australia&n zeland iso17025 x iso guide 65

7/27/2019 Australia&N Zeland ISO17025 X ISO Guide 65

http://slidepdf.com/reader/full/australian-zeland-iso17025-x-iso-guide-65 1/33

ISO/IEC 17065 Checklist 15 September 2012

Conformity assessment – Requirements for bodiescertifying products, processes and services

Form AUD 49

Issue 2, 15 September 2012 Page No. 1 of 33

Legend: CB– Certification Body; C – Complies; O – Observation; N – Nonconformity; A – Assess at audit;F – Further information required; N/A – Not applicable.

Clause Requirement Comments

Manual and/or Proceduresreference

Finding

2 Normative References

2 Where does the CB establish the

following normative references:ISO/IEC 17000: Conformity assessment — Vocabulary and general principles.

ISO/IEC 17020: Conformity assessment — General criteria for the operation of various types of bodies performing inspection.

ISO/IEC 17021: Conformity assessment — Requirements for bodies providing audit and certification of management systems.

ISO/IEC 17025: Conformity assessment — General requirements for thecompetence of testing and calibrationlaboratories.

4 General requirements

4.1.1 Legal responsibility

4.1.1 How does the certification bodydemonstrate that it is a legal entity, or adefined part of a legal entity?

4.1.2 Certification agreement

4.1.2.1 How does the certification body establisha legally enforceable agreement for theprovision of its certification activitiesdetails the responsibilities of thecertification body and its clients?

4.1.2.2 Does the certification agreement requirethat the client at least, comply with thefollowing:

a) always fulfils the certificationrequirements (3.7) includingimplementing appropriate changes when

they are communicated by thecertification body;



ISO/IEC 17065:2012Conformity assessment – Requirements for bodies certifying products, processes and services

Form AUD 49




Finding

m) keeps a record of all complaints madeknown to the client relating to thecompliance with certification requirementsand to make these records available tothe certification body when requested;and

1) takes appropriate action withrespect to such complaints andany deficiencies found inproducts that affect compliancewith the requirements for certification;

2) documents the actions taken;

n) informs the certification body, withoutdelay, of changes that may affect itsability to conform with the certificationrequirements?

4.1.3 Use of license, certificates and marksof conformity

4.1.3.1 How does the certification body exercisecontrol as specified by the certificationscheme over ownership, use and display

of licenses, certificates, marks of conformity, and any other mechanisms for indicating a product is certified?

4.1.3.2 How are incorrect references to thecertification scheme or misleading use of licenses, certificates, marks, or any other mechanism for indicating a product iscertified, found in documentation or other publicity dealt with by suitable action?

4.2 Management of impartiality

4.2.1 How does the certification body declarethat its activities shall be undertakenimpartially?

4.2.2 How does the certification body ensurethat commercial, financial or other pressures do not compromiseimpartiality?




Form AUD 49




Finding

4.2.3 How does the certification body identifyrisks to its impartiality on an ongoingbasis?Does this include those risks that arisefrom its activities, from its relationships, or from the relationships of its personnel(see 4.2.12)? However, such relationshipsmay not necessarily present a certificationbody with a risk to impartiality.

4.2.4 If a risk to impartiality is identified, howdoes the certification body demonstrate

how it eliminates or minimizes such risk?Is information made available to themechanism specified in 5.2?

4.2.5 Does the certification body have topmanagement commitment to impartiality?

4.2.6How does the certification body and anypart of the same legal entity and entitiesunder its organizational control (7.6.4)ensure that it is not

a) the designer, manufacturer, installer,distributer or maintainer of thecertified product;

b) the designer, implementer, operator or maintainer of the certified process ;

c) the designer, implementer, provider or maintainer of the certified service ;

d) offer or provide consultancy (3.2) toits clients

e) offer or provide management systemconsultancy (3.3 of ISO/IEC17021:2011) or internal auditing to itsclients where the certification schemerequires the evaluation of the client’smanagement system?

4.2.7 How does the certification body ensurethat activities of separate legal entitieswith which the certification body or thelegal entity of which it forms a part hasrelationships do not compromise theimpartiality of its certification activities?




Form AUD 49




Finding

4.2.8 When the separate legal entity in 4.2.7offers or produces the certified product(including products to be certified) or offers or provides consultancy (3.2), howdo the certification body´s managementpersonnel and personnel in the reviewand certification decision making processensure that they are not involved in theactivities of the separate legal entity?

Are the personnel of the separate legalentity involved in the management of the

certification body, the review, or certification decision?

4.2.9 Are the certification body's activitiesmarketed or offered as linked with theactivities of an organization that providesconsultancy (3.2)?

How does the certification body state or imply that certification would be simpler,easier, faster or less expensive if aspecified consultancy organization wereused?

4.2.10 Does the certification body specify aperiod within which personnel shall not beused to review or make a certificationdecision for a product for which they haveprovided consultancy (3.2)?

4.2.11 How does the certification body takeaction to respond to any risks to itsimpartiality arising from the actions of other persons, bodies or organizations of which it becomes aware?

4.2.12 Do all certification body personnel, either internal or external, or committees, whocould influence the certification activities,act impartially?

4.3 Liability and financing

4.3.1 How does the certification body haveadequate arrangements (e.g. insurance or reserves) to cover liabilities arising fromits operations?

4.3.2 How does the certification body have thefinancial stability and resources requiredfor its operations?




Form AUD 49




Finding

4.4 Non-discriminatory conditions

4.4.1 Are the policies and procedures under which the certification body operates andtheir administration non-discriminatory?How does the CB ensure that proceduresare not used to impede or inhibit accessby applicants, other than as provided for in this International Standard?

4.4.2 How does the certification body make itsservices accessible to all applicantswhose activities fall within the scope of itsoperations?

4.4.3 How does the CB ensure that access tothe certification process is conditionalupon the size of the client or membershipof any association or group, or certification conditional upon the number of certifications already issued?

Are there any undue financial or other conditions?

4.4.4 How does the certification body confine itsrequirements, evaluation, review,

decision, and surveillance (if any) to thosematters specifically related to the scope of the certification?

4.5 Confidentiality

4.5.1 How is the certification body responsible,through legally enforceable commitments,for the management of all informationobtained or created during theperformance of certification activities?Except for information that the clientmakes publicly available, or when agreedbetween the certification body and theclient (e.g. for the purpose of respondingto complaints), is all other informationconsidered proprietary information andregarded as confidential?How does the certification body inform theclient, in advance, of the information itintends to place in the public domain?

4.5.2 When the certification body is required bylaw or authorized by contractualarrangements to release confidentialinformation, how is the client or personconcerned, unless prohibited by law,

notified of the information provided?




Form AUD 49




Finding

4.5.3 Is information about the client obtainedfrom sources other than the client (e.g.complainant, regulators) treated asconfidential?

4.6 Publicly available information

How does the certification body maintain(through publications, electronic media or other means) and make available onrequest, the following:

a) information about (or reference to)

the certification scheme(s), includingevaluation procedures, rules andprocedures for granting, maintaining,extending or reducing the scope of,suspending, withdrawing or refusingcertification;

b) a description of the means by whichthe certification body obtains financialsupport and general information onthe fees charged to applicants and toclients;

c) a description of the rights and dutiesof applicants and clients, includingrequirements, restrictions or limitations on the use of thecertification body's name andcertification mark and on the ways of referring to the certification granted;

d) information about procedures for handling complaints and appeals?

5 Structural requirements

5.1 Organizational structure and topmanagement

5.1.1 Are certification activities structured andmanaged so as to safeguard impartiality?




Form AUD 49




Finding

5.1.2 How does the certification body documentits organizational structure, showingduties, responsibilities and authorities of management and other certificationpersonnel and any committees?When the certification body is a definedpart of a legal entity, how does thestructure include the line of authority andthe relationship to other parts within thesame legal entity?




Form AUD 49




Finding

5.1.3 Has the management of the certificationbody identified the board, group of persons, or person having overallauthority and responsibility for each of thefollowing:

a) development of policies relating tothe operation of the certification body;

b) supervision of the implementation of the policies and procedures;

c) supervision of the finances of thecertification body;

d) development of certification activities;

e) development of certificationrequirements;

f) evaluation (7.4);

g) review (7.5);

h) decisions on certification (7.6);

i) delegation of authority to committeesor personnel, as required, toundertake defined activities on itsbehalf;

j) contractual arrangements;

k) provision of adequate resources for certification activities;

l) responsiveness to complaints andappeals;

m) personnel competence requirements;

n) management system of thecertification body (see 8)?




Form AUD 49




Finding

5.1.4 Does the certification body have formalrules for the appointment, terms of reference and operation of anycommittees that are involved in thecertification process (see 7)?

Are such committees free from anycommercial, financial and other pressuresthat might influence decisions?

How does the certification body retainauthority to appoint and withdrawmembers of such committees?

5.2 Mechanism for safeguardingimpartiality

5.2.1 Does the certification body have amechanism for safeguarding itsimpartiality?

How does the mechanism provide inputon:

a) the policies and principles relating tothe impartiality of its certification

activities;b) any tendency on the part of a

certification body to allow commercialor other considerations to prevent theconsistent impartial provision of certification activities;

c) matters affecting impartiality andconfidence in certification, includingopenness?

5.2.2 Is the mechanism formally documented to

ensure:

a) a balanced representation of significantly interested parties suchthat no single interest predominates(internal or external personnel of thecertification body are considered tobe a single interest, and shall notpredominate);

b) access to all the informationnecessary to enable it to fulfill all itsfunctions?




Form AUD 49




Finding

5.2.3 If the top management of the certificationbody does not follow the input of thismechanism, how does the mechanismhave the right to take independent action(e.g. informing authorities, accreditationbodies, stakeholders)?

In taking appropriate action, is theconfidentiality requirements of 4.5 relatingto the client and certification bodyrespected?

5.2.4 Although every interest cannot berepresented in the mechanism, how doesthe certification body identify and invitesignificantly interested parties?

6 Resource requirements

6.1 Certification body personnel

6.1.1 General

6.1.1.1 Does the certification body employ or have access to a sufficient number of personnel to cover its operations relatedto the certification schemes and to theapplicable standards and other normativedocuments?

6.1.1.2 Are the personnel competent for thefunctions they perform, including makingrequired technical judgments, definingpolicies and implementing them?

6.1.1.3 How do personnel, including anycommittee members, personnel of external bodies, or personnel acting onthe certification body's behalf, keepconfidential all information obtained or created during the performance of thecertification activities, except as requiredby law or by the certification scheme?




Form AUD 49




Finding

6.1.2 Management of competence for personnel involved in the certificationprocess

6.1.2.1 Has the certification body established,and does it implement and maintain aprocedure for management of competencies of personnel involved in thecertification process (see 7)?

Does the procedure require thecertification body to:

a) determine the criteria for thecompetence of personnel for eachfunction in the certification processtaking into account the requirementsof the schemes;

b) identify training needs and provide,as necessary, training programs oncertification processes, requirements,methodologies, activities and other relevant certification schemerequirements;

c) demonstrate that the personnel havethe required competencies for theduties and responsibilities theyundertake;

d) formally authorize personnel for functions in the certification process;

e) monitor the performance of thepersonnel?




Form AUD 49




Finding

6.1.2.2 Does the certification body maintain thefollowing records on the personnelinvolved in the certification process (see7):

a) name and address;

f) employer(s) and position held;

g) educational qualification andprofessional status;

h) experience and training;

i) the assessment of competence;

j) performance monitoring;

k) authorizations held within thecertification body;

l) date of most recent updating of eachrecord?

6.1.3 Contract with personnel




Form AUD 49




Finding

Does the certification body requirepersonnel involved in the certificationprocess to sign a contract or other document by which they committhemselves to:a) comply with the rules defined by the

certification body, including thoserelating to confidentiality (see 4.5)and independence from commercialand other interests;

b) declare any prior and/or presentassociation on their own part, or onthe part of their employer, with:1) a supplier or designer of

products, or 2) a provider or developer of

services, or 3) an operator or developer of

processesto the evaluation or certification of which they are to be assigned; and

c) reveal any situation known to them thatmay present them or the certification body

with a conflict of interest (see 4.2)?How does the certification body use thisinformation as input to identifying risks toimpartiality raised by the activities of suchpersonnel or by the organizations thatemploy them (see 4.2.3)?

6.2 Resources for evaluation

6.2.1 Internal resources

When the certification body performsevaluation activities either with its internalresources or with other resources under

its direct control, how does it ensure itmeets the applicable requirements of therelevant International Standards and, asspecified by the certification scheme, of other documents?The relevant International Standardsinclude for testing ISO/IEC 17025, for inspection ISO/IEC 17020 and for management system auditingISO/IEC 17021.

Are the impartiality requirements of theevaluation personnel stipulated in therelevant standard always applicable?




Form AUD 49




Finding

6.2.2 External resources (outsourcing)

6.2.2.1 How does the certification body onlyoutsource evaluation activities to bodiesthat meet the applicable requirements of the relevant International Standards and,as specified by the certification scheme of other documents?

The relevant International Standardsinclude for testing ISO/IEC 17025, for inspection ISO/IEC 17020 and for management system auditing ISO/IEC17021.

Are the impartiality requirements of theevaluation personnel stipulated in therelevant standard always applicable?

6.2.2.2 Where evaluation activities areoutsourced to non independent bodies(e.g. client laboratories), how does thecertification body assure that theevaluation activities are managed in amanner which provides confidence in theresults, and that records are available to

justify the confidence?

6.2.2.3 Does the certification body have a legallybinding contract with the body thatprovides the outsourced service, includingconfidentiality and conflict of interest asdescribed in 6.1.3 c)?




Form AUD 49




Finding

6.2.2.4 How does the certification body:a) take responsibility for all activities

outsourced to another body;b) ensure that the body that provides

outsourced services, and thepersonnel that it uses, are notinvolved, either directly or throughany other employer, in such a waythat the credibility of the results couldbe compromised;

c) have documented policies,procedures and records for thequalification, assessing andmonitoring of all bodies that provideoutsourced services used for certification activities;

d) maintain a list of approved providersof outsourced services;

e) implement corrective actions for anybreaches of the contract in 6.2.2.3 or other requirements in 6.2.2 of which itbecomes aware; and

f) inform the client in advance of outsourcing activities, to provide theclient an opportunity to object?

7 Process requirements

7.1 General

7.1.1 Does the certification body operate one or more certification scheme(s) covering itscertification activities?

7.1.2 Hopw are the requirements against whichthe products of a client are evaluatedcontained in specified standards andother normative documents?

7.1.3 If explanations are required as to theapplication of these documents (see7.1.2) for a specific certification scheme,how are they formulated by relevant andimpartial persons or committeespossessing the necessary technicalcompetence, and made available by thecertification body upon request?

7.2 Application




Form AUD 49




Finding

For application how does the certificationbody obtain all the necessary informationto complete the certification processaccording to the relevant certificationscheme?

7.3 Application review

7.3.1 How does the certification body conduct areview of the information obtained (7.2) toensure that:

a) the information about the client andthe product is sufficient for theconduct of the certification process;

b) any known difference inunderstanding between thecertification body and the client isresolved including agreementregarding standard or normativedocument;

c) the scope of certification sought isdefined;

d) the means to perform all evaluationactivities are available;

e) the certification body has thecompetence and capability to performthe certification activity?

7.3.2 How does the certification body identifywhen the client´s request for certificationincludes:

a type of product; or

a normative document; or

a certification scheme

where the certification body has no prior experience?

7.3.3 In these cases (7.3.2) how does thecertification body ensure it has thecompetence and capability for allcertification activities it must undertakeand maintain a record of the justification

for the decision to undertake certification?




Form AUD 49




Finding

7.3.4 How does the certification body decline toundertake a specific certification if it lacksany competence or capability for thecertification activities it must undertake?

7.3.5 If the certification body relies oncertifications it has already granted to theclient or has already granted to other clients to omit any activities, how does thecertification body then reference theexisting certification(s) in its records?

If requested by the client, how does thecertification body provide justification for omission of activities?

7.4 Evaluation

7.4.1 How does the certification body plan for the evaluation activities to allow for thenecessary arrangements to be managed?

7.4.2 How does the certification body assignpersonnel to perform each evaluation taskwhich it undertakes with its internalresources (6.2.1 )?

7.4.3 How does the certification body ensure allneeded information and/or documentationis made available for performing theevaluation tasks?

7.4.4 How does the certification body carry outthe evaluation activities which itundertakes with its internal resources(6.2.1) and manage outsourcedresources, (6.2.2) in accordance with theevaluation plan (7.4.1)?How are the products evaluated againstthe requirements covered by the scope of

certification and other requirementsspecified in the certification scheme?

7.4.5 Does the certification body only rely onevaluation results related to certificationcompleted prior to the application for certification where it takes responsibilityfor the results and satisfies itself that thebody that performed the evaluation fulfilsthe requirements contained in 6.2.2 andthose specified by the certificationscheme?

7.4.6 How does the certification body inform theclient of all nonconformities?




Form AUD 49




Finding

7.4.7 If one or more nonconformities havearisen, and if the client expresses interestin continuing the certification process,how does the certification body provideinformation regarding the additionalevaluation tasks needed to verify thatnonconformities have been corrected?

7.4.8 If the client agrees to completion of theadditional evaluation tasks, how is theprocess specified in 7.4 repeated tocomplete the additional evaluation tasks?

7.4.9 How are the results of all evaluationactivities documented prior to review(7.5)?

7.5 Review

7.5.1 How does the certification body assign atleast one person to review all informationand results related to the evaluation?How is the review carried out by person(s)who have not been involved in theevaluation process?

7.5.2 How are recommendations for acertification decision based on the reviewdocumented, unless the review andcertification decision are completedconcurrently by the same person?

7.6 Certification decision

7.6.1 Is the certification body responsible for and how does it retain authority for itsdecisions relating to certification?

7.6.2 Has the certification body assigned atleast one person to make the certificationdecision based on all information related

to the evaluation, its review, and any other relevant information?How is the certification decision carriedout by a person or group of persons (e.g.a committee, see 5.1.4) which has notbeen involved in the process for evaluation (7.4)?




Form AUD 49




Finding

7.6.3 Are the person(s) (excluding members of committees – see 5.1.4) assigned by thecertification body to make a certificationdecision employed by or under contractwith

- the certification body (6.1); or

- an entity under the organizationalcontrol of the certification body (7.6.4)?

7.6.4 Is the certification body’s organizational

control:

- whole or majority ownership of another entity by the certification body; or

- majority participation by the certificationbody on the Board of Directors of another entity; or

- documented authority by the certificationbody over another entity in a network of legal entities (in which the certificationbody resides) linked by ownership or Board of Directors control?

7.6.5 How do the persons employed by or under contract with entities under organisational control fulfill the samerequirements of this InternationalStandard, as persons being under employment or contract with thecertification body?

7.6.6 How does the certification body notify theclient of a decision not to grantcertification identifying the reasons for thedecision?

7.7 Certification documentation




Form AUD 49




Finding

7.7.1 How does the certification body provide tothe client formal certificationdocumentation that clearly conveys, or permits identification of:

a) the name and address of thecertification body;

b) the date certification is granted; thedate shall not precede the date thecertification decision was completed;

c) the name and address of the client;

d) the scope of certification (3.10);

e) the term or expiration date of certification if certification expiresafter an established period; and

f) any other information required by thecertification scheme?

7.7.2 Does formal certification documentationinclude the signature or other definedauthorization of the person(s) of thecertification body assigned suchresponsibility?

7.7.3 How is formal certification documentation(7.7) only issued after or concurrent with:

a) the decision to grant or extend thescope of certification (7.6.1) has beenmade; and

b) certification requirements beingfulfilled; and

c) the certification agreement (4.1.2)has been completed/signed?

7.8 Directory of certified products




Form AUD 49




Finding

How does the certification body maintaininformation on certified products whichcontains at least:

a) identification of the product;

b) the standard(s) and other normativedocuments to which conformity hasbeen certified;

c) identification of the client?

Are the parts of this information whichhave to be published or made availableon request (through publications,electronic media or other means) in adirectory stipulated by the relevantscheme(s)?

As a minimum how does the certificationbody inform on request about the validityof a given certification?

7.9 Surveillance

7.9.1 If surveillance is required by the

certification scheme or as described insubclauses 7.9.3 or 7.9.4, how does thecertification body initiate surveillance of the product(s) covered by the certificationdecision in accordance with thecertification scheme?

7.9.2 When surveillance utilizes evaluation,review or certification decision, how arethe requirements in 7.4, 7.5 or 7.6fulfilled?

7.9.3 When continuing use of a certificationmark is authorized for placement on aproduct (or its packaging, or informationaccompanying it) (for process or service,see 7.9.4) of a type which has beencertified, how is surveillance establishedand does it include periodic surveillanceof marked products to assure ongoingvalidity of the demonstration of fulfilmentof product requirements?

7.10 Changes affecting certification




Form AUD 49




Finding

7.10.1 When the certification scheme introducesnew or revised requirements that affectthe client how does the certification bodyensure these changes are communicatedto all clients?

How does the certification body verify theimplementation of the changes by itsclients and does it take actions requiredby the scheme?

7.10.2 How does the certification body consider

other changes affecting certificationincluding changes initiated by the clientand decide upon the appropriate action?

7.10.3 Do the actions to implement changesaffecting certification include, if required:

evaluation (7.4);

review (7.5);

decision (7.6);

issuance of revised formalcertification documentation (7.7) toextend or reduce the scope of certification; and/or

issuance of certificationdocumentation of revised surveillanceactivities (if surveillance is part of thecertification scheme)?

How are these actions completed inaccordance with applicable parts of 7.4,7.5, 7.6, 7.7 and 7.8?

Do records (7.12) include the rationale for excluding any of the above activities (e.g.when a certification requirement that isnot a product requirement changes andno evaluation, review or decision activitiesare necessary)?

7.11 Termination, reduction, suspension or withdrawal of certification

7.11.1 When a nonconformity with certificationrequirements is substantiated, either as aresult of surveillance or otherwise, how

does the certification body consider anddecide upon the appropriate action?




Form AUD 49




Finding

7.11.2 When the appropriate action includesevaluation, review or certification decision,how are the requirements in 7.4, 7.5 or 7.6 fulfilled?

7.11.3 If certification is terminated (by request of the client), suspended or withdrawn, howdoes the certification body take actionsspecified by the certification scheme anddoes it make all needed modifications toformal certification documents, publicinformation, authorizations for use of marks, etc. to ensure it provides noindication that the product continues to becertified?

If a scope of certification is reduced howdoes the certification body take actionsspecified by the certification scheme anddoes it make all needed modifications toformal certification documents, publicinformation, authorizations for use of marks, etc. to ensure the reduced scopeof certification is clearly communicated tothe client and clearly described incertification documentation and public

information?

7.11.4 If certification is suspended, how does thecertification body assign one or morepersons to formulate and communicate tothe client:

actions needed to end suspensionand restore certification for theproduct(s) in accordance with thecertification scheme; and

any other actions required by the

certification scheme?

Are these persons competent in their knowledge and understanding of allaspects of the handling of suspendedcertifications (6.1)?

7.11.5 How are any evaluations, reviews or decisions needed to resolve thesuspension or that are required by thecertification scheme completed inaccordance with the applicable parts of sub clauses 7.4, 7.5, 7.6, 7.7.3 and 7.9

and 7.11.3?




Form AUD 49




Finding

7.11.6 If certification is reinstated after suspension how does the certificationbody make all needed modifications toformal certification documents, publicinformation, authorizations for use of marks, etc. to ensure all appropriateindications exist that the productcontinues to be certified?If a decision to reduce the scope of certification is made as a condition of reinstatement, how does the certificationbody make all needed modifications toformal certification documents, publicinformation, authorizations for use of marks, etc. to ensure the reduced scopeof certification is clearly communicated tothe client and clearly described incertification documentation and publicinformation?

7.12 Records

7.12.1 Does the certification body retain recordsto demonstrate that all certificationprocess requirements (in this International

Standard and those of the certificationscheme) have been effectively fulfilled(see also 8.4)?

7.12.2 How does the certification body keeprecords confidential?How are records transported, transmittedand transferred in a way that ensuresconfidentiality is maintained ( see also4.5)?

7.12.3 If the certification scheme involvescomplete re-evaluation of the product(s)within a determined cycle, are recordsretained at least for the current and theprevious cycle?Otherwise, are records retained for aperiod defined by the certification body?

7.13 Complaints and appeals

7.13.1 Does the certification body have adocumented process to receive, evaluateand make decisions on complaints andappeals?How does the certification body recordand track complaints and appeals andactions undertaken to resolve them?




Form AUD 49




Finding

7.13.2 Upon receipt of a complaint or appeal,how does the certification body confirmwhether the complaint or appeal relates tocertification activities for which it isresponsible, and if so, does the CBaddress it?

7.13.3 How does the certification bodyacknowledge receipt of a formal complaintor appeal?

7.13.4 How is the certification body responsiblefor gathering and verifying all necessaryinformation (to the extent possible) toprogress the complaint or appeal to adecision?

7.13.5 How is the decision resolving thecomplaint or appeal made by, or reviewedand approved by, person(s) not involvedin the certification activities related to thecomplaint or appeal?

7.13.6 To ensure that there is no conflict of interest, how are personnel includingthose acting in a managerial capacity who

have provided consultancy (3.2) for, or been employed by a client, preventedfrom being used by the certification bodyto review or approve the resolution of acomplaint or appeal for that client withintwo years following the end of theconsultancy or employment?

7.13.7 Whenever possible, how does thecertification body give formal notice of theoutcome and end of the complaintprocess to the complainant?

7.13.8 How does the certification body giveformal notice of the outcome and end of the appeal process to the appellant?

7.13.9 How does the certification body take anyneeded subsequent action to resolve thecomplaint or appeal?




Form AUD 49




Finding

8 Management system requirements

8.1 Options

Has the certification body established anddoes it maintain a management systemthat is capable of achieving the consistentfulfilment of the requirements of thisInternational Standard in accordance witheither Option A or Option B?Option A – The management system of the certification body shall address thefollowing: General management system

documentation (e.g., manual,policies, definition of responsibilities – 8.2);

Control of documents (8.3); Control of records (8.4); Management review (8.5); Internal audit (8.6); Corrective actions (8.7); Preventive actions (8.8);

Option B – A certification body that hasestablished and maintains a managementsystem in accordance with therequirements of ISO 9001, and that iscapable of supporting and demonstratingthe consistent fulfilment of therequirements of this InternationalStandard, fulfils the management systemclause (8.2 to 8.8) requirements.

8.2 General management systemdocumentation (Option A)

8.2.1 How does the certification body's topmanagement establish, document, andmaintain policies and objectives for fulfilment of this international standardand the certification scheme and howdoes it ensure the policies and objectivesare acknowledged and implemented at alllevels of the certification body’sorganization?




Form AUD 49




Finding

8.2.2 How does the certification body's topmanagement establish, document, andmaintain policies and objectives for fulfilment of this international standardand the certification scheme and ensurethe policies and objectives areacknowledged and implemented at alllevels of the certification body’sorganization?

8.2.3 Has the certification body's topmanagement appointed a member of management who, irrespective of other responsibilities, shall have responsibilityand authority that include:

a) ensuring that processes andprocedures needed for themanagement system are established,implemented and maintained, and

b) reporting to top management on theperformance of the managementsystem and any need for improvement.

8.2.4 Are all documentation, processes,systems, records, etc. related to thefulfilment of the requirements of thisInternational Standard included,referenced, or linked to documentation of the management system?Do all personnel involved in certificationactivities have access to the parts of themanagement system documentation (andrelated information above) that isapplicable to their responsibilities?




Form AUD 49




Finding

8.3 Control of documents (Option A)

Has the certification body establishedprocedures to control the documents(internal and external) that relate to thefulfilment of this International Standard?Do the procedures define the controlsneeded to:a) approve documents for adequacy

prior to issue;b) review and update as necessary and

re-approve documents;c) ensure that changes and the current

revision status of documents areidentified;

d) ensure that relevant versions of applicable documents are available atpoints of use;

e) ensure that documents remain legibleand readily identifiable;

f) ensure that documents of externalorigin are identified and their distribution controlled; and

g) prevent the unintended use of obsolete documents, and to applysuitable identification to them if theyare retained for any purpose?

8.4 Control of records (Option A)

8.4.1 Has the certification body establishedprocedures to define the controls neededfor the identification, storage, protection,retrieval, retention time and disposition of its records related to the fulfilment of thisInternational Standard?

8.4.2 Has the certification body establishedprocedures for retaining records (7.12) for a period consistent with its contractualand legal obligations?Is access to these records consistent withthe confidentiality arrangements?




Form AUD 49




Finding

8.5 Management review (Option A)

8.5.1 General

Has the certification body's topmanagement established procedures toreview its management system at plannedintervals to ensure its continuingsuitability, adequacy and effectiveness,including the stated policies andobjectives related to the fulfilment of thisInternational Standard?

Are these reviews conducted at leastonce a year?

Alternatively, is a complete review brokenup in to segments completed within a 12month time frame?

Are records of reviews maintained?

8.5.2 Review inputs

How does the input to the managementreview include information related to:a) results of internal and external audits;

b) feedback from clients and interestedparties related to the fulfilment of thisInternational Standard;

c) feedback from the mechanism for safeguarding impartiality;

d) the status of preventive andcorrective actions;

e) follow-up actions from previousmanagement reviews;

f) the fulfilment of objectives;g) changes that could affect the

management system; andh) appeals and complaints?

8.5.3 Review outputs

How do the outputs from the managementreview include decisions and actionsrelated to:a) improvement of the effectiveness of

the management system and itsprocesses;

b) improvement of the certification bodyrelated to the fulfilment of thisInternational Standard; and

c) resource needs?




Form AUD 49




Finding

8.6 Internal audits (Option A)

8.6.1 How does the certification body establishprocedures for internal audits to verify thatit fulfils the requirements of thisInternational Standard and that themanagement system is effectivelyimplemented and maintained?

8.6.2 Is an audit program planned, taking intoconsideration the importance of theprocesses and areas to be audited, as

well as the results of previous audits?

8.6.3 Are internal audits normally be performedat least once every 12 months or completed within a 12 month time framefor segmented (or rolling) internal audits?

Is a documented decision-making processfollowed to change (reduce or restore) thefrequency of internal audits or the timeframe in which internal audits shall becompleted?

Are such changes based on the relativestability and ongoing effectiveness of themanagement system?

Are records of decisions to change thefrequency of internal audits or the timeframe, in which they will be completed,including the rationale for the change,maintained?

8.6.4 How does the certification body ensurethat:

a) internal audits are conducted bypersonnel knowledgeable incertification, auditing and therequirements of this InternationalStandard;

b) auditors do not audit their own work;c) personnel responsible for the area

audited are informed of the outcomeof the audit;

d) any actions resulting from internalaudits are taken in a timely andappropriate manner; and

e) any opportunities for improvementare identified?




Form AUD 49




Finding

8.7 Corrective actions (Option A)

How does the certification body establishprocedures for identification andmanagement of nonconformities in itsoperations?How does the certification body also,where necessary, take actions toeliminate the causes of nonconformities inorder to prevent recurrence?

Are corrective actions appropriate to theimpact of the problems encountered?

Do the procedures for corrective actionsdefine requirements for:a) identifying nonconformities (e.g. from

complaints and internal audits);b) determining the causes of

nonconformity;c) correcting nonconformities;d) evaluating the need for actions to

ensure that nonconformities do notrecur;

e) determining and implementing in atimely manner, the actions needed;

f) recording the results of actions taken;and

g) reviewing the effectiveness of corrective actions?

australia&n zeland iso17025 x iso guide 65

Documents