The post below was copied from another thread discussing the IAF Mandatory Document 22. I wish someone from the IAF (the coalition of the willing) would explain why the IAF MD 22 document demands accountability as it relates to the accredited certification of OHSMS, but the equivalent documents related to the other disciplines, such as quality, environment, information security do not...
An organization that has allowed major quality escapes and has to implement a recall, should be mandated to notify their CB's about the occurrence (ISO 9001).
An organization that has experienced a major environmental violation should be mandated to notify their CB's about the occurrence (ISO 14001).
An organization that has experienced a major data security breach should be mandated to notify their CB's about the occurrence (ISO 27001).
======================================================================================
The IAF Mandatory Document 22 requires that the CB to have contractual language with the registrants so the CB is formally informed of the occurrence of a serious incident or breach of regulation necessitating the involvement of the competent regulatory authority. Further down the document, we see the following:
What I find interesting is that I don't see similar requirements/expectations for the certification of QMS and EMS's in the IAF Mandatory Documents. Why shouldn't the registrants be mandated to formally inform their CB's in case of a major quality problems leading, for example, to consumer injuries and/or fatalities and product recalls? Ditto for major environmental violations? Why a different standard for OHSMS?
Consistent accreditation? Hardly so.
By, the way, I do support the language in the IAF MD22, as it drives accountability in the accredited certification process; I just wanted the same type and level of expectations for QMS, EMS, EnMS, ISMS, etc....
An organization that has allowed major quality escapes and has to implement a recall, should be mandated to notify their CB's about the occurrence (ISO 9001).
An organization that has experienced a major environmental violation should be mandated to notify their CB's about the occurrence (ISO 14001).
An organization that has experienced a major data security breach should be mandated to notify their CB's about the occurrence (ISO 27001).
======================================================================================
The IAF Mandatory Document 22 requires that the CB to have contractual language with the registrants so the CB is formally informed of the occurrence of a serious incident or breach of regulation necessitating the involvement of the competent regulatory authority. Further down the document, we see the following:
G 9.6.4.2 Independently from the involvement of the competent regulatory authority, a special audit may be necessary in the event that the Certification Body becomes aware that there has been a serious incident related to occupational health and safety, for example, a serious accident, or a serious breach of regulation, in order to investigate if the management system has not been compromised and did function effectively. The Certification Body shall document the outcome of its investigation.
G 9.6.5.2 Information on incidents such as a serious accident, or a serious breach of regulation necessitating the involvement of the competent regulatory authority, provided by the certified client (see G 8.5.3) or directly gathered by the audit team during the special audit, (G 9.6.4.2) shall provide grounds for the Certification Body to decide on the actions to be taken, including a suspension or withdrawal of the certification, in cases where it can be demonstrated that the system seriously failed to meet the OH&S certification requirements. Such requirements shall be part of the contractual agreements between the CAB and the organization.
What I find interesting is that I don't see similar requirements/expectations for the certification of QMS and EMS's in the IAF Mandatory Documents. Why shouldn't the registrants be mandated to formally inform their CB's in case of a major quality problems leading, for example, to consumer injuries and/or fatalities and product recalls? Ditto for major environmental violations? Why a different standard for OHSMS?
Consistent accreditation? Hardly so.
By, the way, I do support the language in the IAF MD22, as it drives accountability in the accredited certification process; I just wanted the same type and level of expectations for QMS, EMS, EnMS, ISMS, etc....