevant suppliers, customers and interested parties
- Additional documentation needs to be reviewed and/or what knowledge needs to be obtained in advance.
- Where an organization has implemented an externally developed combination of control measures, the stage 1 audit shall review the documentation included in the FSMS to determine if the combination of control measures is suitable for the organization, was developed in compliance with the requirements of ISO 22000, and is kept up to date. The availability of relevant authorizations should be checked when collecting the information regarding the compliance to regulatory aspects.
- For combined audits the information gathered during Stage 1 must include the following points (in addition to the above objectives)
- i) The level of integration of the organization’s management system (s)
- ii) The ability of the organizations personnel (at the time of the audit) to respond to questions relating to each management system standard covered by the combined audit
4.3 At the end of audit the team leader shall prepare an audit report declaring:
- a) Client’s status regarding readiness for stage 2 audit.
- b) Identified areas preventing the client being deemed ready.
- c) Areas of concern, which could be classified as non-conformity during stage II audit.
- d) During stage I audit no non-conformities shall be identified.
- e) In case it is concluded that the client is not ready for stage II audit then stage I audit shall be performed again.
- f) Team leader then shall prepare an audit plan for stage II audit based on defined processes of the client.
- g) Stage 1 audit findings documented and communicated to the client by the Team Leader
4.4 For most management systems, it is recommended that most part of the stage 1 audit be carried out at the client’s premises in order to achieve the objectives stated above.
4.5 Stage 1 audit findings shall be documented and communicated to the client, including identification of any areas of concern that could be classified as nonconformity during the stage 2 audit.
4.6 In determining the interval between stage 1 and stage 2 audits, consideration shall be given to the needs of the client to resolve areas of concern identified during the stage 1 audit. TNV may also need to revise its arrangements for stage 2.
4.7 A detailed report shall be prepared by the Team Leader and a copy shall be given to the client. The report shall be evaluated by AM and plan for the subsequent audits of the organization is discussed with the client.
4.8 It is expected that the generally the management system has been in place for at least about three months before the Pre-Audit is considered. However, the time can be decided by CEO.
4.9 Any part of management system audited at stage I audit and determined to be fully implemented, effective, and in conformity with requirements of FSMS can be left during the Stage 2 audit.
4.10 In case OHS Stage 1 & Stage 2 audit is carried out by different auditor, the auditor need to take a copy of the report from TNV, QM is responsible for confirming from the auditor.
5.0 Stage 2 Audit
Stage II audit is intended to:
- a) Ensure that the clients management system conforms to the requirements of the applicable standard/specification including its effectiveness.
- b) To provide guidelines for associated follow up audits/ surveillance audit and recertification audit.
The purpose of the stage 2 audit is to evaluate the implementation, including effectiveness, of the client’s management system. The stage 2 audit plan is verified to ensure that the majority of the audit time is given to verify the effective implementation of the management system in the locations where the organization’s activities takes place including on-site audits of temporary sites for OHSAS (In Management System Audit 80% of the audit time shall be given onsite).
TNV ensures Stage 2 audit meets the following requirement
5.1 Stage 2 Audit shall take place at the site (s) of client
5.2 Stage 2 audit shall be conducted within maximum 90 days of completion of stage 1 audit
5.3 Team leader shall prepare an audit plan communicate to the client after completion of stage 1 audit
5.4 Stage 2 audit shall include at least the following:
- Information and evidence about conformity to all requirements of the applicable management system standard or other normative document
- Performance monitoring, measuring, reporting and reviewing against key, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document).
- The client’s management system and performance as regards to legal and other requirements
- Operational control procedures of the client’s processes.
- Internal auditing and management review
- Management commitment and responsibility for the client’s policies
- Links between the normative requirements, policy, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document), any applicable legal and other requirements, responsibilities, competence of personnel, operations procedures, performance data and internal audit findings and conclusions.
- Various mandatory records to ensure that the management system is operational
- Evidence of the monitoring of customer satisfaction
- The organisation adheres to its own OHSAS policies, objectives and procedures.
- The OHS management system conforms to all the requirements of the OHS standard and is achieving the organization’s policy objectives for providing a safe and healthy working environment.
- Verify effective implementation of OHS including temporary sites.
5.5 Audit shall begin with an opening meeting followed by a site visit. If the audit is for more than one calendar day duration, a meeting shall be conducted to apprise the client on findings of the day including any non- conformities, progress of audit, any problem faced and modification to the audit plan, if required
5.6 Before meeting the client/ closing meeting, the team leader shall have a meeting with the team members who will exchange findings and review the audit progress and system implementation status till that time.
5.7 Each team member shall ensure that the Auditor’s notes are legible, containing name of main auditee, date and area/ process audited, what and where was seen, reference of documents/ records reviewed, any nonconformity identified with objective evidence, category of non- conformity, observations etc.
5.8 As far as possible at least one member in the team shall possess the relevant code, who shall be assigned to audit core processes of the management system. In case team members doesn’t have competency, in such case a specialist with appropriate code shall be arranged.
5.9 It is the responsibility of the team leader to ensure that the audit is completed for areas/ processes by the team and all requirements are covered and that the team members have provided necessary inputs to him for completing the report.
5.10 If audit is to be conducted in a language not known by any team member including team leader, a suitable interpreter should be arranged, ensuring impartiality.
5.11 If any non- conformity is identified, the auditor shall explain the same to auditee to his satisfaction. In case of a Major non- conformity, the team leader shall be informed who will inform the management about the same and give them option either to terminate further audit or to continue.
5.12 While recording nonconformity, sufficient objective evidence, standard/ specification clause number, client documents. Reference number (if any) in addition to area where it was found shall be recorded in clear terms so that the auditee or any other person reading it can easily understand
5.13 In addition to non- conformity, any observation for improvement, positive issues should also be recorded, in the report.
5.14 While deciding on recommendation, the issues like number and category of non- conformities, any concentration of non- conformities against any clause (s), view of team members shall be considered.
5.15 At the end of the assessment, a written report, duly signed by the team leader and client representative shall be prepared and handed over to the client which shall include non conformities identified if any, recommendation for certification or otherwise.
5.16 It is advisable to request client to have a close look at the “Certification detail” in the report for any possible error in name, address, scope, spelling mistake etc.
5.17 When recommendation is made for certification the audit reports, confirmation of the information provided to the TNV used in the application review, a recommendation whether or not to grant certification, together with any conditions or observations, the need for taking corrective action and need of verification of the corrective action taken (i.e. when there is nil or few minor non- conformities), by site visit or otherwise must be take into account & explained. The client should complete the corrective action within maximum 90 days from the date closing meeting.
5.18 A copy of the report should be given to the client and one copy with attendance record and auditors notes to be sent to Head office of TNV.
5.19 For multi- site certification “Procedure for selection site P06 shall be followed.
5.20 Lead Auditor need to submit a copy of report to the client and accepted report to TNV Head Office Lucknow, Uttar Pradesh.
5.21 Lead Auditor shall clearly identify the recommendations conditions with Non Conformity or without Non Conformity, the observations shall be well communicated in the report.
5.22 Non conformities shall be classified as. Major or Minor according to their potential effects on the management system. The consequences of these shall be termed as follows:
|Type of NC||Pre- Audit||Certification Audit||Surveillance or recertification audit|
|Major||- No certification- Completion- time scale open
– Full certification audit
|-No certification until completion within 60 days or new full audit verification based on objective evidence (on documents or on site)- Next surveillance audit within 6/9 months||- Completion within 15 days- Verification based on objective evidence (on documents or on site)- Certification suspended: Information to the customers.
– New verification based on objective evidence
– Next surveillance audit within 6/9 months
|Minor||No certification||- Certification completion effective or effectively planned within 30 days- Verification based on objective evidence (on documents or on site)||Completion effective or effectively planned within 30 days- Verification based on objective evidence (on documents or in site)- Certification suspended: information to customers|
- ISO 9001:2008
- ISO 14001:2004
- OHSAS 18001
- ISO 22000:2005
- ISO 27001:2005
- ISO 13485:2003
- CE Marking
- IS 15000 HACCP
- ISO 50001