Interesting Discussion Hello IAF. Are you listening? Please explain the inconsistency in your IAF Mandatory Documents

Sidney Vianna

Post Responsibly
Leader
Admin
The post below was copied from another thread discussing the IAF Mandatory Document 22. I wish someone from the IAF (the coalition of the willing) would explain why the IAF MD 22 document demands accountability as it relates to the accredited certification of OHSMS, but the equivalent documents related to the other disciplines, such as quality, environment, information security do not...

An organization that has allowed major quality escapes and has to implement a recall, should be mandated to notify their CB's about the occurrence (ISO 9001).

An organization that has experienced a major environmental violation should be mandated to notify their CB's about the occurrence (ISO 14001).

An organization that has experienced a major data security breach should be mandated to notify their CB's about the occurrence (ISO 27001).


======================================================================================

The IAF Mandatory Document 22 requires that the CB to have contractual language with the registrants so the CB is formally informed of the occurrence of a serious incident or breach of regulation necessitating the involvement of the competent regulatory authority. Further down the document, we see the following:

G 9.6.4.2 Independently from the involvement of the competent regulatory authority, a special audit may be necessary in the event that the Certification Body becomes aware that there has been a serious incident related to occupational health and safety, for example, a serious accident, or a serious breach of regulation, in order to investigate if the management system has not been compromised and did function effectively. The Certification Body shall document the outcome of its investigation.

G 9.6.5.2 Information on incidents such as a serious accident, or a serious breach of regulation necessitating the involvement of the competent regulatory authority, provided by the certified client (see G 8.5.3) or directly gathered by the audit team during the special audit, (G 9.6.4.2) shall provide grounds for the Certification Body to decide on the actions to be taken, including a suspension or withdrawal of the certification, in cases where it can be demonstrated that the system seriously failed to meet the OH&S certification requirements. Such requirements shall be part of the contractual agreements between the CAB and the organization.

What I find interesting is that I don't see similar requirements/expectations for the certification of QMS and EMS's in the IAF Mandatory Documents. Why shouldn't the registrants be mandated to formally inform their CB's in case of a major quality problems leading, for example, to consumer injuries and/or fatalities and product recalls? Ditto for major environmental violations? Why a different standard for OHSMS?

Consistent accreditation? :unsure: Hardly so.

By, the way, I do support the language in the IAF MD22, as it drives accountability in the accredited certification process; I just wanted the same type and level of expectations for QMS, EMS, EnMS, ISMS, etc....
 

dwperron

Trusted Information Resource
I believe it is because the IAF mandate covers Accreditation Bodies (AB), not CB's.
I don't believe that they have the authority to set requirements for CB's.
It would be the role of the AB to require that a CB report a serious breach.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Did you ever read an IAF Mandatory Document? Most of the requirements and most of the documents are targeted at CB operations.
 

Sidney Vianna

Post Responsibly
Leader
Admin
I sent a message to the IAF using their website. Let’s see if they respond.
It has been a month, and I got no response from the IAF, the coalition of the willing. Not surprising, but disappointing, nevertheless.

I see the IAF MD22 significantly different from other Mandatory Documents in the IAF collection, as it relates to the connection of the regulatory compliance with management systems and I can only hope that the level of expectation set for OHSMS accredited certification triggers the same for the other disciplines, such as quality, environmental, information security, etc...
 

Randy

Super Moderator
It has been a month, and I got no response from the IAF, the coalition of the willing. Not surprising, but disappointing, nevertheless.

I see the IAF MD22 significantly different from other Mandatory Documents in the IAF collection, as it relates to the connection of the regulatory compliance with management systems and I can only hope that the level of expectation set for OHSMS accredited certification triggers the same for the other disciplines, such as quality, environmental, information security, etc...

Yeah in my opinion someone's been drinking the koolaid and is turning a conformity process into another goat roping compliance activity and the duration stuff is dorked .... But that's my opinion only and doesn't reflect on anyone except me and my possible ignorance.
 

Sidney Vianna

Post Responsibly
Leader
Admin
Just blowback from the position defended by many in the management system certification sector that this is "just a snapshot in time", there are no guarantees in life other than death, taxes and our invoices, don't hold me liable for anything....etc, etc, etc....For the pundits that like to detract the value of management system certificates, what is the most used method? Identify organizations that have systems certified while being caught in regulatory noncompliance. Dieselgate, for example.
Maybe, just maybe, this is an attempt (waaaaaay long overdue) to stop the commoditization and trivialization of management system audits and get some teeth in the process. Especially when it comes to ISO 14001 and 45001, enabling a system that assists organizations in fulfilling legal requirements is one of it's critical aspects. But, as you know, if the CB audit team is oblivious to the registrant's legal exposure, they could be certifying systems with major gaps, what is, obviously, a huge failure of audit and certification process.
 

Sidney Vianna

Post Responsibly
Leader
Admin
It has been a month, and I got no response from the IAF, the coalition of the willing. Not surprising, but disappointing, nevertheless.
Two years later and no response from the IAF. Who are they accountable to? Never mind, rhetorical question....And, now, with the low cost accreditation bodies part of the IAF coalition, the dream goal of one certificate, accepted everywhere is even more remote; at least when it comes to management system certificates.
 
Top Bottom