MANAGEMENT SYSTEMS CERTIFICATION RINA [IS …...• ISO/IEC TS 17021-5:2014 - Conformity assessment...

RINA [IS-CRT-SYS-03] AUDIT ACTIVITIES FORMANAGEMENT SYSTEMS CERTIFICATION

C.IS--.CRT-.SYS-.003Rev.9

Pag.1/112

Form SEGSQI2 - 08/2001

Index1. SCOPE/OBJECTIVE Pag. 32. FIELD OF APPLICATION Pag. 33. DEFINITIONS AND/OR ABBREVIATIONS Pag. 34. REFERENCES Pag. 35. COMPETENCIES Pag. 76. DESCRIPTION OF THE PROCESSES Pag. 7

6.1. FIRST CERTIFICATION PROCESS Pag. 76.2. TRANSFER OF CERTIFICATION FROM ANOTHER CERTIFICATION BODYPROCESS

Pag. 47

6.3. SURVEILLANCE OR EXTRA PROCESS Pag. 546.4. RECERTIFICATION PROCESS Pag. 736.5. EXTENSION/MODIFICATION OF CERTIFICATION SCOPE PROCESS Pag. 96



Pag.2/112


List of changes.

Data module(s) added.• REFERENCES_SA 8000:2014 page 4• FIRST CERTIFICATION PROCESS_STAGE 1 AUDIT PLANNING_SA 8000:2014 page 10• FIRST CERTIFICATION PROCESS_STAGE 2 AUDIT PLANNING_SA 8000:2014 page 27• FIRST CERTIFICATION PROCESS_AUDIT AND FOLLOW UP_SA 8000:2014 page 34• FIRST CERTIFICATION PROCESS_STAGE 1 AUDIT_SA 8000:2014 page 16• FIRST CERTIFICATION PROCESS_STAGE 1 AUDIT_ISO 22301:2012 page 21• FIRST CERTIFICATION PROCESS_STAGE 2 AUDIT_ISO 22301:2012 page 39• SURVEILLANCE OR EXTRA PROCESS_SURVEILLANCE OR EXTRA AUDIT_ISO 22301:2012

page 66• RECERTIFICATION PROCESS_RECERTIFICATION AUDIT_ISO 22301:2012 page 88• EXTENSION/MODIFICATION OF CERTIFICATION SCOPE PROCESS_EXTENSION /

MODIFICATION AUDIT_ISO 22301:2012 page 106• TRANSFER OF CERTIFICATION FROM ANOTHER CERTIFICATION BODY

PROCESS_CERTIFICATION DECISION_SA 8000:2014 page 53

Data module(s) modified.• TRANSFER OF CERTIFICATION FROM ANOTHER CERTIFICATION BODY PROCESS_PRE-

TRANSFER REVIEW_SA 8000:2008_SA 8000:2014 page 48



Pag.3/112


1. SCOPE/OBJECTIVE

This instruction describes the activities necessary for an audit team to perform audits, including audit planning,drawing up audit reports and management of communications with the personnel who perform audit programmeactivities (Program Reviewer).

2. FIELD OF APPLICATION

This instruction applies to the programming activities for all types of management system certification audits. Ingeneral, programming and conducting certification audits includes a two-stage initial audit, surveillance auditsand a recertification audit to be performed prior to expiry of the certificate.

Any pre-audit activities (readiness for assessment) are outside the field of application of this instruction and theresults of such audits cannot be taken into account in programming the certification audits.

3. DEFINITIONS AND/OR ABBREVIATIONS

For the definitions and/or abbreviations reference is to be made to instruction IS-CRT-SYS-00.

4. REFERENCES

The main references are to be found in instruction IS-CRT-SYS-00.

The main supporting documentation to this instruction is:

• RINA Rules• External Rules• Instructions to technicians (ITT)• Forms• Standards• Accreditation Documents

available from WISE Contextual Menu and in Lotus Notes DB.

Schema Accreditation SectorSA 8000:2008 SAAS any

SA 8000:2008

SA 8000:2008

SAI GUIDANCE SA8000:2008

SAAS Procedure 200

SAAS Advisories



Pag.4/112


Schema Accreditation Sector..... any any

SA 8000:2014

• SA 8000:2014• ISO/IEC 17021-1:2015• ISO/IEC 17011:2004• SAAS Procedure 201A• SAAS Procedure 201B

• SA8000:2014 Certification Exclusion List • SA8000:2014 Performance Indicator Annex • SA8000:2014 Drafters’ Notes • SA8000:2014 Guidance Document• SA8000:2014 Auditor Guidance for Social Fingerprint • SA8000:2014 Social Fingerprint Glossary• SA8000:2014 Social Fingerprint Rating Chart• IAF MD 1:2007 Certification of Multiple Sites Based on Sampling• IAF MD 2:2007 Transfer of Accredited Certification of Management Systems• IAF MD 5: 2013 Duration of QMS and EMS Audits• ISO/IEC TS 17022:2012

Schema Accreditation SectorIRIS Rev. 02.1 any any

IRIS Rev.02

• UNIFE/RINA Framework Agreement, last revision• Standard IRIS and related addendum, last revision• Advisory issued by UNIFE

Schema Accreditation SectorISO 22000:2005 any any

FSSC 22000 any any

ISO 22000:2005 | FSSC 22000

The main supporting documentation to this instruction is:

• ISO 22000:2005 - Food safety management systems - Requirements for any organization in the food chain• ISO TS 22003:2007 - Food safety management systems - Requirements for bodies providing audit and

certification of food safety management systems• ISO TS 22004:2005 - Food safety management systems - Guidance on the application of ISO22000:2005• FSSC22000: Documents certification scheme (FSSC 22000 - Part1, 2, 3, 4, and any addendum / Annex

- viewable / downloadable on the site: www.fssc22000.com)



Pag.5/112


• ISO / TS 22002-1:2009 - Prerequisite Programmes on food safety - Part 1: Food manufacturing (replacesthe BSI PAS220: 2008)

• ISO/TS 22002-4:2013 - Prerequisite programmes on food safety - Part 4: Food packaging manufacturing(replaces the BSI PAS223:2011)

• GFSI (Global Food Safety Initiative) Guidance Document - Current Edition and Version

Schema Accreditation SectorISO/IEC 27001:2013 any any

ISO/IEC 27001:2013

• ISO/IEC 27001:2013 Information security management systems – Requirements;• ISO/IEC 27006:2007 – Information technology – Security techniques – Requirements for bodies providing audit and

certification of information security management systems.

Schema Accreditation SectorISO/IEC 20000-1:2011 any any

ISO/IEC 20000:2011

• ISO/IEC 20000-1:2011 Information Technology – Service Management - Part 1: Service management systemsrequirements;

• ISO/IEC 20000-3:2012 Information technology -- Service management - Part 3: Guidance on scope definition andapplicability of ISO/IEC 20000-1;

• IAF MD 18:2015 - Application of ISO/IEC 17021:2011 in the Service Management Sector (ISO/IEC 20000-1).

Schema Accreditation SectorISO/IEC 20000-1:2011 APMG any

ISO/IEC 20000:2011_APMG

• APMG 15/015 - Information Technology Service Management — Requirements for bodies providing audit andCertification of IT Service Management Systems under the APMG Certification Scheme - version 2.2;

• APMG requirements and guidelines for scope statements - version 1.2.



Pag.6/112



ISO 22301:2012

• ISO 22301:2012 Societal security — Business continuity management systems — Requirements;• DC2015SSV023 - Accredia Dept. of Certification and Inspection – Circular N° 01/2015 Informative communication

regarding accreditation for the certification scheme ISO 22301:2012 - Business Continuity Management Systems(BCMS revision 1).


ISO 20121:2012

• Accredia's Circular (5/2015) : Information about accreditation for the certification scheme UNI ISO 20121:2012 -Systems of sustainable management of events (ESMS).

• ISO/IEC TS 17021-4:2013 - Conformity assessment - Requirements for bodies providing audit andcertification of management systems - Part 4: Competence requirements for auditing and certification ofevent sustainability management systems.


The main supporting documentation to this instruction also are:

• ISO 50001:2011 “Energy management System – Requirements with guidance for use";• ACCREDIA RT-32 - Directives for accreditation of Bodies performing the certification of Energy Management Systems.


• ISO 55000:2014 - Asset management - Overview, principles and terminology• ISO 55001:2014 - Asset management - Management systems - Requirements



Pag.7/112


• ISO 55002:2014 - Asset management - Management systems - Guidelines for ISO 55001• ISO/IEC TS 17021-5:2014 - Conformity assessment - Requirements for bodies providing audit and

certification of management systems - Part 5: Competence requirements for auditing and certification ofasset management systems

5. COMPETENCIES

The personnel who are competent to undertake audit programming and conduct activities are given in NEWAGEand identified as AUDITOR, LEAD AUDITOR and EXPERT.

The TEAM LEADER (TL) is responsible for preparing the audit plans, organising and performing themanagement system audits, coordinating the work of the audit team members, instructing the auditors aboutthe methods of execution and guiding and controlling their work, drawing up and controlling the audit reports,maintaining interface contact with the client during the audit. Only an auditor who has the competence of aLEAD AUDITOR can be a TL.

The CO TEAMER is responsible for carrying out management system audits, acting autonomously under theguidance of the TL. Only an auditor who has the competence of a LEAD AUDITOR or an AUDITOR can bea Co Teamer.

The role of EXPERT integrates the competency of the audit team relevant to technical area and/or geographicalarea (local legislation, cultural or linguistic/dialect knowledge, etc…).

6. DESCRIPTION OF THE PROCESSES

The main audit programming and conducting of activities for all types of management system certification auditsare described below and apply in the following cases:

• First certification process;• Transfer of certification from another certification body process;• Surveillance or extra process;• Recertification process;• Extension/modification of certification scope process.

Each process is then divided into different phases described below.

The technical areas for all management systems are given in IS-CRT-SYS-00.

6.1. FIRST CERTIFICATION PROCESS6.1.1. STAGE 1 AUDIT PLANNING

INPUT: Audit team defined and client documentation

TL, based on what PR has defined, is responsible for preparing and sending the client THE TRANSMISSIONOF STAGE 1 AUDIT DATE AND PLAN document in sufficient time to allow the client to object to the appointmentof individual members and to re-form the audit team in response to any valid objection.

In the case of stage 1 and stage 2 audits consecutively, the TRANSMISSION OF STAGE 1 + STAGE 2 AUDITDATE AND PLAN document available in ASCESI containing the sentence “stage 2 can only be carried out if nocritical findings are found during stage 1” is to be sent.

OUTPUT: PLAN for stage 1 sent to client

To safeguard the independence of the audit, every member of the team, EXP/AUD/LA, is to inform PR of anyrelationship which exists or has existed in the last two years with the organization subject to audit, prior toaccepting the assignment.



Pag.8/112


Schema Accreditation SectorISO 9001:2008 any anyISO 9001:2015 any any

ISO 9001:2008

It is possible to carry out part of stage 1 in the office and stage1/stage2 audits can be carried out successivelyin the following cases:

• Small size organizations (staff<25);• Organizations with very simple and standard production processes;• From the documents received with the certification request, it can be deduced that a cycle of audits has been completed

and, from the management review, that the system is properly implemented;• The description of the processes and company organization, contained in the manual received with the certification

request, is exhaustive;• The organization has another management system certified by the OdC and therefore is already known.


ISO 9001:2015

The TL, when preparing the audit plan, must take into account the information written in the Self assessmentquestionnaire for first certification.


ISO14001:2004

Before planning stage1 audit TL is responsible for:

• clarifying the boundaries of the EMS scope with PR;• asking PR for whether there are any exclusions; if there are any exclusions, the verification of admissibility shall

be provided during stage 1 audit (ISO14001clause 4.1) as indicated in the ITT-SYS03-EMS-02 "Audit on HSEmanagement systems" available from WISE Contextual Menu and in Lotus Notes DB.

The examination of the EMS documents can be made off-site.

Schema Accreditation SectorISO 14001:2004 ACCREDIA any



Pag.9/112



ISO 14001:2004 - ISO14001:2015_ACCREDIA_ITALY

It is possible to execute Stages 1 and Stage 2 over consecutive days exclusively in case of Organisations withless than 10 employees and with a "low" or "limited" environmental impact.


ISO14001:2015

INPUT: Audit team defined and client documentation

Before planning stage1 audit TL is responsible for: clarifying the boundaries of the EMS scope with PR; askingPR for whether there are any exclusions; if there are any exclusions, the verification of admissibility shall beprovided during stage 1 audit (ISO14001:2015 clause 4.3). The examination of the EMS documents can bemade off-site.

TL is responsible for plannig the initial audit on the basis of the information available in the form SELFASSESSMENT QUESTIONNAIRE FOR CERTIFICATION.

OUTPUT: PLAN for stage 1 sent to client

Schema Accreditation SectorOHSAS 18001:2007 any any

OHSAS 18001:2007

Before planning stage1 audit TL is responsible for:

• clarifying the boundaries of the OHS scope with PR;• asking PR for whether there are any exclusions; if there are any exclusions, the verification of admissibility shall be

provided during stage 1 audit as indicated in the ITT-SYS03-OHS-02 "Audit on HSE management systems" availablefrom WISE Contextual Menu and in Lotus Notes DB.

The examination of the OHS documents can be made off-site.

Schema Accreditation SectorOHSAS 18001:2007 ACCREDIA any

OHSAS 18001:2007_ACCREDIA_ITALY



Pag.10/112


When planning stage1 audit TL is responsible for take into account that:

• it not is possible to execute Stages 1 and 2 over consecutive days;• the time to be spent for checking the competence and awareness of the human resources must be at

least the 15% of the total time on-site. At least 1 hour (for every 8 hours allocated to on-site activities) ofinterviews of staff and representatives of the Interested Parties [RLS and other representatives, if requiredand if prescribed by management];

• evidence of such interviews should be kept as part of the Audit records.


SA 8000:2008

• The certification scope must include all the activities performed at the company sites and the entire production process.• All workers (including home workers, temporary workers, seasonal workers, subsuppliers, etc.) must be considered

and no reductions are allowed.• SA8000 certification is applicable in all countries, excepting Myanmar. For all other Countries it is necessary to verify

if RINA has already issued SA8000 certificates.• In case no SA8000 certificates have been issued by RINA in the country of interest, The Scheme Leader has to be

contacted in order to start preliminary actions: implementation the risk evaluation on a country basis according to therelevant ITT ITT-SYS02-SA8-05 including the Basic Need Wage calculation and stakeholder engagement, like NGOsand Unions.

• Multi-site can be performed but limited to a single country basis. Multi-site certification cannot be performed in thehighest risk countries in the apparel and textile and related industries.

• SA8000 certification is not applicable in the maritime sector.

• Not less then 30% of onsite audit time has to be dedicate on performing interviews. See also the relevant ITT-SYS03-SA8-02 available available from WISE Contextual Menu and in Lotus Notes DB.


SA 8000:2014

• Stage 1 audit plan shall be sent to the client at least two weeks prior to the audit.• The Stage 1 audit shall be performed by the proposed Stage 2 Lead Auditor.

• The Stage 1 audit SHALL be conducted during an on-site visit to the organisation. In the case of micro-enterprises,an on-site Stage 1 audit may not be necessary. In such cases, the justification for not doing an on-site visit SHALLbe recorded in the client file.

• The Stage 1 audit SHALL be normally of one to two audit day duration. If a Stage 1 audit goes beyond the maximumidentified in the audit days table, it's necessary to justify and record why the additional days for Stage 1 audit wasfound to be necessary.



Pag.11/112


• Stage 1 audit times, as identified in the Audit duration table, shall includes also Stage 2 preparation which includesresearch, audit Planning, living wage calculations and stakeholder consultation.

Schema Accreditation SectorEMAS Reg. CE 1221/09 any any

EMAS REG. CE 1221/09

Prima di pianificare l'audit di stage1 TL ha la responsabilità di chiarire con PR riguardo ai seguenti punti:

• richiesta di deroga ai sensi dell'art. 7 (vedere ITT-SYS00-EMAS-01);• presenza di convalida multisite;• presenza di eventuali esclusioni.

Qualora TL rilevasse la presenza di uno dei suddetti argomenti durante l'audit on-site ha la responsabilità ditempestivamente informare PR per le azioni del caso.

L'esame documentale deve sempre comprendere la D.A.

Schema Accreditation SectorEMAS Reg. CE 1221/09 ACCREDIA any

EMAS REG. CE 1221/09_ACCREDIA_ITALY

E' possibile effettuare stage 1 e stage 2 in giornate consecutive solo in caso di Organizzazioni con meno di 10addetti ed in "bassa" o "limitata" complessità ambientale.


ISO 30000:2009

If PR has planned a simplified audit for previous certification for sites already certified according to ISO 14001and BS OHSAS 18001, the audit activity consists in:

• Documental audit off-site

That audit consists of a document review of:

a) preliminary analysis of the site(s) only as regards the changes made in relation to the equivalent documentssubmitted at the time of Environmental and Occupational Health and Safety Management System certification,;



Pag.12/112


b) list of measures taken to ensure compliance with the specific requirements of the ISO 30000 Standard andalso with the rules and laws in force, including the International Convention for the Safe and EnvironmentallySound Recycling of Ships.

The auditor who carries out that documental audit, if necessary, can ask for other documents, in addition tothose indicated above.

Documental audit report is communicated to the Organization and any non conformities found in thedocumentation will have to be remedied by the organization before the certification process can continue.


ISO 39001:2012

Before planning the Stage1 audit, TL shall clarify the boundaries of the scope of the Organisation's ManagementSystem and enquire whether there are any exclusions; since if there are any exclusions, the check of theadmissibility of the same during the Stage1 audit should be provided.

It is not possible to carry out part of stage 1 in the office and stage1/stage2 audits successively.

6.1.2. STAGE 1 AUDIT

INPUT: Audit team defined and PLAN for stage 1 sent to client

The Audit team carries out the stage 1 audit in order to achieve the following objectives:

• audit the client's MS documentation;• evaluate the client's location and site-specific conditions and undertake discussions with the client's

personnel to determine the preparedness for the stage 2 audit;• review the client's status and understanding regarding requirements of the standard, in particular with

respect to the identification of key performance or significant aspects, processes, objectives and operationof the MS;

• collect the necessary information regarding the scope of the MS, processes and location(s) of the client,and related statutory and regulatory aspects and compliance (e.g. quality, environmental, legal aspects ofthe client's operation, associated risks, identified processes and any exclusions etc.);

• confirm the sample of sites to be audited (if applicable);• confirm the level of integration of the MS (if applicable);• review the allocation of resources for the stage 2 audit and agree with the client on the details of the stage

2 audit;• provide a focus for planning the stage 2 audit by gaining a sufficient understanding of the client's MS and

site operations in the context of possible significant aspects;• evaluate whether the internal audits and management review are being planned and performed;• evaluate whether the level of implementation of the MS substantiates the fact that the client is ready for

the stage 2 audit.

The audit team members are responsible for recording the necessary evidence supporting the audit activities.

The stage 1 audit is to be carried out, at least partially, at the client’s premises (ON SITE).

TL is responsible for drawing up the STAGE 1 AUDIT REPORT, choosing between the ON and OFF SITEreports, documenting the stage 1 audit findings and including identification of any areas of concern that couldbe classified as nonconforming during the stage 2 audit.



Pag.13/112


The audit report belongs to RINA. In the case of the ON SITE report, a copy is to be given to the client whilein the case of the OFF SITE report, it is to be sent to the client.

In determining the interval between the stage 1 and stage 2 audits, consideration is to be given to the needsof the client to resolve areas of concern identified during the stage 1 audit. Records of the consideration are tobe given in the STAGE 1 AUDIT REPORT.

Any additional client documentation collected during the stage 1 audit is to be made available to PR.

In the case of multisite certification, details of the sampling are to be agreed with PR. For information, refer tothe MULTISITE ANNEX_MULTISITE.

OUTPUT: STAGE 1 AUDIT REPORT and any additional client documentation made available to PR


ISO 9001:2008

QMS customer’s documents:

• Management System Manual;• List of procedures;• Chamber of Commerce registration/equivalent document;• Management System organisation chart;• Last Management Review;• Internal audit planning;• List of laws and/or rules applicable to the product/service supplied;• List of sites under way with description of activities performed externally.

From an examination of the documents requested, customer status and understanding must be evidentconcerning the requirements of the standard with particular reference to the identification of key performanceor of significant QMS legal aspects, processes, objectives and functioning.

In particular, from the “Management Review” the following are checked:

• whether the internal audits have been performed;• whether suitable measurable indicators have been identified for each QMS process;• whether QMS improvement objectives have been identified.

From a review of the manual, information is collected concerning QMS field of application, suitability of theprocesses identified and of any exclusions from the requirements of the standard.

With regard to the Chamber of Commerce (CC) registration document/equivalent document, the following isclarified:

• the certification scope activities do not need to be perfectly in line with those on the Chamber of Commerce registrationdocument/equivalent document;

• it is necessary to check that any qualifications for particular activities included in the certification scope are on the CCdocument (i.e. plant installers, sanification activities,...)

• for any sites subject to certification not included in the CC document, it is necessary to provide substitutivedocumentation (i.e. lease)



Pag.14/112



ISO 9001:2015

QMS customer’s documents:

• Documented information determining scope, processes and not applicable requirements of the standard;• Last Management Review;• Self assessment questionnaire for first certification;• Internal audit programme;• Chamber of Commerce registration/equivalent document;• List of laws and/or rules applicable to the product/service supplied;• List of sites under way with description of activities performed externally, if applicable.

From an examination of the documents requested, customer status and understanding must be evidentconcerning the requirements of the standard with particular reference to the identification of key performanceor of significant QMS legal aspects, processes, objectives and functioning.

With regard to the Chamber of Commerce (CC) registration document/equivalent document, the following isclarified:

• the certification scope activities do not need to be perfectly in line with those on the Chamber of Commerce registrationdocument/equivalent document;

• it is necessary to check that any qualifications for particular activities included in the certification scope are on the CCdocument (i.e. plant installers, sanification activities,...);

• for any sites subject to certification not included in the CC document, it is necessary to provide substitutivedocumentation (i.e. lease).


ISO 14001:2004

The audit team members have to follow what is indicated in the ITT ITT-SYS03-EMS-02 "Audit on HSEManagement systems" available from WISE Contextual Menu and in Lotus Notes DB.

In case of work shifts, TL is responsible for recording the justification in the last page of the audit report for notperforming the audit for each work shift.

The document "List of the applicable legal rules in the environmental field" (FORM-SYS01-EMS-01) orequivalent document must be annexed to the audit documentation duly filled in by the Organisation.



Pag.15/112



ISO14001:2015

Client's EMS documentation is:

• Documented information determining scope, processes and activities;• Last Management Review;• Self assessment questionnaire for first certification;• Internal audit programme;• Chamber of Commerce registration/equivalent document;• List of the applicable legal rules in the environmental field" (FORM-SYS01-EMS-01) or equivalent document duly filled

in by the Organisation;• List of sites under way with description of activities performed externally, if applicable.

The document "List of the applicable legal rules in the environmental field" (FORM-SYS01-EMS-01) orequivalent document must be annexed to the audit documentation.



OHSAS 18001:2007

The audit team members have to follow what is indicated in the ITT ITT-SYS03-OHS-02 "Audit on HSEManagement systems" available from WISE Contextual Menu and in Lotus Notes DB.

The document "List of the laws applicable to OHS aspects " (FORM-SYS01-OHS-01) or equivalent documentmust be annexed to the audit documentation duly filled in by the Organisation.

Schema Accreditation SectorSA 8000:2008 any any

SA 8000:2008

• Not less then 30% of onsite audit time has to be dedicate on performing interviews. See also the relevant ITT-SYS03-SA8-02.

• Refer to the document ITT-SYS03-SA8-03 for details on H&S requirements to be verified.• Updated information for the specific Country relevant to BNW, stakeholder engagement and other significant input

usefull in planning and auditing activity of the management system have to be taken into account, with reference toITT-SYS02-SA8-05.



Pag.16/112


All documents are available from WISE Contextual Menu and in Lotus Notes DB.


SA 8000:2014

• The following steps shall be part of the Stage 1 audit:1. Overview Tour (Including Canteen, Dormitory, Clinic, and Crèche, as appropriate)2. Meeting with Workers Representative(s)3. Meeting with Management to Confirm Understanding of SA8000, Confirm scope, Review Answers to Pre- Audit

Questionnaire4. Confirmation of Subcontract Labor on Site (Such As Cleaners, Canteen Staff, Refuse Collectors, Clinic Nurses

And Doctors, Dormitory And Security Guards)5. Availability of Documents6. Review of Management System Documentation Including Management Review And Internal Audits7. Confirm Stage 2 Audit Plan And Logistics for Audit




• Auditors shall conduct local intelligence gathering and stakeholder engagement while on-site or in a specific area foraudits. This may include checking with the local community in the early morning of the Stage 1 audit and/or in theevening between audit days and at the time of an unannounced audit.

Schema Accreditation SectorISO/TS 16949:2009 any any

ISO/TS 16949:2009

During the stage 1 audit, the appointed audit team checks that the documentation complies with the requirementsof the reference automotive scheme and the RINA rules for the specific activity requested in the QI and thecertification application.

From an examination of the documents requested, customer status and understanding must be evidentconcerning the requirements of the standard with particular reference to the identification of key performanceor of significant QMS aspects, processes, objectives and functioning.

If the documentation is not compliant, the Organisation is requested to modify it before the stage 2 audit isperformed.

The outcome of the stage 1 audit must be notified to the Organisation. The documents must be approved beforethe stage 2 audit is performed.



Pag.17/112


For the ISO/TS 16949 scheme the suitability of the document must be done, using as reference the appropriatechecklist TSVERDOC (contained in the collection SYS03-FORM-AUT-01 available from WISE ContextualMenu, Lotus Notes DB and ASCESI).

In the case of absence of at least 12 mounths process performance monitoring and automotive production, youcan proceed with the certification process, but the end will be issued a letter of conformance with annual validity.

Schema Accreditation SectorISO 3834-2,3,4:2005 any any

ISO 3834-2,3,4:2005

During the Stage 1 audit, which may be performed on or off site, the following documents are to be examined:

• technical review of the most important ongoing order;• welder and welding operator qualifications, processes and NDT operators;• documentation to support appointment of the Welding Coordinator (any certificates, CV with details of experience in

welding activities, appointment with reference to the ISO 14731 Standard);• list of applicable standards;• evidence of technically equivalent conditions if different requirements to those indicated in ISO 3834-5 are adopted;• chamber of commerce registration or equivalent document;• organisation chart with names.


EMAS Reg. CE 1221/09

Per l'esame della D.A., processo di convalida e relativo mantenitmento si veda l’instruction to technicians” ITT-SYS00-EMAS-01".

Per la conduzione degli audit sul sistema di gestione ambientale fare riferimento alla ITT "Conduzione di auditsu sistemi di gestione".

Per l'esame del manuale, dell’analisi ambientali iniziale e dell’elenco degli adempimenti ambientali applicabili eper l'audit on-site possono essere utilizzate come riferimento la pertinente modulistica di cui ai forms SYS-03-EMS (check-list SGA, check-list leggi EMS, linee guida ambientali di settore).

Schema Accreditation SectorFSSC 22000 any any

ISO 22000:2005 any any

ISO 22000:2005 | FSSC 22000



Pag.18/112


The stage 1 audit is always to be carried out at the client’s premises (ON SITE).

TL is responsible for drawing up the STAGE 1 AUDIT REPORT, documenting the stage 1 audit findings andincluding identification of any areas of concern that could be classified as nonconformity during the stage 2 audit.


FSSC 22000 any any

ISO 22000:2005 | FSSC 22000

Audit team has to carry out the stage 1 audit in order to achieve the following objectives:

• Check that the FSMS documentation, including procedures, complies with the standard and covers all its requirements,in particular that it is consistent with the Organisation's Food Safety Policy, that arrangements are in place tocommunicate internally and with relevant suppliers and customers interested parties, the review procedure ensuresthat the information required to allow the management to assess the system has been completed;

• Evaluate as the information about the identification of the hazard related to the sector, the hazard analysis,the selection and categorization of control measures, the HACCP plan and PRPs are consistent with policyand objectives with special reference to:1. appropriateness of identified PRPs;2. appropriateness of processes and methods used for hazard analysis and subsequent selection and

categorization of control measures;3. the status of application of food safety legislation for the relevant sector;4. the application of validation, verification and improvement programmes.

NOTE Where an organization has implemented an externally developed combination of control measures theStage 1 audit shall review the documentation included in the FSMS to determine if the combination of controlmeasures is suitable to the organization, was developed in compliance with the requirements of ISO 22000and current.

• Audit a complete cycle of internal audits extended to all sites; check that internal auditing procedures make referenceto the fact that all sites shall be internally audited within the 3 years of certification;

• Audit if the management review/s are being conducted in conformity to std requirements;• Perform site inspections in order to obtain an overall picture of the activities and food safety issues of the

Organisation, to determine the preparedness for the stage 2 audit;• Check that the FSMS is applied to all the activities for which certification has been requested in order to

correctly identify the scope of certification;• Review the allocation of resources for stage 2 audit and agree with the client on the details of the stage

2 audit.

The Audit Team must always wright in the report comments and detailed information about the control measuresapplied (PRPs, OpPRPs, CPs e CCPs).


ISO/IEC 27001:2013



Pag.19/112


The Audit team carries out in particular the ISMS stage 1 audit in order to achieve the sufficient understandingof the design of the ISMS in the context of the client's organisation, risk assessment and treatment, informationsecurity policy and objectives and to collect the necessary information of the scope of ISMS to confirm thecompliance to Clause 4.3 of ISO/IEC 27001.

The scope and boundaries of the ISMS of the client must be clearly defined based on the identified internaland external issues and needs and expectations from interested parties. The scope definition must consider theinterfaces and dependencies between activities performed by the organization and those that are performed byother organizations. The client’s information security risk assessment and risk treatment must properly reflect itsactivities and extends to the boundaries of its activities as defined in the ISMS standard ISO/IEC 27001 and thescope of ISMS and Statement of Applicability (singular per scope of certification) must confirm this. Interfaceswith services or activities that are not completely within the scope of the ISMS must be addressed within theISMS subject to certification and must include in the client's information security risk assessment. An exampleof such a situation is the sharing of facilities (e.g. IT systems, databases and telecommunication systems or theoutsourcing of a business function) with other organizations.


ISO/IEC 27001:2013

TL is responsible for drawing up the STAGE 1 AUDIT REPORT, choosing between the ON and OFF SITEreports, documenting the stage 1 audit findings and including identification of any areas of concern that couldbe classified as nonconforming during the stage 2 audit. The REPORT is to include referce to the followingdocuments:

• Scope of the ISMS;• Risk assessment report;• Risk treatment plan;• Statement of Applicability;• Results of internal audits;• Results of the management review.


ISO/IEC 20000-1:2011

The Audit team carries out in particular the SMS stage 1 audit in order to achieve the sufficient understandingof the design of the SMS in the context of the client's organisation, of the risks to services assessment andmanagement, of the policy and objectives, of the client's preparedness for the audit of STAGE 2 and to collect thenecessary information of the scope of SMS. The scope of the certification requested is to be defined consideringISO/IEC 20000-3 Guidance on scope definition and applicability of ISO/IEC 20000-1 requirements.



Pag.20/112



ISO/IEC 20000-1:2011

TL is responsible for drawing up the STAGE 1 AUDIT REPORT, choosing between the ON and OFF SITEreports, documenting the stage 1 audit findings and including identification of any areas of concern that couldbe classified as nonconforming during the stage 2 audit. The REPORT is to include reference to the followingdocuments:

• Scope of the SMS;• Service Catalogue;• Results of internal audits;• Results of the management review.


ISO/IEC 20000-1:2011 any anyISO 22301:2012 any any

ISO/IEC 27001:2013 | ISO/IEC 20000-1:2011 | ISO 22301:2012

The specific audit can be combined with audits of other management systems. This combination is possible onlyin case it can be demonstrated that the specific audit satisfies all requirements for certification of the specificscheme. All the elements important to the specific scheme are to appear clearly and be readily identifiable in theaudit reports. The quality of the specific audit is not to be adversely affected by the combination of the audits.

MS documentation can be combined as long as the specific MS can be clearly identified together with theappropriate interfaces to the other MSs.



AR is responsible for checking that the information in the QI received from the applicant organisation is completeand adequate. In particular AR is also responsible for:

• checking the scope of the certification requested considering the APMG requirements and guidelines for scopestatements - version 1.2.



Pag.21/112



ISO 22301:2012

The stage 1 audit is to be carried out at the client’s premises (ON SITE).

The risk assessment, Business Impact Analysis (BIS), training program of the personnel and the results of theexercising and testing activities have to be assessed. Such assessments have also to take into account theperformance, reliability and exposure to specific risks of suppliers and outsourcers.

The compliance to relevant laws and regulations and the management of external documentation has to beassessed.

Exclusions of requirements are not allowed.

TL is responsible for drawing up the STAGE 1 AUDIT REPORT, choosing the ON reports (OFF site Audit arenot allowed), documenting the stage 1 audit findings and including identification of any areas of concern thatcould be classified as nonconforming during the stage 2 audit. The REPORT is to include referce to the followingdocuments:

• Scope of the BCMS;• Risk assessment report;• Business Impact Analysis;• Results of internal audits;• Results of the management review.


ISO 20121:2012

When carrying out stage 1 audit, Audit team also has to take into account the following:

• when collecting the necessary information regarding statutory and regulatory aspects and compliance (e.g. quality,environmental, legal aspects of the client's operation, associated risks, identified processes and any exclusions etc.),particular attention shall be paid to the legal requirements of the events (e.g. permissions, copyright and SIAE, awardsand royalty);

• for confirming the level of integration of the MS, photographic evidence of the essential requirements andpress release related to the events verified can be used as evidence , in accordance with the privacyrequirements;

• for CATEGORY A) with identification on the certificate of one or more events there is the need to confirmthat the event to be included in the certificate is actually certifiable.



Pag.22/112



ISO 50001:2011


• Evaluate that the documentation, including procedures, covers all the requirements of the standard and is compliantto them (in particular: there is a consistency with the Energy Policy adopted, is correctly placed the energy/s program/s, the review procedure appears adequate to ensure that the necessary information is collected to allow managementto carry out the audit of the system);

• Assess a full cycle of internal audits extended to all sites, examining programming and reports;• Ensure that an initial energy analysis has been conducted and documented (Energy review);• Evaluate the applicability and compliance with legislative requirements relating to the scope of energy management

and the eventual signing of additional voluntary requirements;• Carry out field surveys to get an overall picture of the activities, processes, facilities to evaluate the correctness of

the certification purpose and scope;• Verify the accuracy of the boundaries of the organization;• Check the completeness of the identified sources of energy within the established boundaries;• Check the correctness of the flows of energy tracked and identified;• Ensure the inclusion of all processes, activities, facilities within the initial energy-efficiency analysis.

OUTPUT: In addition to the Stage 1 Audit Report is to be issued the legislative check list in first state compilation.


ISO 13485:2012


• for organizations whose MD are to be traded in EU markets the client's MS documentation is to include the TechnicalFile, with the following remarks:• if the organization is the manufacturer, the GVI will deduce the necessary information about the production

processes;• if the organization is responsible for the “placing on the market”, the GVI will verify the presence of the required

competences for the management of the activities described in the TF and related to the same organization;• for organizations producing MD whose intended trade is for non EU countries, the client's MS documentation is to

include a document that can be assimilated to the TF and in compliance with the standard;• presence of the documented procedures required by the reference standard, except those procedures referred to the

items excluded. The Quality Manual shall report the references to these procedures.• the organization’s documented evidence of the performance of risk management activities (risk analysis, assessment

and control; assessment of residual risk and post-production feedback), according to UNI CEI EN ISO 14971.



Pag.23/112



ISO 39001:2012

During stage 1, as a minimum, the documented information as per the ISO 39001 Standard, is to be taken asreference

Schema Accreditation SectorEN 9100:2009_EN

9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009

The Stage 1 audit must be performed on site before the Stage 2 audit. As regards EN9120 certification only, theStage 1 audit may be performed offsite depending on the organisation’s complexity, size and critical aspects.

In the case of multiple site, complex, campus and several site organisations, the Stage 1 audit will be carriedout at the site identified as the headquarters and at a significant number of sites, including the sites which differin terms of both technology and activities.

In particular, during the Stage 1 audit the audit team must check whether the organisation has analysed thecritical nature of the product and the job, as well as of the relative processes, activities and/or productionprocesses that can affect full product conformity (these preventive risk assessments should follow the methodproposed by EN 9134, but not only, FMEA methodology and the ISHIKAWA method can be used as reference).This approach makes it possible to identify the possible dangers deriving from anomalies and define the mostappropriate control system, on the basis of the potential effect of these anomalies on safety, reliability andairworthiness requirements, and of the potential or measured frequency of occurrence. The relative operativecontrols, including audit activities, technical and instrumental checks, as well as the relative registrations,required to manage risk factors must be defined on the basis of this analysis.

During the Stage 1 audit the auditor will be required to provide evidence of having assessed the presence andeffectiveness of the support processes and procedures. In particular, the auditor must check that the organisationhas:

• defined the certification scope;• suitably justified any exclusions from the Standard;• defined the sites subject to certification and the duties within them;• defined the interaction between the headquarters and the remote sites;• measured the trend of the performance indicators of the processes and products/services in the 12 months

prior to the audit (in particular as regards the On Quality Delivery and On Time Delivery);• established a list of key clients in the aerospace sector, identifying their percentage of turnover compared

to their total turnover;• performed a customer satisfaction analysis;• defined in the manual a list of processes (with related interactions and sequences) and procedures;• performed a management review in compliance with the EN 9100/EN 9110/EN 9120 Standards in the

current year;• carried out a complete cycle of internal audits in compliance with the EN9100/9110/9120 Standards

covering all regulatory requirements and the processes defined by the organisation;• taken into account the rules, standards and technical specifications of the aerospace sector and of the

client;• correctly interpreted and applied the specific requirements for the aerospace sector (procedure for

the management of FOD, SUPs, FAI, configuration management, definition and management of KeyCharacteristics, Human Factor);



Pag.24/112


• established, implemented and maintained active a risk management process related to attaining theapplicable requirements (Risk Management).

At the end of the Stage 1 audit, the Stage 1 report must be compiled and given to the company (EN 9100-00-A-Stage 1).

Any observations made during the Stage 1 audit must be dealt with by the organisation before the Stage 2audit commences.

The following findings are to be considered critical and the certification process may continue with the Stage 2audit only after the organisation has taken suitable action:

• no complete cycle of audits in compliance with the reference standard for the audit;• no management review in compliance with the reference standard for the audit or management review

which does not take into consideration the main input and output established by the Standards;• trend of the performance indicators of the processes and products/services in the 12 months prior to the

audit not measured;• manual which does not describe the company processes and does not define the exclusions and related

justifications;• no analysis or implementation of the rules, standards and technical specifications of the aerospace sector

and of the client;• no implementation of a risk management process;• non implementation of the specific requirements for the aerospace sector such as FOD, FAI SUPs, etc.).

If critical findings are identified, the outcome of the Stage 1 audit will only be considered positive after the actionsimplemented by the organisation have been checked and thus the Stage 2 audit can be undertaken.

If, during Stage 1, partial implementation of the issues listed above is found, the outcome of Stage 1 may beconsidered positive but the findings identified must be classified as non critical. Also these findings will haveto be resolved before the start of the Stage 2 audit (implementation of corrective action can be checked at thebeginning of the Stage 2 audit or beforehand).

In any case, the Stage 2 audit cannot begin until the Stage 1 audit has been successfully completed.

If the audit outcome is negative, due to the fact that during the Stage 1 audit a considerable number of criticalfindings were identified or that the organisation has not resolved the findings before the beginning of the Stage 2audit, the certification process is suspended and the organisation will have to resubmit a request for certification.


ISO 29990:2011

Any additional client documentation collected during the stage 1 audit is to be made available to PR and to theaudit team, in particular for this scheme are the following documents:

• Management System Manual (extract),• List of procedures,• Business Plan,• Chamber of Commerce registration/equivalent document,• Management System organization chart,• List of fixed and temporary providing courses offices,• List of planned courses.



Pag.25/112


6.1.3. STAGE 2 AUDIT PLANNING

INPUT: Outcome of stage 1 and any client documents

TL is responsible for defining, preparing and sending the client the AUDIT PLAN, checking that:

• all the processes, activities and/or services provided by the client and the permanent sites where the activities arecarried out are clearly identified, with a sufficient degree of detail;

• in the case of external work and/or operational yards, the activities and locations subject to audit are clearlyindicated;

• processes/activities/services are assessed by the auditor competent in the pertinent technical area;• the functions involved are indicated;• any shifts are indicated;• adequate time is foreseen for the performance of the different activities;• the activities are clearly assigned among the team members.

For this purpose, it is necessary to complete the following document in ASCESI:

• AUDIT PLAN DISPATCH and AUDIT PLAN.

The names and roles of the audit team members are to be communicated to the organization in sufficient timeto allow the client to object to the appointment of any particular member and to reconstitute the audit team inresponse to any valid objection.

If an external activity and/or an activity at a client’s premises is included in the certification scope, this activityis to be verified (i.e. cleaning companies, guards, waste collection, transport of goods, construction yards,management of canteens, management of social-health-assistance services, etc.).

In the case of multisite certification, details of the sampling are to be agreed with PR. For information, refer tothe MULTISITE ANNEX_MULTISITE requirements.

For information for the correct input of data in ASCESI, refer to ASCESI QUICK GUIDE.

OUTPUT: PLAN and COMMUNICATION to the client for stage 2



ISO 14001:2004 -ISO 14001:2015


• all applicable environmental aspects of the Organisation are clearly identified, with a sufficient degree of detail

NOTE: The stage 2 audit is to be carried out within 6 months of the end of the stage 1 audit.

After that date, the stage 1 audit will have to be repeated and only in special cases may the limit be extendedto 12 months; in this case, PR is to add a specific note in this connection in ASCESI.



Pag.26/112




When planning stage2 audit TL is responsible for take into account that:

• the time to be spent for checking the competence and awareness of the human resources must be at least the 15%of the total time on-site. At least 1 hour (for every 8 hours allocated to on-site activities) of interviews of staff andrepresentatives of the Interested Parties [RLS and other representatives, if required and if prescribed by management];

• it is compulsory to check the night workshift.


OHSAS 18001:2007


• all applicable risks of the Organisation are clearly identified, with a sufficient degree of detail




SA 8000:2008

• The audit team as a whole must have knowledge of local legislation at both stages (registered in NEWAGE as LOCAL"Code of the Country" - i.e. For Italy LOCAL ITA, for Brazil LOCAL BRA, etc...)

• Updated information for the specific Country relevant to BNW, stakeholder engagement and other significant inputusefull in planning and auditing activity of the management system have to be taken into account, with reference toITT-SYS02-SA8-05, available from WISE Contextual Menu and in Lotus Notes DB.

• The audit plan shall address all elements of the standard at each location and during all shifts. However, in casesof small companies where only one or two audit days apply, the auditing of all shifts may be covered in surveillanceaudits during the 3 year period.

• The plann shall be developed in light of information gathered from the stakeholder consultation conducted



Pag.27/112



SA 8000:2014


• The plan shall be developed in light of information gathered from the stakeholder consultation conducted and shalltake into consideration the updated information for the specific Country, relevant to BNW, stakeholder engagementand other significant input usefull in planning and auditing activity, with reference to ITT-SYS02-SA8-05, available fromWISE Contextual Menu and in Lotus Notes DB.

• The entire management system and associated performance elements for SA8000 SHALL be assessed at everycertification (Stage 2 site audit) and recertification.

The following steps shall be usually part of the Stage 2 audit:

1. Opening Meeting2. Quick Overview Tour - including canteen, dormitory, clinic and crèche as appropriate3. Confirmation of records required for interviews4. Management Interviews5. Management System Elements Review (including: Policies, Procedures and Records, Social Performance

Team, Identification and Assessment of Risks, Monitoring, Internal Involvement and Communication, ComplaintsManagement and Resolution, External Verification and Stakeholder Engagement, Corrective and Preventive Actions,Training and Capacity Building, Management of Suppliers and Contractors.)

6. Workers Representative Interview & Social Performance Team Interviews7. Health & Safety & Working Conditions Tour - including in situ worker interviews and selection of production records8. Subcontractor Interviews such as - cleaners, canteen staff, clinic nurses, doctors, dormitory managers and security

guard9. Employee Interviews - including staff, junior managers, first aiders, emergency response team members10. Worker Interviews11. Document & Record Review - Working Hours, Payroll, Living Wage, Cost Accounting12. Pre-Closing Meeting Preparation13. Closing Meeting

AUDITING OF SHIFTS

• The initial certification (Stage 2) and recertification audits SHALL include the auditing of all shifts (crews) The attchedtable 1 indicates the time of day and audit effort when at least one member of the audit team should audit the appropriateshift. Audits of night shifts SHALL include a focus on worker interviews and health and safety issues.

• To enable an efficient audit at a site with multiple shifts, the auditor is authorized to shorten the daytime hours in anaudit in order to perform the remaining hours for the audit during the night shift. The auditor shall not audit eight hoursduring the day and also audit during the night shift.

Table 1 - Shift pattern Audit EffortShift Type Nominal Working Hours When to Audit

Morning 06.00 to 14.00 During Normal Audit Day Of 09.00-17.00

Afternoon 14.00 to 22.00 During Shortened Audit Day & 3 Hours of

19.00-22.00

Night 22.00 to 06.00 During Shortened Day & 3 Hours of 00.00-03.00

Twi-light 17.00 to 21.00 During Shortened Audit Day & 3 Hours of

18.00-21.00

Day 1 06.00-16.00 During Normal Audit Day Of 09.00-17.00





Pag.28/112



ISO/TS 16949:2009

TL is responsible for each audit plan to:

• identify a minimum of one (1) hour on site, prior to the opening meeting, for verification of changes to current customerand internal performance data, including a review of current online customer reports and/or customer scorecards. Theaudit team shall adjust the audit plan based upon any new information collected, if required. This one (1) hour is inaddition to the specified audit days and is not entered into the IATF database;

• identify the name of client processes to be audited;• identify when the interactions with remote support functions will be audited;• identify the specific name of each manufacturing process to be audited and the shift;• identify when onsite reviews of corrective actions arising from previous audits will be verified;• identify the verification of all manufacturing processes on all shifts.

For Multisite organizations must be produced 1 audit plan for each organization site.



TL ha la responsabilità di definire, preparare e inviare al cliente il PIANO DI AUDIT, controllando che:

• Tutti gli aspetti ambientali applicabili all’Organizzazione siano chiarimenti identificati con un sufficiente grado didettaglio.

NOTA:

L'audit di stage 2 deve essere effettuato entro un termine massimo di 6 mesi dalla conclusione dell'audit distage 1.

Oltre tale data l'audit di stage 1 dovrà essere ripetuto e solo per casi particolari si potrà valutare di estenderetale limite a 12 mesi; in questo caso PR dovrà apporre specifica nota al riguardo in ASCESI.


FSSC 22000 any any

ISO 22000:2005 | FSSC 22000

The TL is responsible for planning the audit day, time and season taking into consideration that the audit teamhas to audit the organization operating on a representative number of product lines, categories and sectors



Pag.29/112


covered by the scope and to control that processes/activities/services are performed by the competent auditorin the specific sector.

The interval between stage 1 and stage 2 audits cannot be longer that 6 months, if this happen, the stage 1audit shall be repeated.


ISO 50001:2011

NOTE: Only in cases where the EnMS scope also includes an outside activity and/or at a customer site forwhich the power consumption is directly attributed to the Organization subject to verification, this activity mustbe verified.




ISO 13485:2012




ISO 30000:2009

If PR has planned a simplified audit for previous certification for sites already certified according to ISO 14001and BS OHSAS 18001, the audit activity consists in:

• Stage 2 audit on-site

That audit on site(s) is carried out to check compliance with all the additional requirements compared to thosecontained in the ISO 14001 and BS OHSAS 18001 Standards. In particular, it is checked that all the integrativeelements contained in the ISO 30000 Standard and in the International Convention for Ship Recycling havebeen taken into account and properly implemented. The audit essentially consists of:



Pag.30/112


- an inspection of the organisation’s site(s) to check the special points of the scheme. During this inspection,checks will be made of the plants and interviews held with the personnel of the organisation involved in theManagement System of Ship Recycling activities,

- verification of the management of the flow of waste produced (including storage, transport and disposal) andof the management of all hazardous materials and/or substances used.


TL also has to check that:

• processes/activities/services are assessed by the auditor competent in the pertinent geographical area of competence(as identified on NEWAGE LOCAL "Country code" - ES. for Italy LOCAL ITA , LOCAL BRA for Brazil, etc ...);

• processes/activities/services are assessed by the auditor competent in the EA sector of the organizationactivities associated to the asset or group of assets included in the scope.

6.1.4. STAGE 2 AUDIT

INPUT: STAGE 1 AUDIT REPORT and STAGE 2 AUDIT PLAN

The purpose of the stage 2 audit is to assess the implementation, including effectiveness, of the client’s MSaccording to the reference standard, the applicable RINA Rules and the client’s MS documents. The stage 2audit, carried out by the Audit Team members according to the AUDIT PLAN, is to take place at the client’ssite(s) and include at least the following:

• information and evidence about compliance with all the requirements of the applicable MS standard or other regulatorydocument;

• performance monitoring, measuring, reporting and reviewing, against key performance objectives andtargets (consistent with the expectations in the applicable MS standard or other regulatory document);

• the client’s MS and performance in relation to compliance with legal requirements;• operational control of the client's processes;• internal audits and management review;• management responsibility for the client’s policies;• the links between the regulatory requirements, policy, objectives and targets of performance (consistent

with the expectations of the applicable MS standard or with other regulatory document), any applicablelegal requirements, responsibilities, competency of the personnel, operations, procedures, performancedata and internal audit findings and conclusions.


The audit team is to analyse all information and audit evidence gathered during the stage 1 and stage 2 auditsto review the audit findings and agree on the audit conclusions.

TL is responsible for:

• drawing up the STAGE 2 AUDIT REPORT in ASCESI;• preparing the stage 2 audit documentation, including the PVP and making it available to PR, taking into

account that the certification proposal is to be submitted to the DM by PR within three months from thedate of the end of the last audit.



Pag.31/112


The audit report belongs to RINA. A copy is to be given to the client.

OUTPUT: STAGE 2 AUDIT REPORT made available to PR


ISO 9001:2008

As regards legally-binding requirements, the GVI must limit the audit to legally-binding requirements applicableto the products and services covered in the field of application of the certificate.

If it is found that requirements not directly connected with the products and services are not observed (e.g.:staff safety requirements) the Team Leader must report such breaches to the audited Organisation and officiallyinform RINA.

In the case of shifts, if the audit of each shift is not performed, justification is to be given on the last page ofthe audit report.


ISO 9001:2008

It is necessary to ask the organization for a copy of the extract of manual with field of application, list of processes,justification of exclusions to be given to the PR.


ISO 9001:2015

It is necessary to ask the customer for a copy of the document which must provide:

• description of QMS scope including all products and services covered by it;• justification of any requirements of the standard deemed to be not applicable to the QMS scope;• processes.



Pag.32/112



ISO 14001:2004




Schema Accreditation SectorISO 14001:2004 ACCREDIA .

ISO 14001:2004_ACCREDIA_ITALY_36

In case of EMS audit in Italian public administration, the audit team members have to follow what is indicatedin UNI/TR 11405 – Application of UNI EN ISO 14001 in Public Administration available from WISE ContextualMenu and in Lotus Notes DB.


ISO14001:2015


The document "List of the applicable legal rules in the environmental field" (FORM-SYS01-EMS-01) orequivalent document must be annexed to the audit documentation duly filled in by the Organisation.


OHSAS 18001:2007



Pag.33/112




The document "List of the laws applicable to OHS aspects " or equivalent document must be annexed to theaudit documentation.



In case of nightshift, this shall always be checked during the on-site audit; hence it shall be inserted in the auditplan and evidence of the check recorded in the audit report.


SA 8000:2008

• At least 30% of the time has to be spent in interviews, single and group.• It's necessary to audit each shift and interview workers of each shift as per audit plan and as per three year audits• The audit report annex FORM-SYS03-SA8-03 must be filled in at each audit.• FORM-SYS03-SA8-02, check list on SA8000 requirements, can be used as supporting tool for audit performing.

The following documentation has to be retrieved onsite by the Lead Auditor:

1. CHAMBER OF COMMERCE CERTIFICATE OR EQUIVALENT DOCUMENT2. ORGANIZATIONAL CHART WITH NAMES3. POLICY4. MANUAL FIRTS PAGE5. LIST OF PROCEDURES6. SUPPLIERS CONTROL PLAN7. BNW CALCULATION8. RISK ASSESSMENT

The surveillance audit programme for SA8000 is semi-annual. It is recommended that the audits be programmedat 6-12-18-24-30-33 months from the completion of the initial or last recertification audit. The second surveillancemust be carried out in a unannounced way, in the period 10-14 months, in agreement with the relevant ITT-SYS03-SA8-01 . All documents are available from WISE contextual menu and in Lotus Notes DB.



Pag.34/112



SA 8000:2014

• The audit report annex FORM-SYS03-SA8-03 must be filled in at each audit.• FORM-SYS03-SA8-02, check list on SA8000 requirements, can be used as supporting tool for audit performing.• For a complete list of documents to be retrieved onsite, it's necessary to refer to ITT-SYS04-ALL-01• For a complete guidance on the conduction of the audit it's necessary to refer to ITT-SYS03-SA8-06. The guidance

provides details on the overview tour, H&S tour, pictures to be retrieved onsite, documents to be checked and collected,workers to be interviewed.

All documents are available from WISE contextual menu and in Lotus Notes DB.


SA 8000:2008_INDIA

In addition to common and specific SA 8000 requirements, during each audit it's also necessary to takephotographs to be kept as evidences. Photos shall include as minimum but shall be not limited to the followingelements:

• SA8000 posters• Organisation premises/building• Work floor(s)• Dormitory• Canteen• Chemichal storage Area• Personal Protective Equipment• FireFighting Equipment• Evacuation Exits• Evacuation drills• Evacuation plan• Warehouse• Supporting facilities (e.g. sewage treatment, boiler, generator)• Attendance record system• Work in progress• H&S non-compliance• Best practices

Photographs shall not include those of proprietary processes or individual workers. If the client organisationrefuses permission to take photographs this shall be clearly stated in the audit report.

All the pictures shall be attached in Ascesi together with all required documents as per ITT-SYS04-ALL-01available on Wise contextual menu and in Lotus notes DB.



Pag.35/112



ISO/TS 16949:2009

The audit team checks that the customer's QMS complies with the requirements of the specific referenceautomotive scheme and the RINA Rules for the specific activity applied for on the QI and on the applicationfor certification.

For audit method and reports compilation refer to the specific ITT-SYS-03-AUT-01.


ISO 3834-2,3,4:2005

It is necessary to ask the organization for a copy of the documentation to support appointment of the WeldingCoordinator (any certificates, CV with details of experience in welding activities, appointment with reference tothe ISO 14731 Standard), to be given to the PR.



Il team di audit deve attenersi a quanto indicato nella ITT-SYS03-EMS-02 "Audit su sistemi di gestione HSE"disponibile nel menù contestuale di WISE o nel database di Lotus Notes.

In caso di turni, TL ha la responsabilità di registrare eventualmente sull’ultima pagina del rapporto di audit lagiustificazione della mancata effettuazione dell’audit su ciascun turno.

Deve essere allegato alla documentazione di audit il documento "Elenco delle prescrizioni legali applicabili incampo ambientale" o documento equivalente compilato dal Cliente.

Per l'esame della D.A., processo di convalida e relativo mantenitmento si veda mantenitmento si vedal’instruction to technicians” ITT-SYS00-EMAS-01"; tenendo presente che al momento della decisione da partedel DM l'aggiornamento dei dati non dovrà essere più vecchio di 6 mesi.





Pag.36/112


Schema Accreditation SectorEMAS Reg. CE 1221/09 ACCREDIA .

EMAS Reg. CE 1221/09_ACCREDIA_36_ITALY

In caso di EMS audit su Pubbliche amministrazioni italiane, il team di audit deve seguire quanto indicato nell’UNI/TR 11405 – "Indicazioni relative all’applicazione della UNI EN ISO 14001 in Italia, formulata a partire dalle criticitàemerse e dalle esperienze pratiche" disponibile sul menù contestuale di WISE o nel database di Lotus Notes.


FSSC 22000 any any

ISO 22000:2005 | FSSC 22000

Any part of the FSMS that is audited during the stage 1 audit and determined to be fully implemented, effective,and in conformity with requirements, may not need to be re-audited during the stage 2 audit.

The audit team has to ensure that the already audited parts of the FSMS continue to conform to the certificationrequirements that’s way the stage 2 audit report shall include the evidence that all the requirements of thereference standard have been checked.

The aim of a stage 2 audit is to make an extensive and detailed check that the definition and implementationof the FSMS of the Organisation that performs a specific activity comply with the requirements of the standardand that this System is totally operative. The stage 2 audit shall take place at the site(s) of the client. It shallinclude at least the following:

1. information and evidence about conformity to all requirements of the applicable FSMS standard and other normativedocument (if applicable eg. ISO/TS22002-1 or ISO/TS22002-4 and additional requisites in case of FSSC22000);

2. performance monitoring, measuring, reporting and reviewing against key performance objectives ;3. the organisation FSMS and performance as regards legal compliance;4. operational control of the organisation processes;5. internal auditing and management review;6. Management responsibility for the client's policies;7. links between the normative requirements, policy, performance objectives and targets, any applicable legal

requirements, responsibilities, competence of personnel, operations, procedures, performance data andinternal audit findings and conclusions.

The Audit Team must always wright in the report comments and detailed informations about the evaluationdone for:

• the control measures applied (PRPs, OpPRPs, CPs e CCPs);• the track and traceability tests with mass balance verification done during the audit;• any ongoing requirements and/or proceedings by official/public control authorities.



Pag.37/112



ISO/IEC 27001:2013

The stage 2 audit in particular is to be focused on client organization's:

• top management leadership and commitment to information security policy and the information security objectives;• documentation requirements listed in ISO/IEC 27001;• assessment of information security related risks and that the assessments produce consistent, valid and comparable

results if repeated;• determination of control objectives and controls based on the information security risk assessment and risk treatment

processes;• information security performance and the effectiveness of the ISMS, evaluating against the information security

objectives;• correspondence between the determined controls, the Statement of Applicability and the results of the information

security risk assessment and risk treatment process and the information security policy and objectives;• implementation of controls, taking into account the organization's monitoring, measurement and analysis of information

security processes and controls, to determine whether controls are implemented and effective and meet their statedinformation security objectives;

• programmes, processes, procedures, records, internal audits and reviews of the ISMS effectiveness to ensure thatthese are traceable to management decisions and the information security policy and objectives.







ISO/IEC 27001:2013

The audit team members are responsible for collecting at least the following evidences if changed respect theprevious audit:

• Scope of the ISMS;• Statement of Applicability;



Pag.38/112


• Layout network(s) and operative site(s) plants;• Information about the samples evaluated during the audit;• Auditor notes with any significant evidence.

TL is responsible for drawing up the AUDIT REPORT, documenting the audit findings and including identificationof any areas of non conformities. The REPORT is to include reference to the following documents:


The report has to consider the adequacy of the internal organization and procedures adopted by the client togive confidence in the ISMS. The report has to cover also:

• a summary of the most important observations, positive as well as negative, regarding the implementation andeffectiveness of the ISMS;

• the audit team’s recommendation as to whether the client’s ISMS should be certified or not, with information tosubstantiate this recommendation.;

• information about the samples evaluated during the audit.


ISO/IEC 20000-1:2011

The stage 2 audit in particular is to be focused on client organization's:

• documentation requirements listed in Clause 4.3.1 of ISO/IEC 20000-1;• effectiveness of the controls implementing, monitoring, measuring and reviewing service management objectives plans

and processes;• internal SMS audits and management reviews;• management responsibility for the policy.

The scope of the certification requested is to be defined considering ISO/IEC 20000-3 "Guidance on scopedefinition and applicability of ISO/IEC 20000-1".


ISO/IEC 20000-1:2011

The audit team members are responsible for collecting at least the following evidences:

• Scope of the SMS;• Service Catalogue;• Layout network(s) and operative site(s) plants;• Information about the samples evaluated during the audit;• Auditor notes with any significant evidence;



Pag.39/112



• Scope of the SMS;• Service Catalogue;• Assessment and management of risks to the services;• Results of internal audits;• Results of the management review.

The report is to consider the adequacy of the internal organization and procedures adopted by the client to giveconfidence in the SMS. The report has to cover also:

• a summary of the most important observations, positive as well as negative, regarding the implementation andeffectiveness of the SMS;

• the audit team’s recommendation as to whether the client’s SMS should be certified or not, with information tosubstantiate this recommendation;

• a summary of the .a ssessment and management of risks to the services;• information about the samples evaluated during the audit.


ISO 22301:2012

The risk assessment, Business Impact Analysis (BIA), training program of the personnel and the results of theexercising and testing activities have to be assessed. Such assessments have also to take into account theperformance, reliability and exposure to specific risks of suppliers and outsourcers.





The report has to consider the adequacy of the internal organization and procedures adopted by the client togive confidence in the BCMS. The report has to cover also:

• a summary of the most important observations, positive as well as negative, regarding the implementation andeffectiveness of the BCMS;

• the audit team’s recommendation as to whether the client’s BCMS should be certified or not, with information tosubstantiate this recommendation.;




Pag.40/112



ISO 20121:2012

When carrying out stage 2 audit, the Audit Team has to take into account that:

• gathering information and evidence about compliance with all the requirements of the applicable MS standard or otherregulatory document, photographic evidence of the essential requirements and press release related to the eventsverified can be used as evidence, in accordance with the privacy requirements;

• when verifying the client’s MS and performance in relation to compliance with legal requirements, particularattention shall be paid to the legal requirements of the events (e.g. permissions, copyright and SIAE,awards and royalty).


ISO 50001:2011

NOTE: The integrative records and records for internal use are to be made, at each audit, using the forms ofthe SYS03 series.

OUTPUT: In addition to the Audit Report of Stage 2 is to be issued the legislative check list filled in an integratedway to Stage 1.


STAGE 2 AUDIT_ISO 13485:2012_ACCREDIA

The stage 2 audit, carried out by the Audit Team members according to the AUDIT PLAN, is to take place atthe client’s site(s) and include at least the following:

• the “Technical File” (TF), according to the 4.2, 4.2.1, 7.1 and 7.5.3.1 items of the standard, shall be available andtraceable at:• Organizations that are manufacturers according to Dir. 90/385/EEC, 93/42/EEC and 98/79/EEC;• Organizations that are responsible for MD “trading”, in which the GVI (Auditing Team) will have to check

competences to manage TF’s activities.

If the TF is not available, the audit shall not be performed.

During the audit, the GVI will obtain information about the production processes from the TF.

In the case of organizations producing or trading only for non EC countries the TF document, as defined in theEC directives, will not be necessary; nevertheless all the requirements established in the ISO 13485, referredto in point 4.2, 4.2.1, 7.1 and 7.5.3.1, shall be satisfied.

A traceability test shall be performed during the audit. Starting from a sale document, which is associated with thelot/serial number of the MD, the Audit Team will trace back, through the records made during the production, the



Pag.41/112


history of the MD to the raw materials, components, production parameters, results of the tests, the inspectionsand the trials. The traceability test must be recorded on observation sheets and references recorded in the AuditReport. In addition, the GVI shall made:

• a review of any actions taken by the organization regarding notification of adverse events, informative notes andcomplaints;

• in the case of incidences related to MD, the GVI shall:• check the notification of the Organization to the Competent Authority;• check the correct management of the incidence by the Organization;• record in the Audit Report the evidence of the above-mentioned evaluations.

[IAF MD9:2011, MD4.4.1]


ISO 39001:2012

The forms (FORM-SYS03-39001-01) available in LN and WISE contextual menu’ are used for the report



9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009

During the Stage 2 audit, the auditor will have to provide evidence of verification of the organisation’s compliancewith all the requirements of the reference AQMS Standard, by filling in the relative report.

In particular for the Stage 2 audit, the auditor is to provide evidence in the QMS and PEARs filled in during theaudit, of verification of the following specific criticalities for the EN 9100 / EN 9110 / EN 9120 standards:

• EN 9100: Methods applied for configuration management - Methods adopted by the organisation to check absence ofsuspect walls (“Bogus” or “Sups” parts) - Methods used for the FOD – Method for performing Risk Analysis – Methodfor managing the FAI – Methods used for component traceability – Identification, management and control methodsof the product's key characteristics.

• EN 9110: Methods applied for configuration management - Methods adopted by the organisation tocheck absence of suspect walls (“Bogus” or “Sups” parts) - Authorisation and validation process ofmaintenance instructions - Methods used for the FOD – Method for performing Risk Analysis – Assessmentof the qualifications and certificates obtained by the personnel responsible for maintenance – Method forimplementing requirement 7.3 for organisations responsible for designing the modifications.

• EN 9120: Methods adopted by the organisation to check absence of suspect walls (“Bogus” or “Sups”parts) – Methods used to trace shipments of aerospace materials, systems and defence, for the purposeof guaranteeing maintenance of the requirements, where transport is the responsibility of the retailer –Methods used for the FOD - Method for performing Risk Analysis.



Pag.42/112


If a consultant of the organisation is present during the audit, it must be made clear that his role will be limitedto that of an observer.

The forms (FORM-SYS03-EN9-01) available from WISE Contextual Menu, in Lotus Notes DB ASCESI and inASCESI are used for the report and include:

• EN 9100 - 00 - B (QMS Process Matrix Report)• EN 9100 - 00 - C (NCR)• EN 9100 - 00 - D (PEAR)• EN 9100 - 00 - E (Audit report stage 2, recertification, surveillance and special audit)• EN 9100 - 00 - F (Supplementary report)

The report must contain all the elements required by the EN 9101 Standard and is given to the organisationat the end of the audit.

6.1.5. FOLLOW-UP

INPUT: Positive outcome of stage 2 audit

In the case of minor NC (type B), the analysis of causes, corrections, corrective action and plannedimplementation deadline proposed by the client are checked by the TL or, if not available, by another LA.

On the basis of the proposals received:

• if they are not acceptable, the client is to be informed by sending the document CORRECTIVE ACTIONS NONAPPROVAL in ASCESI (or through the MEMBER AREA), giving adequate justification and indicating the time framefor a new proposal;

• if they are acceptable, the client is to be informed by sending the document CORRECTIVE ACTIONSAPPROVAL in ASCESI (or through the MEMBER AREA).

OUTPUT: Acceptance of AC, if any, and audit documents available to PR


ISO/TS 16949:2009

A quality management system is audited positively when no major or minor non-conformities (“A” or “B” types)are found during the audit.

For any and all non-conformities found, the organisation must send RINA a proposal concerning the treatment(correction/containment action) to implement, the root-cause analysis and the corrective action to perform (withrelative schedule, responsibilities, etc.) within 15 calendar days from the date of closure of the audit.





Pag.43/112


Un componente del team di audit con competenza EMAS senza asterisco, controlla anche l'adeguatezza dellevariazioni apportate alla D.A. in risposta alle osservazioni mosse in fase di audit.


9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009

A quality management system is audited positively when no major or minor non-conformities ("A" or "B" types)are found during the audit.


The audit team leader (AEA) must assess and approve the organisation’s proposal within 21 days from the dateof closure of the audit.

6.1.6. POSSIBLE SUPPLEMENTARY AUDIT

INPUT: Negative outcome of stage 2 audit

If major NC (type A) are found, a supplementary audit is to be made to check the effectiveness of the correctionsand corrective action proposed by the client.

The analysis of causes, corrections, corrective action and planned implementation deadline proposed by theclient are checked by the TL or, if not available, by another LA.




The supplementary audit is to be carried out within three months from the end of the Stage 2 audit, taking intoaccount that:

• the audit team is to include at least one member who performed the previous stage 1 and/or stage 2 audit, chosenin relation to the type of findings highlighted;

• the duration and method of the supplementary audit are defined by the PR together with the TL on the basis of thenumber and type of major (type A) and minor (type B) NC:• on a documental basis, if corrective action/corrections implementation can be checked by analysing documents;• on site, to verify implementation of the corrective action/corrections of major NC proposed;• on site, to verify all requirements/processes of the standard, the implementation of the corrective

action/corrections of major NC proposed, the MS as a whole if the audit team considers it inadequate(high number of minor NC (type B)).


Two steps are to be added in the CERTIFICATION PROCESS in ASCESI:

• SUPPLEMENTARY AUDIT;



Pag.44/112


• COMMUNICATION OF NEED FOR A SUPPLEMENTARY AUDIT.

The COMMUNICATION OF NEED FOR A SUPPLEMENTARY AUDIT document is to be sent to the client.


• drawing up the SUPPLEMENTARY AUDIT REPORT in ASCESI;• preparing the supplementary audit documentation, including the three-year PVP and making it available

to PR, taking into account that the certification proposal to the DM is to be submitted by PR within threemonths from the date of the end of the last audit.


OUTPUT: Supplementary audit documentation made available to PR


ISO/TS 16949:2009

If at least one major and/or minor non-conformity is found, a supplementary audit must be performed withintwo months in order to check that the proposed corrective action has been applied correctly and effectively; ifthis audit is successful the certification process is renewed. The effectiveness of the corrective action can beverified during the subsequent surveillance audit.

The above-mentioned deadlines may never be extended more than 60 days from the date of the stage 2 audit.

This supplementary audit can be performed on site or it can take the form of a document review at RINA offices,depending on the type and quantity of non-conformities found. For type A non-conformities or a large numberof type B non-conformities, a supplementary audit must be performed at the organisation's site.

In particular, the certificate can be issued if all the non-conformities found during the Stage 2 audit are eliminatedby the organisation, meaning that the organisation must have:

• precisely and effectively implemented the treatment of the non-conformities (correction/containment action);• made a precise and thorough analysis of the root causes;• given documentary evidence of the planned and implemented corrective actions (action plan, instructions,

registrations) demonstrating that the non-conformities have been eliminated.



In caso di audit supplementare verificare che l'aggiornamento dei dati non risulti più vecchio di 6 mesi per laconvalida della D.A. da parte del DM.



Pag.45/112



9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009

If at least one major and/or minor non-conformity is found, a supplementary audit must be performed withintwo months in order to check that the proposed corrective action has been applied correctly and effectively; ifthis audit is successful the certification process is renewed. The effectiveness of the corrective action can beverified during the subsequent surveillance audit.

The above-mentioned deadlines may never be extended more than 60 days from the date of the stage 2 audit.

This supplementary audit can be performed on site or it can take the form of a document review at RINA offices,depending on the type and quantity of non-conformities found. For type A non-conformities or a large numberof type B non-conformities, a supplementary audit must be performed at the organisation's site.

In particular, the certificate can be issued if all the non-conformities found during the Stage 2 audit are eliminatedby the organisation, meaning that the organisation must have:

• precisely and effectively implemented the treatment of the non-conformities (correction/containment action);• made a precise and thorough analysis of the root causes;• given documentary evidence of the planned and implemented corrective actions (action plan, instructions,

registrations) demonstrating that the non-conformities have been eliminated.

If the agreed term is not respected and, in any case, 6 months have elapsed since the Stage 2 audit wasperformed, the audit must be repeated on the entire quality management system. If the non-conformities arenot eliminated within the agreed time, the audit will be considered “failed” and the certification procedure closed.The organisation must send RINA a new certification request to start a new procedure.

6.1.7. POST-AUDIT ACTIVITIES

INPUT: Request for clarification/integration

The Audit team, in particular the TL, collaborates with PR if clarification/integration is necessary in relation tothe audit documents or to deal with comments from the DM.

OUTPUT: Clarification/integration provided


ISO14001:2004 - ISO14001:2015

TL is responsible for preparing the EMS CONFIDENTIAL ASSESSMENT REPORT FOR CERTIFICATIONDECISION where the information to be presented to the DM, has to be recorded.



Pag.46/112



OHSAS 18001:2007

TL is responsible for preparing the OHS CONFIDENTIAL ASSESSMENT REPORT FOR CERTIFICATIONDECISION where the information to be presented to the DM has to be recorded.



TL is responsible for filling in the "CTS summary table" to be submitted to the DM required for the certificationdecision.


ISO/TS 16949:2009

Audit data entering into IATF Data Base within twenty (20) calendar days from the audit closing meeting.



TL ha la responsabilità di predisporre il RAPPORTO RISERVATO PER LA DECISIONE PER LACERTIFICAZIONE DI SGA nel quale sono registrate le informazioni da sottoporre al DM necessarie per ladecisione della certificazione.




Pag.47/112


Schema Accreditation SectorFSSC 22000 any any

ISO 22000:2005 | FSSC 22000

In case of FSSC22000 audit the TL fullfil and send to the PR the specific report requested for each kind ofFSSC22000 audit (always fulfilled in english language or in the local language and in english).

Please mind that in all audits, including monitoring, the following processes/impacts, shall be checked, in additionto those already mentioned: HACCP, PRP, Operative PRP, Traceability System, Validation, Verification andImprovement of the FSMS, Specific FSSC Requirements (if and as applicable)

6.2. TRANSFER OF CERTIFICATION FROM ANOTHER CERTIFICATION BODY PROCESS6.2.1. PRE-TRANSFER REVIEW

INPUT: Transfer request examined and audit team defined

The PRE-TRANSFER REVIEW, carried out by the TL, consists of a documental review and normally a visit tothe client. The documental review is based on a check of the following documentation:

• transfer request;• QI duly filled in by the applicant organization;• controlled copy of the MS Manual (if applicable) and of the list of operational procedures;• copy of the valid certificate;• copy of the initial audit report or of the last recertification audit report and of the surveillance audit reports

relevant to all subsequent surveillance audits;• evidence of the corrective action taken to resolve the NC found during previous audits or evidence of

verification by the previous CB that they have been resolved;• PVP;• complaints received from interested third parties and action taken;• information communicated by the organization concerning the reason for the certification transfer request;• any observations or indications from the pertinent national or local authorities.

In the case of complaints from interested third parties, criminal proceedings related to the specific MS orunresolved NC, the previous CB is to be contacted, if possible, to ensure continuity in managing these aspects.

The results of the pre-transfer document review are to be recorded in ASCESI in CERTIFICATION processadding the specific step for the PRE-TRANSFER AUDIT–DOCUMENT REVIEW report (selecting in sequence:AUDIT EXECUTION, DOCUMENTAL AUDIT EXECUTION, PRE-TRANSFER CHECK).

The report is always to contain:

• any contacts with the previous CB (date and contact person);• the date and name of the person who visited the client’s premises, unless during the application review

it was decided not to make the visit.


TL, in conjunction with PR, is responsible for drawing up the PVP, according to the planning established bythe previous CB.

OUTPUT: PRE-TRANSFER DOCUMENT REVIEW REPORT made available to PR




Pag.48/112



..... any any

SA 8000:2008 - SA 8000:2014

• Pre transfer review can be started only after the accreditation body has given to the Scheme Leader formal approvalfor the transfer process.

• The review shall cover at minimum the 2 most recent audit reports and all NC issued by the former Certification Body.• Transfer cannot be accepted if the client has open major non conformities.

• If the document review has a positive result, it's necessary to perform an onsite audit equivalent to a recertification audit.• The geographical area of competence must always be taken into account. The audit team must also have the

geographical area of competence (as identified on NEWAGE LOCAL "Country code" - ES. for Italy LOCAL ITA , forBrazil LOCAL BRA , etc ...). See also the relevant ITT-SYS03-SA8-02 and ITT-SYS03-SA8-03.

• The audit report annex FORM-SYS03-SA8-03 must be filled in at each audit.• All documents are available from WISE contextual menu and in Lotus Notes DB.

During the Pre-transfer review and the onsite audit equivalent to a recertification audit the followingdocumentation has to be retrieved:

1. CHAMBER OF COMMERCE CERTIFICATE OR EQUIVALENT DOCUMENT2. COPY OF CURRENTLY VALID CERTIFICATE3. ORGANIZATIONAL CHART WITH NAMES4. COPY OF THE LAST AUDIT REPORT FILLED IN BY OTHER CERTIFICATION BODY5. COPY OF THE THREE-YEAR PROGRAMME OF THE OTHER CERTIFICATION BODY6. POLICY7. MANUAL FIRST PAGE8. LIST OF PROCEDURES9. SUPPLIERS CONTROL PLAN10. BNW CALCULATION11. RISK ANALYSIS

A complete list of documents to be retrieved onsite is available in the ITT-SYS04-ALL-01 available from WISEcontextual menu and in Lotus Notes Database


SA 8000:2008_INDIA


• SA8000 posters• Organisation premises/building• Work floor(s)• Dormitory• Canteen• Chemichal storage Area• Personal Protective Equipment



Pag.49/112


• FireFighting Equipment• Evacuation Exits• Evacuation drills• Evacuation plan• Warehouse• Supporting facilities (e.g. sewage treatment, boiler, generator)• Attendance record system• Work in progress• H&S non-compliance• Best practices




ISO/TS 16949:2009

Prior to the start of the transfer audit, the following conditions shall be met:

A) the existing certificate shall be valid. Clients with certificates withdrawn or canceled are not eligible for atransfer audit;

B) RINA shall ensure that clients applying for transfer have not transferred from another IATF-recognizedcertification body within the previous three (3) year period;

C) there must be a minimum of three years (-3 months), or 2 years 9 months minimum, between two transferaudits;

D) RINA shall not transfer a client in any IATF OEM special status condition until after the existing certificationbody has conducted at least one onsite audit to verify the effective implementation of the identified correctiveactions;

E) the client cannot have their current ISO/TS 16949 certification in suspension status. If the certificate wassuspended within the previous twelve (12) months and the suspension was initiated due to:

• received a performance complaint against the client from an IATF OEM member, its relevant IATF Oversight office,or any automotive customer of the client;

• the client advises RINA of a special status condition from an IATF subscribing OEM. Notification from theclient to the certification body shall occur within ten (10) calendar days from receipt of the special statuscondition or otherwise specified by the customer;

• the closing meeting date of a surveillance or recertification audit containing nonconformities.

RINA shall not transfer the client until after the existing certification body has conducted at least one onsite auditto verify the effective implementation of the identified corrective actions.

F) the client shall provide RINA with the audit reports from the previous three (3) years, including evidence thatall nonconformities issued by the existing certification body for the site and any remote support functions areclosed. 100% resolution is not acceptable;

G) RINA shall perform a review of the provided audit reports and all findings;



Pag.50/112


H) RINA shall perform a document review and a review of key indicators of quality management systemperformance;

I) the new certification body shall ensure that the audit team members have not previously audited the client."Not previously audited" means that an audit team member has not participated in the audit team for at leastone (1) full three (3) year audit cycle;

J) the new certification body shall contact their relevant Oversight office to verify the following information:

• the client did not transfer from another IATF-recognized certification body within the previous three (3) year period;• the date of the last initial or recertification audit;• the status of the ISO/TS 16949 certification for the past twelve (12) months.



Per EMAS è possibile effettuare un audit di trasferimento sul sito con contestuale validazione della D.A.

Per l'esame della D.A., processo di convalida e relativo mantenitmento si veda l'instruction to technicians” ITT-SYS00-EMAS-01"; tenendo presente che al momento della decisione da parte del DM l'aggiornamento dei datinon dovrà essere più vecchio di 6 mesi.




ISO/IEC 27001:2013

The documental review is based also on a check of the following documentation:

• Scope of the ISMS;• Statement of Applicability.



Pag.51/112



ISO/IEC 20000-1:2011

The documental review is based also on a check of the following documentation:

• Scope of the SMS;• Service Catalogue.

The scope of the certification requested must be defined considering ISO/IEC 20000-3 "Guidance on scopedefinition and applicability of ISO/IEC 20000-1" requirements.






9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009

If a client asks for transfer of certification according to one of the Standards of the EN 9100 Scheme from anotheraccredited body for that Standard, the requirements established in document IAF MD 2 are to be applied andin addition:

• the certificate can only be transferred if the previous Certification Body has valid accreditation for the Standard whichis the subject of the request;

• the certificate must be valid and have been issued in accordance with the Standards of the EN 9104 series;• the certificate cannot be transferred if there are major and/or minor non-conformities which have not been

resolved and for which the foreseen corrective action has not been fully implemented. It is necessary tohave written evidence of approval of the corrective action implemented, issued by the previous CertificationBody. If it is not possible to have such evidence, it is necessary to check that the non-conformities have beenresolved and that the relative corrective action has been implemented before transferring the certificate;

• if the certificate is to be transferred in the 12 months prior to its expiry, a complete audit is to be carried out(Stage 1 and Stage 2) using the time established for recertification;

• if the certificate is to be transferred in the first two years of the certification cycle, an AEA will have toperform a special audit at the client’s site to confirm validity of the certificate being transferred;



Pag.52/112


• the new certificate may not be reissued until all the non-conformities found have been positively resolved.

If the non-conformities are not resolved within 60 days from the date of the audit, the certificate cannot betransferred:

• if it is necessary to check that the corrective action has been implemented prior to transfer of the certificate, this checkis to be made on site.

Specific forms available in the LOTUS / FORMS database and in ASCESI are used for the report (FORM-SYS-03-EN9-01), where the AEA have to report all the information requested by the PRE-TRANSFER REVIEW.


ISO 29990:2011

During the pre-transfer review, in particular for this scheme, is to be made available to the audit team, also thefollowing documents:

• Management System Manual (extract),• List of all procedures,• Business Plan,• Management System organization chart,• List of fixed and temporary providing courses offices,• List of planned courses.






SA 8000:2008

• In compliance with the program prepared by the previous body, keep in mind the following: the surveillance auditprogramme for SA8000 is semi-annual. It is recommended that the audits be programmed at 6-12-18-24-30-33months from the completion of the initial or last recertification audit. The second surveillance must be carried out in aunannounced way, in the period 10-14 months, in agreement with the relevant ITT-SYS03-SA8-01



Pag.53/112



SA 8000:2014

Following positive decision of the competent DM, a new Certification cycle will start with the issuance of a newSA8000 certificate to the client.

Any additional step shall therefore follow the requirements of the recertification audit phase.


ISO/TS 16949:2009




Inviare a PR unitamente alla documentazione di audit anche la D.A. nella versione finale e l'Allegato VIIcompilato, quest'ultimo in formato word (.doc).


FSSC 22000 any any

ISO 22000:2005 | FSSC 22000





Pag.54/112


6.3. SURVEILLANCE OR EXTRA PROCESS6.3.1. PLANNING THE SURVEILLANCE OR EXTRA AUDIT

INPUT: Audit team defined and PVP confirmed

The TL is responsible for preparing, on the basis of the PVP, and sending the client the AUDIT PLAN, checkingthat:

• any input to the planning communicated by PR, such as a specific complaint from an interested party, extension ofactivities, etc. is available;

• all the processes, activities and/or services provided by the client and the permanent sites where theactivities are carried out according to the PVP are clearly identified and confirmed with a sufficient degreeof detail;

• in the case of external work and/or operational yards, the activities and locations subject to audit are clearlyindicated and confirmed;

• processes/activities/services are assessed by the auditor competent in the pertinent technical area;• the functions involved are indicated;• any shifts are indicated;• adequate time is foreseen for the performance of the different activities;• the activities are clearly assigned among the team members.





Any subsequent modifications to the AUDIT PLAN already sent (change of audit team members, audit dates,etc.) is to be promptly communicated to the client.



OUTPUT: PLAN and COMMUNICATION sent to the client



ISO 14001:2004 - ISO 14001:2015


• all applicable environmental aspects of the Organisation according to PVP are clearly identified and confirmed witha sufficient degree of detail



Pag.55/112



OHSAS 18001:2007


• all applicable risks of the Organisation are clearly identified, with a sufficient degree of detail.



When planning the audit TL is responsible for take into account that:




SA 8000:2008







Pag.56/112



SA 8000:2014









AUDITING OF SHIFTS






19.00-22.00



18.00-21.00






Pag.57/112



ISO/TS 16949:2009









EMAS PREVEDE LA CONVALIDA DEGLI AGGIORNAMENTI ANNUALI DELLA D.A: inserire nel piano di audituna parte dedicata dall'esame del documento di D.A. aggiornato da parte del componente competente EMASsenza asterisco.


ISO 20121:2012

The TL is responsible for preparing, on the basis of the PVP, and sending the client the AUDIT PLAN, alsochecking that:

• during the surveillance cycle, the organization shall allow the audit team to perform at least one on site visit duringan event.



Pag.58/112



ISO 50001:2011

NOTE: Only in cases where the EnMS scope also includes an outside activity and/or at a customer site forwhich the power consumption is directly attributed to the Organization subject to verification, this activity mustbe verified. Therefore, the operation sites and / or the outer seats must be clearly indicated in the activities andplaces to be audited.


ISO 13485:2012

SHORT-NOTICE AUDIT [IAF MD9:2011, MD9.5.2]

Short-notice audits may be required when:

• external factors apply such as:• RINA becomes aware of data from the MD post-market surveillance showing a possible significant deficiency

in the quality management system;• RINA becomes aware of significant safety information on the MD.

• significant changes occur which could affect the decision on the organization ’s conformity status.







Pag.59/112


6.3.2. SURVEILLANCE OR EXTRA AUDIT

INPUT: AUDIT PLAN

The purpose of the surveillance or extra audit is to maintain confidence that the certified MS continues to fulfilthe requirements of the reference standard, the applicable RINA Rules and the client’s MS documents.

The surveillance or extra audit, carried out by the Audit Team members according to the AUDIT PLAN, is totake place at the client’s site(s) and include at least the following:

• internal audits and management review;• a review of the action taken following any NC identified during the previous audit. For each NC, a record

of evidence supporting the implementation of corrections and corrective action proposed by the clienttogether with the outcome of the check (positive, negative etc.) and the date of the check is to be givenin the AUDIT REPORT;

• treatment of any complaints, whether received from interested third parties or directly by RINA, recordedin the C&C database, available in LOTUS NOTES;

• effectiveness of the MS with regard to achieving the objectives;• progress of planned activities aimed at continual improvement;• continuing operational control;• review of every modification, including any changes to MS documents;• any preventive action taken following recommendations made during the last audit;• use of the RINA certification logo and any other reference to certification, including advertising of the MS

and products/services provided by the client, also by checking the Internet site.


TL is responsible for drawing up the SURVEILLANCE AUDIT REPORT using ASCESI.


OUTPUT: SURVEILLANCE OR EXTRA AUDIT REPORT made available to PR


ISO 9001:2008






Pag.60/112



ISO 14001:2004







ISO14001:2015



OHSAS 18001:2007





Pag.61/112






SA 8000:2008

• Not less then 30% of onsite audit time has to be dedicate on performing interviews. See also the relevant ITT-SYS03-SA8-02.

• Refer to the document ITT-SYS03-SA8-03 for details on H&S requirements to be verified.• Updated information for the specific Country relevant to BNW, stakeholder engagement and other significant input

usefull in planning and auditing activity of the management system have to be taken into account, with reference toITT-SYS02-SA8-05.

All documents are available from WISE Contextual Menu and in Lotus Notes DB.


SA 8000:2008_INDIA


• SA8000 posters• Organisation premises/building• Work floor(s)• Dormitory• Canteen• Chemichal storage Area• Personal Protective Equipment• FireFighting Equipment• Evacuation Exits• Evacuation drills• Evacuation plan• Warehouse• Supporting facilities (e.g. sewage treatment, boiler, generator)



Pag.62/112


• Attendance record system• Work in progress• H&S non-compliance• Best practices




SA 8000:2014

• The following steps shall be part of the Stage 1 audit:1. Overview Tour (Including Canteen, Dormitory, Clinic, and Crèche, as appropriate)2. Meeting with Workers Representative(s)3. Meeting with Management to Confirm Understanding of SA8000, Confirm scope, Review Answers to Pre- Audit

Questionnaire4. Confirmation of Subcontract Labor on Site (Such As Cleaners, Canteen Staff, Refuse Collectors, Clinic Nurses

And Doctors, Dormitory And Security Guards)5. Availability of Documents6. Review of Management System Documentation Including Management Review And Internal Audits7. Confirm Stage 2 Audit Plan And Logistics for Audit




• Auditors shall conduct local intelligence gathering and stakeholder engagement while on-site or in a specific area foraudits. This may include checking with the local community in the early morning of the Stage 1 audit and/or in theevening between audit days and at the time of an unannounced audit.


ISO/TS 16949:2009

The purpose of the surveillance audit is to verify the certified client's management system's fulfilment of specifiedrequirements, but not necessarily a full systems audit.




Pag.63/112






Per l'esame della D.A., processo di convalida e relativo mantenimento si veda l’instruction to technicians” ITT-SYS00-EMAS-01".


A fronte dell'esito positivo dell'esame della D.A. il file in .pdf deve essere inviato a PR; tenendo presente che almomento della decisione da parte del DM aggiornamento dei dati non dovrà essere più vecchio di 6 mesi.


FSSC 22000 any any

ISO 22000:2005 | FSSC 22000

The audit team members are responsible for always recording the necessary detailed information and commentssupporting the evaluation carried out:

• the control measures applied (PRPs, OpPRPs, CPs e CCPs),• the track and traceability tests with mass balance verification done during the audit,• any ongoing requirements and/or proceedings by official/public control authorities.


ISO/IEC 27001:2013

The purpose of the surveillance or extra audit is in particular to maintain confidence that the certified MScontinues to be implemented, to consider the implications of changes to that system initiated as a result ofchanges in the client’s operation and to confirm continued compliance with certification requirements.

Surveillance audit programmes shall cover at least:

• the system maintenance elements which are information security risk assessment and control maintenance, internalISMS audit, management review and corrective action;



Pag.64/112


• communications from external parties as required by the ISMS standard ISO/IEC 27001 and other documents requiredfor certification;

• changes to the documented system;• areas subject to change;• selected requirements of ISO/IEC 27001;• other selected areas as appropriate to fulfil the requirements of the reference standard, the applicable RINA Rules

and the client’s MS document.

As a minimum, every surveillance the following issues have to be checked:

• the effectiveness of the ISMS with regard to achieving the objectives of the client's information security policy;• the functioning of procedures for the periodic evaluation and review of compliance with relevant information security

legislation and regulations;• changes to the control selection, the comparison of the selected controls to Annex A controls and resulting changes

to the SoA.







ISO/IEC 27001:2013


• Scope of the ISMS;• Statement of Applicability;• Auditor notes with any significant evidence;• Layout network(s) and operative site(s) plants;• Information about the samples evaluated during the audit are to be included in the audit report or in the auditor notes.

TL is responsible for drawing up the AUDIT REPORT, choosing between the ON and OFF SITE reports,documenting the audit findings and including identification of any non conformity. The REPORT is to includereference to the following documents:

• Scope of the ISMS;



Pag.65/112


• Risk assessment report;• Risk treatment plan;• Statement of Applicability;• Results of internal audits;• Results of the management review.



• information on clearing of non conformities revealed previously


ISO/IEC 20000-1:2011


• Scope of the SMS;• Service catalogue;• Layout network(s) and operative site(s) plants;• Information about the samples evaluated during the audit;• Auditor notes with any significant evidence.

Information about the samples evaluated during the audit are to be included in the audit report or in the auditornotes.

TL is responsible for drawing up the AUDIT REPORT documenting the audit findings and including identificationof any non conformity. The REPORT is to include reference to the following documents:

• Scope of the SMS;• Service Catalogue;• Results of internal audits;• Results of the management review.

The report has to consider the adequacy of the internal organization and procedures adopted by the client togive confidence in the SMS. The report has to cover also:


• information on clearing of non conformities revealed previously;• a summary of the assessment and management of risks to the services;• information about the samples evaluated during the audit.



Pag.66/112



ISO 22301:2012








• information on clearing of non conformities revealed previously.


ISO 50001:2011

The audit, carried out by the Audit Team members according to the AUDIT PLAN, has to take place at the site(s)of the client and include at least the following:

• the progress of improvement programs of EnMS;• the revaluation of the energy baseline and energy performance indicators (EnPIs);• the progress of improvement programs of EnMS;• the revaluation of the energy baseline and energy performance indicators (EnPIs);• the assessment of the continuing adequacy of monitoring and measurement systems, data acquisition and processing.



Pag.67/112










A traceability test shall be performed during the audit. Starting from a sale document, which is associated with thelot/serial number of the MD, the Audit Team will trace back, through the records made during the production, thehistory of the MD to the raw materials, components, production parameters, results of the tests, the inspectionsand the trials. The traceability test must be recorded on observation sheets and references recorded in the AuditReport. In addition, the GVI shall made:



[IAF MD9:2011, MD4.4.1]


ISO 39001:2012





Pag.68/112



9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009

The purchase control processes, production process and design process and the requirements related to points4 and 5 of the Standard are to be audited at each surveillance audit.

Specific forms available from WISE Contextual Menu, in Lotus Notes DB ASCESI and in ASCESI are used forthe report (FORM-SYS-03-EN9-01).

The report must contain all the elements required by the EN 9101 Standard suitably inserted in the formsattached to the above Standard.

The report is given to the organisation at the end of the audit.

At the request of the organisation, the audit team may also issue the organisation with a copy of the otherdocumentation relative to the audit in order to allow it to disclose this information to its clients.

6.3.3. FOLLOW-UP

INPUT: Positive outcome of surveillance or extra audit

In the case of minor NC (type B), the analysis of causes, corrections, corrective action and plannedimplementation deadline proposed by the client are checked by the TL or, if not available, by another LA.


• if they are not acceptable, the client is to be informed by sending the document CORRECTIVE ACTIONS NONAPPROVAL in ASCESI (or through the MEMBER AREA), giving adequate justification and indicating the time framefor a new proposal);

• if they are acceptable, the client is to be informed by sending the document CORRECTIVE ACTIONS APPROVAL inASCESI (or through the MEMBER AREA).

If there are no NC, the positive outcome of the audit is confirmed to the client by sending the document POSITIVEOUTCOME OF AUDIT CONFIRMED in ASCESI (or through the MEMBER AREA).

OUTPUT: Acceptance of any AC and audit documents made available to the PR


ISO/TS 16949:2009





Pag.69/112



IRIS Rev. 02.1

If the audit is positively closed, the Team Leader will send the audit file to the Scheme Responsible.

If a non compliance is found:

after the company provided the evidence of the implementation of the corrective action and of the closing of nonconformities (to be verified or after a documental review or an on site reaudit, according to the criteria definedin Chapter 2 §4.2), the Team Leader shall:

• update the file, closing the non conformities (if level 1 type);• open the re-audit file (using the IRIS Tool) selecting "File ->new->reaudit", communicate the closing of the non

conformities to PR and provide the related documentation (Reports, excel file compiled and signed by the client,evidences of the closing of the non conformities etc).

The Team Leader shall send by email to the Scheme Responsible a copy of the IRIS Tool file within 10 calendardays, both the preliminary one than the final one, both complitelly filled in.



Un componente del team di audit con competenza EMAS senza asterisco, controlla anche l’adeguatezza dellevariazioni apportate alla D.A. in risposta alle osservazioni mosse in fase di audit.

In presenza di osservazioni sul documento di D.A., TL o auditor competente EMAS senza asterisco dovràprovvedere ad interfacciarsi con l'Organizzazione ai fini del completo recepimento delle stesse in modo tale dapermettere che la D.A., nella versione definitiva, sia poi inviata PR per il successivo inoltro al DM.


9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009





Pag.70/112




INPUT: Negative outcome of surveillance or extra audit






The supplementary audit is to be carried out within three months from the end of the surveillance audit, takinginto account that:

• at least one member who performed the previous audit, chosen in relation to the type of findings which has made thesupplementary audit necessary, is to be included in the audit team;

• the duration and method of the supplementary audit are defined by the PR together with the TL on thebasis of the number and type of major (type A) and minor (type B) NC:• on a documental basis, if corrective action/corrections implementation can be checked by analysing documents;• on site, to verify implementation of the corrective action/corrections of major NC proposed;• on site, to verify all requirements/processes of the standard, the implementation of the corrective action/

corrections of major NC proposed, the management system as a whole if the audit team considers it inadequate(high number of minor NC (type B)).



• SUPPLEMENTARY AUDIT;• COMMUNICATION OF NEED FOR A SUPPLEMENTARY AUDIT.



• drawing up the SUPPLEMENTARY AUDIT REPORT in ASCESI;• preparing the supplementary audit documentation, including the PVP and making it available to PR.

If the corrections and corrective action proposed by the client are not satisfactory or new type A NC are foundduring the supplementary audit, PR is responsible for suspending the certificate and informing the client. Toreinstate the certificate, a complete on-site audit is to be carried out within 3 months, using the recertificationaudit time.





Pag.71/112



ISO/TS 16949:2009

If any non-conformities are found during the audits, RINA evaluates the management of these non-conformitiesas follows:

• If major non-conformities (TYPE A) are found, the organization must provide within twenty (20) calendar days theprimary cause analysis and implementation of the correction, also the organisation will be subjected to a supplementaryaudit by the deadline established by RINA, depending on the importance of the non-conformities, but always withintwo months from the surveillance audit.

• If minor non-conformities are found (TYPE B), the organisation may be subjected to a supplementary on-site audit or a document review, at the auditor’s discretion and by the deadline established by RINA. Theorganisation must show RINA it has effectively implemented the action required to close non-conformitiesby sending written evidence of the action taken within 60 days from notification of the non-conformities.

The effectiveness of the corrective action can be verified during the subsequent audit.


IRIS Rev. 02.1

If an audit fails, it must be repeated within a period of 3 months ("Re-Audit"). Corrective actions resulting fromthe audit must be closed at this time.

If a Client fails due to not meeting one of the knock-out criteria as defined in the Standard, the Certificationprocess has to start with a new request, covering the full audit process again.






Pag.72/112



9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009

If any non-conformities are found during the audit, RINA evaluates the management of these non-conformitiesas follows:

• If major non-conformities (TYPE A) are found, the organisation will be subjected to a supplementary audit by thedeadline established by RINA, depending on the importance of the non-conformities, but always within two monthsfrom the surveillance audit.





The audit team, in particular the TL, collaborates with PR if clarification/integration is necessary in relation tothe audit documents.



ISO 14001:2004 - ISO 14001:2015

TL is responsible for filling in the form ISO14001:2004 INFORMATION SHEET.



TL is responsible for filling in the "CTS surveillance and recertification summary table" and file the document.



Pag.73/112



ISO/TS 16949:2009




EMAS PREVEDE LA CONVALIDA DEGLI AGGIORNAMENTI ANNUALI DELLA D.A: il TL deve inviarel'aggiornamento della D.A. nella versione finale e l'Allegato VII compilato al PR per il successivo inoltro al DM.


FSSC 22000 any any

ISO 22000:2005 | FSSC 22000



6.4. RECERTIFICATION PROCESS6.4.1. PLANNING THE RECERTIFICATION AUDIT

INPUT: Audit team defined, PVP confirmed and previous audit reports

The TL is responsible for preparing, on the basis of the PVP, and sending the AUDIT PLAN to the client, checkingthat:

• any input to the planning communicated by PR, such as a specific complaint from an interested party, extension ofactivities, etc. is available;

• all the processes, activities and/or services provided by the client and the permanent sites where theactivities are carried out are clearly identified and confirmed, with a sufficient degree of detail;


• processes/activities/services are assessed by the auditor competent in the pertinent technical area;• the functions involved are indicated;• any shifts are indicated;



Pag.74/112


• adequate time is foreseen for the performance of the different activities;• the activities are clearly assigned among the team members;• possible need to perform the stage 1 audit if foreseen by PR.





Any subsequent modifications to the AUDIT PLAN already sent (change of audit team members, audit dates,etc.) are to be promptly communicated to the client.

The entire recertification process, including any supplementary audits and the certification decision, is to becompleted by the expiry date of the certificate, otherwise a new certification process is to be undertaken.

If the certificate has expired within the last 6 months, it is possible to consider first certification audit time andapply a maximum 30% reduction as knowledge of the client’s system already exists, proceeding directly to stage2, unless there are significant changes.


For information for the correct input of data in ASCESI refer to ASCESI QUICK GUIDE.




ISO 14001:2004 - ISO 14001:2015





Pag.75/112



OHSAS 18001:2007









SA 8000:2008







Pag.76/112



SA 8000:2014









AUDITING OF SHIFTS






19.00-22.00



18.00-21.00






Pag.77/112



ISO/TS 16949:2009





Performed prior to 36 months from the date of certification / recertification and 3 months before the expiry ofthe certificate.


IRIS Rev. 02.1

The Team leader shall create the company audit file using the Audit tool, choosing the client from the related list,as defined by using the diary function in the UNIFE Database, as soon as defined the audit dates and specifyingthe type of the audit: readness review, first specification, re-audit, surveillance, etc.

The audit dates shall be inserted in DIARY at least 60 days before.

Team Leader shall ensure the date of the successful recertification audit shall not be more than 36 months fromthe last day of the certification audit.







Pag.78/112


Inserire nel piano di audit una parte dedicata dall'esame del documento di D.A. aggiornato da parte delcomponente competente EMAS senza asterisco.


ISO 50001:2011

NOTE: Only in cases where the EnMS scope also includes an outside activity and/or at a customer site forwhich the power consumption is directly attributed to the Organization subject to verification, this activity mustbe verified. Therefore, the operation sites and / or the outer seats must be clearly indicated in the activities andplaces to be audited.






9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009

Performed before 36 months from last certification / recertification audit and 3 months before certificate expirydate.

6.4.2. RECERTIFICATION AUDIT

INPUT: AUDIT PLAN

The purpose of the recertification audit is to confirm continued compliance and effectiveness of the MS overall,as well as continued adequacy of the field of application of certification as regards the reference standard, theapplicable RINA Rules and the client’s MS documents.



Pag.79/112


The recertification audit is to:

• take into account the MS’s performance during the period of certification;• include a review of previous audit reports;• check the commitment made to maintain the effectiveness and improve the MS in order to reinforce overall

performance;• verify whether the operativeness of the MS contributes to implementation of the policy and achievement

of the stated objectives.

The recertification audit, carried out by the audit team members according to the AUDIT PLAN, is to take placeat the client’s site(s) and include at least the following:

• internal audits and management review;• a review of the action taken following any NC identified during the previous audit. For each NC, a record

of evidence supporting the implementation of corrections and corrective action proposed by the clienttogether with the outcome of the check (positive, negative etc.) and the date of the check is to be givenin the AUDIT REPORT;

• treatment of any complaints, whether received from interested third parties or directly by RINA, recordedin the C&C database, available in LOTUS NOTES;

• effectiveness of the MS with regard to achieving the objectives;• progress of planned activities aimed at continual improvement;• continuing operational control;• review of every modification, including any changes to MS documents;• any preventive action taken following recommendations made during the last audit;• use of the RINA certification logo and any other reference to certification, including advertising of the MS

and products/services provided by the client, also by checking the Internet site.


TL is responsible for drawing up the RECERTIFICATION AUDIT REPORT using ASCESI.


OUTPUT: RECERTIFICATION AUDIT REPORT made available to PR


ISO 9001:2008






Pag.80/112



ISO 9001:2015

It is necessary to ask the customer for a copy of the document which must provide:

• description of QMS scope including all products and services covered by it;• justification of any requirements of the standard deemed to be not applicable to the QMS scope;• processes.


ISO 9001:2008

It is necessary to ask the organization for a copy of the extract of manual with field of application, list of processes,justification of exclusions to be given to the PR.


ISO 14001:2004








Pag.81/112




ISO14001:2015




OHSAS 18001:2007









Pag.82/112



SA 8000:2008






SA 8000:2008_INDIA


• SA8000 posters• Organisation premises/building• Work floor(s)• Dormitory• Canteen• Chemichal storage Area• Personal Protective Equipment• FireFighting Equipment• Evacuation Exits• Evacuation drills• Evacuation plan• Warehouse• Supporting facilities (e.g. sewage treatment, boiler, generator)• Attendance record system• Work in progress• H&S non-compliance



Pag.83/112


• Best practices




SA 8000:2014





ISO/TS 16949:2009

The purpose of the recertification audit is to evaluate the continued fulfillment of all the requirements of ISO/TS16949. The purpose of the recertification audit is to confirm the continued conformity and effectiveness of themanagement system as a whole and its continued relevance and applicability for the scope of certification.



FSSC 22000 any any

ISO 22000:2005 | FSSC 22000





Pag.84/112



IRIS Rev. 02.1

If a client fails the audit, it shall be repeated within a period of 90 days (re-audit or closure of corrective actionsby document review only).

The IRIS audit will be performed using the IRIS Audit Tool.

In case of IRIS and ISO 9001 integrated audits, the Team Leader shall compile the ISO 9001 report too (bothstage 1 and stage 2, if required), as defined in the related RINA procedure and instructions, using ASCESIapplication.

During the assessment, IRIS reports issued by other recognized certification bodies, if available, which canhave an impact to the audit, can be evaluated too.

A scoring principle shall be applied by the evaluation of the questions as defined in the following:

• KO QUESTIONS (refers to ANNEX 4 of IRIS standard): are not scored, but the fulfillment of the requirementsassociated for the all applicable ones is mandatory, otherwise the process is stopped;

• OPEN QUESTIONS: each individual requirements shall be scored progressively using maturity levelsaccording to the criteria defined in Chapter 2, §4.1.2 in IRIS standard;

• CLOSED QUESTIONS: are scored according to the criteria defined in Chapter 2, §4.1.3 in IRIS standard.

The scoring principles are described in Chapter 2, §4.1 and §7 in the IRIS standard.

The management of the improvement and corrective action requested are respectively defined in Chapter 2,§5 and §6 in the IRIS standard.

The award of the IRIS certificate is based on the fulfillment of the following criteria:

• all the requirements associated with the applicable KO questions are met;• all IRIS corrective action requests are closed ad as consequence;• the threshold of the global score is met.

The IRIS Audit Tool shall be used for audit report and relevant documentation. The language of the reportis agreed with the client (local language or english). All the reports (preliminary or final) shall be included asummary of the results of the audit in the local language and in english. The reports shall be sent to the SchemeResponsible within 10 calendar days from the conclusion of the audit.

The Scheme Responsible will upload the data within 14 days in the IRIS portal.

The client shall receive a copy of the report signed by the TL.

Each auditor of the team shall be have the available questionnaire to use during the audit. If an auditor has nota tool assigned, in order to export the questionnaire, the Team Leader is responsible to provide a copy of thequestionnaire at least 3 working days before the starting of the audit.

The last revision of the audit tool shall be used.

In case of surveillance and recertification audit, the questionnaire shall be the one related to the last audit.

The auditors (if more than one) could use a copy of the questionnaire during the audit and later compile the filefor the related part. Each item shall be compiled, including the summary, to close the report.



Pag.85/112


If no conformities are issued, the final report can be exported, printed and the Team leader can sign it (a copywill be provide to the company).

If a non compliance is found, it's mandatory to export the related excel file (Action Plans) and give it to the client,who will send it back to RINA filled in all the foreseen columns (cause analysis, treatment, responsible, duedate) within at maximum 10 working days. A copy of the preliminary report is provided to the company.

Please, notice that if an auditor re-opens a CAR which was closed during the previous audit (certification orsurveillance), the need of a re-audit becomes mandatory to verify the effectiveness of the new corrective action.


ISO 3834-2,3,4:2005

It is necessary to ask the organization for a copy of the documentation to support appointment of the WeldingCoordinator (any certificates, CV with details of experience in welding activities, appointment with reference tothe ISO 14731 Standard), to be given to the PR.





Deve essere allegato alla documentazione di audit il documento "Elenco delle prescrizioni legali applicabili incampo ambientale" o documento equivalente compilato dal Cliente.

Per l'esame della D.A., processo di convalida e relativo mantenimento si veda l’instruction to technicians” ITT-SYS00-EMAS-01"; tenendo presente che al momento della decisione da parte del DM l'aggiornamento dei datinon dovrà essere più vecchio di 6 mesi.



ISO/IEC 20000-1:2011 any any



Pag.86/112







ISO/IEC 27001:2013


• Scope of the ISMS;• Statement of Applicability;• Layout network(s) and operative site(s) plants;• Information about the samples evaluated during the audit;• Auditor notes with any significant evidence.

TL is responsible for drawing up the AUDIT REPORT, choosing between the ON and OFF SITE reports,documenting the audit findings and including identification of any non conformity. The REPORT is to includereference to the following documents:




• information on clearing of non conformities revealed previously;• the audit team’s recommendation as to whether the client’s ISMS should be recertified or not, with information to

substantiate this recommendation;• information about the samples evaluated during the audit.



Pag.87/112



ISO/IEC 20000-1:2011










ISO/IEC 20000-1:2011

The scope of the certification requested is to be defined considering ISO/IEC 20000-3 "Guidance on scopedefinition and applicability of ISO/IEC 20000-1" requirements.





Pag.88/112





ISO 50001:2011

The audit, carried out by the Audit Team members according to the AUDIT PLAN, has to take place at the site(s)of the client and include at least the following:

• the progress of improvement programs of EnMS;• the revaluation of the energy baseline and energy performance indicators (EnPIs);• the progress of improvement programs of EnMS;• the revaluation of the energy baseline and energy performance indicators (EnPIs);• the assessment of the continuing adequacy of monitoring and measurement systems, data acquisition and processing.


ISO 22301:2012








• information on clearing of non conformities revealed previously;



Pag.89/112


• the audit team’s recommendation as to whether the client’s BCMS should be recertified or not, with information tosubstantiate this recommendation;










A traceability test shall be performed during the audit. Starting from a sale document, which is associated with thelot/serial number of the MD, the Audit Team will trace back, through the records made during the production, thehistory of the MD to the raw materials, components, production parameters, results of the tests, the inspectionsand the trials. The traceability test must be recorded on observation sheets and references recorded in the AuditReport. In addition, the GVI shall made:



[IAF MD9:2011, MD4.4.1]


ISO 39001:2012





Pag.90/112



9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009






ISO 29990:2011

During the recertification audit, in particular for this scheme, is to be made available to the audit team, also thefollowing documents:

• Management System Manual (extract),• List of all procedures,• Business Plan,• Management System organization chart,• List of fixed and temporary providing courses offices,• List of planned courses.

6.4.3. FOLLOW-UP

INPUT: Positive outcome of recertification audit

In the case of minor NC (type B), the analysis of causes, corrections and corrective action and plannedimplementation deadline proposed by the client are checked by the TL or, if not available, by another LA.



• if they are acceptable the client is to be informed by sending the document CORRECTIVE ACTIONSAPPROVAL in ASCESI (or through the MEMBER AREA).




Pag.91/112




ISO/TS 16949:2009




IRIS Rev. 02.1












Pag.92/112



9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009





INPUT: Negative outcome of recertification audit





• if they are acceptable the client is to be informed by sending the document CORRECTIVE ACTIONSAPPROVAL in ASCESI (or through the MEMBER AREA).

The supplementary audit is to be carried out within three months from the end of the surveillance audit takinginto account that:

• at least one member who performed the previous audit, chosen in relation to the type of findings which has made thesupplementary audit necessary, is to be included in the audit team;

• the duration and method of the supplementary audit are defined by the PR together with the TL on thebasis of the number and type of major (type A) and minor (type B) NC:• on a documental basis, if corrective action/corrections implementation can be checked by analysing documents;• on site, to verify implementation of the corrective action/corrections of major NC proposed;• on site, to verify all requirements/processes of the standard, the implementation of the corrective

action/corrections of major NC proposed, the MS as a whole if the audit team considers it inadequate(high number of minor NC (type B)).



• SUPPLEMENTARY AUDIT;• COMMUNICATION OF NEED FOR A SUPPLEMENTARY AUDIT.




Pag.93/112



• drawing up the SUPPLEMENTARY AUDIT REPORT in ASCESI;• preparing the supplementary audit documentation, including the PVP and making it available to PR taking

into account that PR is to submit the certification proposal to the DM within three months from the date ofthe end of the last audit and taking into account the expiry date of the certificate.

If the corrections and corrective action proposed by the client are not satisfactory or new type A NC are foundduring the supplementary audit, PR is responsible for suspending the certificate and informing the client. Toreinstate the certificate, a complete on-site audit is to be carried out within 3 months, using the recertificationaudit time.




ISO/TS 16949:2009






IRIS Rev. 02.1





Pag.94/112






9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009










ISO 14001:2004 - ISO 14001:2015

TL is responsible for filling in the form ISO14001:2004 INFORMATION SHEET.



Pag.95/112




TL is responsible for filling in the "CTS surveillance and recertification summary table" and file the document.


ISO/TS 16949:2009






FSSC 22000 any any

ISO 22000:2005 | FSSC 22000





Pag.96/112


6.5. EXTENSION/MODIFICATION OF CERTIFICATION SCOPE PROCESS6.5.1. PLANNING OF EXTENSION / MODIFICATION AUDIT

INPUT: Extension request examined and audit team defined

On the basis of PR’s evaluation of the type of process necessary to carry out the extension / modification audit,one of the following processes can be opened in ASCESI:

• extension process, if the audit man/days have been changed and consequently a new PVP is to be issued;• surveillance process if the audit man/days have not been changed and the extension/modification audit is

done during an audit already planned in the PVP;• recertification process if the extension is done during the recertification audit already planned in the PVP

regardless of any change in audit man/days;• extra audit process if the audit man/days have not been changed and if an additional audit is to be carried

out to verify the extension/modification without changing the existing PVP.

PR is responsible for deciding whether it is necessary to perform stage 1.

The TL is responsible for defining, preparing and sending the client the audit plan, checking that:

• regardless of the type of process (extension, surveillance, extra or recertification) and in addition to activities/sitesalready included in the PVP, the audit plan is to clearly identify the activities/sites subject to extension to be audited;

• all the processes, activities and/or services provided by the client and the permanent sites where theactivities are carried out according to the PVP are clearly identified and confirmed, with a sufficient degreeof detail;


• processes/activities/services are assessed by an auditor competent in the pertinent technical area;• the functions involved are indicated;• any shifts are indicated;• adequate time is foreseen for the performance of the different activities;• the activities are clearly assigned among the team members.

For this purpose, it is necessary to complete in ASCESI the following document:




Any subsequent modifications to the AUDIT PLAN already sent (change of audit team members, audit dates,etc.) are to be promptly communicated to the client.

In the case of multisite certification, details of the sampling are to be agreed with PR. For information, refer tothe MULTISITE MULTISITE ANNEX_MULTISITE requirements.






Pag.97/112



ISO14001:2004 - ISO14001:2015




OHSAS 18001:2007









ISO/TS 16949:2009




Pag.98/112






IRIS Rev. 02.1

The Team leader shall create the company audit file using the Audit tool, choosing the client from the related list,as defined by using the diary function in the UNIFE Database, as soon as defined the audit dates and specifyingthe type of the audit: readness review, first specification, re-audit, surveillance, etc.

The audit dates shall be inserted in DIARY at least 60 days before.





EMAS PREVEDE LA CONVALIDA DEGLI AGGIORNAMENTI ANNUALI DELLA D.A: inserire nel piano di audituna parte dedicata dall'esame del documento di D.A. aggiornato da parte del componente competente EMASsenza asterisco.





Pag.99/112




6.5.2. EXTENSION / MODIFICATION AUDIT

INPUT: AUDIT PLAN

The purpose of an extension / modification audit is to verify if the extension / modification required can begranted or not.

According to the type of process opened in ASCESI (refer to the EXTENSION / MODIFICATION OFCERTIFICATION_PLANNING OF MODIFICATION / EXTENSION AUDIT phase), the audit team members carryout the audit according to the AUDIT PLAN.



• drawing up the AUDIT REPORT in ASCESI;• preparing the audit documentation, including the PVP if any changes are to be included and making it

available to PR, taking into account that PR is to submit the extension / modification proposal to the DMwithin three months from the date of the end of the last audit.


OUTPUT: AUDIT REPORT made available to PR


ISO 9001:2008





ISO 14001:2004



Pag.100/112




The document "List of the applicable legal rules in the environmental field" ( FORM-SYS01-EMS-01) orequivalent document must be annexed to the audit documentation.


ISO14001:2015


The document "List of the applicable legal rules in the environmental field" ( FORM-SYS01-EMS-01) orequivalent document must be annexed to the audit documentation.


OHSAS18001:2007





SA 8000:2008




Pag.101/112






SA 8000:2014





ISO/TS 16949:2009




Pag.102/112



IRIS Rev. 02.1

If a client fails the audit, it shall be repeated within a period of 90 days (re-audit or closure of corrective actionsby document review only).

The last day of the certification audit is registered in the IRIS Portal and is deemed as the reference date forfurther audits.

The IRIS audit will be performed using the IRIS Audit Tool.

In case of IRIS and ISO 9001 integrated audits, the Team Leader shall compile the ISO 9001 report too (bothstage 1 and stage 2, if required), as defined in the related RINA procedure and instructions, using ASCESIapplication.

During the assessment, IRIS reports issued by other recognized certification bodies, if available, which canhave an impact to the audit, can be evaluated too.

A scoring principle shall be applied by the evaluation of the questions as defined in the following:

• KO QUESTIONS (refers to ANNEX 4 of IRIS standard): are not scored, but the fulfillment of the requirementsassociated for the all applicable ones is mandatory, otherwise the process is stopped;

• OPEN QUESTIONS: each individual requirements shall be scored progressively using maturity levelsaccording to the criteria defined in Chapter 2, §4.1.2 in IRIS standard;

• CLOSED QUESTIONS: are scored according to the criteria defined in Chapter 2, §4.1.3 in IRIS standard.

The scoring principles are described in Chapter 2, §4.1 and §7 in the IRIS standard.

The management of the improvement and corrective action requested are respectively defined in Chapter 2,§5 and §6 in the IRIS standard.

The award of the IRIS certificate is based on the fulfillment of the following criteria:

• all the requirements associated with the applicable KO questions are met and• all IRIS corrective action requests are closed ad as consequence• the threshold of the global score is met.

The IRIS Audit Tool shall be used for stage 1 and stage 2 audit documentation. The language of the reportis agreed with the client (local language or english). All the reports (preliminary or final) shall be included asummary of the results of the audit in the local language and in english. The reports shall be sent to the SchemeResponsible within 10 calendar days from the conclusion of the audit.

The Scheme Responsible will upload the data within 14 days in the IRIS portal.

The client shall receive a copy of the report signed by the TL.





Pag.103/112


Per l'esame della D.A., processo di convalida e relativo mantenimento si veda si veda l’instruction to technicians”ITT-SYS00-EMAS-01"; tenendo presente che al momento della decisione da parte del DM l'aggiornamento deidati non dovrà essere più vecchio di 6 mesi.



In caso di turni, dovrà essere eventualmente registrata sull’ultima pagina del rapporto di audit la giustificazionedella mancata effettuazione dell'audit su ciascun turno.


FSSC 22000 any any

ISO 22000:2005 | FSSC 22000










Pag.104/112



ISO/IEC 27001:2013


• Scope of the ISMS;• Statement of Applicability;• Layout network(s) and operative site(s) plants;• Information about the samples evaluated during the audit;• Auditor notes with any significant evidence.

TL is responsible for drawing up the AUDIT REPORT, documenting the audit findings and including identificationof any non conformity. The REPORT is to include reference to the following documents:




• information on clearing of non conformities revealed previously;• the audit team’s recommendation as to whether the client’s ISMS should be extended/modified or not, with information

to substantiate this recommendation;• • information about the samples evaluated during the audit.


ISO/IEC 20000-1:2011

The scope of the certification requested is to be defined considering ISO/IEC 20000-3 "Guidance on scopedefinition and applicability of ISO/IEC 20000-1" requirements.



Pag.105/112



ISO/IEC 20000-1:2011















Pag.106/112



ISO 22301:2012








• information on clearing of non conformities revealed previously;• the audit team’s recommendation as to whether the client’s BCMS should be extended/modified or not, with information

to substantiate this recommendation.;• information about the samples evaluated during the audit.


ISO 39001:2012





Pag.107/112



9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009





6.5.3. FOLLOW-UP

INPUT: Positive outcome of extension / modification audit

In the case of minor NC (type B), the analysis of causes, corrections and corrective action and plannedimplementation deadline proposed by the client are checked by the TL or, if not available, by another LA.



• if they are acceptable, the client is to be informed by sending the document CORRECTIVE ACTIONS APPROVAL inASCESI (or through the MEMBER AREA).




ISO/TS 16949:2009





Pag.108/112



IRIS Rev. 02.1











9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009






Pag.109/112



INPUT: Negative audit outcome

According to the type of process opened in ASCESI (refer to the EXTENSION / MODIFICATION OFCERTIFICATION_PLANNING OF MODIFICATION / EXTENSION AUDIT phase) the following phases areapplicable:

• extension, surveillance and extra audits: refer to SURVEILLANCE OR EXTRA PROCESS_POSSIBLESUPPLEMENTARY AUDIT;

• recertification audit: refer to RECERTIFICATION AUDIT_POSSIBLE SUPPLEMENTARY AUDIT.



ISO/TS 16949:2009






IRIS Rev. 02.1





Pag.110/112






9110:2012_EN 9120:2009 any any

EN 9100:2009 | EN 9110:2012 | EN 9120:2009










ISO 14001:2004 - ISO 14001:2015

TL is responsible for preparing the EMS CONFIDENTIAL ASSESSMENT REPORT FOR CERTIFICATIONDECISION where the information to be presented to the DM, has to be recorded. Information to recorded canbe limited to the scope of extension.



Pag.111/112



OHSAS 18001:2007

TL is responsible for preparing the OHS CONFIDENTIAL ASSESSMENT REPORT FOR CERTIFICATIONDECISION where the information to be presented to the DM, has to be recorded. Information to recorded canbe limited to the scope of extension.



TL is responsible for filling in the "CTS summary table" to be submitted to the DM required for the certificationdecision.


ISO/TS 16949:2009




TL deve predisporre un rapporto riservato per la sola parte oggetto di estensione nel quale sono riportate leinformazioni da sottoporre al DM necessarie per la decisione della certificazione.




Pag.112/112



FSSC 22000 any any

ISO 22000:2005 | FSSC 22000



MANAGEMENT SYSTEMS CERTIFICATION RINA [IS …...• ISO/IEC TS 17021-5:2014 - Conformity assessment...

Documents

Transcript of MANAGEMENT SYSTEMS CERTIFICATION RINA [IS …...• ISO/IEC TS 17021-5:2014 - Conformity assessment...