What you as an auditee should know about your CB (Certification Body)

Howard Atkins

Forum Administrator
I am starting this thread as time and again there are posts as to the actions or in-actions of Certification Bodies (CB) and I would like to try to help the many that appear to suffer from what might appear to be arbitrary decisions

The structure of the system certification industry is as follows:

A standard authoring authority (ISO, ASTM, SAE, etc) produces a standard which has requirements that are auditable.

CBs are businesses whose product is certification of customers systems based on the above standards and have objectives comparable to other companies

These certificates are meaningful as long as they are from CBs that are audited to ensure compliance to ISO/IEC 17021 Conformity assessment — Requirements for bodies providing audit and certification of management systems.
These audits are performed by national Accreditation Bodies (AB) who are members of the International Accreditation Forum (IAF) which give mutual recognition thus ensuring acceptability of the certificates.

NOTE- The governing body and only accreditation body of ISO/TS 16949 is the IATF which works in accordance to its own rules

The IAF as a governing body has various publications which include:
IAF Mandatory Documents (MD Series)
such as:
IAF MD 5:2009 Duration of QMS and EMS Audits
(Issue 1, issued on 1 February 2009; Application from 1 May 2009)
This mandatory document was derived from the guidance previously available in two documents, IAF GD2:2005 Annex 2 and IAF GD6:2006 Annex 1. It provides mandatory provisions and guidance for CABs to determine the audit duration for stage 1 and stage 2 initial audits, surveillance audits and recertification audits.

IAF Informative Documents (ID Series)
such as
IAF ID 1:2010 QMS Scopes of Accreditation
Issue 1, issued on 15 September 2010; Application from 15 September 2010)
Informative document to facilitate the consistent application of Clause 7.1.1 of ISO/IEC 17021:2006 and Clause 7.2.1of ISO/IEC 17011 by Accreditation Bodies.
All publications are available free HERE

These IAF documents and ISO/IEC 17021 are the basis of the industry and give many answers to the questions asked.

The CBs are governed as said by ISO/IEC 17021 which includes the following requirements which directly interface with their customers and examples are given which I have seen questions in relation to them:

5.1.2 Certification agreement
The certification body shall have a legally enforceable agreement for the provision of certification activities to its client.
8 Information requirements
8.1 Publicly accessible information
8.1.1 The certification body shall maintain and make publicly accessible, or provide upon request, information describing its audit processes and certification processes for granting, maintaining, extending, renewing, reducing, suspending or withdrawing certification, and about the certification activities, types of management systems and geographical areas in which it operates.

9.1.1 Audit programme An audit programme for the full certification cycle shall be developed to clearly identify the audit activity(ies) required to demonstrate that the client's management system fulfils the requirements for certification to the selected standard(s) or other normative document(s).

9.1.2 Audit plan General
The certification body shall ensure that an audit plan is established for each audit identified in the audit programme to provide the basis for agreement regarding the conduct and scheduling of the audit activities. This audit plan shall be based on documented requirements of the certification body.

9.1.4 Determining audit time The certification body shall have documented procedures for determining audit time, and for each client the certification body shall determine the time needed to plan and accomplish a complete and effective audit of the client's management system. The audit time determined by the certification body, and the justification for the determination, shall be recorded.

9.1.7 Communication concerning audit team members
The certification body shall provide the name of and, when requested, make available background information on each member of the audit team, with sufficient time for the client organization to object to the appointment of any particular auditor or technical expert and for the certification body to reconstitute the team in response to any valid objection.

9.1.8 Communication of audit plan
The audit plan shall be communicated and the dates of the audit shall be agreed upon, in advance, with the client organization. Communication during the audit During the audit, the audit team shall periodically assess audit progress and exchange information. The audit team leader shall reassign work as needed between the audit team members and periodically communicate the progress of the audit and any concerns to the client. Conducting the closing meeting The client shall be given opportunity for questions. Any diverging opinions regarding the audit findings or conclusions between the audit team and the client shall be discussed and resolved where possible.
Any diverging opinions that are not resolved shall be recorded and referred to the certification body.

9.7 Appeals

9.7.1 The certification body shall have a documented process to receive, evaluate and make decisions on appeals.
9.7.2 A description of the appeals-handling process shall be publicly accessible.
9.7.4 Submission, investigation and decision on appeals shall not result in any discriminatory actions against the appellant.

9.8 Complaints
9.8.1 A description of the complaints-handling process shall be publicly accessible.

As can be seen there should be a legal agreement between you and the CB and also as described in 8.1 above full information as to the methods that are used for audits, determination of time etc should be available and is usually part of the contract that is signed between the 2 parties.

This information should answer all your questions which we see time and again.

If you do not get adequate replies to request for information then I suggest that you inform the CB that you are referring the issue to the AB (the relevant AB should be on their certificate and on the web site) for them to help you.

As an auditor I believe that the CB must act in a transparent and informed manner so that it gives the best service possible.
I believe that the best service can be given to those who understand the reasons behind decisions and that there is a partnership agreement.

From questions in the forum and also from my experience in the field I have seen that there is a tendency to forget who the customer is and who pays.
Top Bottom