Role of ISO/IEC Guide 65 in the assessment of services and ... · PDF fileIAF–EC–06-012 International Accreditation Forum, Inc. Page 3 of 36 Comments on revision of Guide 65 Printed

International Accreditation Forum, Inc. (IAF) IAF–EC–06-012

Page 1 of 36

Comments on revision of Guide 65 Printed 3

February, 2006

Role of ISO/IEC Guide 65 in the assessment of services and processes

IAF comments on the need for ISO/IEC Guide 65 Revision

&

CASCO Resolution 16/2005

Comments received from IAF Members in support of a revision of ISO/IEC Guide 65 at the earliest opportunity

1. Czech Accreditation Institute (CAI)

CAI proposes to review ISO/IEC Guide 65 because: - it contains old references to normative documents e.g. ISO/IEC Guide 2:1996, Guide

25:1990, Guide 28:1982, Guide 53:1988; ISO/IEC Guide 62:1996, ISO/IEC Guide 39:1988

- there aren’t references to new ISO/IEC Guides 60, 67 and ISO/IEC 17030:2003; - the definitions are incompatibility with standard ISO/IEC 17000:2004; - ISO/IEC Guide 25 was substituted by ISO/IEC 17025:2005 - ISO 10011-1 was substituted by ISO/IEC 19011:2002

Chart of changes

Clause of ISO/IEC

Guide 65

Proposal Comments

replace 10011-1:1990 by ISO 19011:2002 -

Guidelines for quality and/or environmental management systems auditing

updating

replace ISO/IEC Guide 2:1996 by ISO/IEC Guide 2:2004 Standardization and related activities -- General vocabulary

updating

2.

add ISO/IEC 17000:2004 Conformity assessment - Vocabulary and general principles

New definitions for field of conformity

IAF–EC–06-012 International Accreditation Forum, Inc.

Page 2 of 36

Comments on revision of Guide 65 Printed 3 February,

2006

assessment.

replace ISO/IEC Guide 65 by ISO/IEC 17025:2005 General requirements for the competence of testing and calibration laboratories

updating

replace ISO/IEC Guide 39 by ISO/IEC 17020:1998 General criteria for the operation of various types of bodies performing inspection

updating

replace ISO/IEC Guide 28 by ISO/IEC Guide 28:2004 Conformity assessment -- Guidance on a third-party certification system for products

updating

replace ISO/IEC Guide 53 by ISO/IEC Guide 53:2005 Conformity assessment - Guidance on the use of an organization's quality management system in product certification

updating

replace ISO/IEC Guide 62:1996 by ISO/IEC 17021 Conformity assessment - Requirements for bodies providing audit and certification of management systems

updating

add ISO/IEC Guide 60:2004 Conformity assessment - Code of good practice

add ISO/IEC Guide 67:2004 Conformity assessment -Fundamentals of product certification

add ISO/IEC 17030:2003 Conformity assessment - General requirements for third-party marks of conformity

These normative documents are new guidance for field of conformity assessment and they give helps to certification bodies for better understanding requirements of product certification.

3. …, the relevant definitions given ISO/IEC Guide 2, ISO/IEC 17000 and ISO 8402 apply, ….

updating

4.3 …, inspection and certification/registration as specified in ISO/IEC 17025, ISO/IEC 17020 and ISO/IEC 17021

updating

4.5.3 n) … its procedures for conducting internal audits, based on the provision of ISO 19011

updating

14.2 Guidance on use of certificates and marks by the certification body may be obtained from ISO/IEC

ISO/IEC 17030 contains guidance


Page 3 of 36


2006

Guide 23 and ISO/IEC 17030 for use marks of conformity.

2. German Accreditation Council (DAR) DAR is in favour of having the revision of Guide 65 available as soon as possible rather than 2012. Reasons for this are stated below:

i) Numerous product certification systems of newer date (e.g.: IFS, EUREPGAP) specify as criteria for the certification (in addition to other criteria) the achievement of a certain percentage in fulfilling single requirements. This again and again leads to problems concerning the requirements set out in ISO Guide 65, namely that prior to issuing a certificate all nonconformities need to be eliminated.

A clarification on this should be made.

From our point of view, the above procedure is very reasonable, as it provides reasons to the owner of the certificate for permanent improvement and not to persist in a status reached.

The continuous improvement process is surely also required by the standards organization(s).

ii). In the drafts on the IAF Guide on ISO Guide 65 - which are currently in discussion - requirements for the standards organizations are also mentioned, provided that these organizations are located outside the certification body. Standards organizations are particularly the normal case in the field of foodstuff (EUREPGAP, IFS, BRC, IFIS etc.).

It has to be considered that usually there is no contract relation between the accreditation body and the standards organizations and thus an access to the documents could be difficult or even impossible. A clarification on this should be made.

Both items could be explained in a revised version of ISO Guide 65 or even in the IAF Guidance on this Guide. Furthermore, the revision of ISO Guide 65 is necessary because of the due updating of the standards references and the adaptation of the definitions.

iii). A structural alignment of the ISO Guide 65 to ISO 17020 and FDIS 17021 would be appreciated.

3. Spanish National accreditation Body (ENAC) There are so many reasons to support an earlier revision of Guide 65 that is difficult to select some of them. Probably the most important one is the spread of the use of product certification out of the traditional "industrial/electro-mechanical" sector to new sectors being food and services the most important, but we will se how it happens in other sectors in the near future. In the other side more and more often sector schemes prefer product certification to Management systems certification. In the other side, many times the Product certification bodies have to take into account work performed by Inspection bodies, labs and MS certification bodies so it is not sensible to have new standards for the subcontracted work and an old (in any sense) standard for the subcontracting activity.


Page 4 of 36


2006

So, ENAC fully support the initiative.

4. Finnish Accreditation Service (FINAS) FINAS wants to express its full support for the initiative to advance the revision of ISO/IEC Guide 65. There are at least two significant reasons for that. For the first the current ISO/IEC Guide 65 doesn't fit very well for the purposes, certification of processes and services, it is however increasingly used. For the second there are in addition to ISO/IEC Guide 65 several normative documents which now treat product certification e.g. ISO/IEC Guides 28, 53, and 67 and standard ISO/IEC 17030. It would be utmost desirable if the future revised ISO/IEC Guide 65 would clearly reflect on them.

5. Hong Kong Accreditation Service (HKAS) We support that Guide 65 should be revised as early as possible. The coverage of the operations of a certification body in ISO/IEC Guide 65 is limited to one paragraph - "In conducting its certification operations, the certification body shall observe, as appropriate, the requirements for the suitability and competence of body(ies) or person(s) carrying out testing, inspection and certification/registration as specified in ISO/IEC Guides 25, 39 and 62." This is grossly inadequate as the operation determines the quality and reliability of the certification. Elaboration on the requirements relating to testing, inspection and certification/registration is badly needed.

6. The International Certification Network (IQNet) IQNet strongly supports the need for revision of ISO/IEC Guide 65 at the earliest opportunity to ensure that it is brought in line with ISO/IEC 17021. Majority of IQNet partners also provide Product Certification and it will be very beneficial for us to maintain one management system, which is based on the same set of requirements (MS Certifications and Product Certification).

7. Japan Accreditation Board for conformity Assessment (JAB) ISO/IEC Guide 65 should be revised as soon as possible.

Rationale: i) Guide 65 should be reviewed and revised in light of generality and integrity along with the

coming ISO/IEC 17021. Otherwise, the consistency with other standards would be decreased and the gaps would be increased. It is afraid that the certification system of Guide 65 would be out of date and faded out.

ii) IAF GD5 under being revised should be fully reflected in the revised Guide 65. Then it would become a more valuable standard to meet actual practice.

iii) Up date of normative references should be included. Some of the normative references in the current standard are out of date. Normative references should be also minimal for making the standard readable.


Page 5 of 36


2006

iv) The conflict of interests should be stated more clearly in the same manner in the coming ISO/IEC 17021 since consultancy is delicate problem in product certification.

Guide 65 should be revised in order to clarify the responsibility of certification body when a certified product introduces trouble or any negative performance in the market place.

8. National Accreditation Council (NAC), Thailand We agree with IAF Chairman, Dr.Thomas Facklam to revise Guide 65 as soon as possible rather than by the proposed publication date of 2012. The reasons are as follows : i) Any other Guides in the same series such as G62, G66, G61 and G58 have already been revised to be ISO/IEC 17021 and ISO/IEC 17011 respectively and also used wordings and definitions according to the updated version of ISO 17000. ii) The references of this Guide are not updated, so it should be revised with the updated versions.

9. Romanian Accreditation Association (RENAR) RENAR’s comments on the necessity of Revision of Guide 65 are as follows: i) ISO/IEC Guide 65 should be a reference document for product certification; ii) ISO/IECI Guide 65 provisions should be in line with the ISO 17000 series; iii) There is no clear distinction between certification scheme – certification system; iv) Chapter 1.2 is very brief – this chapter should be more developed; v) Clarifications need to be foreseen regarding the certification against other systems than those foreseen on chapter 1.2; if it is allow to certify against other normative documents which are not public, this requirement is not foreseen; vi) The clause regarding impartiality it is not very clear (to what extent the owners of a certification body can be involved in the certification process); vii) The competence of the personnel – the criteria for the personnel are minimum; viii)There is no clear reference to ISO/IEC Guide 25 (ISO/CEI 17025), for example: can the tests be performed in an accredited laboratories or non-accredited but assessed laboratories? ix) Clause 4.6 should be revised because the suspension should be more detailed treated. x) Clause 14 should be revised for it is not very clear the way the mark should be applied, for example in a case when the “mineral water” has been certified and the mark is applied on the packing. Isn’t this mark applied on the packing creating more confusion? 10. Singapore Accreditation Council (SAC) SAC supports the revision of ISO/IEC Guide 65 as soon as possible based on the following reasons: Guide was prepared many years ago. It is not aligned with the new direction and concepts that are in ISO/IEC 17011 and the current DIS 17021. Also the Guide does not specifically cover processes and services which are gaining importance.


Page 6 of 36


2006

11. Swiss Accreditation Service (SAS) SAS supports an earlier revision of Guide 65. WTO and International trade are using more and more CAB activities in order to eliminate technical barriers. Having an updated international standard, and not an old Guide, will certainly help on the recognition of the value of product certification. As a consequence, 2012 is to faraway, and the revision should start earlier.

12. Standards Council of Canada (SCC) Canada recommends that ISO/IEC Guide 65 should undergo full systematic review to catch up with the evolution of conformity assessment practices, to align it more closely with the CASCO "toolbox", and to support CASCO's image as a vigorous and up-to-date organization. Canada has reviewed ISO/IEC Guide 65:1996 as well as revisited the recent proposed IAF guidelines to ISO/IEC Guide 65. At the 2005 ISO/CASCO Plenary, some members argued that Guide 65 is extensively referenced by regulators and, therefore, should be presumed to be useful and not in need of revision. Even though Guide 65 is widely used and referenced by authorities having jurisdiction, this does not mean, therefore, that the Guide doesn't need review and updating. Indeed because of this widespread use of Guide 65, it is important that it be updated to reflect the latest CASCO "toolbox", for both technical and image reasons. Although the CASCO Road Map does not schedule systematic review until 2009, it would be opportune to advance this review to 2007. We now have completed ISO/IEC 17021 and ISO/IEC 17025, which may have an impact on Guide 65, and we have extensive IAF guidance to consider. Following are some examples - not an exhaustive list - of areas that would benefit from review and possible revision.

Clause 1. Scope notes that "product" includes processes and services, but there is no further guidance to the treatment of processes and services.

* Note IAF guidance on process and service certification. Clause 2. References are outdated and do not facilitate using the CASCO "toolbox" * e.g. 4.1.3 to consult Guide 7, even though Guide 7 is directed to only ISO TCs Clause 4.2 Organization should be reviewed to reflect evolving requirements and to

ensure alignment with ISO/IEC 17021. * Also extensive new IAF guidance to Clause 4.2. Clause 4.3. Operations guidance on "suitability and competence" of bodies is vague and

should be aligned with ISO/IEC 17021 as appropriate. * Meaningless reference to clause 3 Definitions. This suggests that Guide 65 does not use

the same terminology as the ISO/IEC Directives - Part 2 (see 5.2.2). Clause 4.4. Subcontracting, para.b) has meaningless reference to clause 2 References.

Refer to the observation at Clause 4.3.


Page 7 of 36


2006

Clause 4.5. Quality system should be reviewed to ensure alignment with evolution of quality management requirements in other CASCO documents; e.g. ISO/IEC 17021, ISO/IEC 17025

Clause 7. Appeals, complaints and disputes is general and vague. * Note IAF guidance to Clause 7. Clause 12. Decision on certification should be reviewed to determine pertinence of

additional IAF guidance. Clause 13. Surveillance is weak with respect to requirements for the certification body

itself. * Note IAF guidance to Clause 13.

Please find in Annex 1 a preliminary review of ISO/IEC Guide 65:1996 that was prepared by the Standards Council of Canada (SCC) Task Group Certification (TGC), for consideration by TGC, by the Canadian Advisory Committee on ISO Conformity Assessment Matters (CAC/CASCO) and by the SCC Advisory Committee on Conformity Assessment (ACCA). This review highlights a number of areas of practice that have proven difficult to interpret in the accreditation of product certification bodies.

13. Swedish Board for Accreditation and Conformity Assessment (SWEDAC) SWEDAC fully supports an early revision of Guide 65. Our reasons are not many-fold but we believe they are substantial. i) Guide 65 has been on the market for a long time and no account has been taken of the changes in the market conditions and needs. Related standards like 45012 and Guide 66 are developing into a new generation through 17021 and 17024. ii) The present Guide 65 lacks the aspects of service and process which makes it incompatible with the market developments and the new 9001. Even though 9001 is not directly relevant to Guide 65 we do know that our clients appreciate compatibility between 9001 and conformity assessment standards that they work to. iii) EU-ETS is an area where Guide 65 is being used for service and process is absolutely "teethless" in that aspect. iv) The food sector may be another area where there is need for a new generation of Guide 65.

Finally Thomas Facklam has our full support as a future convenor for a WG under CASCO for Guide 65. We shall do our utmost to support him.

We would also like to announce that SWEDAC is prepared to participate in the work with one expert in Guide 65. We would also be prepared to represent IAF in this work if the membership would give us that mandate.

14. United kingdom Accreditation Service (UKAS) UKAS is in support of the need to revise ISO/IEC Guide 65 as a matter of urgency. The reasons to support the revision are given below:


Page 8 of 36


2006

i) The document needs urgent revision to cater for process and service certification, this is mentioned in the scope only. ii) The document will need to be realigned with ISO 17021 (when published). iii) The elements of existing product certification schemes need more clarity and the confusion between testing and/or inspection of products as a stand alone product certification should be removed (the scope refers to a number of elements contributing to the product certification system (scheme) and states "one or more of..."). iv) Greater clarity is required regarding type approval certification and the use of such certification, and product certification where the product is marked with the CB logo by the manufacturer. v) Greater clarity is needed regarding the output of a process/service for which certification is meaningful and of value to stakeholders. The standard should confirm that processes must be designed, verified and validated to ensure that all parameters for the process are controlled. Similarly, services should be validated to confirm delivery what is specified as the service. vi) Certification of processes linked to a final product is an area that requires more detail. vii) The current Guide is weak regarding controls for subcontracting (now referred to as outsourcing), especially with regard to the confidence that a CB must demonstrate when non ISO 17025 accredited test results are incorporated into the assessment data on which certification is granted. This is equally important for process certification where test results may be presented to validate a process parameter. viii) It is not clear that for product certification where the supplier is authorised to place the CB logo on each item produced, that this applies to the one product only and not a family or range of products unless they are included in the scope. ix) The evaluation process does not ensure that when samples of the product are taken for inspection and test, the samples need to represent the complete ranges of products covered by certification. x) The CB is required to periodically evaluate marked products as part of the surveillance process, the selection, control, applicability of audit samples requires more emphasis. xi) The need for recertification requires debate in light of the responsibility for confirmation that marked products continue to comply.

15. Organismo Argentino de Acreditacion (OAA), Argentina OAA agrees with the revision of Guide 65 because: i) The generalized use of normative documents instead of norms, as defined in Guide ISO/IEC 65:1996. ii) The inclusion of services and process evaluation as elements to be taking into account in the certification decision. iii) The use of different terminology (e.g. reference of the manufacturer, the factory, the manufacture process) from the use of Guide ISO/IEC 65 in different productive areas. iv) The use of electro-informatics tools in certification and audit activities.

International Accreditation Forum, Inc. (IAF) IAF–EC–06-012

Page 9 of 36


February, 2006

16. Federal Ministry for Economic Affairs and Labor, Austria (BMWA) We are of the opinion that the structure of ISO Guide 65 should be the same as in ISO 17020 or FDIS 17021. But there should no change of the content.

Comments received from IAF Members not in support of a revision of ISO/IEC Guide 65 at the earliest opportunity

1. American National Accreditation Board (ANAB) It is our belief that the IAF should support the same plan for revision of Guide 65 that is defined in the ISO/CASCO Road Map endorsed at the last CASCO Plenary.

2. European Federation of Associations of Certification Bodies (EFAC) EFAC cannot identify any justification whatsoever for the earlier revision of ISO/IEC Guide 65. Indeed, the recent revision of the IAF Guidance to ISO/IEC Guide 65, which demanded the expenditure of significant time and effort on the part of a number of IAF members, is one very good reason why an earlier revision is not favoured.


Page 10 of 36

10

Annex 1

A Review of ISO/IEC Guide 65

Background This preliminary review of ISO/IEC Guide 65:1996 has been prepared by Erling Nyborg and John Reimer of the Standards Council of Canada (SCC) Task Group Certification (TGC), for consideration by TGC, by the Canadian Advisory Committee on ISO Conformity Assessment Matters (CAC/CASCO) and by the SCC Advisory Committee on Conformity Assessment (ACCA). This review is in response to the 2005-11-25 request from Peter Dennehy, Secretary ISO/CASCO, soliciting comments on the need for revision and update of ISO/IEC Guide 65:1996. (Such comments are to be received by SCC by 2006-01-15 to enable transmittal to ISO/CASCO before 2006-01-31.) The purpose of this review is to simply identify several examples, which show points of confusion and inconsistency between ISO/IEC Guide 65 and the related International Accreditation Forum (IAF) Guidance document, as well as to highlight some areas where both documents are no longer relevant due to the rapid globalization of conformity assessment activities. Some suggestions have been provided on concepts that need to be incorporated in an updated Guide 65, but no attempt has been made to draft replacement wording. However, if the ISO/CASCO decision will be to proceed with update, TGC as the SCC consultant group tasked with certification body document development is willing to prepare an initial draft revision of Guide 65 for consideration. Annex 2 is a copy of ISO/IEC Guide 65:1996 with selected IAF Guidance “requirements” (in blue font) and comments on specific clauses that have been cited as in need of revision and update (in red font). The following section summarizes specific items of concern, confusion and dated ambiguity as identified in Annex 2 and places them in three categories: • A major item requiring immediate update. • Rationalizing IAF Guidance requirements. • Modernizing and updating.

Some Selected Examples Illustrating Why ISO/IEC Requires Revision and Update (a) A Major Item Requiring Immediate Update ISO/IEC Guide 65:1996 and the related IAF Guidance fail to address changes required to accommodate the recent rapid globalization of conformity assessment activities. This is demonstrated in the following excerpts taken from both documents in Annex 2: 4.2 d): --- the certification body shall have documents which demonstrate it is a legal entity 12.1: The decision as to whether or not to certify a product shall be taken by the certification body on the basis of the information gathered during the evaluation process and any other relevant information. 12.2: The certification body shall not delegate authority for granting, maintaining, extending, suspending or withdrawing certification to an outside person or body. IAF Guidance G.4.34: --- Evaluation of the report and the decision on certification shall be made only by the certification body itself, and not by any other body.


Page 11 of 36

11

Some accreditation bodies interpret the above requirements to mean that certification decisions can made only by the legal entity that is accredited and only in its country of accreditation. This does not address the global business practices of a number of international conformity assessment agencies. New practices have been put in place to increase efficiencies, reduce costs and enhance control in a global marketplace. Guide 65 and the related IAF Guidance however attempt to restrict certification to a single accredited legal entity operating in one market area. This narrow interpretation fails to address the following two common situations: (1) Acme is accredited as a certification body (CB) and is a legal corporate entity registered in Country A. Acme operates on a global basis and to enable this it has established owned and fully controlled international corporate affiliates in a number of countries. Each of these is a fully controlled legal entity registered in its country of operation. Acme owned and controlled facilities in these various countries include full capabilities for testing, evaluation and making certification decisions. By operating internationally under the full requirements of parent corporate policies, procedures & quality system and through extensive corporate auditing and common staff qualifications at all global affiliates, Acme maintains similar control over the certification operations of its global affiliates as it does in its parent facilities. According to current interpretations of the above requirements, Acme may make certification decisions related to its accredited scope at its facilities in Country A but is not allowed to make similar certification decisions in any of its fully controlled international corporate facilities regardless of the effectiveness of corporate control systems. (2) A reverse situation also frequently occurs. Acme is a legal corporate entity registered in Country B. Acme operates on a global basis and to enable this it has established owned and fully controlled international corporate affiliates in a number of countries. Each of these is a fully controlled legal entity registered in its country of operation. One of these affiliates, Acme A, which is a legal entity registered in Country A becomes accredited as a CB. As in case (1) above, through the use of effective corporate controls Acme A makes certification decisions at its facilities in Country A and as well as at its parent corporate facilities in Country B. According to current interpretations of the above requirements, Acme A may make certification decisions in Country A but is not allowed to make certification decisions at its parent corporate facilities in Country B regardless of the effectiveness of corporate control systems. In both cases above, while it is recognized that for accountability and resulting liability reasons, an accredited CB must be a registered legal entity, Guide 65 must incorporate new guidelines to address the global marketplace. These may need to specify requirements such as to how a parent body and an international affiliate, either of whom may be accredited, can be legally bound to honor agreements made by the accredited body. (b) Rationalizing IAF Guidance Requirements There is a need to finalize IAF Guidance requirements and to incorporate those that reflect actual needed changes in the requirements of Guide 65. With that completed, Guide 65 will be the requirement standard and the IAF Guidance will simply be a reference document. Currently a number of IAF guidance statements attempt to expand the requirements of Guide 65 beyond their original intent; are poorly worded or confusing and are not applicable to many certification programs. Annex 2 includes most of the current IAF Guidance requirements that ask for changes in Guide 65. Of these, three are listed below to illustrate the need for revision of Guide 65:


Page 12 of 36

12

(1) IAF-G.4.24, IAF-G.7.1 and Clause 9.3 (by inference) all impose new two-year conflict-of interest limitations on CB personnel. A number of CBs use other ways of controlling conflict-of interest, for example by requiring all staff to make a conflict declaration to the immediate supervisor before beginning work on any project. These IAF requirements are unnecessarily restrictive. CB’s should be required to effectively manage conflict of interest; they should not be required to prevent staff from discharging their employment duties. (2) IAF-G.4.38 makes witnessing of surveillance/inspection activities undertaken by CB personnel at supplier and subcontractor sites a new requirement. Most CBs already perform this as a means of staff evaluation; this is an important aspect that should be added to Guide 65. (3) IAF-G.4.40 now requires internal audits followed by management review of the CB’s quality system at least annually. This is normal practice for most CBs and is also an important aspect that should be added to Guide 65. (c) Modernizing and Updating Because of the length of time since revision, many items in Guide 65 are simply out of date or do not meet the needs of new certification programs that have been introduced over the past ten years. A few of these are listed, as follows: (1) Clause 2, References: All the listed references require update to reflect changes since 1996. (2) Clause 3, Definitions: For clarity, a number of additional definitions should be included. This is especially important with the need to reference and incorporate the process-based quality system requirements of ISO 9000:2000. Items requiring definition and/or redefinition include: contractor, subcontractor, supplier, organization, customer, etc. (3) Clause 4.1.3: This clause specifies that the criteria against which the products are evaluated shall be based on standards meeting the requirements of ISO/IEC Guide 7.Certain mandatory standards that may be required for certification in specific jurisdictions do not necessarily meet the requirements of ISO/IEC Guide 7. This clause should rather specify what elements are required to meet the definition of a “standard” (4) Clause 4.5.3: This clause provides detailed requirements for a CB’s quality system. The quality system requirements in Guide 65 should be updated to simply reference ISO 9000. Most CBs use ISO 9000 in reviewing supplier’s quality systems while granting certifications and many CBs are, in fact, quality system registrars on their own. The duplication of similar requirements in this section and in subsequent sections should also be eliminated. (5) Clause 8.2.2 a): This clause requires that suppliers be “corporate entities”. Depending on the certification program, many suppliers are not registered corporate entities (for example, organic farmers, certified welders, ---). This requirement should be modified.


Page 13 of 36

13

Annex 2:

ISO/IEC Guide 65:1996 with Selected IAF Guidance “Requirements” (blue font) and Comments on Specific Clauses that Require Revision and Update (red font)

GUIDE 65 General requirements for bodies operating product certification systems First edition 1996

© ISO/IEC ISO/IEC GUIDE 65: 1996 (E)

ii

Contents Page

1 Scope 1

2 References 1

3 Definitions 2

4 Certification body 2 4.1 General provisions 2 4.2 Organization 3 4.3 Operations 4 4.4 Subcontracting 5 4.5 Quality system 5 4.6 Conditions and procedures for granting, maintaining, extending, suspending and withdrawing certification..................................................................................................... 7 4.7 Internal audits and management reviews......................................................................... 7 4.8 Documentation 8 4.9 Records 8 4.10 Confidentiality 9

5 Certification body personnel 9 5.1 General 9 5.2 Qualification criteria 9

6 Changes in the certification requirements................................................................................... 10

7 Appeals, complaints and disputes ............................................................................................... 10

8 Application for certification 11 8.1 Information on the procedure......................................................................................... 11 8.2 The application 12

9 Preparation for evaluation 12

10 Evaluation 13

11 Evaluation report 13

12 Decision on certification 13

13 Surveillance 14

14 Use of licenses, certificates and marks of conformity ................................................................ 14

15 Complaints to suppliers 14

© ISO/IEC 1996 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from the publisher.


iii

ISO/IEC Copyright Office Case postale 56 CH-1211 Genève 20 Switzerland Printed in Switzerland


iv

Foreword ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. National bodies that are members of ISO or IEC participate in the development of International Standards through technical committees established by the respective organization to deal with particular fields of technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other international organizations, governmental and non-governmental, in liaison with ISO and IEC, also take part in the work. Draft Guides adopted by the responsible Committee or Group are circulated to national bodies for voting. Publication as a Guide requires approval by at least 75 % of the national bodies casting a vote. ISO/IEC Guide65 was prepared by the ISO Committee on Conformity Assessment (CASCO). This first edition cancels and replaces ISO/IEC Guide 40:1983.


v

Introduction Certification of a product (a term used to include a process or service) is a means of providing assurance that it complies with specified standards and other normative documents. Some product certification systems may include initial testing of a product and assessment of its suppliers' quality systems, followed by surveillance that takes into account the factory quality system and the testing of samples from the factory and the open market. Other systems rely on initial testing and surveillance testing, while still others comprise type testing only. This Guide specifies requirements, the observance of which is intended to ensure that certification bodies operate third-party certification systems in a consistent and reliable manner, thereby facilitating their acceptance on a national and international basis and so furthering international trade. The requirements contained in this Guide are written, above all, to be considered as general criteria for organizations operating product certification systems; they may have to be amplified when specific industrial or other sectors make use of them, or when particular requirements such as health and safety have to be taken into account. Assertion of conformity to the appropriate standards or other normative documents will be in the form of certificates or marks of conformity. Systems for certifying particular products or product groups to specified standards or other normative documents will, in many cases, require their own explanatory documentation. While this Guide is concerned with third-parties providing product certification, many of its provisions may also be useful in first- and second-party product conformity assessment procedures. The diversity in certification systems may at first seem unnecessary and even confuse newcomers in the field, clients and operators alike. The ISO/IEC publication Certification and related activities is available for background reading and will help to answer questions regarding the practices of the worldwide conformity assessment community.


1

General requirements for bodies operating product certification systems 1 Scope 1.1 This Guide specifies general requirements that a third-party operating a product certification system shall meet if it is to be recognized as competent and reliable. In this Guide the term "certification body" is used to cover any body operating a product certification system. The word "product" is used in its widest sense and includes processes and services; the word "standard" is used to include other normative documents such as specifications or technical regulations. 1.2 The certification system used by the certification body may include one or more of the following, which could be coupled with production surveillance or assessment and surveillance of the supplier's quality system or both, as described in ISO/IEC Guide 53: a) type testing or examination; b) testing or inspection of samples taken from the market or from supplier's stock or from a

combination of both; c) testing or inspection of every product or of a particular product, whether new or already in use; d) batch testing or inspection; e) design appraisal. NOTE 1 ISO/IEC Guide 28 may be consulted for a model of one form of a third-party product certification system. 2 References All the following references require update to reflect changes since 1996: ISO 8402:1994, Quality management and quality assurance — Vocabulary. ISO 10011-1:1990, Guidelines for auditing quality systems — Part 1: Auditing. ISO/IEC Guide 2:1996, Standardization and related activities — General vocabulary. ISO/IEC Guide 7:1994, Guidelines for drafting of standards suitable for use for conformity assessment. ISO/IEC Guide 23:1982, Methods of indicating conformity with standards for third-party certification systems. ISO/IEC Guide 25:1990, General requirements for the competence of calibration and testing laboratories. ISO/IEC Guide 27:1983, Guidelines for corrective action to be taken by a certification body in the event of misuse of its mark of conformity. ISO/IEC Guide 28:1982, General rules for a model third-party certification system for products. ISO/IEC Guide 39:1988, General requirements for the acceptance of inspection bodies. ISO/IEC Guide 53:1988, An approach to the utilization of a supplier's quality system in third-party product certification. ISO/IEC Guide 62:1996, General requirements for bodies operating assessment and certification/registration of quality systems. 3 Definitions


2

For the purposes of this Guide, the relevant definitions given in ISO/IEC Guide 2 and ISO 8402 apply, together with the following definition. 3.1 supplier: The party that is responsible for ensuring that products meet and, if applicable, continue to meet, the requirements on which the certification is based. Note: For clarity, a number of additional definitions should be included. This is especially important with the need to reference and incorporate the process-based quality system requirements of ISO 9000:2000. Items requiring definition and/or redefinition include: contractor, subcontractor, supplier, organization, customer, etc. 4 Certification body 4.1 General provisions 4.1.1 The policies and procedures under which the certification body operates and their administration shall be non-discriminatory and shall be administered in a non-discriminatory manner. Procedures shall not be used to impede or inhibit access by applicants, other than as provided for in this Guide. 4.1.2 The certification body shall make its services accessible to all applicants whose activities fall within its declared field of operation. There shall not be undue financial or other conditions. Access shall not be conditional upon the size of the supplier or membership of any association or group, nor shall certification be conditional upon the number of certificates already issued. 4.1.3 The criteria against which the products of a supplier are evaluated shall be those outlined in specified standards. Requirements for standards suitable for this purpose are contained in ISO/IEC Guide 7. If explanation is required as to the application of these documents for a specific certification system, it shall be formulated by relevant and impartial committees or persons possessing the necessary technical competence, and published by the certification body. Note: Certain mandatory standards that may be required for certification in specific jurisdictions do not necessarily meet the requirements of ISO/IEC Guide 7. This clause should rather specify what elements are required to meet the definition of a “standard” 4.1.4 The certification body shall confine its requirements, evaluation and decision on certification to those matters specifically related to the scope of the certification being considered. 4.2 Organization The structure of the certification body shall be such as to foster confidence in its certifications. In particular, the certification body shall a) be impartial; b) be responsible for decisions relating to its granting, maintaining, extending, suspending and

withdrawing of certification; IAF-G.4.9 Impartiality and independence of the CB should be assured at three levels:


3

• Strategy and Policy; • Decisions on Certification; • Evaluation

IAF-G.4.8 If the certification body and its client are both part of government, the two bodies shall not directly report to a person or group having operational responsibility for both. The certification body shall, in view of the impartiality requirement, be able to demonstrate how it deals with a case where both itself and its client are part of government. The certification body shall demonstrate that the applicant receives no advantage and that impartiality is assured. c) identify the management (committee, group or person) which shall have overall responsibility for

all of the following: 1 ) performance of testing, inspection, evaluation and certification as defined in this Guide, 2) formulation of policy matters relating to the operation of the certification body, 3) decisions on certification, 4) supervision of the implementation of its policies, 5) supervision of the finances of the body, 6) delegation of authority to committees or individuals as required to undertake defined

activities on its behalf, 7) technical basis for granting certification;

d) have documents which demonstrate it is a legal entity; ISO/IEC Guide 65:1996 and the related IAF Guidance fail to address changes required to accommodate the recent rapid globalization of conformity assessment activities. This is demonstrated in the following excerpts taken from both documents:

4.2 d): --- the certification body shall have documents which demonstrate it is a legal entity

12.1: The decision as to whether or not to certify a product shall be taken by the certification body on the basis of the information gathered during the evaluation process and any other relevant information. 12.2: The certification body shall not delegate authority for granting, maintaining, extending, suspending or withdrawing certification to an outside person or body. IAF Guidance G.4.34: --- Evaluation of the report and the decision on certification shall be made only by the certification body itself, and not by any other body.

Some accreditation bodies interpret the above requirements to mean that certification decisions can made only by the legal entity that is accredited. This does not address the global business practices of a number of international conformity assessment agencies. New practices have been put in place to increase efficiencies, reduce costs and enhance control in a global marketplace. Guide 65 and the related IAF Guidance however attempt to restrict certification to a single accredited legal entity operating in one market area. This narrow interpretation fails to address the following two common situations:


4

(1) Acme is accredited as a certification body (CB) and is a legal corporate entity registered in Country A. Acme operates on a global basis and to enable this it has established owned and fully controlled international corporate affiliates in a number of countries. Each of these is a fully controlled legal entity registered in its country of operation. Acme owned and controlled facilities in these various countries include full capabilities for testing, evaluation and making certification decisions. By operating internationally under the full requirements of parent corporate policies, procedures & quality system and through extensive corporate auditing and common staff qualifications at all global affiliates, Acme maintains similar control over the certification operations of its global affiliates as it does in its parent facilities. According to current interpretations of the above requirements, Acme may make certification decisions related to its accredited scope at its facilities in Country A but is not allowed to make similar certification decisions in any of its fully controlled international corporate facilities regardless of the effectiveness of corporate control systems (2) A reverse situation also frequently occurs. Acme is a legal corporate entity registered in Country B. Acme operates on a global basis and to enable this it has established owned and fully controlled international corporate affiliates in a number of countries. Each of these is a fully controlled legal entity registered in its country of operation. One of these affiliates, Acme A, which is a legal entity registered in Country A becomes accredited as a CB. As in case (1) above, through the use of effective corporate controls Acme A makes certification decisions at its facilities in Country A and as well as at its parent corporate facilities in Country B. According to current interpretations of the above requirements, Acme A may make certification decisions in Country A but is not allowed to make certification decisions at its parent corporate facilities in Country B regardless of the effectiveness of corporate control systems. In both cases above, while it is recognized that for accountability and resulting liability reasons, an accredited CB must be a registered legal entity, Guide 65 must incorporate new guidelines to address the global marketplace. These may need to specify requirements such as to how a parent body and an international affiliate, either of whom may be accredited, can be legally bound to honor agreements made by the accredited body. e) have a documented structure which safeguards impartiality including provisions to ensure the impartiality of the operations of the certification body; this structure shall enable the participation of all parties significantly concerned in the development of policies and principles regarding the content and functioning of the certification system; IAF-G.4.11 The structure required by ISO/IEC Guide 65, clause 4.2.e) for the safeguarding of impartiality shall be separate from the management established to meet the requirements of ISO/IEC Guide 65, clause 4.2.c), unless the entire management function is performed by a committee or group that is constituted to enable participation of all parties as required by ISO/IEC Guide 65, clause 4.2.e).


5

IAF-G.4.15 On request of the committee or equivalent referred to in clause 4.2.e) of ISO/IEC Guide 65, the management responsible for the various functions described in clause 4.2.c) of ISO/IEC Guide 65 should provide to that committee or equivalent all the necessary information, including the reasons for all significant decisions, actions, and the selection of persons responsible for particular activities, in respect of certification, to enable the certification body to ensure proper and impartial certification. If the advice of this committee or equivalent is not respected in any matter by the management, the committee or equivalent shall take appropriate measures, which may include informing the accreditation body. IAF-G4.14 Application of clause 4.2.e) of ISO/IEC Guide 65 requires judgment on whether all parties significantly concerned in the system are able to participate. What is essential is that all identifiable major interests should be given the opportunity to participate, and that a balance of interests, where no single interest predominates, is achieved. The members should normally be chosen at least from among representatives of the following groups: manufacturers or suppliers, users, conformity assessment experts. For practical reasons there may be a need to restrict the number of persons. f) ensure that each decision on certification is taken by a person(s) different from those who carried

out the evaluation; IAF-G.4.25 Clause 4.2 c .1) of ISO/IEC Guide 65 differentiates between testing, inspection, evaluation and certification. Clause 4.2.f) of ISO/IEC Guide 65 requires that each decision on certification is taken by a person(s) different from those who carried out the evaluation. Inspection, among others, is an evaluation task. Therefore the certification decision shall not be undertaken by a person who has undertaken an inspection activity being considered as part of this certification. g) have rights and responsibilities relevant to its certification activities; h) have adequate arrangements to cover liabilities arising from its operations and/or activities; i) have the financial stability and resources required for the operation of a certification system; j) employ a sufficient number of personnel having the necessary education, training, technical

knowledge and experience for performing certification functions relating to the type, range and volume of work performed, under a responsible senior executive;

k) have a quality system giving confidence in its ability to operate a certification system for products;

l) have policies and procedures that distinguish between product certification and any other activities in which the certification body is engaged;

m) together with its senior executive and staff, be free from any commercial, financial and other pressures which might influence the results of the certification process;


6

IAF-G.4.26 The senior executive, staff and/or personnel mentioned in clause 4.2 of ISO/IEC Guide 65 need not necessarily be full-time personnel, but their other employment shall not be such as to compromise their impartiality. n) have formal rules and structures for the appointment and operation of any committees which are

involved in the certification process; such committees shall be free from any commercial, financial and other pressures that might influence decisions; a structure where members are chosen to provide a balance of interests where no single interest predominates will be deemed to satisfy this provision;

o) ensure that activities of related bodies do not affect the confidentiality, objectivity and impartiality of its certifications, and it shall not

1) supply or design products of the type it certifies, 2) give advice or provide consultancy services to the applicant as to methods of dealing with

matters which are barriers to the certification requested, 3) provide any other products or services which could compromise the confidentiality,

objectivity or impartiality of its certification process and decisions; IAF-G.4.18 Clause 4.2.o) of ISO/IEC Guide 65 addresses two separate requirements. First, the certification body shall not under any circumstances provide the services identified in sub-paragraphs 1), 2) and 3) of that clause. Secondly, although there is no specific restriction on the services or activities a related body may provide, these shall not affect the confidentiality, objectivity or impartiality of the certification body. IAF-G.4.19 Related bodies activities listed under clause 4.2.o) of ISO/IEC Guide 65 and certification should never be marketed together and nothing should be stated in marketing material or presentation, written or oral, to give the impression that the two activities are linked IAF-G.4.20 Nothing should be said by a certification body that would suggest that certification would be simpler, easier or less expensive if any specified activities under clause 4.2.o) of ISO/IEC Guide 65 were used. G 4.21 A related body, as referred to in clause 4.2.o) of ISO/IEC Guide 65, is one which is linked to the certification body by common ownership, in whole or part, directors, contractual arrangement, a common name, informal understanding or other means such that the related body has a vested interest in any certification decision or has a potential ability to influence the process. IAF-G.4.22 The certification body should analyze and document the relationship with related bodies to determine the possibilities for conflict of interest with provision of certification and identify those bodies and activities that could, if not subject to appropriate controls, affect confidentiality, objectivity or impartiality.


7

IAF-G.4.23 Certification bodies shall demonstrate how they manage their certification business and any other activities so as to eliminate actual conflict of interest and minimize any identified risk to impartiality. The demonstration shall cover all potential sources of conflict of interest, whether they arise from within the certification body or from the activities of related bodies. Accreditation bodies will expect certification bodies to open up these processes for audit. This may include, to the extent practicable and justified, pursuit of audit trails to review records of both the certification body and its related body for the activity under consideration. In considering the extent of such audit trails account should be taken of the certification body’s history of impartial certification. If evidence of failure to maintain impartiality is found there may be a need to extend the audit trail back into related bodies to provide assurance that control over potential conflicts of interest has been re-established. IAF-G.4.24 The requirements of clause 4 and clause 5.2.2 of ISO/IEC Guide 65 mean that personnel, including those acting in a managerial capacity, shall not be employed to conduct an evaluation as part of the certification process if they have been involved in activities as described under clause 4.2.o) of ISO/IEC Guide 65 involving the applicant or supplier in question, or any body related to the supplier, (see G.4.21), within the last two years. Situations such as an employer’s current or previous involvement with the supplier being evaluated may entail a conflict of interest. The certification body has a responsibility to identify and evaluate such situations and to assign responsibilities and tasks so as to ensure that impartiality is not compromised. Note: IAF-G.4.24, IAF-G.7.1 and Clause 9.3 (by inference) all impose new two-year conflict-of interest limitations on CB personnel. A number of CBs use other ways of controlling conflict-of interest, for example by requiring all staff to make a conflict declaration to the immediate supervisor before beginning work on any project. These IAF requirements are unnecessarily restrictive. CB’s should be required to effectively manage conflict of interest; they should not be required to prevent staff from discharging their employment duties. IAF-G.4.27 The certification body should require all sub-contractors involved in evaluation or external assessors/auditors to give undertakings regarding the marketing of any activities under clause 4.2.o) equivalent to those required by guidance G.4.19 and G.4.20. p) have policies and procedures for the resolution of complaints, appeals and disputes received from

suppliers or other parties about the handling of certification or any other related matters. 4.3 Operations The certification body shall take all steps necessary to evaluate conformance with the relevant product standards according to the requirements of specific product certification system (see clause 3). The certification body shall specify the relevant standards or parts thereof and any other requirements such as sampling, testing and inspection requirements which form the basis for the applicable certification system.


8

In conducting its certification operations, the certification body shall observe, as appropriate, the requirements for the suitability and competence of body(ies) or person(s) carrying out testing, inspection and certification/registration as specified in ISO/IEC Guides 25, 39 and 62. 4.4 Subcontracting When a certification body decides to subcontract work related to certification (e.g. testing or inspection) to an external body or person, a properly documented agreement covering the arrangements including confidentiality and conflict of interest shall be drawn up. The certification body shall a) take full responsibility for such subcontracted work and maintain its responsibility for granting,

maintaining, extending, suspending or withdrawing certification; b) ensure that the subcontracted body or person is competent and complies with the applicable

provisions of this Guide and other standards and guides relevant to testing, inspection or other technical activities (see clause 2), and is not involved either directly or through the person's employer with the design or production of the product in such a way that impartiality would be compromised;

c) obtain the applicant's consent. NOTES 2 Where work related to certification has been undertaken prior to the application for certification, the body may take account of it, provided it can take responsibility as detailed in 4.4 a) and satisfy itself regarding the matters detailed in 4.4 b). 3 The requirements given in 4.4 a) and b) are also relevant, by extension, when a certification body uses, for granting its own certification, work performed by another certification body with which it has signed an agreement. 4.5 Quality system 4.5.1 The management of the certification body having executive responsibility for quality shall define and document its policy for quality and its objectives for, and commitment to, quality. The management shall ensure that this policy is understood, implemented and maintained at all levels of the organization. 4.5.2 The certification body shall operate an effective quality system in accordance with the relevant elements of this Guide and appropriate for the type, range and volume of work performed. This quality system shall be documented and the documentation shall be available for use by the certification body staff. The certification body shall ensure effective implementation of the documented quality system, procedures and instructions. The certification body shall designate a person having direct access to its highest executive level who, irrespective of other responsibilities, shall have defined authority for a) ensuring that a quality system is established, implemented and maintained in accordance with this

Guide, and b) reporting on the performance of the quality system to the body's management for review and as a

basis for improvement of the quality system.


9

4.5.3 The quality system shall be documented in a quality manual and associated quality procedures, and the manual shall contain or refer to at least the following: Note: This clause provides detailed requirements for a CB’s quality system. The quality system requirements in Guide 65 should be updated to simply reference ISO 9000. Most CBs use ISO 9000 in reviewing supplier’s quality systems while granting certifications and many CBs are, in fact, quality system registrars on their own. The duplication of similar requirements in this section and in subsequent sections should also be eliminated. a) a quality policy statement; b) a brief description of the legal status of the certification body, including the names of its owners

and, if different, names of the persons who control it; c) the names, qualifications, experience and terms of reference of the senior executive and other

certification personnel, both internal and external; d) an organization chart showing lines of authority, responsibility and allocation of functions

stemming from the senior executive; e) a description of the organization of the certification body, including details of the management

(committee, group or person) identified in 4.2 c), its constitution, terms of reference and rules of procedure;

f) the policy and procedures for conducting management reviews; g) administrative procedures including document control; h) the operational and functional duties and services pertaining to quality, so that the extent and

limits of each person's responsibility are known to all concerned; i) the procedure for the recruitment, selection and training of certification body personnel and

monitoring of their performance; IAF-G.4.38 Clause 4.5.3.i) of ISO/IEC Guide 65 requires the certification body to monitor the performance of its own personnel. In addition to other methods of monitoring performance, provision should be made, where applicable, for the periodic witnessing of those activities normally undertaken by its personnel at supplier and subcontractor sites. Note: IAF-G.4.38 makes witnessing of surveillance/inspection activities undertaken by CB personnel at supplier and subcontractor sites a new requirement. Most CBs already perform this as a means of staff evaluation; this is an important aspect that should be added to Guide 65. j) a list of its approved subcontractors and the procedures for assessing, recording and monitoring

their competence; k) its procedures for handling nonconformities and for assuring the effectiveness of any corrective

and preventive actions taken; l) the procedures for evaluating products and implementing the certification process, including

1) the conditions for issue, retention and withdrawal of certification documents, 2) controls over the use and application of documents employed in the certification of

products; m) the policy and procedure for dealing with appeals, complaints and disputes; n) its procedures for conducting internal audits, based on the provisions of ISO 10011-1.


10

4.6 Conditions and procedures for granting, maintaining, extending, suspending and withdrawing certification 4.6.1 The certification body shall specify the conditions for granting, maintaining and extending certification and the conditions under which certification may be suspended or withdrawn, partially or in total. 4.6.2 The certification body shall have procedures to a) grant, maintain, withdraw and, if applicable, suspend certification; b) extend or reduce the scope of certification; c) re-evaluate, in the event of changes significantly affecting the product's design or specification, or

changes in the standards to which compliance of the product is certified, or changes in the ownership, structure or management of the supplier, if relevant, or in the case of any other information indicating that the product may no longer comply with the requirements of the certification system.

4.7 Internal audits and management reviews 4.7.1 The certification body shall conduct periodic internal audits covering all procedures in a planned and systematic manner, to verify that the quality system is implemented and is effective. The certification body shall ensure that a) personnel responsible for the area audited are informed of the outcome of the audit; b) corrective action is taken in a timely and appropriate manner; and c) the results of the audit are documented. NOTE: IAF guidance to Guide 61, states: • Clause G.3.4.4 states that the audit team should cover “the degree of reliance that

can be placed on the internal audit”. • Clause G.3.5.5 requires that the accreditor does a “follow up of conclusions resulting

from internal audits”. 4.7.2 The body's management with executive responsibility shall review its quality system at defined intervals which are sufficiently short to ensure its continuing suitability and effectiveness in satisfying the requirements of this Guide and the stated quality policy and objectives. Records of such reviews shall be maintained. IAF G.4.40 Internal audits followed by management reviews of the body’s quality system should be carried out at least once each year. Note: IAF-G.4.40 now requires internal audits followed by management review of the CB’s quality system at least annually. This is normal practice for most CBs and is also an important aspect that should be added to Guide 65.


11

4.8 Documentation 4.8.1 The certification body shall provide (through publications, electronic media or other means), update at regular intervals, and make available on request, the following: a) information about the authority under which the certification body operates; b) a documented statement of its product certification system, including its rules and procedures for

granting, maintaining, extending, suspending and withdrawing certification; c) information about the evaluation procedures and certification process related to each product

certification system; d) a description of the means by which the organization obtains financial support and general

information on the fees charged to applicants and to suppliers of certified products; e) a description of the rights and duties of applicants and suppliers of certified products, including

requirements, restrictions or limitations on the use of the certification body's logo and on the ways of referring to the certification granted;

f) information about procedures for handling complaints, appeals and disputes; g) a directory of certified products and their suppliers. 4.8.2 The certification body shall establish and maintain procedures to control all documents and data that relate to its certification functions. These documents shall be reviewed and approved for adequacy by appropriately authorized and competent personnel prior to issuing any documents following initial development or any subsequent amendment or change being made. A listing of all appropriate documents with the respective issue and/or amendment status identified shall be maintained. The distribution of all such documents shall be controlled to ensure that the appropriate documentation is made available to personnel of the certification body or suppliers when they are required to perform any function relating to the certification body's activities. 4.9 Records 4.9.1 The certification body shall maintain a record system to suit its particular circumstances and to comply with existing regulations. The records shall demonstrate that the certification procedures have been effectively fulfilled, particularly with respect to application forms, evaluation reports, surveillance activities and other documents relating to granting, maintaining, extending, suspending or withdrawing certification. The records shall be identified, managed and disposed of in such a way as to ensure the integrity of the process and the confidentiality of the information. The records shall be kept for a period of time so that continued confidence may be demonstrated for at least one full certification cycle, or as required by law. 4.9.2 The certification body shall have a policy and procedures for retaining records for a period consistent with its contractual, legal or other obligations. The certification body shall have a policy and procedures concerning access to these records consistent with 4.10.1. NOTE 4 The question of the length of time for retention of records requires specific attention in the light of legal circumstances and recognition arrangements. 4.10 Confidentiality


12

4.10.1 The certification body shall have adequate arrangements consistent with applicable laws to safeguard confidentiality of the information obtained in the course of its certification activities at all levels of its organization, including committees and external bodies or individuals acting on its behalf. 4.10.2 Except as required in this Guide or by law, information gained in the course of certification activities about a particular product or supplier shall not be disclosed to a third-party without the written consent of the supplier. Where the law requires information to be disclosed to a third-party, the supplier shall be informed of the information provided as permitted by the law. 5 Certification body personnel 5.1 General 5.1.1 The personnel of the certification body shall be competent for the functions they perform, including making required technical judgements, framing policies and implementing them. IAF-G.5.1 The certification body shall have sufficient personnel for the operation of the product certification system and schemes, see clause 4.2.j) of ISO/IEC Guide 65. This includes technical personnel competent for the development of the product specific criteria (explanatory documents, sampling, testing and inspection requirements, management systems elements/quality systems evaluation and certification). The term “personnel” can include individual persons who work for the certification body on a contract basis, or other external resources. The certification body shall be in a position to manage, control and be responsible for the performance of all its resources and maintain comprehensive records controlling the suitability of all the staff it uses in particular areas, whether they are employees, employed on contract or provided by external bodies. The certification body shall have personnel technically competent to assess the products and the processes and decide whether or not to certify a product on the basis of information from the evaluation process, including inspection and test results. Records should show which personnel are designated as competent and the date of validation. 5.1.2 Clearly documented instructions shall be available to the personnel describing their duties and responsibilities. These instructions shall be maintained up to date. 5.2 Qualification criteria 5.2.1 In order to ensure that evaluation and certification are carried out effectively and uniformly, the minimum relevant criteria for the competence of personnel shall be defined by the certification body. 5.2.2 The certification body shall require its personnel involved in the certification process to sign a contract or other document by which they commit themselves


13

a) to comply with the rules defined by the certification body, including those relating to confidentiality and independence from commercial and other interest; and

b) to declare any prior and/or present association on their own part, or on the part of their employer, with a supplier or designer of products to the evaluation or certification of which they are to be assigned.

The certification body shall ensure that, and document how, any contracted personnel for their own part, and on the part of their employer if any, satisfy all the requirements for personnel outlined in this Guide. 5.2.3 Information on the relevant qualifications, training and experience of each member of the personnel involved in the certification process shall be maintained by the certification body. Records of training and experience shall be kept up to date, in particular the following: a) name and address; b) organization affiliation and position held; c) educational qualification and professional status; d) experience and training in each field of the certification body's competence; e) date of most recent updating of records; f) performance appraisal. 6 Changes in the certification requirements The certification body shall give due notice of any changes it intends to make in its requirements for certification. It shall take account of views expressed by interested parties before deciding on the precise form and effective date of the changes. Following decision on, and publication of, the changed requirements, it shall verify that each supplier makes any necessary adjustments within such time as, in the opinion of the certification body, is reasonable. 7 Appeals, complaints and disputes 7.1 Appeals, complaints and disputes brought before the certification body by suppliers or other parties shall be subject to the procedures of the certification body. IAF-G.7.1 Personnel, including those acting in a managerial capacity, should not be employed to investigate any appeal, complaint or dispute if they have been involved in activities as described under clause 4.2.o) of ISO/IEC Guide 65 in respect of the organization in question, or any party involved in the appeal, complaint or dispute in question (see G.4.21), within the last two years. Note: IAF-G.4.24, IAF-G.7.1 and Clause 9.3 (by inference) all impose new two-year conflict-of interest limitations on CB personnel. A number of CBs use other ways of controlling conflict-of interest, for example by requiring all staff to make a conflict declaration to the immediate supervisor before beginning work on any project. These IAF requirements are unnecessarily restrictive. CB’s should be required to effectively manage conflict of interest; they should not be required to prevent staff from discharging their employment duties. 7.2 Each certification body shall


14

a) keep a record of all appeals, complaints and disputes and remedial actions relative to certification; b) take appropriate subsequent action; c) document the action taken and its effectiveness. 8 Application for certification 8.1 Information on the procedure 8.1.1 The certification body shall provide to applicants an up-to-date detailed description of the evaluation and certification procedures, appropriate to each certification scheme, and the documents containing the requirements for certification, the applicants' rights and duties of suppliers which have certified products (including fees to be paid by applicants and suppliers of certified products). 8.1.2 The certification body shall require that a supplier a) always complies with the relevant provisions of the certification programme; b) makes all necessary arrangements for the conduct of the evaluation, including provision for

examining documentation and access to all areas, records (including internal audit reports) and personnel for the purposes of evaluation (e.g. testing, inspection, assessment, surveillance, reassessment) and resolution of complaints;

c) makes claims regarding certification only in respect of the scope for which certification has been granted;

d) does not use its product certification in such a manner as to bring the certification body into disrepute and does not make any statement regarding its product certification which the certification body may consider misleading or unauthorized;

e) upon suspension or cancellation of certification, discontinues its use of all advertising matter that contains any reference thereto and returns any certification documents as required by the certification body;

f) uses certification only to indicate that products are certified as being in conformity with specified standards;

g) endeavours to ensure that no certificate or report nor any part thereof is used in a misleading manner;

h) in making reference to its product certification in communication media such as documents, brochures or advertising, complies with the requirements of the certification body.

8.1.3 When the desired scope of certification is related to a specific system or type of system operated by the certification body, any explanation needed shall be provided to the applicant. 8.1.4 If requested, additional application information shall be provided to the applicant. 8.2 The application 8.2.1 The certification body shall require completion of an official application form, signed by a duly authorized representative of the applicant, in which or attached to which are the following: a) the scope of the desired certification;


15

b) a statement that the applicant agrees to comply with the requirements for certification and to supply any information needed for evaluation of products to be certified.

8.2.2 The applicant, as a minimum, shall provide the following information: a) corporate entity, name, address and legal status; Note: Depending on the certification program, many suppliers are not registered corporate entities. (for example, organic farmers, certified welders, --- .) This requirement should be modified. b) a definition of the products to be certified, the certification system, and the standards against

which each product is to be certified if known to the applicant. 9 Preparation for evaluation 9.1 Before proceeding with the evaluation, the certification body shall conduct, and maintain records of, a review of the application for certification to ensure that a) the requirements for certification are clearly defined, documented and understood; b) any difference in understanding between the certification body and the applicant is resolved; and c) the certification body has the capability to perform the certification service with respect to the

scope of the certification sought and, if applicable, the location of the applicant's operations and any special requirements such as the language used by the applicant.

9.2 The certification body shall prepare a plan for its evaluation activities to allow for the necessary arrangements to be managed. 9.3 The certification body shall assign personnel appropriately qualified to perform the tasks for the specific evaluation. Personnel shall not be assigned if they have been involved in, or been employed by a body involved in, the design, supply, installation or maintenance of such products in a manner and within a time period which could conflict with impartiality. Note: Suggested time period is 2 years (While no direct IAF statement to this effect is found, the “2 year” duration might be extrapolated from guidance clauses G.7.1 and G.4.21) Note: IAF-G.4.24, IAF-G.7.1 and Clause 9.3 (by inference) all impose new two-year conflict-of interest limitations on CB personnel. A number of CBs use other ways of controlling conflict-of interest, for example by requiring all staff to make a conflict declaration to the immediate supervisor before beginning work on any project. These IAF requirements are unnecessarily restrictive. CB’s should be required to effectively manage conflict of interest; they should not be required to prevent staff from discharging their employment duties. 9.4 To ensure that a comprehensive and correct evaluation is carried out, the personnel involved shall be provided with the appropriate working documents. 10 Evaluation


16

The certification body shall evaluate the products of the applicant against the standards covered by the scope defined in its application against all certification criteria specified in the rules of the scheme. 11 Evaluation report The certification body shall adopt reporting procedures that suit its needs but, as a minimum, these procedures shall ensure that a) personnel appointed to evaluate the conformance of the products shall provide the certification

body with a report of findings as to the conformity with all the certification requirements; b) a full report on the outcome of the evaluation is promptly brought to the applicant's notice by the

certification body, identifying any nonconformities that have to be discharged in order to comply with all of the certification requirements and the extent of further evaluation or testing required. If the applicant can show that remedial action has been taken to meet all the requirements within a specified time limit, the certification body shall repeat only the necessary parts of the initial procedure.

12 Decision on certification 12.1 The decision as to whether or not to certify a product shall be taken by the certification body on the basis of the information gathered during the evaluation process and any other relevant information. 12.2 The certification body shall not delegate authority for granting, maintaining, extending,

suspending or withdrawing certification to an outside person or body. Note: See discussion under clause 4.2 d). 12.3 The certification body shall provide to each supplier offering certified products, formal certification documents such as a letter or a certificate signed by an officer who has been assigned such responsibility. These formal certification documents shall permit identification of the following: a) the name and address of the supplier whose products are the subject of certification; b) the scope of the certification granted, including, as appropriate,

1) the products certified, which may be identified by type or range of products, 2) the product standards or other normative documents to which each product or product

type is certified, 3) the applicable certification system;

c) the effective date of certification, and the term of the certification if applicable. 12.4 In response to an application for amendment to the scope of a certificate already granted, the certification body shall decide what, if any, evaluation procedure is appropriate in order to determine whether or not the amendment should be made and shall act accordingly. 13 Surveillance 13.1 The certification body shall have documented procedures to enable surveillance to be carried out in accordance with the criteria applicable to the relevant certification system.


17

13.2 The certification body shall require the supplier to inform it about any of the changes cited in 4.6.2 c), such as intended modification to the product, manufacturing process or, if relevant, its quality system, which affect the conformity of the product. The certification body shall determine whether the announced changes require further investigations. If such is the case, the supplier shall not be allowed to release certified products resulting from such changes until the certification body has notified the supplier accordingly. 13.3 The certification body shall document its surveillance activities. IAF G.13.4 Since

• surveillance plays a direct role in achieving the intended benefits from a certification system,

• a wide variety of activities are available from which to operate a surveillance program, and

• the elements of a surveillance program can change on an ongoing basis, the committee or equivalent by which the certification body complies with clause 4.2.e) of Guide 65 should address surveillance. Specifically, a mechanism should be in place by which the input of parties significantly concerned with the surveillance activities of the certification body can be received.

13.4 Where the certification body authorizes the continuing use of its mark on products of a type which have been evaluated, the certification body shall periodically evaluate the marked products to confirm that they continue to conform to the standards. 14 Use of licences, certificates and marks of conformity 14.1 The certification body shall exercise proper control over ownership, use and display of licences, certificates and marks of conformity. IAF-G.14.6 Where the certification body makes use of a mark which it has been assigned from another body, e.g. the owner of the mark, its agreement with that body shall ensure conformity with the intent of all sections of this clause. 14.2 Guidance on the use of certificates and marks permitted by the certification body may be obtained from ISO/IEC Guide 23. 14.3 Incorrect references to the certification system or misleading use of licenses, certificates or marks, found in advertisements, catalogues, etc., shall be dealt with by suitable action. NOTE 5 Such actions are addressed in ISO/IEC Guide 27 and can include corrective action, withdrawal of certificate, publication of the transgression and, if necessary, other legal action. 15 Complaints to suppliers The certification body shall require the supplier of certified products to


18

a) keep a record of all complaints made known to the supplier relating to a product's compliance

with requirements of the relevant standard and to make these records available to the certification body when requested;

b) take appropriate action with respect to such complaints and any deficiencies found in products or services that affect compliance with the requirements for certification;

c) document the actions taken


February, 2006

International Organization for Standardization Case postale 56 CH-1211 GENEVA 20 Switzerland International Electrotechnical Commission Case postale 131· CH-1211 GENEVA 20 Switzerland Ref. No.: ISO/IEC GUIDE 65:1996(E) ICS 03.120.20 Descriptors: quality assurance, quality assurance systems, non-profit-making bodies, certification, certification bodies, general conditions. Price based on 8 pages

Documents

Role of ISO/IEC Guide 65 in the assessment of services and ... · PDF fileIAF–EC–06-012 International Accreditation Forum, Inc. Page 3 of 36 Comments on revision of Guide 65 Printed