Certification Approaches

EAC MeetingMiami, FL

August 2008

Gordon GillermanConformity Assessment Advisor

Homeland SecurityNational Institute of Standards and Technology

gordon.gillerman@nist.gov

Activity Overview Assist US Federal Government Agencies including the Department

of Homeland Security and the Department of Justice in developing standards and conformity policies and administrative infrastructure

Design and assist in the implementation of homeland security related conformity assessment programs

Assist in the development of standards for homeland security Coordinate and network with standards development

organizations Promote use of available international and national standards Identify standards suitable for homeland security procurement

and grant guidance Participate in the development of key standards

Types of Conformity Assessment

Supplier’s Declaration

Inspection Testing Certification Registration Accreditation

Risk and Conformity AssessmentHow much confidence is needed?P

erce

ived

Ris

k

Independence and Rigor of Conformity Assessment

Supplier’s declaration1st party conformity

assessment

certification3rd party conformity

assessment

Factors in CA System Design

•The risks associated with non-compliance should be proportional to the rigor and independence of the CA system.

•System over-design will add too much cost.

•System Under-design will result in too little confidence of compliance.

•Penalties associated with non-compliance may reduce the needed rigor and independence of the conformity assessment system.

•Timely mechanisms that effectively remove non-compliant products from the market may also reduce the needed rigor and independence of the system.

Applied at the Characteristic level

•The risk based concept that is used to develop the certification system model at the top level can be applied characteristic by characteristic in the certification program

•Each characteristic needs technical requirements.

•The certification program must require that the applicant demonstrate compliance with all of the technical requirements.

•The method of demonstrating conformity with different system characteristics can be varied.

Factors to Consider for required method of demonstrating conformity at the

Characteristic level

•What is the risk associated with non-conformity with individual characteristic requirements (consequence, tolerability)?

•Does current equipment typically comply?

•What is the technical means of demonstrating conformity (test in lab, test in use environment, QMS audit…)?

•What organizations are best positioned to conduct the demonstration of conformity activities?

•What are the cost implications of requiring different methods of demonstrating conformity with individual product characteristics?

•Can the certification program leverage other conformity assessment activities to reduce redundancy (QMS potential opportunity)?

.

Example - Body Armor Certification

Program Surveillance and QMS options • A registered quality management system that

conforms to the requirements of ISO 9000 plus specific body armor quality management requirements (BA 9000) by an (ANAB) accredited registrar and infrequent (typically 3 periodic retests over 5 years) periodic

retesting of production body armor, or• No register BA 9000 QMS and frequent (6

periodic retests over 5 years) retesting of production body armor.

Note - the QMS registration is not conducted by the body armor equipment certifier.

Example - Toy Safety CertificationProgram Flowchart

Accredited certification organization

Test results from accredited lab

• Initial type

•Periodic Retest

Factory production process management system from accredited registrar

•Initial assessment

•Audits

•Registration

•Periodic reassessments

Design hazard analysis and risk management documentation from applicant

Program administrator

(certification mark owner)

License agreement for certification mark

•Authorization to mark certified products

•Applicant and model designation on publicly availably list

Registration

documentation

Test results

Example - Matrix of required methods for demonstrating conformity of

characteristics for system certification

Suppliers Declaration of Conformity

Test Report

Accredited lab test report

3rd Party Accredited Lab Test Report

Other Registration

Or Certification

Accuracy

Security

Accessibility

EMC

Useability

QMS

Back –Up Slides

Typical Use – Testing(1st, 2nd or 3rd Party CA)

Used when the critical characteristics can be evaluated via measurement under specified conditions.

Type test is a test carried out on samples that represent production for the purpose of determining conformity.

May be an element of a suppliers’ declaration or

certification system.

Typical Use – Suppliers Declaration(1st Party CA)

Generally used: when the risk associated with noncompliance is low

there are adequate penalties for placing noncompliant products on the market

there are adequate mechanisms to remove noncompliant products from the market

Typical Use – Inspection(1st, 2nd or 3rd Party CA)

Used when the critical characteristics can be evaluated via physical examination or measurement.

May be an element of a certification system.

May be used to ensure that all parts of a system have been properly installed (ex. code inspection)

Typical Use –Certification(3rd Party CA)

Used when the risks associated with non-conformity are moderate to high.

Includes evaluation, compliance decision, attestation of conformity and some form of surveillance or follow up.

Always conducted by a third party.