Certification Decision and Audit Process

Client Search

1. PURPOSE:

This process defines the process followed by NACE for planning and conducting Stage 1, Stage 2, Surveillance and Re-Certification Audit.

2. SCOPE:

Management System Auditing Process

3. REFERENCES

NACE-QM-01 Integrated Manual

ISO 17021-1:2015, ISO/IEC 17021-3-2017, ISO/IEC 20000-6:2017, ISO/IEC 27006-1:2024 & UAF Procedures

4. RESPONSIBILITY

Overall responsibility lies with Certification Manager, Director shall monitor the whole activity.

5. DESCRIPTION

5.1 Stage 1 Audit is planned to

1. Ensure that the clients management system documentation meets the requirements of the applicable standard/specification.
2. To collect information for planning of stage II audit and determine the client’s readiness for stage II audit including interval between stage I and Stage II audits.

5.2 Stage 2 audit is planned to

1. Ensure that the clients management system conforms to the requirements of the applicable standard/specification including its effectiveness.

          b) To provide guidelines for associated follow up audits/ surveillance audit and recertification audit.

5.3 Surveillance Audits are planned to

1. Verify the continuation of implementation and meets the standard requirements
2. Verify the use of accreditation mark and logo.
3. Be conducted as per the accreditation board and contractual agreement requirement

 

5.4 Renewal audit is planned to

1. Verify the documentation and records as required as per the Standard

       b)   Be conducted before the expiry of the Certificate                                                                                            

6.0 Stage 1 Audit Process

6.1 NACE conducts Stage 1 audit on client’s site in order to achieve objectives. audit schedule is prepared for every Stage 1 audit. In exceptional circumstances or events, all or part of stage 1 can take place off-site or remotely through the use of ICT and shall be fully justified. The evidence demonstrating that stage 1 objectives are fully achieved shall be provided

Exceptional circumstances or events can include a very remote location, a natural disaster, a pandemic, a short seasonal production and other special situations.

In such situation the client’s management shall be informed that the planning of stage II audit might not be accurate.          

6.2 Stage 1 audit is performed to ensure

i) Review the client's management system documented Information.

ii) Evaluate the client's location and site-specific conditions and to undertake discussions with the client's personnel to determine the preparedness for the stage 2 audit.

iii) Review the client's status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or significant aspects, processes, objectives and operation of the management system

iv) Collect necessary information regarding the scope of the management system including client site (s), processes and equipment used, level of control established (particularly in case of multisite clients) and applicable statutory and regulatory requirements.

v) Review the allocation of resources for stage 2 audit and agree with the client on the details of the stage 2 audit.

vi) Provide a focus for planning the stage 2 audit by gaining a sufficient understanding of the client's management system and site operations in the context of management system standard or other normative document;

vii) Evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage 2 audit.

vii) Verify the information provided in the application with respect to Scope, Site & Number of employees.

 

6.3 After the completion of the Stage 1 audit the Team Leader prepares an audit report stating:

i) Client’s status regarding readiness for stage 2 audit.

ii) Identified areas preventing the client being deemed ready.

iii) Areas of concern, which could be classified as non-conformity during Stage 2 audit.

iv) Non-Conformity if any identified during the audit

v)  Stage 1 audit need to be conducted again in case the client’s preparedness is not sufficient for Stage 2.

vi) Stage 2 audit plan and Audit Plan Matrix for Stage 2 audit based on clients processes for the related Scope.

vii) Stage 1 findings along with any non-conformity shall be addressed in the Stage 1 report and communicated to the client by the Team Leader.

 

6.4 Stage 2 audit shall be conducted in a maximum gap of 90 days from the Stage 1 audit. The minimum gap between Stage 1 and Stage 2 audit must not be less than 4 days, to ensure that the area of concern identified during the stage 1 audit are resolved. In case the organization is not able to resolve the issues in defined time frame then Stage 1 audit shall be performed again. If the organization is not able to address the areas of concern as per the agreed time during the Stage 1 audit, then the arrangements for Stage 2 audit need to be revised.

 

Any part of the management system which is found to be fully implemented, effective and conforming towards the standards requirement can be left during the stage 2 audit for verification.

In this case, the audit report includes these findings and clearly states that conformity has been established during the stage 1 of the audit.

 

7.0 Stage 2 Audit Process

 

7.1Stage 2 Audit is conducted on client’s premises. The purpose of the stage 2 audit is to evaluate the implementation, including effectiveness, of the client's management system. The stage 2 audit plan is verified by TC ensure that the 80% of the audit time is given to verify the effective implementation of the management system.

 7.2 Stage 2 audit shall include at least the following:

i) Information and evidence about conformity to all requirements of the applicable management system standard or other normative document

ii) Performance monitoring, measuring, reporting and reviewing against key, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document).

iii) The client’s management system and performance as regards to legal and other requirements

iv) Operational control procedures of the client’s processes.

v) Internal auditing and management review

vi) Management commitment and responsibility for the client’s policies

 vii) Links between the normative requirements, policy, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document), any applicable legal and other requirements, responsibilities, competence of personnel, operations procedures, performance data and internal audit findings and conclusions.

7.3 Audit shall begin with an opening meeting followed by a site visit. If the audit is for more than one calendar day duration, a meeting shall be conducted to apprise the client on findings of the day including any non- conformities, progress of audit, any problem faced and modification to the audit plan, if required

7.4 Before meeting the client/ closing meeting, the team leader shall have a meeting with the team members who will exchange findings and review the audit progress and system implementation status till that time.

7.5 Each team member shall ensure that the Auditor’s notes are legible, containing name of main auditee, date and area/ process audited, what and where was seen, reference of documents/ records reviewed, any nonconformity identified with objective evidence, category of non- conformity, observations etc.

7.6 As far as possible at least one member in the team shall possess the relevant code, who shall be assigned to audit core processes of the management system. In case team members doesn’t have competency, in such case a specialist with appropriate code shall be arranged.

7.7 It is the responsibility of the team leader to ensure that the audit is completed for areas/ processes by the team and all requirements are covered and that the team members have provided necessary inputs to him for completing the report.

7.8 If audit is to be conducted in a language not known by any team member including team leader, a suitable interpreter should be arranged, ensuring impartiality.

7.9 If any non- conformity is identified, the auditor shall explain the same to auditee to his satisfaction. In case of a Major non- conformity, the team leader shall be informed who will inform the management about the same and give them option either to terminate further audit or to continue.

7.10 While recording nonconformity, sufficient objective evidence, standard/ specification clause number, client documents. Reference number (if any) in addition to area where it was found shall be recorded in clear terms so that the auditee or any other person reading it can easily understand

7.11 In addition to non- conformity, any observation for improvement, positive issues should also be   recorded, in the report.

7.12 While deciding on recommendation, the issues like number and category of non- conformities, any concentration of non- conformities against any clause (s), view of team members shall be considered.

7.13 At the end of the assessment, a written report, duly signed by the team leader and client representative shall be prepared and handed over to the client which shall include non-conformities identified if any, recommendation for certification or otherwise.

7.14 It is advisable to request client to have a close look at the “Certification detail” in the report for any possible error in name, address, scope, spelling mistake etc.

7.15 When recommendation is made for certification the audit reports, confirmation of the information provided to the NACE used in the application review a recommendation whether or not to grant certification, together with any conditions or observations, the need for taking corrective action and need of verification of the corrective action taken (i.e. when there is nil or few minor non- conformities), by site visit or otherwise must be take into account & explained.  The client should complete the corrective action within maximum 90 days from the date closing meeting.

7.16 A copy of the report should be given to the client and one copy with attendance record and auditors notes to be sent to Head office of NACE.

7.17 For multi- site certification “Procedure NACE-MSP-08 shall be followed.

7.18 Lead Auditor need to submit a copy of report to the client and accepted report to NACE Head Office.

7.19 Lead Auditor shall clearly identify the recommendations conditions with Non-Conformity or without Non-Conformity, the observations shall be well communicated in the report.

7.20 Non conformities shall be classified as. Major or Minor according to their potential effects on the management system. The consequences of these shall be termed as follows:

Category of   NC	Stage 1 Audit	Stage 2 Audit	Surveillance or recertification audit
Major	i) No recommendation for Stage 2 audit ii) NC to be closed with in defined time frame iii) On site closure of NC	i) No recommendation for certification unless NC is closed. ii) On site closure of NC within 90 days from Stage-2 Audit iii) Re Assessment if failure inclosing the NC within Time Frame.	- Completion within 90 days - Verification based on objective evidence (on documents or on site) - major non-conformity will become a critical and may lead to suspension. Certification suspended: Information to the customers.  - New verification based on objective evidence - Surveillance frequency might be reduced
Minor	i) Recommendation for Stage 2 based on offsite verification of CAR in defined time frame ii) Re Audit if CAR not submitted in defined timeframe	i) Recommendation for certification condition to timely submission of CAR. ii) Off site closure of NC iii) Minor NC will become Major NC if failure inclosing the NC within 60 days after extra 30 days reassessment will be required. iv) CAR to provide with  Objective evidence	Completion effective or effectively planned within 60 days - Verification based on objective evidence (on documents or in site) - Minor NC will become Major NC or Certification suspended (information to customers)

 

8.0 Surveillance Audit Process

8.1 Surveillance audit shall be identified 3 months prior to the due date by TC/CM, the client must be communicated about the due date and proposed date of Surveillance audit. Director shall monitor the effectiveness of Surveillance audits on monthly basis. If the client does not confirm the Surveillance Audit date latest within 7 days of due date, letter of suspension is issued to the client. After the issuance of the Suspension letter within 3-month client have to resolve the suspension issue, if not resolved then cancellation is issued to the client. Any justification provided by the client for the postponement of the audit is recorded has to be approved by CM/Director and recorded in the client file.

8.2 Surveillance audits are on-site audits, but are not necessarily full system audits. Surveillance audits planned together with the other surveillance activities so that the certification body can maintain confidence that the certified management system continues to fulfill requirements between recertification audits. The Assigned team leader is responsible for conducting and managing the assessment along with other team member, if any. The Team Leader shall be of Auditor status as a minimum. The team leader also ensures that any Technical Expert / Specialist are not allowed to function independently and are always accompanied by Auditor/ Lead Auditor.

8.3 The surveillance audits conducted at least once a year and the date of the first surveillance audit following initial certification shall not be more than 12 months from the last day of the stage 2 audit.

8.4 The surveillance audit is to ensure following:

i) Ensure that the client’s management system which was basis of grant of certificate has been maintained on continuous basis.

ii) Verify and ensure that any changes to management system which might have taken place since last audit meet the requirement of the standard/ specification and implemented effectively

iii) Ensure on-site audits assessing the certified client's management system's fulfillment of specified requirements with respect to the standard to which the certification is granted.

iv) Ensure that the management system continues to be appropriate to the product/ process/ service offered by client, with the capability of managing and improving performance.

vi) Assess Continual Improvement in client’s management system

vii) Additionally, client’s statements with respect to its operations (e.g. promotional material, website). Also reviewed during each surveillance audit.

viii) Enquiries from the certification body to the certified client on aspects of certification

ix) Requests to the client to provide documents and records (on paper or electronic media),

x) other means of monitoring the certified client's performance,

xi) Internal audits and management review,

xii) A review of actions taken on nonconformities identified during the previous audit

xiii) Actions taken on customer complaints

xiv) Effectiveness. Of the management system with regard to achieving the objectives

xiv) Progress of planned activities aimed at continual improvement

xv) Continuing operational control

xvi) Review of use of CB & AB marks

xvii) Compliance towards Legal & Other requirement including customer requirements

 

8.5 The team leader shall review the client file, specially the last audit report to make note of any issues to be followed up, including the non-conformities and corrective action plan. Audit plan shall be sent to clients in advance so that they can seek any changes with respect to timing etc, if found inconvenient due to administrative reasons.

8.6 Audit should be conducted (at least annually and it shall be ensured that the date of first surveillance audit shall not be more than 12 months from the last day of stage 2 audit.) as per Surveillance audit plan given in the last audit report but if there is any change due to any justified reasons, the same should be recorded in auditor notes and surveillance audit plan shall be updated in the report.

8.7 During opening and closing meeting, the attendance record sheet is circulated for recording name and designation of the client representative present. Either each person can record their name & designation or one person can do so for all present.

8.8 The corrective action taken on non-conformities identified during last audit should be verified for its effectiveness. If the corrective action taken is not satisfactory/ non taken, the severity of the minor NC shall be re-issued, escalated to Major and client shall be advised accordingly.

8.9 Non-conformity reporting, report preparation, report distribution, requirement of CAP (in case NC is raised) shall be similar to certification audit procedure

8.10 If due to change in site address/ scope required re-issue of certificate, the “Certification Details” in the report shall be completed and client date base shall be updated.

a) Any significant changes like change in manpower, process necessitating change in subsequent audit duration shall be recorded and post contract review is done by CM.

b) Other changes like change in contact number/ person etc. shall also be recorded in the report for updating client data base,

8.11 The multi-site client shall be audited the same way except that instead of auditing all sites, sampling of sites shall be followed as per the contract review.

8.12 In case major NC is found at any site the entire certificate of all sites shall be at Risk

8.13 The surveillance report is submitted by the Lead Auditor in NACE head office and shall be approved by the Director/CM.

 

9.0 Renewal Audit Process

 

9.1 The process of recertification would include a reassessment of the organization’s documented management system including a review of the Management System, where necessary, to be conducted before the expiry of three years term of validity. If the client does not confirm the Recertification Audit date latest within 7 days of due date, letter of suspension is issued to the client. After the issuance of the Suspension letter within 3-month client have to resolve the suspension issue, if not resolved then Widrawn Letter is issued to the client and Certificate will be withdrawn. Any justification provided by the client for the postponement of the audit is recorded has to be approved by CM/Director and recorded in the client file.

The recertification audits planned and conducted to evaluate the continued fulfillment of all of the requirements of the relevant management system standard or other normative document. The Renewal audit plan is verified to ensure that the 80% of the audit time is given to verify the effective implementation of the management system.

9.2 The reassessment provides for a review of the past performance of the management system over the period of previous certification, including examination of the documents/records relating to the internal audits, management review and effectiveness of corrective and preventive actions, etc.

9.3 It is the responsibility of the person assigned (of Lead Auditor status) to conduct the Reassessment and submit the report. The team leader also ensures that any Technical Expert / Specialist are not allowed to function independently and are always accompanied by auditor/ lead auditor.

9.4 Re- certification audit shall be planned and conducted three months prior to the validity of the certificate to ensure continuity of certification in the likely event of any non-conformance found during the audit. In the case of 9/6 monthly surveillance frequency, the Re-certification audit can be clubbed with the Surveillance Audit

9.5 The process of Re-certification is planned by the TC/AM. Advance notice is sent to the client by TC. If the client agrees for the recertification, TC sends Application Form to client to ensure any change in change in scope, number of employee and sites. On the receipt of filled application form, application review and contract review are done as per procedure NACE-MSP-08 by TC/AM and approved by CM/Director. If there are changes like addition of new processes/services, regulatory requirement or new product/services addition or change of location or change of Top management, then Stage 1 audit is required to be conducted.

9.6 Before proceeding to client site, the team leader shall review all the previous reports since certification audit, previous Surveillance Audit report and Corrective Action Report and make note of relevant points, to ensure effective audit and correct recommendation.

The renewal programme shall at least ensure the following:

i) The effective interaction between all elements of system & audit activities has a stage 1 audit in situations where there have been significant changes to the management system, the client, or the context in which the management system is operating (e.g. changes to legislation) as identified in the Application Questionnaire.

ii) Overall effectiveness of the system in its entirety in the light of changes in operations

iii) Demonstrated commitment to maintain the effectiveness of the system

iv) Summary of Previous Audit Reports

v) Whether all areas/ processes/ clauses have been audited at least once in the last three-year cycle

vi) Any concentration of non-conformities against particular clauses/areas and effectiveness of corrective actions taken on nonconformities identified by NACE shall be closed within 15 days of recertification audit

vii) Objectives and Continual Improvement

viii) Whether the operation of the certified management system contributes to the achievement of the organization's policy and objectives.

ix) In the case of multiple sites or certification to multiple management system standards being provided by the NACE, the planning for the audit ensures adequate on-site audit coverage to provide confidence in the certification

x) Compliance towards Legal & Other requirement including customer requirements

 

9.7 Re Certification Audit shall be conducted, if the client applies for re-certification prior to expiry of certificate and there is no major change in client organization (legal, scope etc.). How-ever if the client applies for recertification after expiry date, Stage 1 & Stage 2 audit is required to be conducted.

 

9.8 If NC is identified the Re-Certification audit the team leader shall ensure and communicate the client that the Corrective Actions and the evidences are provided before the expiry of the certificate.