Third Party Certification stages

Q

qcBoss

Registered
Q: As per ISO 19011/ISO 17021-1, what are the correct steps in Third party audit & certification process:

My answer:
  • Stage 1 audit
  • Stage 2 opening meeting
  • Interviews
  • Stage 2 closing meeting
  • Closing of the Stage-2 audit findings
  • Issuance of the certificate
  • Surveillance audit
  • Follow-up audit
Here, I have one query regarding the follow up audit. Where does this activity actually happen in the above scenario? Is it after surveillance audit OR just after the "closing of the stage-2 audit findings"? Or before the surveillance audit. Appreciate input from forum members.
 
Last edited:
SQCpack - Communicate Quality Metrics
Elsmar Forum Sponsor
If you are writing about an initial certification from not having any, then there are a lot of activities you have not identified. there is the agreement of Scope, documentation submission and review and possibly other activities depending on the Scope and the Certification Body, all before the first formal audit.
Following the assessment audit, there is a "Recommendation" made regarding the award of Certificate - it is not usually the auditor who makes the decision - and if successful you will be notified of your Certificate. If unsuccessful you will be made aware of what needs to be done, and this may require a follow-up audit to check on corrective actions. Once successful, the process then enters (normally) a 3-year cycle with a full recertification audit every 3 years. In the intervening time, you will experience surveillance audits and these may be every 3, 4, 6 or 12 months (or another interval depending on findings etc).
 
qcBoss said:
  • Stage 1 audit
  • Stage 2 opening meeting
  • Interviews
  • Stage 2 closing meeting
  • Closing of the Stage-2 audit findings
  • Issuance of the certificate
  • Surveillance audit
  • Follow-up audit
Click to expand...
You've got stuff in there that doesn't make sense because they are internal to the process, you'd be better off with this as the certification audit process.

  • Stage 1 audit
  • Stage 2 audit (within 30 days-6 months)
  • Surveillance audit (every 6 months (semi-annual) or 1 year (annual) after Stage 2)
  • Recertification (3 years- every 3rd visit or 6th visit depending on surveillance schedule)
You're going to get different answers, but this is nearly all that I do for a living and have done so for since 2002.
 
Stage 1 is a readiness audit. Are you ready for Stage 2?

If potential non-conformances are identified, they are presented in the closing meeting/audit report, and the organization can address those findings in preparation for the Stage 2 audit.

Stage 2 is much like a recert audit in that all elements/processes will be reviewed. If there are non-conformances, the will be identified, and the organization must take corrective action. If the responses to the corrective actions are accepted, the stage 2 audit is successful and you get a certificate.
 
It is unusual for Stage 1 and Stage 2 registration audits to take place on the same day. It's highly discouraged. The intent of having a Stage 1 is to determine if you have a quality management system that is up and running. Nonconformances are not written but only concerns about what is missing. Usually there is a span of 2 to 4 weeks between Stage 1 and Stage 2 so that you have an opportunity of fixing the concerns before Stage 2 where nonconformances are written that need to be resolved before certification.

Some slight confusion about the Stage 1 and Stage 2 being on the same day is when most of Stage 1 was offsite. In that case, the remaining part of Stage 1 is done in front of the Stage 2 on the same day. What it usually boils down to is little more than a walk through the facility to confirm that the actual facility lines up with the scope statement and the interaction of processes description.

Another visit to resolve Stage 2 nonconformances can be required, depending on the nature and severity of the nonconformances. Most of the time they are resolved by the auditor reviewing your nonconformance resolutions and determining if is appropriate.

When all is appropriately completed, the auditor recommends that the organization can be certified, but the certification body makes the final decision.

The organization gets to go through everything but the Stage 1 and Stage 2 again in three years in order to keep their certification. Between the original certification and recertification there are surveillance audits. Usually annually but sometimes every six months. Surveillance audits don't include all of the processes. The management related process (whatever the organization calls them) needs to be covered in every audit, but the others can be split between the other surveillance audit(s).

I hope this helps.
 
qcBoss said:
Q: As per ISO 19011/ISO 17021-1, what are the correct steps in Third party audit & certification process:

My answer:
  • Stage 1 audit
  • Stage 2 opening meeting
  • Interviews
  • Stage 2 closing meeting
  • Closing of the Stage-2 audit findings
  • Issuance of the certificate
  • Surveillance audit
  • Follow-up audit
Here, I have one query regarding the follow up audit. Where does this activity actually happen in the above scenario? Is it after surveillance audit OR just after the "closing of the stage-2 audit findings"? Or before the surveillance audit. Appreciate input from forum members.
Click to expand...

A. First few points on Follow-Up audit;
its generally practiced and usually mandated for Verification of CAPA pertaining to Critical and Multiple Major observations. For minor/other observations, the verification could as well be performed through evidences.

B. Hence therefore, the Follow-Up audit is an conditional/optional step after Stage-2 ( before closing of audit findings), and continues thereafter in the series for surveillance audit, re-certifications/accreditations etc
 
v9991 said:
A. First few points on Follow-Up audit;
its generally practiced and usually mandated for Verification of CAPA pertaining to Critical and Multiple Major observations. For minor/other observations, the verification could as well be performed through evidences.

B. Hence therefore, the Follow-Up audit is an conditional/optional step after Stage-2 ( before closing of audit findings), and continues thereafter in the series for surveillance audit, re-certifications/accreditations etc
Click to expand...

Good points.

I should have mentioned that all nonconformances are reviewed again at the next audit to confirm that the resolutions were effective. If found to be still a nonconformance at the next audit, it is written up again and elevated to a major nonconformance which will get a lot more scrutiny than before. It's not a good day when there is a repeat.
 
Just do whatever your CB tells you to do during what stage you're at. You've wound up with "Rock Soup" here. You're going to pay regardless.
 
You must log in or register to reply here.

Similar threads

GretaMonroe
ISO 9001 - 1st Surveillance Audit- Scope
Replies
5
Views
1K
Big Jim
B
M
ISO to AS9100 nightmare
Replies
4
Views
633
mattador78
M
Q
Repeat Non -Conformity
2
Replies
15
Views
1K
Golfman25
G
Crimpshrine13
IATF 16949:2016 Internal Auditor & 2nd Party Auditor Qualifications & Competency
2 3
Replies
21
Views
4K
Ashland78
Ashland78
D
7.1.5.3.2 Calibration: What is really required on a calibration certificate
Replies
9
Views
1K
JanKees
J
Back
Top Bottom