The procedure for the management system certification
5.1 Analysis of the application
5.1.1. The basis for the start of work on confirmation of the conformity of management systems is an application from third-party organizations received by PTsS LLP and executed in accordance with Annex B.
Together with the application for conducting an assessment of the management system at PTsS LLP, the organization must provide a list of documents in accordance with Annex B and an assessment sheet (Annex D). Upon completion of the procedure for confirming the conformity of management systems, the constituent documents of the customer’s organization, documents of management systems and other requested documents shall be returned to the customer’s organization.
5.1.2 The application is recorded in the Journal of work on the confirmation of management systems (Annex E).
The head or a specialist appointed by the head of the OPS SM will analyze the application to determine the possibility of certification taking into account:
- conformity assessment of the customer’s certification area and the area of accreditation of the authority to confirm the conformity of management systems;
- the availability of the information system for information management for the audit planning (location of the organization, number of employees, preferred dates for the audit, the degree of integration of the IMS, etc.);
- whether the body for confirmation of the conformity of management systems has the possibility of carrying out work within the time period preferred by the customer, the availability of appropriate resources.
- In the absence of the necessary information and documents, the customer organization is informed about this in the form of a letter.
5.1.3 On the results of the consideration of the application, the TSO SM informs the applicant in writing as a decision in the form of Annex D.
5.1.4. The head of the TSA CM sends an application with a visa to the responsible specialist for further work on confirmation of compliance with the CM.
5.2 Preparation and execution of the contract
5.2.1 Before concluding an agreement on the confirmation of the management system, if necessary, the responsible executor prepares a sample of sites taking into account the number of sites that must be visited during an audit in the organization (Annex L).
5.2.2 If the organization has several sites located in different geographical areas, then when planning an audit, each site included in the certification area should be subjected to a separate audit by the conformity confirmation body or included in the sample-based approach.
5.2.3 When calculating the sample of sites to be audited, the following factors are taken into account:
- results and reports of internal audits or previous inspection inspections of sites and the organization as a whole;
- complaint reports; corrective and preventive actions;
- significant changes in the size of sites;
- any existing changes to the organization’s site management systems;
- complexity of management systems;
- any changes since the last inspection;
- management review results;
- the fullness of the management system;
- the significance and degree of influence of processes carried out at the sites on the quality of products (services), the spread of environmental aspects and the associated impacts, risks;
- Language differences;
- geographic location;
- legislative requirements.
5.2.4 The audit program includes a visit to the central office and all sites of the organization in accordance with the sampling method.
5.2.5 If inconsistencies are found at the central office or at a separate site of the organization that is part of the certification area, the procedure for taking corrective actions should be extended to all sites.
5.2.6 In the process of preparing a draft contract, the audit time is also determined, which includes the time spent by the auditor or the audit team on planning (including, if necessary, analysis of documentation outside the production site); interaction with the organization, staff, review of records, documentation and processes; writing a report. It is expected that the audit time associated with planning and writing a report should not normally reduce the total on-site audit time to less than 80%. This applies to certification, inspection and recertification. When additional time is required to plan and / or write a report, this cannot serve as a basis for reducing on-site audit time.
5.2.7 The audit duration is determined on the basis of the RI OPS SM / PTsS 03/01, while taking into account the following aspects:
- requirements of standards;
- size and complexity of the organization;
- technological features, legislative regulation;
- any attraction of external resources included in the scope of the management system;
- results of previous audits;
- the number of production sites and issues related to conducting an audit on them;
- risks associated with the products, processes or activities of the organization;
- Whether the audit is combined, integrated, collaborative or integrated.
5.2.8 The execution of the contract is carried out in accordance with DP PDS 02/07.
The procedure for analysis and conclusion of contracts for the provision of services.
5.3 Designing an audit program
5.3.1 After signing the contract, the responsible executor develops an audit program for the entire certification cycle, in which auditing activities are clearly defined, demonstrating that the management system of the contracting organization meets the requirements for confirmation of compliance.
5.3.2 The audit program includes:
- initial audit, consisting of two stages:
- stage – analysis of the organization’s management system documentation;
- stage – certification audit;
- inspection audits during the first and second year of certification;
- recertification – during the third year, before the certificate expires.
5.3.3 When preparing the audit program, the size of the organization, the scope and complexity of its management system, products and processes, as well as the demonstrated level of effectiveness of the management system and the results of previous audits are taken into account. The audit program is given in Annex M.
5.3.4 One copy of the Audit Program is provided to the customer.
5.4. Analysis of organization management system documentation (audit – stage 1)
5.4.1 The responsible executor analyzes the submitted documents of the management system of the applicant organization (if necessary, technical experts are involved to:
- familiarization with the organization to get an idea about it and its most important divisions;
- determining the compliance of the submitted documents with the requirements of the relevant regulatory documents and determining the readiness of the organization to conduct a certification audit (stage 2);
- the degree of integration of the CM (during the audit of the IMS);
- assessment of the location of the applicant and special conditions of the organization;
- analysis of the applicant’s status and understanding of the requirements of the standard;
- collecting the necessary information regarding the area of the management system, processes and location of the applicant and related legal aspects and requirements;
- certification audit planning and approval by the applicant.
If necessary, the responsible executor has the right to request additional information and documents from the organization, or, in agreement with the organization being verified, the SMO FS can send his representative to the organization for a preliminary assessment in order to familiarize himself with the management system of the organization being audited, collect the necessary data directly in the organization or solving unclear issues.
5.4.2 The 2nd stage of the audit ends with the preparation of a reasonable written opinion on the analysis of the documents of the management system (Annex H). One copy of the report is provided to the applicant organization.
5.4.3 In the case of a negative decision on the results of the analysis of the organization’s documentation, it is proposed to finalize the management system, and after it is completed and corrective actions are taken to eliminate the inconsistencies, the organization should send the finalized documents to the TSO SM PCC LLP for a certification audit (2 stages).
5.5 Audit Team Selection
5.5.1. In order to determine the competence of auditors, the absence of a conflict of interest, the ability to perform work in the declared field, the Head of the PS OI CM assesses experts and their ability to perform work on the application.
Prior to the determination of the audit team, the Head of the PS OI CM, expert auditors and technical experts fill out the expert evaluation sheet (Annex G).
5.5.2 In determining the size and composition of the audit team shall be taken into account:
- the competence of expert auditors required for each technical area;
- audit objectives, scope and criteria, duration of the audit;
- area of activity of the organization;
- labor costs for the audit;
- the need to ensure the overall competence of the audit team to achieve the objectives of the audit;
- requirements of laws, regulations applicable to the assessment;
- ensuring the impartiality and independence of the members of the audit team from the certified organization;
- the ability of members of the audit team to effectively interact with the auditee;
- audit language.
5.5.3 The audit team may consist of one or more expert auditors. If the expert auditors do not have specialized knowledge and skills, then technical experts are included in the audit team.
If the audit is carried out by one expert auditor, he performs all the duties assigned to the head of the audit team.
The head of the team for conducting the IMS audit is appointed an expert auditor who is competent in at least one of the standards for compliance with which the audit is conducted.
In the case of involving technical experts from a third-party organization, a contract is concluded for the provision of services in accordance with the DP PDS 02/04 in the form (Annex E), taking into account the requirements set forth in clause 7.3 of ST RK ISO / IEC17021-2015.
5.5.4 The team may include trainees – candidates for expert auditors to confirm the conformity of management systems. Trainees cannot independently ask questions of the auditee, but only with the permission of the head of the audit team or an expert auditor.
When examining evidence and generating audit findings (observations), technical experts and trainees are entitled only to an advisory vote.
5.5.5 After evaluating the experts, the head of the PS OI CM or executive officer fills out the expert assessment sheet in the form (Annex G).
5.5.6 For approval of the audit team, an approval team of the audit team is sent to the organization (Annex U).
5.5.7 Based on the results of the evaluation of the expert auditor, technical expert, approval sheet of the proposed team, a team is created to conduct an on-site audit. The composition of the audit team and the date of the audit are approved by order of the director.
5.5.8 Preliminary contact with the audited organization is carried out by the Head of the audit team through meetings with representatives of the organization, telephone conversations, and e-mails.
The objectives of the preliminary contact are:
- providing information on the audit plan;
- determination of the channel for the exchange of information with representatives of the audited organization;
- determination of the order of stay in the territory of the audited organization (pass regime, compliance with safety rules);
- The audited organization has the right to demand the replacement of team members on reasonable grounds based on the principles of the audit (paragraph 4.2). The reason for replacing a member of the audit team may be a conflict of interest (for example, if the member of the audit team is a former employee of the auditee) or unethical behavior. Any reason should be presented to the head of the audit team and the head of the SMOPS CM, who should decide on the replacement of the members of the audit team.
5.6 Certification audit (stage 2)
5.6.1 Before conducting a certification audit, the audit team develops a draft program and plan for the audit of the management system in the form of Annex O of this documented procedure.
5.6.2 The draft program and audit plan are sent to the organization for approval
5.6.3 After agreement with the customer, the audit program and plan is approved by the head of the SM FSA. If the customer does not agree on the date of the audit or requires replacement of a team member for objective reasons, the dates of the audit and the composition of the team are reviewed and agreed with the organization of the customer. In this case, a new order is issued on the composition of the team and the date of the audit.
5.6.4 Team members develop questions regarding the management system in the form of Annex P. Technical experts develop questions on the audited area within their competence in the form of Annex P. Team members agree on the checklist with the head of the audit team. In preparation for the audit, the column “Questions” is filled in accordance with the audit program, the remaining columns are filled in during the audit during observation.
The form and content of checklists, if necessary, can be changed and supplemented at the discretion of the expert auditor.
5.6.5 Certification audit of a management system includes the following steps:
- preliminary meeting;
- conducting an audit;
- collection, verification and registration of data;
- analysis of audit materials;
- exchange of information during the audit;
- preparation of preliminary findings for the closing meeting;
- execution of an audit certificate;
- closing meeting;
- generating an audit report.
5.6.6 The head of the audit team holds a preliminary meeting at which the goals and objectives of the audit are explained, the statement of the audit team on the confidentiality of information obtained during the audit is made by filling out the Expert Declaration in the form of Annex R.
The opening meeting is recorded (Annex C).
5.6.7 The audit team evaluates the compliance of a functioning management system with the requirements established in regulatory documents for this system and documents of the organization’s management system.
the audit team collects information, including audit evidence obtained by technical experts, and verifies information regarding the scope and objects of the audit, including information on the interaction of organizational units and management system processes. Only verified information can be an audit evidence.
As sources of information use:
- a survey of employees of the audited organization;
- observation of expert auditors on the activities of personnel, the functioning of processes, working conditions and the state of jobs;
- documents of a management system of a regulatory nature, such as the Policy and goals in the field, management guidelines, plans, organization procedures, regulations, provisions, instructions, external regulatory and technical documentation, agreements, contracts, etc .;
- documents containing data (records) about processes, such as reports and reports on internal audits, management review reports, product test reports, decisions of meetings on management problems, information on the results of monitoring and measurement of products and processes, work logs filled out statements, forms, forms, tests, etc .;
- analysis of the effectiveness of the management system;
- customer feedback data.
- Information obtained from these sources should be checked for objectivity, consistency and adequacy.
5.6.8 After checking all the sites subject to audit, the audit team analyzes the results obtained in order to gradate the registered inconsistencies in significance to significant or insignificant.
Audit findings may relate to the prevention of potential nonconformities, then they are classified as notifications.
Discovered inconsistencies and notifications are recorded in the reports of discrepancies / notifications in the form of Annex T.
The repetition of minor discrepancies of the same type (associated with the same process of the management system) in several divisions provides a basis for translating them into a significant discrepancy.
The final decision on the classification of nonconformities is made by the head of the audit team.
5.6.9 Non-compliance / notification protocols should be reviewed by the head of the audit team together with a representative of the organization’s management and agreed decisions will be made on them. If no agreement is reached on the legality of the established observation, then this is indicated in the audit report outlining various points of view.
5.6.10 Based on the results of the audit, an Audit of the management system is compiled in the form of Annex F, containing the audit results, a mandatory opinion on the compliance of the management system with the requirements of the standards.
5.6.11 The audit act of the management system is signed by the head of the audit team and the head of the organization / authorized person. One copy of the act remains in the organization, the other is stored in the OPS SM.
Management audit reports are recorded in the Journal of Management System Confirmation (Annex E).
5.6.12 After signing the act on the audit of the management system by all interested parties in the organization, a final meeting is held, the results of which are recorded (Annex C).
5.6.13 At the final meeting, the leadership is informed of the strengths and weaknesses of the organization being audited, inconsistencies and potential inconsistencies made during the audit, in the order of their importance, as well as a preliminary conclusion on the compliance (inconsistency) of the management system with the standard requirements – audit criteria.
5.6.14 If a significant discrepancy is found, or 10 or more minor, the enterprise management system cannot be recognized as meeting the requirements of the standard.
If less than 10 minor nonconformities are found, the organization for each nonconformity analyzes the causes of the nonconformities, develops a corrective action plan and provides the team leader. Corrective actions are recorded in the non-compliance / notification protocol.
The deadline for the implementation of corrective actions shall not exceed one month from the date of the final audit meeting.
If the discrepancy was observed in units that included sites, the procedure for taking corrective actions should be implemented at all sites to which this applies.
After taking corrective actions, the organization submits to the head of the audit team a report and confirmation of the fact that corrective actions have been taken.
If the submitted report is not sufficient to confirm the implementation of the corrective actions, the head of the audit team must inform the management of the certified organization in writing about the need to visit the organization again and verify the actual implementation of the corrective actions.
In case of confirmation of the fact that corrective actions have been taken and the nonconformities have been eliminated and their reasons, or not fulfilled, the head of the audit team makes a note in paragraph 4 of the Protocol on non-compliance / notification (Annex T) in the “Completed” section.
5.6.15 After confirming that corrective actions have been taken, the head of the audit team generates an audit report (Annex Sh), which must be dated and signed by the head of the audit team. One copy is provided to the audit client.
5.6.16 In the report on the results of the audit, in the section “Conclusions and proposals on the results of the audit”, an assessment must be made of the compliance of the checked management system with the requirements of the standard — audit criteria, the degree of integration in the case of an IMS audit.
5.6.17 In the case of work to confirm the conformity of several management systems in one organization (IMS) at the same time, paperwork is carried out by one set of documents using the general conclusion on the analysis of the management system’s documents, audit plan, audit report, decision on issuance / renewal of a certificate conformity of the management system, report.
5.6.18 If the contracting authority does not provide evidence of corrective actions, the certification process should be stopped and can only be resumed after filing a second application, about which TSO SM notifies the organization in writing.
5.6.19 If during the audit notifications were issued, the organization shall develop and implement preventive actions. The results of their implementation are checked during the next inspection control of the certified management system and are reflected in the audit act of the management system in section 5 “Summary of audit results”.
The assessment of the effectiveness of corrective and preventive actions is evaluated during the next inspection control of certified management systems. According to the assessment results, in clause 4 of the Protocol on non-compliance / notification (Annex T), a mark is put in the “Effective” column.
5.7 Review of audit results
5.7.1 The head of the audit team submits for consideration to the Head of the SMOPS SM, documents on the results of the audit of the organization’s management system: act on the audit of the management system, report on the results of the audit, reports of non-compliance / notification, checklists, documents of the organization confirming the implementation of corrective actions if available (plan of corrective measures, report on the implementation of corrective measures and documents confirming the implementation of measures: minutes of technical studies, minutes of meetings, uu orders, etc.).
5.7.2 In case of a positive decision, the Head of the PS OI CM makes a decision on the issue of a certificate of conformity (Annex E) and sets the validity period of the certificate (no more than three years).
5.7.3 In case of negative audit results, the head of the audit team notifies the organization of the refusal to issue a certificate indicating the reasons for the refusal and informs of the possibility of conducting a second audit on a contractual basis. The decision on the refusal is transmitted to the applicant within three days
5.7.4 The criterion for deciding whether to issue or refuse to issue a certificate of conformity is the fulfillment (non-fulfillment) by the organization being verified of the requirements of the standards of certified management systems.
5.7.5 If the Head of the TSA SM participates in the certification audit, he will not make a decision on issuing or refusing to issue a certificate of conformity. In this case, the Decision is taken by the expert auditor who has been trained in the field of management systems (but not the expert auditor who conducted the audit).
5.8 Issue of certificate of conformity
5.8.1 The head of the audit team draws up a certificate of conformity on letterhead.
5.8.2 Information on the certificate of conformity is entered into the electronic register of the National Center for Accreditation LLP.
5.8.3 Information about the refusal to issue a certificate of conformity is entered in the electronic journal Annex E (in case of an applicant’s refusal of appeal).
5.8.4 The certificate of conformity is issued to the applicant organization, while the applicant signs the receipt of the certificate of conformity on a copy of the certificate.
Nonresident applicants will be sent a certificate by mail.
5.8.5 A set of documents, together with a copy of the certificate of conformity, is filed in the relevant case in accordance with the list of documents in Annex Yu.
5.8.6 In case of refusal to issue a certificate of conformity to the management system, the customer has the right within one month from the date of receipt of the decision on refusal to issue an appeal in accordance with DP PCC 02/06 “Procedure for registration and consideration of appeals, claims, complaints”.
5.8.7 Upon delivery of the certificate of conformity to the management system, the head of the audit team draws up and submits for signature to the applicant a draft contract for inspection control of the certified management system, which is recorded in the Journal of Registration of Inspection Control Agreements (Annex E).
The execution of the contract is carried out in accordance with DP PTsS 02/07 “”Procedure for the analysis and conclusion of contracts.”” in form (Annex B).
5.8.8 In the event that the organization loses the original certificate of conformity on the basis of the decision of the Head of the TSO of the organization’s CM, a duplicate of the certificate of conformity may be issued.
A request for a duplicate certificate of conformity is issued by the organization in writing on the letterhead of the applicant’s organization.
The duplicate is issued on a new form with the certificate number, date of issuance and expiration date preserved. On the form of the certificate of conformity in the upper left corner is the inscription “”Duplicate””.
5.9 Inspection control of certified management systems
5.9.1 Inspection control of certified management systems is carried out in accordance with the annual schedule of the FS OMS for certified management systems of organizations in accordance with Annex I.
5.9.2 The inspection control of a certified management system is carried out by an audit team, appointed taking into account the requirements of clause 5.5 of this documented procedure.
Inspection control should establish that the management system meets the requirements confirmed during certification:
- All discrepancies recorded during the certification audit have been resolved;
- For environmental management, that the requirements of regulatory and legislative documents are established and the organization does not have penalties from the oversight bodies for the corresponding period;
- For environmental management that the organization successfully implements environmental policy goals and objectives, complies with applicable regulatory and other requirements related to environmental aspects, constantly improves the management system to prevent pollution;
- The organization demonstrates the continuous effectiveness of management systems to achieve their goals;
- The organization meets customer needs, demonstrates improvements to management systems;
- The organization conducts internal audits, evaluates management systems;
- For the ISM, that the degree of integration remains unchanged throughout the certification cycle.
5.9.3 Inspection control can be planned and unscheduled.
5.9.4. The frequency of the planned inspection control is determined by the FS OI. Inspection control of the organization’s certified management system is carried out during the validity period of the certificate of conformity at least once a year. The first inspection control is carried out no later than 12 months after the certification audit. During the validity period of the certificate of conformity, all elements of the management system and structural units of the organization must be checked at least once.
5.9.5 Unscheduled inspection control is carried out upon receipt of information on the low quality of the delivered products, services, negative results of inspections of certified organizations by state bodies, significant changes to the documents of the management or production system, design, technological and regulatory documentation, organizational structure of the organization and the organization’s organizational structure and other changes affecting the stability of safety and quality of products (services), environmental aspects projects, risks.
5.9.6 Inspection control work is carried out subject to advance payment in accordance with the agreement concluded between the SMO SM and the applicant.
Unscheduled inspection control and its payment are specified in the inspection control agreement.
When appointing an audit team to conduct an unscheduled inspection, an organization cannot appeal against the appointment of members of the audit team.
5.9.7 The objects of planned inspection control are:
- results of internal audits and management system analysis;
- complaints and complaints, results of their consideration;
- planned activities aimed at continuous improvement;
- any changes in the organization’s activities that may affect the fulfillment of certification requirements;
- use of certificate of conformity;
- corrective and preventive actions to eliminate inconsistencies identified during certification of a management system or during a previous inspection audit;
- records of the effectiveness and efficiency of the management system;
- Compliance with the rules for applying the certification logo.
Objects of unscheduled inspection control are determined depending on the reason that necessitated the audit.
5.9.8 Before the start of the inspection control, the team leader shall notify the certified organization in writing of the upcoming audit, agree on the date and timing of the audit. After the agreed date, a draft program and plan of the inspection audit (Annex O) is sent to the organization for approval by the head of the certified organization and the appointment of accompanying persons.
The program and plan of inspection control must be agreed upon by the head or authorized person of the certified organization and approved by the Head of the SMO SM before the start of inspection control.
5.9.9 During the inspection control, the steps described in clause 5.6 are followed. this documented procedure.
5.9.10 The results of the inspection control serve as the basis for a decision on the possibility of confirmation, suspension or cancellation of the certificate of conformity of the management system. The decision is made by the Head of the Joint Stock Enforcement Code, provided that the head of the Public Enlistment Department did not participate in the inspection audit and is drawn up in the form of Annex E. In the case of the participation of the Head of the Public Enlistment Office in the inspection audit, the decision is made by an expert auditor with relevant qualifications in the field of confirmation of management systems (but not the expert auditor who conducted the audit).
5.9.10 The conditions for making a decision on the confirmation of the certificate of conformity are:
- lack of significant discrepancies;
- lack of 10 or more minor discrepancies;
- carrying out corrective actions in an agreed time frame, and for all previously identified inconsistencies – effective corrective and preventive actions.
5.10 Suspension or revocation of the certificate of conformity
5.10.1 The certificate is suspended in the following cases:
- in the applicant’s certified management system, a violation of the requirements for the effectiveness of the management system is systematically observed;
- the applicant interferes with the inspection audit in accordance with the established frequency;
- the applicant voluntarily requested the suspension of the certificate;
- termination of the organization (association, separation, change of ownership, etc.).