1. Contract conclusion and price
Every organization wishing to verify the relevant management system and obtain the certificate from ASTRAIA® Certification, Ltd. have to apply for this service.
ASTRAIA® Certification, Ltd. employees verify whether the certification body is able to certify the management system according to the requirements of the potential client and in accordance with its own procedures and accreditation rules.
The prices for the performance of verification/certification are always set on the basis of a prepared price offer or negotiation with the client. ASTRAIA® Certification, Ltd. condition is to conclude the contract with the client before providing the service.
2. Preparation for the verification / certification
The certification body shall set up an audit team appropriate for the certification. For each certification area, the team must have a professionally qualified employee. The number of team members depends on the size of the client and the areas to be certified. The audit team must be composed of independent experts who are not involved in any activities of the client. The client has the right to comment on the composition of the audit team and to propose the replacement of its members no later than 3 days before the audit starts. The realization manager is responsible for monitoring of the connection between the number of persons at the client and the number of auditors during the performed audit, in the case when the audit team consists of more than 1 auditor.
The entity being assessed (the client) is obliged to provide the audit team with the following documentation and information to perform the verification:
- the detailed organizational structure;
- the subject and the scope of certification (departments, activities); the structure and the list of documentation;
- further up-to-date documentation of the management system, in particular:
- the relevant management system manual;
- the policy and objectives for the relevant management system;
- the description of the processes, the environmental aspects or health hazards of employees;
- the main management procedures (guidelines, instructions, etc.);
- the specific audit requirements (including OH&S and health capacity).
It is the responsibility of the audit team to review the client’s documentation and verify whether the provided documentation:
- fully meets the minimum requirements of the relevant normative criteria;
- establishes clearly, unambiguously and logically the procedure and responsibilities for the management activities performance;
- describes comprehensively the management system to be verified and provides a suitable projection of its functionality.
Before the end of this phase, the audit team shall assess the adequacy of the documentation and whether it includes all the particulars. If the documentation is not processed in accordance with the requirements of the relevant normative criteria, the members of an audit team shall immediately inform the designated representative of the client indicating which requirements of the criteria have not been reasonably accepted. The lead auditor will then agree with the representative of the client on the deadline by which will be the documentation supplemented and updated. At the same time, the certification schedule will be adjusted, if necessary.
The audit team prepares an audit plan after the verification of the documentation. The client and the designated ASTRAIA® Certification, Ltd. representative comment the audit plan. Based on their requirements, the lead auditor may make changes to the draft of the audit plan. However, modifications to the plan which would alter the scope or limit the mandatory requirements of the relevant standards shall not be permitted. The audit plan is approved by the client together with the representative of the certification body. In the case that the witness audit [ is carried out at the request of the Accreditation Body, the lead auditor shall mention the participation of the members of the Accreditation Body during the opening and closing meetings.
3 Certification and audit report
The certification of all management systems is carried out in two stages. The aim of the first stage is to obtain the evidence of meeting the key requirements of the relevant standard. The aim of the second stage is to verify the fulfilment of all requirements of the relevant normative criterion. The performance of the entire audit for the client is managed by the lead auditor in accordance with the approved audit plan. Each certification process conducted by ASTRAIA® Certification, Ltd. begins with an opening meeting. At this meeting, the audit team informs all participants about the audit objectives. The purpose of the opening meeting is to validate the scope and the criteria of the audit, to agree on the audit plan and to agree on the management of further measures, including the provision of escorts and OH&S for the audit team members. Based on the audit team decision, the audit team may inspect the client’s premises prior to carrying out the audit so that its members are better acquainted with the structure of the production premises. In the case of witness audits required from the accreditation body, the accreditation body auditors also participate on an on-site audit (in the client’s premises).
The audit is performed in the form of an interview with selected employees of the client, monitoring of performance of individual activities, studying of requested documentation and records and their comparison with the reality. As a rule, auditors do not perform any measurements or sampling, but may also require measurements and analysis to be performed with the assistance of the client’s employees to verify the compliance with the audit criteria, if necessary.
The audit team shall report the significant partial conclusions identified during the audit on the regular basis. At the final meeting, which always takes place after the completion of the audit at the premises of the assessed entity, the audit team informs the management of the assessed entity in a comprehensive manner about the detected non-conformities. The purpose of the final meeting is to inform the representatives of the client about the identified non-conformities and problems, the classifications and the importance of the non-conformities, to answer the questions of the client regarding the conclusions and non-conformities, and to indicate whether the audit team recommends issuing the certificate for the management system being verified. At the final meeting, the lead auditor shall submit prepared records containing a description of the found non-conformities. The competent representative of the assessed entity shall confirm with the signature that he/she is aware of the non-conformities. The responsibility of the representatives of the assessed entity is to take appropriate measures to eliminate the identified non-conformities and to inform the lead auditor within 10 days. At the final meeting, the lead auditor will also clarify the further actions, depending on the number and importance of the found non-conformities.
If there are significant non-conformities that confirm that the management system being audited is not fully functional, these non-conformities must first be eliminated before the certification decision is made. In the case of a smaller number of non-conformities the implementation of the corrective actions is verified by a lead auditor, in case of bigger number of non-conformities, the certification audit must be repeated. When significant non-conformities are identified at the first stage of the audit, the assessed entity shall eliminate those non-conformities by the second stage of the certification audit (up to a maximum of 90 days from the date of the first stage of the certification audit). If they are not eliminated, the first stage must be repeated.
All the audit findings and conclusions, including identified non-conformities and taken corrective actions, shall be reported by the audit team to the audit report. The report is sent by representatives of the certification body to the representatives of the client after the approval by ASTRAIA® Certification, Ltd. responsible representative. The entity being audited has the right to comment on the content of the report within 15 days so that any objections to the audit conclusions or other facts stated in the report are taken into account when decision on certification is made.
4. Decision to award the certificate
The management of ASTRAIA® Certification, Ltd. decides on awarding the certificate based on the information and facts stated in the audit report, the objections raised to the audit conclusions by the representatives of the client, and other additional information and documentation, such as audit questionnaires and notes, corrective actions requirements, etc. The management of the certification body decides to issue the certificate if the audit conclusions and overall assessment of the management system objectively prove that
- the system being audited is fully functional and meets all the requirements of the relevant standard for the management system;
- the established organizational structure, defined responsibilities, procedures, performed internal audits and the personal approach of all involved employees provide sufficient confidence that the management system being audited will continue to be functional and effective;
- all required management mechanisms and procedures, including the management review already performed, are in place.
Before awarding the certificate and the certification marks, the client receives ASTRAIA® Certification, Ltd. Ordinance about awarding the certificate. ASTRAIA® Certification, Ltd. performs the surveillance of the certified entity through the surveillance audits. The management of the company determines the frequency of the individual audits in the ordinance based on the audit conclusions, especially the overall evaluation of the system functionality and identified non-conformities. The frequency of surveillance audits may be set at a minimum of 4, a maximum of 12 months. The Certification Agreement/Application for the Certification sets the binding rules for using the certification marks and referring to the certification. The violation of these rules may be grounds for withdrawal of the certificate.
5. Surveillance of the certified entity
The program of surveillance audits for the entire period of validity of the certificate may be carried out during this period to screen the compliance of all the requirements of the given standard and at the same time to screen the other organizational units of the certified entity falling within the subject of the certification.
The auditor team is acting the same way like performing the certification audit while performing the surveillance audits, but only to the extent sets out in the surveillance audit program included in the Ordinance. The audit team shall review in the surveillance audit the following:
- the management areas where significant changes have occurred;
- the method of internal audits performance, the management reviews, the preventive and corrective actions;
- the relevant claims, complaints and suggestions from customers and other stakeholders of the certified entity and the response to them;
- the changes in the documentation related to the certified management system;
- the implementation and effectiveness of measures taken to eliminate non-conformities identified during the previous audits;
- the increase of management efficiency and the improvement in the certified area.
All the audit findings and conclusions shall be reported by the audit team to the audit report. The client has a right to comment on the content of the report, but must do so within 15 days from the report issuing so that the objections are taken into account by ASTRAIA® Certification, Ltd. when deciding on the validity of the certificate. The certificate remains valid if all the conditions for awarding the certificate are met and the certified entity handles all detected non-conformities in an appropriate manner.
6. Recertification process
If the certified entity wishes to renew an expired certification, it may apply for recertification. The certification body has been performing surveillance of the certified management system within a period of three years; therefore a recertification audit generally takes less than a certification audit but longer than a surveillance audit. For this reason, the price for
the recertification is usually lower than the price for the certification of the same entity.
The continuity of the a given management system surveillance is maintained by recertification, therefore is the assessment during the recertification audit generally less time-consuming than during the certification audit.
The performance of the recertification is possible only based on condition that the client requests the recertification in sufficient advance in order to perform the entire assessment prior to certificate expiration. Based on the accredited procedures, the certification process and the decision to issue a new certificate must be terminated before the current certificate expires. If it does not and the client is wishing to maintain the certification of the given management system, the client must complete the certification process to the extent of the initial certification.