Accreditation Process · PDF fileAccreditation Process Requirements ... ISO/IEC 17021:2006,...
36
© SAAS 2010 SAAS Accreditation Process Requirements Work Instructions for Accreditation Auditors, Procedures 311 and 314 © Social Accountability Accreditation Services, June 2010
Transcript of Accreditation Process · PDF fileAccreditation Process Requirements ... ISO/IEC 17021:2006,...
© SAAS 2010
SAAS
Accreditation Process Requirements
Work Instructions for Accreditation
Auditors, Procedures 311 and 314
© Social Accountability Accreditation Services,
June 2010
© SAAS 2010
Accreditation Process and Policies
•SAAS auditors must follow accreditation policies and procedures to ensure consistent, quality auditing practices.
SAAS sets out work instructions for its auditors to utilize when conducting both office and witnessed audits.
© SAAS 2010
Accreditation Process and Policies
Procedure 311
© SAAS 2010
1.0 Purpose
This instruction defines the requirements
for the assigned Lead Auditor and other
members of the audit team to plan and
conduct a document review and initial
office audit for certification body
accreditation and reaccreditations.
© SAAS 2010
4.0 References
• ISO/IEC 17021:2006
• ISO 19011:2002• SAAS Procedure 200 • SAAS Procedure 201
• SAAS Procedure 203, Staff and Contractor Appointment, Training and Appraisal
• SAAS Form 310, Audit Tracking-Overview
• SAAS Form 310A, Audit Tracking-Details• SAAS Form 312, Document Review Report
• SAAS Form 313, Initial Accreditation Report• SAAS Work Instruction 318, Writing CARs and
Analyzing CAR responses
• SAAS Form 408, Accreditation Application Requirements Checklist
• SAAS Form 415, Corrective Action Request
• SAAS Advisories
© SAAS 2010
5.0 Instructions
• 5.1 This instruction is effective upon the auditor’s acceptance of the assignment as Auditor for the accreditation of an identified certification body.
• 5.2 SAAS will provide the Lead Auditor with a copy of the CB’s application and the complete set of the applicant’s documentation with a copy of the agreed SAAS Fee Schedule.
© SAAS 2010
6.0 Document Review-Initial Accreditation
6.1 The purpose of the document review is to ensure that the CB’s documented certification process adequately addresses all of the SAAS requirements incorporated in ISO/IEC 17021:2006, SAAS Procedure 200, SAAS Advisories, and other guidance documents as produced and required from time to time by SAAS.
6.2 The document review shall be completed by the assigned Lead Auditor within two weeks of the receipt of the identified documents from SAAS.
© SAAS 2010
6.0 Document Review Cont.
6.3: SAAS form 408, Accreditation Application Documentation/Office Checklist shall be used to review the CB’s documented system. All requirements in the Form 408 shall be covered.
a) Particular attention shall be given to the identification of the CB’s source document. This is the specific location of the requirement’s fulfillment in the CB’s system.
b) All requirements marked as concerns must be addressed prior to or during the accreditation office audit. Any indicated revisions in documentation shall be submitted to and reviewed by the Lead Auditor.
© SAAS 2010
6.0 Document Review Cont.
6.4 The Lead Auditor may contact the Applicant (cc to SAAS Client Coordinator) during the document review to clarify any issues related to the subject requirements. When there are significant concerns that the documentation provided is not adequate, the Lead Auditor may recommend that no further audit activity be conducted until those deficiencies are addressed and corrected.
© SAAS 2010
7.0 Office audit – Initial Accreditation and Reaccreditation
7.1 SAAS shall select the remainder of the audit team with the input of the assigned Lead Auditor. SAAS shall ensure that all audit team members are accepted by the applicant.
7.2 The purpose of the office audit is to verify that the documented certification system is effectively implemented by the certification
body.
© SAAS 2010
7.0 Office audit – Initial Accreditation and Reaccreditation
7.3.1 The Lead Auditor is responsible for planning and managing the
office audit process.
7.3.2 The Lead Auditor shall prepare the audit plan and communicate
the plan to the CB at least two weeks prior to the date of the audit.
7.3.3 The Lead Auditor’s path shall include an audit of the CB’s
documented social standards certification system, management
reviews, internal audits and corrective action processes.
7.3.4 The Lead Auditor is responsible for the preparation of audit
checklists based on the applicant CB's documented system,
ISO/IEC 17021:2006, SAAS Procedure 200 and the results of
the document review. These checklists should use SAAS Form 408.
© SAAS 2010
7.0 Office audit – Initial Accreditation and Reaccreditation
7.3.5 The audit plan shall include, as a minimum, the following information:
a) Audit objectives, criteria and reference documents,b) Scope of the audit,c) Dates and places where the on-site audit will be conducted,d) Expected time and duration of on-site activities. e) All requirements identified in the audit criteria (ISO/IEC Guide 62/17021,
SAAS requirements, etc.) shall be shown in the audit plan,f) All meetings, including SAAS audit team meetings and meetings with
the CB (the SAAS audit team should meet at least twice per audit day),g) Roles, responsibilities and assignments of audit team members,h) Identification of CB’s representative for the audit,i) Working language of the audit,j) Logistical arrangements such as meals (arranged by the CB on-site if
possible) ,k) Statement of confidentiality.
*The audit plan shall reflect an eight-hour minimum audit day.
© SAAS 2010
7.0 Office audit – Initial Accreditation and Reaccreditation
7.3.6 The SAAS Lead Auditor shall coordinate the travel arrangements for the accreditation audit team.
7.3.7 The SAAS Lead Auditor shall be the contact between the audit team and the CB during the planning stage of the audit. The SAAS client coordinator shall be copied on such correspondence via email.
© SAAS 2010
7.0 Office audit – Initial Accreditation and Reaccreditation
7.4 On-Site Office audit
7.4.1 The opening meeting shall be conducted by the Lead Auditor and cover the following activities:
a) Introduce Audit team to Certification Body personnel;b) Allow the Certification Body personnel to introduce themselves;c) Record attendance at opening meeting (the SAAS Lead Auditor may choose
to record attendance on SAAS Form 413 – Audit Attendance log);d) Review the proposed scope of applicant’s accreditation;e) Explain the objectives of the audit;f) Explain the audit methodology (observation, interviews and record reviews);g) Confirm confidentiality;h) Explain use of sampling methodology due to time constraints;i) Explain Minor and Major CARs and Opportunities for Improvement. Explain
that a Major CAR precludes accreditation being put forward until satisfactorily closed out;
j) Review the audit itinerary, and confirm acceptability. Modify to accommodate unexpected changes, as possible;
k) Confirm that a guide and translator, as appropriate, have been allocated to each Auditor; suggest the guide take notes;
l) Confirm times for daily start and finish and meal arrangements (in-house) and times for the daily debriefing meetings and the closing meeting;
m) Confirm availability of resources and facilities needed by audit team, such as meeting room, telephone, and copy machine.
© SAAS 2010
7.4.2 Conducting the accreditation/reaccreditation office audit
� 7.4.2.1 The Lead Auditor is responsible for managing the
audit process. This includes resolution of any issues involving the SAAS audit team members and the CB
personnel, determination of the merits of any
noncompliance and the resolution of any issues within
the SAAS audit team.
© SAAS 2010
7.4.2.2 SAAS auditors shall conduct an audit of the requirements in their audit path. Each auditor is expected to keep appropriate notes to support compliance with each requirement, including:
a) Names and revision levels of all forms and documents reviewed.
b) Names and dates of all records reviewed. The number of each record reviewed (sample sizes).
c) Name and position of everyone interviewed.
d) Detail of the Auditor training and experience requirements, including interview technique training required.
e) Detail of the CB requirement for conducting individual and group interviews.
f) Certain requirements of the CB’s process need to be specifically defined during the audit due to their impact on the quality of the certifications. If for an SA8000 audit:
1. Detail of the CB Trade Union/NGO consultation process.
2. Detail of the CB method for determining basic needs wages.
© SAAS 2010
7.4.2.3 Detail evidence of any noncompliance to a requirement that includes at least what the noncompliance was, where it was found, how often it occurred and when it occurred.
7.4.2.4 CARs shall be documented on the SAAS CAR Form 415.
7.4.2.5 The Lead Auditor shall conduct a brief document review of the current revisions of the social standard certification process documents to ensure that no significant changes have been made since the completion of the document review.
© SAAS 2010
7.4.2.6 The Lead Auditor shall review a copy of the most recent management review minutes - the management review should provide evidence that the social standard certification process has been reviewed and that it is effectively implemented prior to the accreditation audit.
7.4.2.7 The Lead Auditor will review the record of internal audits of the social standard certification process and match it against the certification body’s system requirements.
7.4.2.8 At the time of an initial accreditation audit, there will not be any evidence of social standard certification audits within the scope of SAAS accreditation. The audit team may review audit packages for certification to other standards for general information on how evidence is gathered and processed. For reaccreditation, the auditor shall review a sample of certified client files.
7.4.2.9 If the Certification Body is accredited by other accreditation agencies to conduct certification against other standards, the auditor shall review the audit reports from those other accreditation agencies.
© SAAS 2010
7.4.2.10 Based on the audit team’s analysis of the evidence collected, the team shall reach a conclusion for the accreditation recommendation. The recommendation shall be one of the following:
a)Recommendation that the organization be accredited to certify to the appropriate social standard, pending the satisfactory completion of the witness audit.
b)Recommendation that a full reaudit of the system be conducted before accreditation can be granted.
c)Recommendation that a partial reaudit of the system be conducted before accreditation can be granted.
* If the recommendation is anything other than a recommendation for accreditation, SAAS must be contacted prior to the closing meeting if possible or at least within 24 hours after the closing meeting.
© SAAS 2010
7.4.3 Closing meeting
The closing meeting shall be conducted by the Lead Auditor and cover the following topics:
a) Record attendance. b) Where appropriate, thank CB’s staff for assistance, cooperation, and
hospitality and refer to the positive aspects of the Management system implementation.
c) Emphasize that assembled audit results were obtained by taking samples and all nonconformities may not have been found
d) Present the CB with detailed results of the audit and explain Major and Minor CARs, if required. Clarify all questions related to any CARs and obtain the appropriate applicant CB representative's signature on each CAR as acknowledgment of receipt. Leave copies of CARs with the CB representative.
e) Explain that these copies of the CARs are advance copies and the audit report will contain the final copies.
f) Explain the process to close Corrective Action Requests, including establishing dates for reply. The CB will be expected to respond to the CARs using the CAR form 415A.
g) Explain procedures for complaints and appeals, if necessary.h) Advise the Applicant CB of the timing for the preparation of the audit
report.i) Review arrangements for the witness audit, if appropriate.j) Discuss issue of unaccredited Certificates and the use of Accreditation
Marks and future surveillance visits, if appropriate.k) Invite questions from the Applicant CB.l) Congratulate CB for performance, if appropriate.
© SAAS 2010
8.0 Post-Audit Activities
8.2 The Lead Auditor shall send copies of all signed CARs to SAAS within five working days, if possible, at the end of the audit.
8.3 The lead auditor shall prepare the audit report and submit it to SAAS, with all checklists and notes within ten working days of the completion of the on-site audit activity. The report form SAAS Procedure 313 shall be used for the report.
8.3.1 The Lead Auditor shall develop the audit planning matrix that shall be used to plan the subsequent surveillance audits and the reaccreditation audit. This matrix shall define the clauses that must be audited during each audit in the next cycle to ensure that all relevant requirements for accreditation will be audited during the cycle.
8.4 The Lead Auditor is also responsible to receive, analyze andrespond to the CB’s responses to the CARs that were issued during the office audit. (See SAAS Work Instruction 318, WritingCARs and Analyzing CAR responses). All communication with the CB must be copied to SAAS.
© SAAS 2010
9.0 Records
9.1 Audit reports (SAAS Form 312 and Form 313)
9.2 Audit checklists and path notes
9.3 Signed CARs (SAAS Form 415)
© SAAS 2010
Procedure 314
© SAAS 2010
1. Purpose: This instruction defines the requirements for the assigned SAAS Lead Auditor and other members of the SAAS audit team to plan and conduct witness audits for applicant and SAAS-accredited certification bodies.
© SAAS 2010
4. References
• ISO/IEC 17021:2006 • ISO Guide 19011:2002
• SAAS Procedure 200 • SAAS Procedure 201, Accreditation of Certification
Bodies of Social Accountability Systems
• SAAS Form 310, Audit Tracking-Overview
• SAAS Form 310A, Audit Tracking-Details
• SAAS Form 315, Witness Audit Report• SAAS Work Instruction 316, Office Surveillance Audit
Process
• SAAS Work Instruction 318, Writing CARs and Analyzing CAR responses
• SAAS Form 408, Applicant Document Checklist
• SAAS Form 415, CAR Form
• SAAS Audit Plan and Estimated Fees
© SAAS 2010
5. Instruction
5. 1 This instruction is effective upon the auditor’s acceptance of the assignment as an Auditor for the witness audit of a SAAS client.
5. 2 SAAS will provide the Lead Auditor with a copy of appropriate CB documentation.
a) These include the CB’s application, document review
and office audit report (for initial witness audits) and
previous audit reports for surveillances, as well as a
copy of the SAAS Fee Schedule that has been agreed
upon with the CB.
b) The SAAS accreditation auditor will review the number
of days that are proposed by SAAS to ensure that the
cited days are adequate to perform the audit function.
© SAAS 2010
6. Witness audit
6.1 The purpose of the witness audit is to verify that the certification body’s SAAS-accredited (or applicant) certification system program is effectively implemented by witnessing their performance of a certification or surveillance audit (for currently accredited Certification Bodies) at the CB client’s premises.
a) SAAS shall witness a stage 2 audit and shall conduct a review of the procedures and report
from the stage 1 audit undertaken by the CB.
© SAAS 2010
6. Witness audit
6.2 Audit planning:
6.2.1 Except for the commercial relationship between the CB and SAAS, the Lead Auditor is responsible for planning and managing the witness audit process.
6.2.2 The CB is responsible for providing the SAAS lead auditor with the appropriate amount of documentation (e.g. the application, certificate) from their certification client and a copy of the CB’s audit plan.
6.2.3 The Lead Auditor shall prepare the SAAS audit plan and communicate the plan, including the names and assignments of every member of the audit team, to the CB and to the SAAS Client Coordinator, prior to the date of the audit.
6.2.4 When more than one SAAS auditor is involved in the audit, the Lead Auditor is responsible for the determination of the individual audit paths.
© SAAS 2010
6. Witness audit
6.2.4 The Lead Auditor is responsible for the preparation of audit checklists based on the CB's SA8000 certification system, ISO/IEC 17021, SAAS Procedure 200 and other appropriate documents. The audit plan shall include:
a) Audit objectives, criteria and reference documents.
b) Scope of the audit.c) Dates and places where the on-site audit will be conducted.
d) The assignment of each SAAS auditor to each CB auditor.
e) The audit plan shall also include time for all meetings, including SAAS audit team meetings and meetings with the CB’s audit team (the SAAS audit team should meet at least twice per audit day). Roles, responsibilities and assignments of accreditation audit team members.
f) Identification of CB’s representative for the audit.
g) Working and reporting language of the audit.
h) Logistical arrangements such as meals (arranged by the CB on-site if possible) .
i) Statement of confidentiality.
© SAAS 2010
6.3 On-Site audit:
6.3.1 Opening meeting: The opening meeting with the CB’s audit team shall be conducted by the Lead Auditor and cover the following activities:
a) Introduce SAAS Audit team to Certification Body audit team.b) Allow the Certification Body personnel to introduce themselves.c) Record attendance at opening meeting (the SAAS auditor may choose to record
attendance on SAAS Form 413).d) Share the expectation that the worker representative is expected to attend the opening
and closing meeting at the witnessed site.e) Review the scope of certification for the site being audited by the CB.f) Explain the objectives of the accreditation audit.g) Explain the audit methodology: observations, interviews and record reviews.h) Confirm confidentiality.i) Explain Minor and Major CARs and Opportunities for Improvement. Explain that a Major
CAR precludes accreditation until satisfactorily closed out, if applicable.j) Review the audit itinerary, and confirm acceptability. Modify to accommodate unexpected
changes, if possible.k) Confirm times for daily start and finish and meal arrangements (in-house) and times for
the daily debriefing meetings and the closing meeting.l) Confirm availability of resources and facilities needed by audit team, such as meeting
room, telephone, and copy machine.m) Confirm that locations have been arranged for the audit planning meeting and for the
closing meeting.
© SAAS 2010
6. Witness audit
6.3.2 Audit planning meeting: The audit planning meeting with the CB’s audit team must not interfere with the witness audit and must be held outside the normal audit day scheduled for the witness audit. This meeting must include at least:
a) A review of the auditee’s application.
b) A review of the CB’s proposal, including how the number
of auditor-days was determined.
c) Auditor qualification information including training and
experience.
d) Brief review of the CB’s audit procedures that will be used
during this audit. Any change since the last document review shall be noted.
For SA8000 certifications only:
a) Detail of the calculation of the basic needs wage.
b) Stakeholder consultation and related information that was obtained.
© SAAS 2010
6. Witness audit
6.4 Conducting the witness audit:
6.4.1 The SAAS Lead Auditor is responsible for managing the audit process. This includes the resolution of any issues involving the SAAS audit team members and the CB personnel, determination of the merits of any noncompliance and the resolution of any issues within the SAAS audit team.
6.4.2 SAAS auditors shall witness the CB audit activities on their audit path. The SAAS auditor is expected to keep appropriate records and notes to support compliance with each SAAS requirement. The audit notes should include at least the following:
a) The number of each type of record reviewed (sampling used).b) Number and type of interviews (individual, group, on and off site interviews),
and how confidentiality is maintained.c) The methods used by the CB auditor to select personnel to interview and
document the interviews.d) How evidence is documented when CARs are identified.e) How the CB auditor establishes how complaints have been handled by the
facility and the grievance policy that is in place.f) How the CB auditor establishes that the Freedom of Association and collective
bargaining process is effectively implemented (SA8000 only).g) Use of claims about certification scope and facilities it applies to (SA8000 only).h) A review of the report from the stage 1 audit.
© SAAS 2010
6. Witness audit
6.4.3 The SAAS auditor shall record evidence of any CB noncompliance to a requirement that minimally includes a brief statement of what the noncompliance was and the normative element it was not in conformance with, where it was found, how often it occurred and when it occurred. The record shall clearly state the requirement that was not complied with including the CB’s requirement and/or the SAAS requirement. (see SAAS instruction 318, Writing CARs and Analyzing CAR responses). Opportunities for Improvement shall also be documented.
6.4.4 Based on the audit team’s analysis of the evidence collected, the team shall recommend initial accreditation or continuation of accreditation, as appropriate. The recommendation shall be one of the following:
a) The CB be accredited or accreditation be continued, pending satisfactory response to any CARs.
b) Another witness audit be scheduled before recommending accreditation or continuation of accreditation.
� If the recommendation is anything other than a recommendation for accreditation or continuation of accreditation, SAAS must be contacted prior to the closing meeting, if possible, or within 24 hours after the closing meeting.
6.4.5 Notes shall be recorded directly on the checklist provided by the Lead Auditor or on other note paper and summarized on the checklist.
© SAAS 2010
6. Witness audit
6.5 Closing meeting: The closing meeting shall be conducted by the Lead Auditor and include the following activities:
a) Record attendance.
b) Where appropriate, thank CB’s audit team for assistance, cooperation, and hospitality and refer to the positive aspects of the management system implementation.
c) Inform CB of the SAAS Audit team’s recommendation.d) Emphasize that the witness audit will not be completed until the SAAS audit team
receives a copy of the CB’s audit report of its certification client and associated CARs, translated into English. This report is expected to be submitted to the SAAS Lead Auditor within 15 days of the end of the witness audit, if possible. Explain that as a result of the certification client report review, additional CARs may be issued.
e) Present the CB with detailed results of the audit and explain Major and Minor CARs, if required, that have been identified to date.
1. Clarify all questions related to any CARs and obtain the appropriate CB representative's signature on each CAR as acknowledgment of receipt.
2. Take original copies of CARs with SAAS Lead Auditor and CB representative signatures and leave a copy with the CB.
3. Be sure that the CB understands that additional CARs may result from the review of the CB’s final client audit report they issue to their client,
f) Explain that these copies of the CARs are advance copies and the audit report will contain the final copies.
g) Explain the process to close Corrective Action Requests, including establishing dates for reply. The CB will be expected to respond to the CARs using the CAR form 415A
h) Explain procedures for complaints and appeals, if necessary.i) Advise the CB of the timing for the preparation of the final audit report.j) Invite questions from the CB.k) Congratulate CB for performance, if appropriate.
© SAAS 2010
7.0 Post-audit activities
7.1 After the completion of the closing meeting, all SAAS auditors shall give their checklists and notes to the Lead Auditor.
7.2 The Lead Auditor shall send digital copies of all signed CARs to SAAS within five working days, if possible, of the end of theaudit.
7.3 The Lead Auditor shall prepare the audit report and submit to SAAS, with all checklists and notes within 15 working days of the completion of the on-site audit activity. The report form SAAS Form 315 shall be used for the report.
7.4 The Lead Auditor shall send in to SAAS all notes, material, files, business cards, digital pictures, marketing material and any other information gathered during the witness audit.
7.5 The Lead Auditor shall be responsible to receive, analyze and respond to the CB’s responses to the CARs that were issued during the office audit. (See SAAS Work Instruction 318, Writing CARs and Analyzing CAR responses). All communication with the CB must be copied to SAAS.
© SAAS 2010
8.0 Records
8.1 Audit report – SAAS Procedure 315
8.2 Audit checklists and path notes –
SAAS Form 408
8.3 Signed CARs – SAAS Form 415
