Receipt and review of Audit report

The Team Leader is responsible for submission of audit report to the Quality manager within 10 days of completion of the stage-2 audit.

This contains at least client signed audit report, corrective action plan for non-conformances. All audit reports (Stage 1, Stage 2, routine surveillances, follow-up, special audit, recertification etc.) are reviewed by the Report reviewing authority at appropriate stages.

UCMPL ensures that certificate of conformity is issued only on the basis of evidence-based recommendation received from a competent audit team. The audit reports are reviewed at multiple stages, as described below-

• A competent technical committee constituting one or more members is selected by the application reviewer from among the approved list of auditors (UCMPL-F-26,27,28 Auditors with IAF/EA Code). If the competent auditor (who had not participated in the audit of this client) is not available, appropriate auditor who is competent to conduct industry of similar or higher complexity is selected along with a competent technical expert.

• It is ensured that the auditor who has carried out the audit, or the concerned Application reviewer/ audit programmer who planned the audit, do not participate in the certification decision making process.

• The Quality manager submits the clients audit file containing all relevant information starting from initial application, client contract, stage-1 audit report, stage-2 audit report, NC findings and corrective action closure reports and audit teams’ recommendations, to the certification decision making person/ committee.

• The submitted set of documents is reviewed for completion by Report reviewer/ certification decision maker. Audit report review checklist (UCMPL-F-34 Certificate issue checklist) is used to record the review and certification related decision.

• The audit report along with audit report review checklist (UCMPL-F-34 - Certificate issue checklist) is submitted to technical committee for technical review which includes review of the information provided by the audit team is sufficient with respect to certification requirements, scope of accreditation and effectiveness of corrections and corrective actions are evidenced for all non-conformances raised during the audit.

• The decision-making committee takes appropriate decision related to certification on the basis of audit report and recommendation submitted by the audit team leader.

If the committee feels that the audit report does not provide sufficient information required to make certification decision, additional audit, with specific objectives, by another audit team may be ordered. The Technical Committee & certification decision maker confirms, prior to making a decision on the following basis-

• the information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification

• it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all major nonconformities that represent failure to fulfill one or more requirements of the audit standard.

• it has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all major nonconformities that represent a situation that raises significant doubt about the ability of the client's management system to achieve its intended outputs.

• it has reviewed and accepted the client's planned correction and corrective action for all minor nonconformities.

• Closure of some of the minor non-conformities may be verified by perusal of documentary evidence submitted to the UCMPL office/ audit team leader.

• Closure of some of the minor non-conformities may be verified during subsequent surveillance audit.

Action prior to making a decision- The Technical Committee/Audit report reviewer & certification decision maker confirms, prior to making a decision, that –

The information provided by the audit team is sufficient with respect to the certification requirements and the scope for certification.

It has reviewed, accepted and verified the effectiveness of correction and corrective actions, for all major nonconformities that represent –

• failure to fulfill one or more requirements of the audit standard

• a situation that raises significant doubt about the ability of the client's management system to achieve its intended outputs

It has reviewed and accepted the client's planned correction and corrective action for all minor nonconformities.

• Closure of some of the minor non-conformities may be verified by perusal of documentary evidence submitted to the UCMPL office/ audit team leader.

• Closure of some of the minor non-conformities may be verified during subsequent surveillance audit.

On each certificate to be issued, client organization's name, base office, address, name of the audit standard (including issue year of standard), and scope of the audited MS, is typed/ printed.

Regarding the Certificate Issue Date: Final Copy of the Certificate will be Issued on the same date of the Certification Decision Date {Certificate Issue Date and Certification Decision Date must be same}

The Quality Manager review the printed certificate to detect any errors. The certificate with all attachments like logo rules, soft copy of UCMPL logo, cover letter etc. is submitted to the Managing Director for his signature.

After approval signature of the MD, relevant information of the client and its certification status is put in the UCMPL website.

For certificate issued under scope of accreditation, the information about the certificate is updated on Client register by the Managing Director without any delay from the issuance of the certificate.

The signed certificate is updated on the client list and forwarded for dispatch. The QM verifies the appropriate updation on UCMPL client register and records it on the certificate issue checklist of UCMPL. Ref. UCMPL-F-34-Certificate Issue Checklist.

The designating person verifies the certificate on UCMPL Client register and prepares the covering letter for the certificate issue to the client.

The signed certificate is sent to the client at his address or any other address he has specifically requested. The certificate shall not be issued to any other person without a written approval from the client. The certificate docket shall contain at least the following-

• Covering letter from UCMPL.

• Rules accompanying the logo

• Certificate

Record of dispatch of certificate is maintained in the UCMPL office. Safe delivery of the certificate at client’s address is also verified by the UCMPL office by phone or E-mail.

Change in Certificate

The client may request for change in certificate. This may be due to-

• Change in ownership

• Change in name of the company

• Change in location

• Increase or decrease in scope (products, services offered etc.)

• Increase or decrease in locations

(In case of revision in the certificate suffix “-01” is added to the certificate no. In case of repeated revision in one certificate the suffix is revised in ascending order like -02, -03........)

Client may request for change in certificate or reduction / expansion in scope to Quality Manager shall review the request and decide for a special audit if the next audit is not due in near future or if the next audit cannot be proposed. Quality Manager also determines if the changed scope is within accreditation scope of UCMPL.

In case of change in name of company or location without any change in management, the client shall submit Legal Documents for the change. Where the management has changed, the details of Legal Documents for approval shall be submitted along with the request.

The duration for the special visit shall be decided by Quality Manager and communicated to the client. The lead auditor submits a descriptive report detailing the changes, justification for reduction / expansion of scope and review of the impact of change in the scope (use of logos etc.). Where expansion of scope is requested, the compliance to MS for the respective activities and impact on other processes is verified. In case the special visit is carried out as a part of routine surveillance, the descriptive report is added to the surveillance report.

Certification document

UCMPL provides certification documents to the certified clients normally by courier. When requested scanned copy is also mailed to the client.

The certification document identifies the following:

• The name and geographical address/ location of the certified organization.

• The name and location of the headquarter and any site/s within the scope of a multi-site certification) In case where the site addresses or scope details can’t be accommodated in one page, these are documented as schedules to the certificate and are referenced in the certificate.

• Dates of granting, extending or renewing certification/Planned surveillance audit dates and the expiry date or recertification due date consistent with the recertification cycle.

UCMPL exercises proper control of ownership over use of certificate, marks/ logo and audit reports. We make this clear in our contract/ agreement with clients that UCMPL will take action to deal with incorrect references to certification status or misleading use of certification documents, marks (including accreditation symbol if applicable) or audit reports. This action could include requests for correction and corrective action, suspension, withdrawal of certification, publication of the transgression and, if necessary, legal action.

Maintaining certification: UCMPL has established a system which requires that for any nonconformity or other situation that may lead to suspension or withdrawal of certification, the Technical Committee appropriately decides the line of action, to determine whether certification can be maintained. UCMPL maintains certification based on demonstration that the client continues to satisfy the requirements of the audit standard. It maintains a client's certification based on a positive conclusion by the audit team leader.

Recertification

Reassessment is a requirement of ISO 17021-1:2015 and is intended to verify overall continuing effectiveness of the organization’s applicable management system in its totality. The reassessment provides for a review of the past performance of the quality management system over the period of previous certification, including examination of the documents/records relating to the internal audits, management review and effectiveness of corrective and preventive actions, etc.

The process of recertification would include a reassessment of the organization’s documented quality management system including a review of the Management System, where necessary, to be conducted before the expiry of three years term of validity. The recertification audits planned and conducted to evaluate the continued fulfillment of all of the requirements of the relevant management system standard or other normative document.

Reassessment is normally carried out at the end of three-year cycle within one year from the last day of the last surveillance audit. However, in the case of 9 month/Six-month frequency the reassessment audit can be done at agreed interval but certainly before expiry of the certificate.

The process of Re-certification is planned by the competent application reviewer, in consultation with the Quality Manager. Notice is sent to the client, at least two months before the expiry of the certificate validity. If the client agrees for the recertification, updated status is captured in fresh application form, quotation is sent and application review is re done, and new contract is signed.

Information about any substantial change in management, and process and IMS scope is gathered, and if substantial change is reported, stage-1 audit is planned to assess suitability of the documentation with current process status of the client.

Objective of the recertification audit

• To assess the extent of the effectiveness of the management system in the light of internal and external changes with reference to the scope of the IMS certification.

• To assess whether the operation of the certified management system contributes to the achievement of the organization's policy and objectives.

• To verify that the client is following the conditions of certification.

• Demonstrated commitment to maintain the effectiveness of the system.

• This reassessment activity can be divided under following headings covering the points listed below.

• Summary of Previous Audit Reports.

• Whether all areas/ processes/ clauses have been audited at least once in the last three-year cycle.

• Any concentration of non-conformities against particular clauses/areas and effectiveness of corrective actions taken on nonconformities identified by UCMPL shall be closed as earlier.

• Quality Objectives and Continual Improvement.

• Whether the operation of the certified management system contributes to the achievement of the organization's policy and objectives.

Surveillance Audit: Surveillance audits are on-site audits, but are not necessarily full system audits. Surveillance audits planned together with the other surveillance activities so that the certification body can maintain confidence that the certified management system continues to fulfill requirements between recertification audits. The surveillance audits conducted at least once a year and the date of the first surveillance audit following initial certification shall not be more than 12 months from the last day of the stage 2 audit.

The Assigned team leader is responsible for conducting and managing the assessment along with other team member, if any. The Team Leader shall be of Auditor status as a minimum. As far as possible, same team should be sent for surveillance audit for the certification cycle. The team leader also ensures that any Technical Expert / Specialist are not allowed to function independently and are always accompanied by Auditor/ Lead Auditor.

The objective of surveillance audit is to:

• Ensure that the client’s management system which was basis of grant of certificate has been maintained on continuous basis.

• Verify and ensure that any changes to management system which might have taken place since last audit meet the requirement of the standard/ specification and implemented effectively

• Ensure on-site audits assessing the certified client's management system's fulfillment of specified requirements with respect to the standard to which the certification is granted.

• Ensure that the management system continues to be appropriate to the product/ process/ service offered by client, with the capability of managing and improving performance.

• Assess continual improvement in client’s management systems

The team leader shall review the client file, specially the last audit report to make note of any issues to be followed up, including the non-conformities and corrective action plan. Audit plan shall be sent to clients in advance so that they can seek any changes with respect to timing etc., if found inconvenient due to administrative reasons. Audit should be conducted (at least annually and it shall be ensured that the date of first surveillance audit shall not be more than 12 months from the last day of stage 2 audit.) as per Surveillance audit plan given in the last audit report but if there is any change due to any justified reasons, the same should be recorded in auditor notes and surveillance audit plan shall be updated in the report. During opening and closing meeting, the attendance record sheet is circulated for recording name and designation of the client representative present. Either each person can record their name & designation or one person can do so for all present. During each surveillance audit, client’s management systems shall be audited in adequate depth to ensure continued effectiveness of implemented system. All areas shall be audited at least once over a period of the certification cycle of three years however mandatory areas shall be audited every time. Following parameters are verified during each surveillance audit.

• Additionally, client’s statements with respect to its operations (e.g. promotional material, website). Also reviewed during each surveillance audit.

• enquiries from the certification body to the certified client on aspects of certification,

• requests to the client to provide documents and records (on paper or electronic media),

• other means of monitoring the certified client's performance.

• Internal audits and management review.

• A review of actions taken on nonconformities identified during the previous audit

• Actions taken on customer complaints.

• Effectiveness. Of the management system with regard to achieving the objectives

• Progress of planned activities aimed at continual improvement.

• Continuing operational control.

• Review of any changes and use of CB & AB marks.

The corrective action taken on non-conformities identified during last audit should be verified for its effectiveness. If the corrective action taken is not satisfactory/ non-taken, the severity of the minor NC shall be re-issued escalated to Major and client shall be advised accordingly. In such a case, further action would be taken. Non-conformity reporting, report preparation, report distribution, requirement of CAP (in case NC is raised) shall be similar to certification audit procedure. In case a major NC is identified, the team leader shall review to look for the possibility whether the corrective action taken can be verified off site (i.e. on-site verification is not required). In such case the suitable recommendation shall be made in the report.

Suspension, withdrawing or Cancellation of Client Certification

UCMPL have the authority to suspend certification in cases where on reviewing the audit reports and subsequent verification, he arrives to a conclusion that the-

• Client’s certified management system has persistently or seriously failed to meet certification requirements, including requirements for the effectiveness of the management system in the surveillance audits.

• the client’s management system has persistently lost the effectiveness of the management system

• The certified client does not allow surveillance or recertification audits to be conducted at the required frequencies as mentioned in the contract no.

• The certified client has voluntarily requested a suspension in writing to UCMPL.

Under suspension, the client's management system certification is declared temporarily invalid. UCMPL makes enforceable agreement with its clients to ensure that in case of suspension the client refrains from further promotion of its certification.

Quality Manager ensures that the suspended status of the certification is publicly accessible on the website and also communicated to the client in writing.

UCMPL ensures that the suspended status of the certification is publicly accessible on the UCMPL’s website.

Suspension Time Limit: 15 Days from the Date when Surveillance Audit has been due, after 15 Days Client will be suspended and listed on the UCMPL Website under Suspended Clients.

For Revoking the Certificate, UCMPL will Provide additional 15 Days from the Date of Suspension to the Client.

After then Certificate will be Withdrawal i.e., Withdrawal time is 15 Days from the Date of Suspension.

UCMPL has established a policy to reduce the client's scope of certification to exclude the parts not meeting the requirements of the audit standard, when the client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification.

UCMPL has established a policy to reduce the client's scope of certification to exclude the parts not meeting the requirements of the audit standard, when the client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification. The scope of the certification and communicates in writing to the client and the list is updated on the website.

UCMPL has established legally enforceable arrangements with the certified client concerning conditions of withdrawal. As per this agreement, upon getting the notice of withdrawal, the client has to discontinue its use of all advertising matters that contain any reference to its certified status.

This Process correctly state the status of certification of a client’s management system as being suspended, withdrawal or reduced in UCMPL website and may publish status of certification in newspaper as necessary.