CERTIFICATION PROCEDURE
- OBJECTIVE
The objective of this procedure is determination of methods and responsibilities for receiving applications for management system certificate, conducting assessments, arrangement and granting of certificates to the satisfactory organizations.
- DEFINITIONS
Certification Committee: is the committee who are appointed by TUV ROYAL Management Board. The Committee is fully authorized to make any decision related to certification by evaluation of reports related to TUV ROYAL’s system certificates.
Audit Team: is selected among the TUV ROYAL’s Auditors and appointed to assess and evaluate management systems of organizations according to the related standard. It is temporarily formed and work in accordance with the work principles of TUV ROYAL related to the certification the management systems of organizations. Number of auditors may vary according to the size of the organization, variety of product and process and to the related standard. When necessary, a technical expert may take part in the audit team.
- RELATED DOCUMENTS
UFR.02 Certification Request Form
UFR.03 Certification Request Inquiry Form
UFR.04 Transfer Assessment Form
UFR.05 Application Form
UFR.06 Job Sheet
UFR.07 Audit Proposal Form
UFR.17 Certificate Decision Form
UPR.01 Document Control Procedure
UPR.03 Planning Procedure
UPR.04 Audit Application Procedure
ISO/IEC 17021:2015
IAF MD 2:2007 Transfer of Accredited Certification of Management Systems
IAF MD 5:2019 Duration of QMS and EMS Audits
IAF MD 11:2013 Application of ISO/IEC 17021 for Audits of Integrated Management Systems (IMS)
- APPLICATION
4.1.1 Certification Application
TUV ROYAL performs its certification services in Germany and all world countries upon its personnel situation are appropriate.
4.1.2 Receiving Applications
The applications for certification are received by Certification Request Form personally or on electronic media (fax, e-mail or via TUV ROYAL website).
It is provided that the organization applying for certification fills separate Certification Request Forms for each of its facilities with different incorporated bodies.
Information required by TUV ROYAL in the course of application is given below:
The desired scope of the certification,
The general features of the applicant organization, including its name and the address (es) of its physical location(s), significant aspects of its process and operations, and any relevant legal obligations,
general information, relevant for the field of certification applied for, concerning the applicant organization, such as its activities, human and technical resources, functions and relationship in a larger corporation, if any,
information concerning all outsourced processes used by the organization that will affect conformity to requirements,
the standards or other requirements, for which the applicant organization is seeking certification,
information concerning the use of consultancy relating to the management system.
4.1.3 Application Review
Planning Officer forms Certification Request Inquiry Form in order to review the application made, and forwards to Certification Manager.
Certification Manager reviews related organization’s application to ensure followings and approves if appropriate:
the information about the applicant organization and its management system is sufficient for the conduct of the audit,
any known difference in understanding between TUV ROYAL and the applicant organization is resolved,
TUV ROYAL has the competence and ability to perform the certification activity (Such as at accredited certification requests auditor and technical expert capacity in the scope of EA code of organization, applied EA code),
the scope of certification sought, the location(s) and number of the applicant organization, time required to conduct audits and any other points influencing the certification activity are taken into account (language, safety conditions, threats to impartiality, etc.),
records of the justification for the decision to undertake the audit are maintained.
If auditor, technical expert or personnel involving in certification decision is not available during this review, procurement of these personnel and competence they need to have been provided by defining at Certification Request Inquiry Form.
Audit durations and the reductions and the increases realized on the audit durations are stated on the Certification Request Inquiry Form at this stage.
After the reviewing and approval by Certification Manager, proposal is sent to related organization by Planning Officer.
A “Client Code” is given to the organization who accepts the given offer.
Annex of letter including the documents requested in the application phase are prepared. In the application phase, the following documents are requested from the organization:
The system documents of the organization (Manuals and Procedures)
Introductory documents, if exists (brochure, catalogue, advertisement cd’s etc.)
Signature circular of the Authorized person who signs the agreement.
Copy of the Commercial Registry Gazette
Commercial Activity Certificate
Permission documents about legal legislation
For the propose of acceptance of proposal’s confirmation, Planning Officer creates an Application Form. In this instance, if necessary, by negotiating with the organization’s authority about unclear situations is removed and application’s definition confirmed. After signing and sending back the Application Form by organization’s authority, contract process will be done.
4.1.4 Transfer Application
The transfer of accredited certifications is only applied to the certificates under accreditation of a member of EA, PAC, IAAC and IAF MLA. And it is proceeding with IAF MD 2:2007 document.
Transfer application is reviewed by Planning Officer by the Transfer Evaluation Form in order to provide followings:
Whether the activities of the organization are in the accreditation scope of TUV ROYAL,
The reasons for the transfer,
The accreditation condition, validity and validity period of the certificate,
The validity of the current certification,
The assessment reports and the corrective actions aroused in these assessments,
The complaints received and the actions taken,
The current state in the certification cycle.
At this stage, conducting transfer is determined either as audit or site visit. Transfer process is conducted as surveillance audit if 10 or 22 months passed after issue date of certificate and is conducted as reassessment if 34 months passed after issue date of certificate. Although 14 or 26 months passed after issue date of certificate, surveillance audit is still not conducted; transfer process is conducted as surveillance audit again.
If transfer is conducted as assessment the system documents of the organization and the records of the
assessment conducted by the previous certification body- if exist- is requested and inspected.
If transfer is conducted as site assessment the records of the assessment conducted by the previous certification body- if exist- is requested and inspected after checking the existence of transfer conditions that are stated above by Planning Officer and Transfer Assessment Form is completed. Subsequently the organization is visited by the personnel charged with a duty. The records of the assessment conducted by previous certification body could also be inspected during visit.
If some doubts arose at the end of these inspections, the applicant organization is treated as new client.
The transfer requests of the companies whose certificates are suspended or in the risk of suspension are not accepted.
The previously aroused nonconformities should be closed prior to the transfer audit by the existing certification body. Otherwise, the unconformities are closed by TUV ROYAL.
At receiving transfer applications, reviewing and making certain and making contract, method of new certification applications is applied.
4.1.5 Application for Change of Scope
TUV ROYAL, in response to an application for extension to the scope of a certification already granted, makes a feasibility study to decide whether or not the extension may be granted, and determine any audit activities necessary for this. For the organization accepting the proposal given for extensions to scope, scope extension audit is planned and conducted. Extensions to scope, in appropriate situations, may be conducted in conjunction with a surveillance audit.
In the case of a reduction of the scope, a new certificate is arranged without conducting an audit.
4.1.6 Application for Change of Address
In the case of organization having an application for change of address, if the organization, who accepts the proposal, is a production organization or for service offered, performs an activity which has an effect on service offered at related address, change of address audit is planned.
4.2 The Planning of Audit
The audits are planned in accordance with the Planning Procedure.
4.3 Conducting the Audits
The audits are conducted and reported in accordance with the Audit Application Procedure.
4.4 Evaluation
Audit report prepared by audit teams is not last decision; it is a view to Certification Committee.
Unless it is guaranteed that the major and minor nonconformities found are closed following the audits, Certification Committee cannot propose for certification, recertification decisions.
Following the confirmation for entirely closing of the nonconformities,
Audit Report,
If any, Audit Finding Report,
If any, Observation Form,
Related Auditor Worksheet,
If any, records related to the audit and their annexes,
Certificate Draft Form (Certification and Change of Scope Audits)
are presented to The Certification Committee.
The presentation of the required records to The Certification Committee for certification and recertification decisions is coordinated by The Certification Manager.
Persons or committees that make the certification or recertification decisions are different from those who carried out the audits is principal.
Persons or committees that make the certification or recertification decisions, confirms prior to making a decision, that:
the information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification;
it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all nonconformities that represent
1) Failure to fulfil one or more requirements of the management system standard, or
2) A situation that raises significant doubt about the ability of the client’s management system to achieve its intended outputs;
- c) it has reviewed and accepted the client’s planned correction and corrective action for any other nonconformities.
The Certificate Decision Forms for certification or recertification decisions are prepared by Certification Officer.
At the end of the review and evaluation of The Certification Committee about related organizations file by Certificate Decision Forms, the decision for certification or recertification is given.
The Certification Committee makes the certification decision on the basis of an evaluation of the audit findings and conclusions and any other relevant information (e.g. public information, comments on the audit report from the client).
TUV ROYAL makes decisions on renewing certification based on the results of the recertification audit, as well as the results of the review of the system over the period of certification and complaints received from users of certification.
At the end of the review and evaluation of The Certification Committee, the auditor who prepared the report could be consulted for the subjects that are unclear or required detailed information. In such situations, the decision for the organization is left to later. The Certification Manager cooperates with the Lead Auditor to access to the required information.
In the case of not conducting the audit, the organization is informed of the decision with a letter by Certification Manager.
Following the negative decision of Certification Committee for granting certificate or an obstacle found for the usage of the certificate, she is requested by The Certification Department to remove those causes and to apply in writing for a follow-up audit.
4.5 Arrangement of The Certificate
Following the positive decision of The Certification Committee for granting certificate, The Certificate Decision Forms are signed and are given to Certification Officer by Certification Manager in order to arrange the certificates.
System certificate is prepared by Certification Officer according to The Certificate Decision Form approved by Certification Committee and Certification Manager.
The preparation period of the certificate is normally (١) one week, in the average.
The following information is available on the prepared certificate:
- Name, geographical location (or geographical location of Head office and sites included multi-site scope) of certified organization,
Date of the certificate, validity period and renewal dates,
Expiry date consistent with recertification cycle,
Identification code (Certificate number)
The standards referenced for the certification of the Quality system and/or other related documents having properties of a standard.
Certification scope about product (service), process – whenever applicable
The title, complete address, logo of TUV ROYAL, other logos (ex: Accreditation symbol)
Other information required by standard/normative documents used for certification,
- In case of issue of revised certification documents, a mean to differentiate revised ones with any obsolescent documents.
For surveillance, follow-up, transfer, change of scope, changes of address audits The Certificate Decision Forms are prepared by Certification Officer.
The audit reports for surveillance, follow-up, transfer, change of scope, address and organization name changing requests are reviewed and evaluated by Certification Manager. After the positive decision of Certification Manager, The Certificate Decision Forms is signed by Certification Manager and forwarded to Certification Officer in order to arrange certificates.
If necessary, for multi-site organizations, additional address information is also available on the certificates for all the sites considered eligible for certification (on the certificate or in the annex).
The numbering of the certificates is performed according to the Document Control Procedure.
After the arrangement and in the coordination with Certification Manager, the certificates are approved by signature of Managing Director or authorized personnel. A photocopy of the certificate is kept in the client’s folder.
On the certificates, the date of the certification decision is noted as “The First Date of Issue”. In the case of republishing the certificate in consideration of changing the scope and the address, “Date of Issue” of the certificate is noted in parenthesis beside the new “Date of Issue”. “The First Date of Issue” is considered for the duration period.
The certificate of the organization is sent by cargo or handed over by taking signature, following the payment of the organization for the invoice. During this phase agreement signed by the TUV ROYAL signing authority is also sent to the related organization.
The organizations, to which the certificates are arranged, are recorded in “Certificated Organizations List”.
4.6 Usage of The Certificate
TUV ROYAL management system certificates are valid for (3) three years provided the surveillance audits are positive.
The rules for the organization’s usage of the certificates are declared in the Certification Agreement mutually signed by TUV ROYAL and the organization. By signing this agreement, the organization declares that she will comply with the rules. The organizations could only use their system certificates within the scope of the rules stated in the agreement.
TUV ROYAL monitors the organizations about the usage of the certificate after the certificates are arranged. Press, publications and media are monitored in this scope. Corrective action is requested from the organization if the complaints from the clients are examined and a situation detected contrary to the rules. If the corrective actions are not accomplished in the determined time period, then TUV ROYAL acts as follows:
The related accreditation body is informed,
The cancellation of the certificate is announced to the public, Legal action is initiated.
4.6.1. Maintaining Certification
TUV ROYAL maintains certification based on demonstration that the client continues to satisfy the requirements of the management system standard. It may maintain a client’s certification based on a positive conclusion by the audit team leader without further independent review, provided that
for any nonconformity or other situation that may lead to suspension or withdrawal of certification, TUV ROYAL has a system, according to this system audit team leader is required to report to TUV ROYAL the need to initiate a review by appropriately competent personnel (see 7.2.9), different from those who carried out the audit, to determine whether certification can be maintained, and competent personnel of TUV ROYAL monitor its surveillance activities, including monitoring the reporting by its auditors, to confirm that the certification activity is operating effectively.
4.7 Recertification
At the end of the validly period of three (3) years of the certificate, a reassessment is conducted in order to guarantee the effective implementation and maintenance of the organizations’ management systems according to the requirements of the reference standard.
The reassessment is conducted covering the scope audited in the certification audit and considering the past performance and weak points of the organization.
The follow-up for the findings and nonconformities found in the re-audits is done in the same way as in the certification audits.
Following the accomplishment of the corrective actions for the nonconformities found in the reaudit, the conformity of the organization’s management system to the requirements of the reference standard is confirmed and new certificate is arranged after the required activities, as in the first certification audit, are accomplished.
4.8. Suspension of The Certificate
The Certificate is suspended for six (6) months, in case the following conditions occur:
The client’s certified management system has persistently or seriously failed to meet certification requirements, including requirements for the effectiveness of the management system,
The certified client does not allow surveillance or recertification audits to be conducted at the required frequencies,
The certified client has voluntarily requested a suspension,
Following the major nonconformities found in the audits conducted,
The minor nonconformities found in the audits are not closed until the determined deadlines,
Not obeying the certification rules,
Failure to pay certification or audit fees.
The suspension of the certificate is decided by the Certification Committee and Certification Manager. The decision of suspension is communicated to the organization in writing. TUV ROYAL may extend the suspension period, only once more and for maximum three (3) months, following the decision of the Certification Manager.
Under suspension, the client’s management system certification is temporarily invalid. TUV ROYAL secures by Certification Contract that under suspension clients do not make promotion/advertisement of its certification. In the cases of it is determined that client does not abide by this, a written warning is made and if needed legal measures are taken. TUV ROYAL can take all legal measures it deems appropriate, including publishing of suspension on web or on media.
TUV ROYAL can reduce the client’s scope of certification to exclude the parts not meeting the requirements, when the client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification. For any such reduction consistency with the requirements of the standard used for certification is considered.
Failure to resolve the issues that have resulted in the suspension in a time established by TUV ROYAL, results in withdrawal or appropriate reduction of the scope of certification.
4.9. Removal of The Suspension Status of The Certificate
The suspension status is removed upon the written declarations of the organizations to TUV ROYAL stating that the reasons for suspension of their certificates are removed.
TUV ROYAL conducts an audit at the organization in order to confirm the removal of the suspension reasons.
The type, scope and duration of the audit for the removal of the certificate are determined according to the suspension reasons.
Suspension status of the certificate of organization whose conformity is verified at the end of the audit is removed. In cases the reasons for the suspension are not removed, the certificate is to be cancelled.
The removal of the suspension status is declared to the company in writing.
4.10. Cancellation
The certificate is cancelled in the following conditions:
The request of the organization,
Bankruptcy of the organization or termination of the activities in the scope of certificate,
The incorporated body of the organization is changed,
The organization does not accept the suspension conditions,
The organization does not remove the suspension reasons,
The organization does not give permission for the audit until the end of the suspension period,
It is found in the follow up audits for removing suspension condition that the organization did not close the nonconformities in the determined time periods,
Misleading and unfair usage of the certificate by the organization for the products or service not included in the scope of the certificate,
The organization is not present in the stated site address,
The alteration of the organization on the certificate,
The organization does not confirm the date of surveillance audit.
If the organization does not apply for the follow-up audit within six (6) months following the suspension of the certificate of the organization, the organization may be allowed additional time or the certificate may be cancelled by the decision of Certification Manager.
In case the certificate is cancelled, the organization should fulfil the following requirements and requirements taking part in Certification Contract and cancellation letter which has exact date of cancellation will be prepared and sent to client and clients have been informed about below situations:
Stop the usage of TUV ROYAL certificate and logo, Abandon all the rights in the scope of the cancelled certificate, Pay for the unpaid certification and audit fees.
The organization should remove the logo from any correspondence and introductory material in one month following the cancellation of the certificate. Otherwise TUV ROYAL;
Informs the related accreditation body and the other certification organizations,
Provides the announcement via broadcasting organizations that the organization is using the certificate illegally and violating the terms of the agreement,
Take legal actions in order to compensate the material or moral damage that will take place for this reason.
Furthermore, the certificates are cancelled and a public announcement is made where the organization does not request reaudit of the certificates, stop supplying the product/service in the scope of the certificate or shuts down.
Prepared by:
Emilia Günter
Approved by:
Tobias Felix
Document No: UPR.02