Time gap for First Surveillance Audit of AS9100D after initial certification

Y

yatheendra

Registered
Hi Friends,

I have a query on the timing of the first surveillance audit after initial certification of AS9100 Rev D.

We had our stage 2 audit in Nov 2017 where we ended up with a few non-conformances which were cleared during a follow-up visit in Jan-2018 and we got the certificate by 23rd Jan 2018

Our certification body is asking for the surveillance audit by October 2018 considering that the stage 2 audit happened in November 2017 (They say that it should be before 12 months from stage 2 audit)

But When I read the ISO/IEC 17021-1:2015, I could find that it has stated "The date of the first surveillance audit following initial certification shall not be more than 12 months from the certification decision date"
I could not see any conflict of this in AS9101 Rev F too.
(the previous revisions, ISO/IEC17021-1:2011 and AS9101 rev E states that the first surveillance audit following initial certification shall not be more than 12 months from stage 2 audit. I could see that the new standard has changed the requirement)

So my doubt is, should not the certification decision date be after the non-conformances been cleared and the technical review team approves it or is it still considered from stage 2?


Before I reply to the certification body, I thought of getting some of your inputs.

Thank you in advance

Regards
Yatheendra
 
Sidney Vianna

Sidney Vianna

Post Responsibly
Leader
Admin
yatheendra said:
So my doubt is, should not the certification decision date be after the non-conformances been cleared and the technical review team approves it or is it still considered from stage 2?
Click to expand...
This seems to be one of those cases where the registrant (you) might teach the registrar about the requirements of the revised 17021. But could you please identify what paragraph of 17021:2015 you are referring to? I don’t see that text in my copy of the standard.

The certification decision happens, as you suspect, after the corrective actions and corrections were accepted
 
Last edited:
D

dsanabria

Quite Involved in Discussions
yatheendra said:
Hi Friends,

I have a query on the timing of the first surveillance audit after initial certification of AS9100 Rev D.

We had our stage 2 audit in Nov 2017 where we ended up with a few non-conformances which were cleared during a follow-up visit in Jan-2018 and we got the certificate by 23rd Jan 2018

Our certification body is asking for the surveillance audit by October 2018 considering that the stage 2 audit happened in November 2017 (They say that it should be before 12 months from stage 2 audit)

But When I read the ISO/IEC 17021-1:2015, I could find that it has stated "The date of the first surveillance audit following initial certification shall not be more than 12 months from the certification decision date"
I could not see any conflict of this in AS9101 Rev F too.
(the previous revisions, ISO/IEC17021-1:2011 and AS9101 rev E states that the first surveillance audit following initial certification shall not be more than 12 months from stage 2 audit. I could see that the new standard has changed the requirement)

So my doubt is, should not the certification decision date be after the non-conformances been cleared and the technical review team approves it or is it still considered from stage 2?


Before I reply to the certification body, I thought of getting some of your inputs.

Thank you in advance

Regards
Yatheendra
Click to expand...

When you look at your certificate and the expiration date... then count 90 days before that date and that is when your next surveillance will be.
 
Y

yatheendra

Registered
Sidney Vianna said:
This seems to be one of those cases where the registrant (you) might teach the registrar about the requirements of the revised 17021. But could you please identify what paragraph of 17021:2015 you are referring to? I don’t see that text in my copy of the standard.

The certification decision happens, as you suspect, after the corrective actions and corrections were accepted
Click to expand...

Thank you for your comments.

The requirement can be found under the clause 9.1.3.3 where it states "Surveillance audits shall be conducted at least once a calendar year, except in recertification years. The date of the first surveillance audit following initial certification shall not be more than 12 months from the certification decision date.".

Apart from these two standards, is there any such requirement mentioned in AS9104/1? I could not find anything from the draft copy that I had read.
 
somashekar

somashekar

Leader
Admin
If your certification effective date is Jan 2018, and the stage 2 audit happened in Nov 2017, then per the 'once in a calendar year' rule., your audit must happen by Dec 2018.
However in order to have the required time to complete the surveillance audit project before Jan 2019 (one year from Jan 2018), a date of Oct 2018 is perhaps proposed.
You can discuss with your CB for a float in Oct - Nov 2018 based on mutual convenience.
Certain CB discuss and decide broadly the next audit cycle month during the previous audit. Check out if you have already agreed for the Oct 2018.
 
Y

yatheendra

Registered
somashekar said:
If your certification effective date is Jan 2018, and the stage 2 audit happened in Nov 2017, then per the 'once in a calendar year' rule., your audit must happen by Dec 2018.
However in order to have the required time to complete the surveillance audit project before Jan 2019 (one year from Jan 2018), a date of Oct 2018 is perhaps proposed.
You can discuss with your CB for a float in Oct - Nov 2018 based on mutual convenience.
Certain CB discuss and decide broadly the next audit cycle month during the previous audit. Check out if you have already agreed for the Oct 2018.
Click to expand...
Thank you.
Exactly, that was what my point. I was also expecting an audit by Dec 2018. They gave the audit dates suddenly and and quoted the old rule (2011) which I believe was not right. Since the Certification date is on 23rd Jan 2018, we still have ample time even if we do the audit in December.

Regards
Yatheendra
 
somashekar

somashekar

Leader
Admin
The time to start and complete a surveillance audit project will vary depending upon several aspects., mainly being availability of auditors dates, The month long time given to close any possible minor NC's, Travel needs, Final report and NC response approval process, etc.
So we need to understand audit from the total perspective and accommodate to the best options that the CB can offer.
 
Y

yatheendra

Registered
I completely agree with your comments and we appreciate the CBs looking at the possibility of completing the audit without any risk to the organisation. But In this case, the problem was they are not looking beyond October and it seems they are not aware of the point about the first surveillance. I have communicated them quoting the text in the standard and it seems they need to check with their technical team before they could reply. I had doubts on my understanding, but with the help I got here, I could clear that.:)
 
Marc

Marc

Fully vaccinated are you?
Leader
dsanabria said:
When you look at your certificate and the expiration date... then count 90 days before that date and that is when your next surveillance will be.
Click to expand...

NOTE: This post has been reported as potentially containing inaccurate information.
 
D

dsanabria

Quite Involved in Discussions
Marc said:
NOTE: This post has been reported as potentially containing inaccurate information.
Click to expand...

SOrry for the lack of my wording but the 90 days rules is imposed by the registrar to:

1. Provide ample time to the clients to answer NCR (30 days)

2. The registrar need additional time to enter and review all data in OASIS

3. They push the limits on the following statements.

AS9104-1 2012
"For audits involving a certification decision, the CB shall be responsible for the input of the required data into the OASIS database within 30 days after the certificate issue date. For all other audits, the CB shall submit the required data into the OASIS database within 90 days after the on-site visit date. This entry into the database can be performed either directly by the CB or through the SMS, in accordance with the arrangements defined
by the IAQG sector or NAIA. The information to be input into the OASIS database is defined in Appendix C."
 
You must log in or register to reply here.

Similar threads

J
SOC 2 information security auditing
Replies
0
Views
1K
john.b
J
P
Increase in audit days for multi-site companies based on the new AS9104-1 2022
Replies
0
Views
442
phxsun2001
P
S
Supplier AS9100 certificate suspended - still ship goods ?
Replies
7
Views
747
Sidney Vianna
Sidney Vianna
C
Resume Feedback - Medical Device (SaMD) Regulatory Affairs, 5 YOE
Replies
5
Views
881
EmiliaBedelia
E
S
Expiry and re-certification of ISO13485
Replies
3
Views
399
Schelte P
S
Top Bottom