A LOOK AT EXPECTED AMENDMENTS TO ISO/IEC 17025 (1999) - PowerPoint PPT Presentation

About This Presentation
Title:

A LOOK AT EXPECTED AMENDMENTS TO ISO/IEC 17025 (1999)

Description:

ISO/IEC 17065:2012 Explanations (8.6.3) What does the standard mean when it says that my internal audit shall normally be performed at least once every 12 months? – PowerPoint PPT presentation

Number of Views:68
Avg rating:3.0/5.0
Slides: 41
Provided by: FFF55
Category:

less

Transcript and Presenter's Notes

Title: A LOOK AT EXPECTED AMENDMENTS TO ISO/IEC 17025 (1999)


1
(No Transcript)
2
A2LAs ISO/IEC 170652012 Transition and
Applications
Mike Buzard Senior Accreditation Officer Adam
Gouker Accreditation Manager American
Association for Laboratory Accreditation Frederick
, Maryland, U.S.A Presentation to the TCB Council
April 2014
3
Overview
  • A2LA Recognition, Structure, and Processes
  • Transition to ISO/IEC 170652012
  • ISO/IEC 170652012 Published Explanations
  • ISO/IEC 170652012 Requested Explanations
  • Common TCB Assessment Deficiencies
  • Implementation of FCC KDB Revisions (April 2014)

4
A2LA is
  • Non profit
  • Non governmental
  • Independent 3rd party
  • Established in 1978

5
A2LA provides accreditation
  • ISO/IEC 170252005 Testing and Calibration
    Laboratories
  • ISO 151892012 Medical Laboratories
  • ISO Guide 342009 Reference Material Producers
  • ISO 170432010 Proficiency Testing Providers
  • ISO Guide 651996 Product Certification Bodies
  • ISO/IEC 170652012 Product Certification Bodies
  • ISO/IEC 170202012 Inspection Bodies

6
A2LA Recognition
  • International Accreditation Forum (IAF)
    Multilateral Recognition Arrangement (MLA)
    Signatory
  • International Laboratory Accreditation
    Cooperation (ILAC) Mutual Recognition Arrangement
    (MRA) Signatory
  • Recognized Accreditation Body under the National
    Voluntary Conformity Assessment Systems
    Evaluation (NVCASE) Program
  • FCC Recognized Test Firm Accrediting Body (TFAB)
  • Various Govt to Govt MRAs through NIST

7
A2LA Structure
8
A2LA Processes - Assessment
  • Order ISO/IEC 17025 and/or ISO/IEC 17065
  • Read ABs Supplemental Requirements
  • Read Regulator / Certification Scheme
    Requirements
  • Submit Application(s)
  • Assessor Assigned (performs doc review)

9
A2LA Processes - Assessment
  • Conduct On-site Assessment
  • CARs Following Assessment
  • Decision on Accreditation
  • Surveillance and Renewal Assessments

10
A2LA Processes - Cycles
  • Year 0 Initial Accreditation
  • Year 1 On site Surveillance Assessment
  • Year 2 Full Renewal Assessment
  • Year 3 Annual Review, desk audit could be
    on-site
  • Year 4 Full Renewal Assessment
  • Year 5 Annual Review, desk audit could be
    on-site
  • Note this is one option per ISO/IEC 17011,
    clause 7.11.3

11
A2LA Processes - Scopes
  • Document that identifies exactly what the
    organization is accredited for
  • For Labs identifies specific tests methods
  • For CBs identifies product categories, product
    specs, and/or certification schemes
  • Identifies expiration date and physical location
  • Must be confirmed by the assessor
  • Organizations can be accredited for limited
    scope of activities

12
A2LA Processes - Scopes
13
A2LA Processes - Scopes
14
A2LA Processes - Assessors
  • Independent Peer Experts
  • Each with over 10 years of experience in field
  • Trained to Conformity Assessment Standard (e.g.
    ISO/IEC 17025 and/or ISO/IEC 17065)
  • Ongoing training and evaluations (staff, AC, CAB)

15
A2LA Transition to ISO/IEC 170652012
  • Following A2LA R307 Transition Memo to ISO/IEC
    17065
  • Adheres to IAF three-year transition period
    must be completed no later than September 15,
    2015
  • Following our 2 year reassessment cycle
  • Began accepting 17065 applications March 31, 2013
  • No longer accepting new applicants for Guide 65
  • Current CBs must undergo assessment to 17065
  • If not assessed to 17065 by March 1, 2015, must
    undergo on-site assessment by June 30, 2015
  • All requests to expand to 17065 require on-site
    assessment

16
Explanations
  • From ISO/IEC 170112004, section 4.6.2
  • Follow Q/A format - A2LAs official
    explanations of the requirements of the
    relevant conformity assessment standard.
  • It is expected that conformity assessment bodies
    will implement the requirements of the standard
    in accordance with the explanations listed.
    Otherwise, areas of non-conformance will be
    identified by the assessor during the on-site
    assessment.
  • https//www.a2la.org/faq/faqfinder17065.cfm
  • https//www.a2la.org/faq/faqfinder170252005.cfm

17
Explanations
  • Questions typically received from CABs and
    Assessors, but are welcome from all stakeholders
  • Explanations are proposed to Technical Advisory
    Committee for review and approval
  • Explanations then reviewed and approved by A2LA
    management
  • Explanations finally reviewed and approved by
    Criteria Council

18
ISO/IEC 170652012 Explanations (4.1.2.1)
  • What is a Legally Enforceable Agreement, and
    will my assessor be responsible for determining
    its legality?
  • Any signed or sign-able record between the
    certification body and its client/customer
  • Must meet the requirements of clause 4.1.2.2
  • Must take into account the responsibilities of
    the two parties in that agreement
  • Typically referred to as a Contract
  • A2LA assessors will not be determining, nor can
    they be held responsible for, the legality of the
    certification body / client agreements

19
ISO/IEC 170652012 Explanations (4.6.a)
  • Does my organizations Publicly Available
    Information need to explicitly address each of
    the procedures called out in this clause if one
    or more are not applicable to our certification
    activities?
  • Yes, the Certification Body must address each
    required procedure under this clause, even if the
    certification activities being performed do not
    include those actions.
  • For example, an organization operating a
    certification scheme which does not allow for
    extensions or reductions to the scope of
    certification must have documented some statement
    to the effect of, We do not offer any extensions
    or reductions to our certifications.
  • Ensures clear understanding between CB, Clients,
    and Accreditation/Regulatory Bodies

20
ISO/IEC 170652012 Explanations (5.2.2.a)
  • My organization has invited numerous possible
    stakeholders to be part of our Mechanism for
    Safeguarding Impartiality, but all of those
    stakeholders have declined to participate. How
    can my organization show that we are maintaining
    the required balanced representation in light of
    this?
  • Note 2 to clause 5.2.1 and Note 1 to clause 5.2.4
    of ISO/IEC 17065 identify examples of mechanisms
    and potential invitees
  • Notes should be examined prior to determining
    that all possible avenues have been exhausted
  • The certification body must demonstrate (e.g.
    records) that they have identified and invited
    potentially interested parties,
  • And that they have ensured that no single
    interest predominates (e.g. certification body
    cannot hold more than 50 stake in this
    Mechanism)
  • Up to the certification body to take additional
    suitable actions to ensure that these balanced
    interest requirements are met

21
ISO/IEC 170652012 Explanations (6.2.1)
  • What are the applicable requirements that
    Internal Resources must meet in order for my
    organization to comply with this clause?
  • Hierarchy
  • (1) should be defined by the Certification
    Scheme
  • (2) If not defined in the scheme, the
    Certification Body should define what
    requirements are or are NOT applicable in their
    quality system, with justification on any omitted
    clauses of the relevant International
    Standard(s)
  • (3) If the CB and/or Scheme do not define the
    applicable requirements, an A2LA assessor will
    assume that all requirements in the relevant
    International Standard(s) are applicable.
  • If an Evaluation standard (testing / inspection
    method specified in the Certification Scheme)
    explicitly requires an aspect of conformity
    assessment such as measurement uncertainty
    calculations, that cannot be excluded when
    considering whether or not the resource meets the
    requirements of those standards.

22
ISO/IEC 170652012 Explanations (6.2.2.1)
  • What are the applicable requirements that
    External Resources must meet in order for my
    organization to comply with this clause?
  • Hierarchy
  • (1) should be defined by the Certification
    Scheme
  • (2) If not defined in the scheme, the
    Certification Body should define what
    requirements are or are NOT applicable in their
    quality system, with justification on any omitted
    clauses of the relevant International
    Standard(s)
  • (3) If the CB and/or Scheme do not define the
    applicable requirements, an A2LA assessor will
    assume that all requirements in the relevant
    International Standard(s) are applicable.
  • If an Evaluation standard (testing / inspection
    method specified in the Certification Scheme)
    explicitly requires an aspect of conformity
    assessment such as measurement uncertainty
    calculations, that cannot be excluded when
    considering whether or not the resource meets the
    requirements of those standards.

23
ISO/IEC 170652012 Explanations (6.2.2.4)
  • My Certification Body operates under a larger
    corporate umbrella, and we send portions of our
    Evaluation work to another department in the
    corporation. Is this considered outsourcing the
    work to an outside body?
  • Note 2 of clause 6.2.2.1 Use of external
    personnel under contract is not outsourcing.
  • Is a contract in place that covers cl. 6.1.3
    requirements between the department and the
    Certification Body?
  • If so, this is NOT outsourcing.
  • (This also answers the question, Is the resource
    under the direct control of the Certification
    Body? see clause 6.2.1)
  • If the documentation linking the other department
    or its personnel to the Certification Body does
    not meet the requirements called out under clause
    6.1.3, or if the Certification Body cannot
    provide evidence that the additional requirements
    stated under clause 6.1.2 are met for the
    personnel in question, then the actions taken by
    the Certification Body are considered
    Outsourcing, and the Certification Body must
    demonstrate that it complies with the
    requirements related to Outsourced activities.

24
ISO/IEC 170652012 Explanations (7.3.2)
  • A client has asked us to certify a new product
    which we have not certified before, but this new
    product is somewhat similar to ones we have been
    certifying in the past. How do we determine
    whether or not we have prior experience with
    the new product we are being asked to certify?
  • CB should compare the new product to old products
    by examining the certification schemes (if
    different), the technologies, the required
    evaluation techniques/activities, and the
    technical knowledge of its own resources.
  • The NOTE under this clause gives excellent
    guidance to the CB
  • If the certification body determines that the new
    product is sufficiently similar, no records are
    needed
  • The Certification Body may be asked to explain
    its rationale in determining that the new product
    is of the same type as ones that were previously
    certified
  • If the assessor can justify that a certification
    was not of the same type as certifications
    previously granted, a deficiency may be written

25
ISO/IEC 170652012 Explanations (7.3.3)
  • What type of records are required to justify our
    organizations competence and capability to
    perform a certification we have not performed
    before (such as called out in clause 7.3.2)?
  • A2LA does not specify what form a record must
    take
  • However, the records must show that an analysis
    was performed (comparison of scheme requirements,
    competencies of its resources, verification that
    the CB is capable of performing the certification
    activities)
  • Records should be sufficiently detailed such that
    the assessor can reasonably reach the same
    conclusions as the CB
  • If insufficient information for undertaking the
    new certifications is presented, or evidence that
    the certifications were improperly granted, a
    deficiency may be cited

26
ISO/IEC 170652012 Explanations (7.12.3)
  • The certification scheme operated by my
    organization requires that we re-evaluate
    products on a four month cycle. Does the language
    in this clause mean that we only have to keep
    records for 8 months total, in order to meet the
    current and previous cycle requirement?
  • Clause 8.4.2 - Certification Bodys procedures
    for record retention must be consistent with any
    contractual and legal obligations.
  • Those legal and contractual obligations would
    take precedence over the shorter retention cycle
    given in the example above.
  • Above and beyond any legal or scheme obligations
    for record retention, A2LA requires that the
    accredited (or applicant) organization must keep
    copies of records for the entire time period
    between on-site assessments
  • Legal and scheme obligations may require longer
    retention periods, but under no circumstances may
    the Certification Body dispose of records in any
    shorter time period

27
ISO/IEC 170652012 Explanations (7.13.7)
  • How should my organization demonstrate compliance
    to this clause if we receive an anonymous
    complaint?
  • It may not be possible for a certification body
    to give a formal notice of complaint resolution
    to the complainant (e.g. complaint is received
    anonymously, complainant does not leave contact
    info, complainant changes contact information
    such as being dismissed from an employment
    position).
  • Possible evidence could include records of
    attempted emails with read receipts, phone logs,
    voicemails, certified postal mailings, or
    generalized resolution notices to alternate
    persons that are known to be related to the
    original complainant.
  • These examples are not intended to be
    all-inclusive, nor are they mandatory actions
    that must be undertaken by the Certification
    Body.
  • Ultimately, the Certification Body must show
    evidence that they have done reasonable due
    diligence in attempting to contact or locate the
    original complainant
  • In all cases, records of attempts to contact must
    be kept as required by clause 7.13.1.

28
ISO/IEC 170652012 Explanations (8.3.1)
  • What does A2LA consider to be External
    documents that my organization must control
    under our document control procedures?
  • Current versions of the normative documents (e.g.
    test methods) that are vital to maintaining their
    accreditation and to perform their certification
    activities.
  • These documents include
  • ISO/IEC 170652012
  • General A2LA policy documents
  • Any specific A2LA program requirement documents
    relating directly to their field of
    accreditation
  • A2LA does not consider terminology documents,
    such as ISO/IEC 17000 and the VIM, to be
    normative documents that an organization must
    control within their system
  • Example on next slide

29
ISO/IEC 170652012 Explanations (8.3.1)
  • Telecommunications Certification Bodies (TCB)
    would be expected to possess (or have direct
    access to) and have under its document control
    system current versions of the following A2LA
    documents
  • R307 - General Requirements - Accreditation of
    ISO-IEC 17065 Product Certification Bodies
  • P101 - Rules for Making Reference to A2LA
    Accredited Status
  • R102 - Conditions for Accreditation
  • R308 - Specific Requirements - 17065 -
    Telecommunication Certification Body
    Accreditation Program
  • Furthermore, such a TCB would be expected to
    control copies of all test methods (e.g. ANSI
    C63.4, FCC Rule Parts) called out in the schemes
    on their scope, as well as copies of the schemes
    themselves

30
ISO/IEC 170652012 Explanations (8.5.1.1)
  • I am a Certification Body getting ready to apply
    for accreditation to ISO/IEC 17065, do I have to
    perform a complete Management Review before I can
    become accredited?
  • A2LA assessors will look for evidence during the
    on-site assessment that a complete management
    review has been conducted in accordance with
    their documented procedure and pre-determined
    schedule (8.5.1.1).
  • If only a partial review has been conducted by
    the time of the on-site assessment, a deficiency
    will be cited and the full review must be
    completed before initial accreditation can be
    granted.

31
ISO/IEC 170652012 Explanations (8.6.1)
  • I am a Certification Body getting ready to apply
    for accreditation to ISO/IEC 17065, do I have to
    perform a complete Internal Audit before I can
    become accredited?
  • A2LA assessors will look for evidence during the
    on-site assessment that a complete internal audit
    has been conducted in accordance with their
    documented procedure (8.6.1) and pre-determined
    schedule (8.6.3).
  • If only a partial audit has been conducted by the
    time of the on-site assessment, a deficiency will
    be cited and the internal audit must be completed
    before initial accreditation is granted.

32
ISO/IEC 170652012 Explanations (8.6.1)
  • My internal audit process consists of only
    completing the A2LA C309 checklist is this
    sufficient to demonstrate a complete internal
    audit?
  • Not necessarily
  • A CB must provide evidence that their internal
    audit consists of at least the following
  • Determination of compliance with all ISO/IEC
    17065 requirements
  • Determination of compliance with all policies,
    procedures, instructions, etc. that form its
    management system
  • Review of all Certification Process steps (i.e.
    application, evaluation, review, decision,
    certification documents, and surveillance, where
    applicable)
  • Determination of compliance with all relevant
    A2LA policies and requirements (e.g. Ad Policy
    / use of Accredited mark)

33
ISO/IEC 170652012 Explanations (8.6.1)
  • My Scope of Accreditation includes multiple
    product types under a larger scheme. Does my
    internal audit have to include every product type
    on my Scope?
  • Review of records related to each Product Type on
    the organizations Scope of Accreditation must be
    included in their Internal Audit to ensure that
    the management system is being properly
    implemented across all certifications
  • The Internal Audit is considered incomplete if
    the organization fails to include each Product
    Type during its internal audit

34
ISO/IEC 170652012 Explanations (8.6.3)
  • What does the standard mean when it says that my
    internal audit shall normally be performed at
    least once every 12 months?
  • Language of the standard states that the
    certification body may choose to Reduce or
    Restore the frequency - A2LA currently does not
    permit a schedule which extends beyond the 12
    month period specified by the standard (e.g. 8
    month audit schedules are permitted, but not 16
    months)
  • CBs initial internal audit schedule can/should
    show that internal audits will be performed once
    in a 12 month period (or over a rolling 12 month
    period)
  • If more frequent audits are needed (feeling or
    evidence), do not hesitate to adjust the schedule
    accordingly
  • Any changes to the schedule (including restoring
    to the maximum 12 month time frame), as well as
    the rationale behind the decisions to change,
    must be documented and kept as a formal record
  • Changes must be supported by records that
    demonstrate ongoing stability and effectiveness
    of the management system

35
ISO/IEC 170652012 Explanations (8.6.4.d)
  • What does the standard mean when it states that
    my organization must ensure that any actions
    resulting from our internal audits are taken in a
    timely and appropriate manner?
  • A2LA cannot define what timely and appropriate
    means for its certification bodies. The intent of
    this clause is for the organization to take
    action as soon as they are able, in order to
    ensure that the organizations quality system is
    running smoothly, and that the certifications
    being offered are not negatively impacted. An
    assessor may cite a deficiency if there is
    evidence that the quality system or offered
    certifications are being affected by lack of
    action on an internal audit finding. The
    certification body is still responsible for
    meeting all requirements related to corrective
    actions (section 8.7) and preventive actions
    (section 8.8) when acting upon their internal
    audit findings.

36
Proposed Explanations
  • From A2LA PCAC Meeting (April 4, 2014)
  • Clause 4.3.1 define what is adequate in terms
    of insurance
  • Clause 4.4 pricing and discrimination (expedite
    fees)
  • Clause 7.6.4 clarification of applicability to
    clause 7.6.3
  • Clause 7.9.1 7.9.3 scheduling and other
    details of surveillance activities

37
Common TCB Assessment Deficiencies
  • ISO Guide 651996

38
Common TCB Assessment Deficiencies
  • ISO/IEC 170652012

39
Implementing FCC KDB Revisions (April 2014)
  • FCC KDB 668797 TCB Checklist
  • FCC KDB 610077 TCB Post Market Surveillance
  • FCC KDB 641163 TCB Program Roles
    Responsibilities

40
Questions?
  • Mike Buzard Senior Accreditation Officer
  • - Email mbuzard_at_A2LA.org
  • - Phone 240 575 7484
  • Adam Gouker Accreditation Manager
  • - Email agouker_at_A2LA.org
  • - Phone 301 644 3217
Write a Comment
User Comments (0)
About PowerShow.com