Certification Process

1.1. Inspection Board LLC provides general guidance on the requirements of the management system standards and the certification process to its prospective clients.

1.2. General Inquires are responded with a general overview of the cost of certification after gathering enough information.

2.1. Application for certification is made through the completion of Form – Application for certification by an authorized individual of the client organization.

2.2. The application Form requires the client to provide enough information for Inspection Board LLC to establish:

The desired scope of certification.
Relevant details of the applicant organization as required by the specific certification scheme, including its name and the address(es) of its site(s), its processes and operations, human and technical resources, functions, relationships and any relevant legal obligations.
Identification of outsourced processes used by the organization that will affect conformity to requirements.
The standards or other requirements for which the applicant organization is seeking certification.
Weather consultancy relating to the management system to be certified has been provided and, if so, by whom.

2.3. The recipient of the application will update the Form – Register of Applications.

2.4. Inspection Board LLC will require the client to have a documented and implemented ISMS which conforms to ISO/IEC 27001 and other documents required for certification.

3.1. Director is responsible for reviewing all applications received or designating an individual or team for the review purpose.

3.2. The review is conducted to ensure that:

The information about the applicant organization and its management and its management system is sufficient to develop an audit programme.
Any known difference in understanding between Inspection Board LLC and the applicant organization is resolved.
Inspection Board LLC has the competence and ability to perform the certification activity.
The scope of certification sought, the site(s) of the applicant organization’s operations, time required to complete audits and any other points influencing the certification activity are taken into account (Language, safety conditions, threats to impartiality, etc.).

3.3. Following the review of the application, Inspection Board either accepts or declines an application for certification. Director is responsible for making this decision. When Inspection Board LLC declines an application for certification as a result of the review of application, the reasons for declining an application are made clear to the client.

4.1. Director is responsible for designating competent individual or team to develop an audit program for the full certification audit.

4.2. The designated individual or team are responsible for developing a 2-stage audit program for the accepted application for certification

4.3. Determining audit time

The designated individual or team are responsible for determining the time needed to plan and accomplish a complete and effective audit of the client’s management system.
In determining the audit time, the designated individual or team are considers among other things, the following steps
1. The requirements of the relevant management system standard.
2. Complexity of the relevant management system technological and regulatory context.
3. Any outsourcing of any activities included in the scope of the management system.
4. The results of any prior audits.
5. Size and number of sites, their geographical locations and multi-site considerations.
6. The risks associated with the products, processes or activities of the organization.
7. Whether audits are combined, joint or integrated.
In determining the audit time, the effective number of personnel is calculated using Annex A. The justification to determine the effective number of personnel shall be recorded by the designated team or individual and communicated to the client organization and the director for review during their assessments.
The complexity or the client organization management system is determined using the matrix in Annex B.
The audit time is then determined by considering the complexity and effective personnel and using the table given in Annex C.
Annex B provides a visual guide to make adjustments from the audit time calculated from the table in Annex C and provides the framework for a process that should be used for audit planning by identifying a starting point based on the total effective number of personnel for all shifts.
The starting point for determining audit time of management systems shall be identified based on the effective number of personnel, then adjusted for the significant factors applying to the client to be audited, and attributing to each factor an additive or subtractive weighting to modify the base figure.

5.1. Determining Audit Objectives, Scope and Criteria

The designated individual or team are responsible for the audit objectives. The scope and criteria is established after discussion with the client.
The audit objectives describe what is to be accomplished by the audit and include the following:
1. Determination of the conformity of the client’s management system, or parts of it, with audit criteria.
2. Determination of the ability of the management system to ensure the client meets applicable stator, regulatory and contractual requirements.
3. Determination of the effectiveness of the management system to ensure the client can reasonable expect to achieving its specified objectives.
4. As applicable, identification of areas for potential improvement of the management system.
The audit scope describes the extent and boundaries of the audit, such as sites, organizational units, activities and processes to be audited. Where the initial or re-certification process consists of more than one audit (e.g. covering different sites), the scope of an individual audit may not cover the full certification scope, but the totality of audits is consistent with the scope in the certification document.
The audit criteria is used as a reference against which conformity is determined, and includes:
1. The requirements of a defined normative document on management systems.
2. The defined process and documentation of the management system developed by the client.

5.2. Audit Team Selection & Assignments

The director is responsible for assigning audit team and responsibilities of the team members. A lead auditor is assigned while considering the audit objectives, scopes, criteria and audit time.
The size and composition of the team is decided while considering the audit objectives, scopes, criteria and audit time.
The competence and training requirements of the team and each team member for particular audit are considered while the assignment of responsibilities (see Procedure – Competence, training and awareness).

5.3. Audit plan

Prior to each audit is identified in the audit program, the assigned audit team develops an audit plan.
The audit plan is appropriate to the objectives and the scope of the audit. The audit plan at least includes or refers to the following:
1. The audit objectives.
2. The audit criteria.
3. The audit scope, including identification of the organizational and functional units or processes to be audited.
4. The dates and sites where the on-site audit activities will be conducted, including visits to temporary sites and remote auditing activities, where appropriate.
5. The expected duration of on-site audit activities.
6. The roles and responsibilities of the audit team members and accompanying persons, such as observers or interpreters.
7. The audit plan is communicated and the dates of the audit are agreed upon, in advance, with the client.
The tasks given to the audit team are defined and require the audit team to:
1. Examine and verify the structure, policies, processes, procedures, records and related documents of the client relevant to the management system standard.
2. Determine that these meet all the requirements relevant to the intended scope of certification.
3. Determine that the processes and procedures are established, implemented and maintained effectively, to provide a basis for confidence in the client’s management system.
4. Communicate to the client, for its action, any inconsistencies between the client’s policy, objectives and targets.
5. The audit plan will be communicated to the client by email as well as the audit dates which shall be agreed with the client.
6. Inspection board will provide the name and when requested make available background information on each member of the audit team, with sufficient time for the client to object to the appointment of any particular audit team member and for and to Inspection board to reconstitute the team in response to any valid objection.

The initial certification audit is conducted in two stages

6.1. Stage 1

The assigned audit team conducts the stage 1 audit with the following objectives:
1. Review the client’s management system documented information.
2. Evaluate the client’s site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for stage2.
3. Review the client’s status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or significant aspects, processes, objectives and operation of the management system.
4. Obtain necessary information regarding the scope of the management system, including:
  - The client site.
  - Processes and equipment used.
  - Levels of controls established (particularly in case of multisite clients).
  - Applicable statutory and regulatory requirements.
5. Review allocation of resources for stage 2 and agree the details of stage 2 with the client.
6. Provide a focus for planning stage 2 by gaining a sufficient understanding of the client’s management system and site operations in the context of the management system standard or other normative document.
7. Evaluate if the internal audits and management reviews are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for stage.
The audit team develops a stage 1 audit report which is then communicated to the client after approval from Director

6.2. Stage 2

The audit team conducts the stage 2 audit on site or online

6.3. Stage 2 involves the auditing of the following:

Information and evidence about conformity to all requirements of the applicable management system standard or other normative document.
Performance monitoring, measuring, reporting and reviewing against key performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document).
The client’s management system ability and its performance regarding meeting of applicable statutory, regulatory and contractual requirements.
Operational control of the client’s processes.
Internal auditing and management review.
Management responsibility for the client’s policies.
The audit team analyses all information and audit evidence gathered during stage 1 and stage 2 to review the audit findings and agree on the audit conclusions.

7.1. The process of conducting audits includes an opening meeting at the start of the audit and closing meeting at the conclusion of the audit

7.2. Conducting the opening Meeting

A formal opening meeting, is held with the client’s management and, where appropriate, those responsible for the functions or processes to be audited.
The purpose of the opening meeting usually conducted by the audit team leader us to provide a short explanation of how the audit activities will be undertaken. The degree of is consistent with the familiarity of the client with the audit process.
During the audit, the audit team shall periodically assess audit progress and exchange information. The audit team leader shall reassign work as needed between the audit team members and periodically communicate the progress of the audit and any concerns to the client.
The audit team leader shall review with the client any need for changes to the audit scope which becomes apparent as on-site auditing activities progress and report this to Inspection Board LLC.
During the audit, information relevant to the audit objectives, scope and criteria (including information relating to interfaces between functions, activities and processes) is obtained by appropriate sampling and verified to become audit evidence.
Methods to obtain information shall include, but are not limited to:
- Interviews.
- Observation of processes and activities.
- Review of documentation and records.

7.3. Under the responsibility of the audit team leader and prior to the closing meeting, the audit team

Reviews the audit findings, and any other appropriate information obtained during the audit, against the audit objectives and audit criteria and classify the nonconformities.
Agrees upon the audit conclusions, taking into account the uncertainty inherent in the audit process.
Agrees any necessary follow-up actions.
Confirms the appropriateness of the audit program or identifies any modification required for future audits (e.g. scope of certification, audit time or dates, surveillance frequency, audit team competence).

7.4. Conducing the closing meeting

The closing meeting shall also include the following elements where the degree of detail shall be consistent with familiarity of the client with the audit process

Advising the client that the audit evidence obtained was based on a sample of the information; thereby introducing an element of uncertainty.
The method and timeframe of reporting, including any grading of audit findings.
Operational control of the client’s processes.
The company’s process for handling nonconformities including any consequences relating to the status of the client’s certification.
The timeframe for the client to present a plan for correction and corrective action for any nonconformities identified during the audit.
Inspection Board LLC’s post audit activities.
Information about the complaint and appeal handling processes.

8.1. The report also contains:

Statement on the conformity and the effectiveness of the management system together with a summary of the evidence relating to:
- The capacity of the management system to meet applicable requirements and expected outcomes.
- The internal audit and management review process.
A conclusion on the appropriateness of the certification scope.
Confirmation that the audit objectives have been fulfilled.

9.1. It is the responsibility of the Director to ensure that the certification manager that make the decisions for granting or refusing certification, expanding or reducing the scope of certification, suspending or restoring certification, withdrawing certification or renewing certification are different from those who carried out the audits. The individual(s) appointed to conduct the certification decision are ones with appropriate competence.

9.2. Inspection Board LLC records each certification decision including any additional information or clarification sought from the audit team or other sources.

10.1. Inspection Board maintains any certification based on demonstration that the client continues to satisfy the requirements of the management system standard.

10.2. Inspection Board shall maintain certification based on demonstration that the client continues to satisfy the requirements of MS standard. It may maintain a client’s certification based on a positive conclusion by the audit team leader without further independent review and decision, provided that:

For any major nonconformity or other situation that may lead to suspension or withdrawal of certification, Inspection Board has a system that required the audit team leader to report to Inspection Board to initiate a review by competent personnel, different from those who carried out the audit, to determine whether certification can be maintained.
Competent personnel of Inspection Board monitor its surveillance activities, including monitoring the reporting by its auditors, to confirm that the certification activity is operating effectively.

10.3. Surveillance Audits

Surveillance audits are on-site audits, but are not necessarily full system audits, and are planned together with the other surveillance activities so the Inspection Board LLC can maintain confidence that the client’s certified management system continues to fulfil requirements between recertification audits.

10.4. Recertification

The purpose of the recertification audit is to confirm the continued conformity and effectiveness of the management system as a whole, and its continued relevance and applicability for the scope of certification.
The recertification activity shall include the review of previous surveillance audit reports and consider the performance of the MS over the most recent certification cycle.
Recertification audit activities may need to have a stage 1 in situations where there have been significant changes to the MS, the organization, or the context in which the MS is operating.
The recertification audit shall include an on-site audit that addresses the following:
- The effectiveness of the MS in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification.
- Demonstrated commitment to maintain the effectiveness and improvement of the MS in order to enhance overall performance.
- The effectiveness of the MS with regard to achieving the certified client’s objectives and the intended results of the respective MS
For any major nonconformity, Inspection Board defines time limits for correction and corrective actions. These actions shall be implemented and verified prior to the expiration of certification.
When recertification activities are successfully completed prior to the expiry date of the existing certification, the expiry date of the new certification can be based on the expiry date of the existing certification. The issue date on a new certificate shall be on or after the recertification decision.
If Inspection Board has not completed the recertification audit or Inspection Board is unable to verify the implementation of corrections and corrective actions for any major nonconformity prior to the expiry date of the certification, then recertification shall not be recommended and the validity of the certification shall not be extended. The client shall be informed and the consequences shall be explained.
Following expiration of certification, Inspection Board can restore certification within 6 months provided that the outstanding recertification activities are completed, otherwise at least a stage 2 shall be conducted. The effective date on the certificate shall be on or after the recertification decision and the expiry date shall be based on prior certification cycle.

10.5. Special Audits

Expanding scope.
Short-notice audits.

11.1. Inspection Board LLC suspends certification in cases when:

The client’s certified management system has persistently or seriously failed to meet certification requirements, including requirements for the effectiveness of the management system.
The certified client does not allow surveillance or recertification audits to be conducted at the required frequencies.
The certified client has voluntarily requested a suspension.

11.2. Inspection Board reduces the scope of certification to exclude the parts not meeting the requirements, when the certified client has persistently or seriously failed to meet the certification requirements of the standard used for certification

1. General Inquiry for Certification

2. Application

3. Application review

4. Audit program

5. Planning Audits

6. Initial certification

7. Conducting Audits

8. Audit Report

9. Certification Decisions

10. Maintaining Certification

11. Suspension, Withdrawing or reducing the scope of certification