Clause | GUARDIAN’s Procedure |
3.0 | Application Receipt |
(Refer GAPL-F-001 & GAPL-F-002) | |
3.1 | Initiating Application |
Enquiries may be received in several forms, by telephone, letter, e-mail, message or inquiry by visiting the organization or its marketing offices. Sometimes, GUARDIAN, on its own may also approach prospective clients by way of mail, letter, telephone, or message or by any other possible means of marketing. | |
3.2 | Required Information |
3.2.1 | Client manager (Admin Assistant or local representative in specific country) may review the basic application and its nature and may request the applicant organization to provide the information in questionnaire GUARDIAN-F-001 as per the nature of the inquiry to enable GUARDIAN to complete the contract review of the prospective client mainly the following information are needed: |
3.2.2 | a. Client name & Legal information
b. Details of the site to be audited c. The desired scope of the certification; d. The general features of the applicant organization, including its name and the address (es) of its physical location(s), significant aspects of its process and operations, and any relevant legal obligations; e. General information, relevant to the field of certification applied for, concerning the applicant organization, such as its activities, human and technical resources, functions, and relationship in a larger corporation, if any; f. Information concerning all outsourced processes used by the organization that will affect conformity to requirements; g. The standards or other requirements for which the applicant organization seeks certification; h. Information concerning the use of consultancy relating to the management system to ensure impartiality. |
i. Availability of the information and any limitation in providing the information to ensure the attainment of the audit objective in the absence of any information.
j. Understanding of the client in reference to Risk assessment and consideration of the legal and statutory requirements. k. Any factor that may affect the calculation of man-days applicable to the prospective client for the certification purpose. |
|
3.2.3 | Basic Review & acknowledgment |
Review shall be conducted in 2-part, one basic review, and a second technical review. After the basic review is completed, the client may accept the application and may issue a receipt of the application in any manner preferably signing on the application form if requested. Further, If the applicant organization requests for formal acceptance letter, an acceptance letter may be issued acknowledgement letter. Any such acknowledgment shall be issued with a disclaimer that this letter is not proof of certification. | |
Basic review shall be based on the following; | |
· Is the accreditation request available with the GUARDIAN (Refer to accreditation letter)
· Is the MSS request available with the GUARDIAN (Refer to accreditation letter) · Does Scope demand available with the GUARDIAN (Refer to accreditation letter) · Does territory of the application is in active list (Refer accreditation letter) |
|
3.2.4 | Note for basic reviewer:
1. Please make sure that information not applicable field is stroked off. Make sure that only the relevant part of the form is filled, and get the application properly filled before sending it to QM for review. 2. Temporary Site means a Location (physical or virtual) where a client organization performs specific work or provides a service for a finite period and which is not intended to become a permanent site. If you are not sure of it, please ask QM. 3. Make a proper understanding of Virtual Site: An example of such a virtual site is a design & development organization with all employees performing work located remotely, working in a Cloud environment. A site cannot be considered a virtual site where the processes must be executed in a physical environment, e.g., warehousing, manufacturing, physical testing laboratories, installation, or repairs to physical products. 4. Application forms can be filled in soft copy, hard copy, or online at MIS, to obtain login details, please contact at info@guardiancertification.com. 5. Acceptance of the application can be executed by AA, AM, QM, country head, or any other authorized personnel, acceptance of the application does not mean acceptance of the application, but this is an acceptance of an application for internal review purposes only. |
Reference GUARDIAN-F-01 Inquiry Form
GUARDIAN F 001-A Transfer Inquiry Form |
|
3.3 | Application Review |
3.3.1 | On the receipt of the inquiry form, the details received shall be reviewed by AM against the technical area, ANZ-SIC code, NACE Codes, or any other classification and the accredited codes of GUARDIAN. check the GUARDIAN’s capability for processing the certification. The review shall be conducted following procedure no P 06. “Procedure for Review of Application and Contract review” If the same is found to be within GUARDIAN’s scope of accreditation, AM forwards the application to QM/TM for Contract Review and Quotation issuance process. |
3.3.2 | GUARDIAN shall ensure that information about the applicant organization and its management system is sufficient to develop an audit program. Ref: GUARDIAN-F-001 |
3.3.3 | Any known difference in understanding between the GUARDIAN and the applicant organization is resolved. |
3.3.4 | GUARDIAN shall verify the availability of competence to perform certification activities. |
3.3.5 | GUARDIAN shall take into account and verify the scope of certification sought, the site(s) of the applicant organization’s operations, time required to complete audits, and any other points influencing the certification activity for example (language, safety conditions, threats to impartiality, etc.). Ref: GUARDIAN-F-01 & F-02 |
3.4 | Contract Review |
3.4.1 | QM shall prepare a quotation after the contract review based on requirements of Mandays, multi-site activities, and other considerations. Estimation of man days shall be as per procedure no. P 06 “Contract Review”. After obtaining approval from the CI EO, I shall submit the same to the client. The matter shall be followed with the client to secure business. If the client decides not to award the work to GUARDIAN, the matter shall bas e treated as closed, and the offer and other details will be filed in the “LOST BUSINESS” file. |
3.4.2 | If the client accepts the quotation of GUARDIAN, he will forward the registration fee and On receipt of all these AM shall be required to verify the relevant details of the client’s application, fee quotation reconfirm the Contract. He may consult the CEO or any other officer of GUARDIAN to carry out an accurate review. Including allocation of the scope sector of the client’s activities coming under the applied scope of registration with the original Questionnaire to check that there is no discrepancy. Any discrepancy shall be taken up with the client and differences resolved before acceptance of work. |
3.4.3 | Based on the contract review (as per Procedure P05), GUARDIAN shall determine the competencies needed to be included in its audit team, and for the certification decision |
3.4.4 | QM /AM in consultation with CEO shall proceed for finalizing the audit team. The audit team shall be appointed and composed of auditors (and technical experts, as necessary) who, between them, have the totality of the competencies identified by GUARDIAN in the application review for the certification of the applicant organization. The selection of the team shall be performed concerning the designations of competence of auditors and technical experts and may include the use of both internal and external human resources. The selection of team comprising of Auditors/ Auditor Team including Technical Experts are selected as per GUARDIAN Procedure P 03 & P 06. |
3.4.5 | The individual(s) who will be conducting the certification decision shall be appointed ensuring appropriate competence with appointment letter-GUARDIAN-F-006 |
3.4.6 | Audit time shall be calculated as per the requirement of the ISO 17021, ISO 22003, ISO 27006 & as per procedure of the Accreditation board including IAF mandatory documents. |
3.4.7 | Computation of on-site audit time for FSMS: |
I The minimum time includes stage 1 and stage 2, but shall not include the time for preparation of the audit nor for writing the audit report. | |
ii To avoid duplication where another relevant management system is in place and certified by the same CAB, additional time is not required (as per Table B.1 of ISO 22003:2013). In the case of a combined audit involving the FSMS, a reduction of the audit time can be implemented if justified and documented. | |
iii The minimum audit time is established for the audit of an FSMS which includes only one HACCP study. | |
iv A HACCP study corresponds to a hazard analysis for a family of products/services with similar hazards and similar production technology and, where relevant, similar storage technology. | |
v The minimum time for on-site auditing of the product and/or service realisation of the organization shall be 50 % of the total minimum audit time (applies to all type of audits). | |
vi The number of auditors per audit day shall be determined taking into consideration the effectiveness of the audit, the resources of the organization being audited as well as the resources of the CAB. | |
vii Where additional meetings are necessary, e.g. review meetings, coordination, audit team briefing, an increase in audit time may be required. | |
viii The number of employees involved in any aspect of food safety shall be expressed as the number of full-time equivalent employees (FTE). When an organization deploys workers in shifts (including seasonal workers) plus office workers. | |
ix Multi-site sampling is to be permitted only in Categories A, B, E, F, and G. | |
x Where sampling of sites is allowed, the sample of sites shall be selected before applying the audit duration calculation. Therefore, audit duration calculations shall be applied to each site according to the requirements of ISO 22003 as specified in GUARDIAN-F-002-F. | |
xi If the scope of one specific client organization covers more than one category, the audit-time calculation shall be taken from the highest recommended basic audit time. Additional time is required for each HACCP study (i.e. a minimum of 0,5 audit days for each HACCP study). | |
xii Other factors may necessitate increasing the minimum audit time (e.g. number of product types, number of product lines, product development, number of critical control points, number of operational prerequisites programs, building area, infrastructure, in-house laboratory testing, need for a translator). |
2. Initial Certification Audit
Clause |
GUARDIAN’s Procedure |
4.0 |
Initial Certification Audit: |
|
The initial certification audit of an FSMS shall be conducted in two stages: stage 1 and stage 2 in all management system certification schemes ISO 9001, ISO 14001, ISO 45001, ISO 22000, ISO 27001 & ISO 13485. |
4.1 |
Stage 1 Audit |
4.1.1 |
GUARDIAN proceeds with Initial Certification Audit (Stage-1) audit activity on completion of contract review and acceptance for Guardian’s certification agreements. Stage 1 audit which is conducted before the Certification audit at the client’s option to provide a macro level assessment of the status of implementation and identification of any major deficiencies in the compliance of the documented quality system with the requirements of the certification standards, for corrective actions to be taken in advance of the certification audit. It provides valuable input to give confidence to the clients and saves time for taking necessary corrective action, later. Stage 1 audit is done in all cases and it is also ensured that the auditor signs the conflict of interest before every visit. |
4.1.2 |
Stage I audit is intended to |
|
a) Ensure that the client management system documentation meets the requirements of the applicable standard/specification. b) To collect information for planning of stage II audit and determine the client’s readiness for stage II audit including the interval between stage I and Stage II audits. Stage I audit shall have an audit plan as per format GUARDIAN-F-005. Normally the Stage I audit shall be performed at the client’s site. In exceptional cases stage I could be carried out without a visit (off-site). Such a decision shall be justified in the audit report, which may be based on the client’s size, location, risk consideration, previous knowledge, etc. In such a situation, the client’s management shall be informed that the planning of the stage II audit might not be accurate. Objective of Stage-1 Audit is: |
|
a) review the client’s management system documented information; b) evaluate the client’s site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for stage 2; c) review the client’s status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or significant aspects, processes, objectives and operation of the management system; d) obtain necessary information regarding the scope of the management system, including: —the client’s site(s); —processes and equipment used; —levels of controls established (particularly in case of multisite clients); —applicable statutory and regulatory requirements; e) review the allocation of resources for stage 2 and agree the details of stage 2 with the client; f) provide a focus for planning stage 2 by gaining a sufficient understanding of the client’s management system and site operations in the context of the management system standard or other normative document; g) evaluate if the internal audits and management reviews are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for stage 2.
NOTE If at least part of stage 1 is carried out at the client’s premises, this can help to achieve the objectives stated above. |
4.1.3 |
The stage 1 audit shall be conducted on-site as per the man-days defined in the Contract Review. The audit shall start with an opening meeting and shall be concluded with a closing meeting in which the client shall be informed about the readiness for Stage 2 audit. Exceptional circumstances for FSMS: In exceptional circumstances, part of stage 1 can take place off-site but shall be fully justified. The evidence needs to be submitted demonstrating that stage 1 objectives are fully achieved. Off-site audit can only be permitted in exceptional circumstances with the permission of the CEO, indicative circumstances are as follows: i Very remote location ii Short seasonal production iii Difficult environmental condition of the auditing, like in glacier |
|
The audit shall be performed by verifying and with the following: |
4.2.0 |
Audit Objective |
|
Please refer Procedure 13 |
4.3 |
At the end of audit the team leader shall prepare an audit report declaring: a. Client’s status regarding readiness for stage 2 audit. b. Identified areas preventing the client from being deemed ready. c. Areas of concern could be classified as non-conformity during stage II audit. d. During stage I audit no non-conformities shall be identified. |
|
e. In case it is concluded that the client is not ready for stage II audit then stage I audit shall be performed again. f. The team leader then shall prepare an audit plan for stage II audit based on the defined processes of the client. g. Stage 1 audit findings documented and communicated to the client by the Team Leader |
4.4 |
For most management systems, it is recommended that most parts of the stage 1 audit be carried out at the client's premises to achieve the objectives stated above. Any part of the FSMS that is audited during the stage 1 audit, and determined to be fully implemented, effective, and in conformity with requirements, may not need to be re-audited during the stage 2 audit. However, the GUARDIAN shall ensure that the already audited parts of the FSMS continue to conform to the certification requirements. In this case, the audit report shall include these findings and shall clearly state that conformity has been established during the stage 1 audit. |
4.5 |
Stage 1 audit findings shall be documented and communicated to the client, including identification of any areas of concern that could be classified as nonconformity during the stage 2 audit. Agreement (GUARDIAN-F-004) shall contain a clause to mandatory information to the client that the results of stage 1 may lead to postponement or cancellation of the stage 2 audit. |
4.6 |
In determining the interval between stage 1 and stage 2 audits, consideration shall be given to the needs of the client to resolve areas of concern identified during the stage 1 audit. Stage 1 and Stage 2 can be planned together, but in case Stage 2 is not conducted due to findings raised in Stage 1, the Client shall be liable to pay full fees for the cancellation of the audit plan. GUARDIAN may also need to revise its arrangements for stage 2. The interval between stage 1 and stage 2 shall not be longer than 6 months. Stage 1 shall be repeated if a longer interval is needed. But in case of a time gap between stage-1 & Stage-2 audits for ISO 9001:2015 & ISO 14001:2015 exceed 2 months, the client needs to provide an INCIDENCE REPORT (Incidence after stage-1 Audit, which may affect the risk assessment or risk perspective of the client) and its treatment(if applicable). |
4.7 |
The report shall be evaluated by AM and the plan for the subsequent audits of the organization is discussed with the client. A detailed report shall be prepared by the Team Leader and a copy shall be given to the client. |
4.8 |
It is expected that the generally the management system has been in place for at least about three months before the Pre-Audit is considered. However, the time can be decided by the CEO. |
4.9 |
Any part of the management system audited at Stage I audit and determined to be fully implemented, effective, and in conformity with the requirements of FSMS can be left during the Stage 2 audit. |
4.10 |
In case the OHS Stage 1 & Stage 2 audit is carried out by a different auditor, the auditor needs to take a copy of the report from GUARDIAN, QM is responsible for confirming from the auditor. |
5.0 |
Stage 2 Audit |
|
Stage II audit is intended to: a) Ensure that the client's management system conforms to the requirements of the applicable standard/specification including its effectiveness. b) To provide guidelines for associated follow-up audits/ surveillance audits and recertification audits. |
|
The purpose of the stage 2 audit is to evaluate the implementation, including effectiveness, of the client's management system. The stage 2 audit plan is verified to ensure that the majority of the audit time is given to verify the effective implementation of the management system in the locations where the organization’s activities take place including on-site audits of temporary sites for ISO 45001 (In Management System Audit 80% of the audit time shall be given onsite). |
|
GUARDIAN ensures Stage 2 audit meets the following requirements 5.1 Stage 2 Audit shall take place at the site (s) of client |
5.2 |
Stage 2 audit shall be conducted within a maximum of 90 days of completion of stage 1 audit |
5.3 |
Team leader shall prepare an audit plan communicate to the client after completion of stage 1 audit |
5.4 |
Stage 2 audit shall include at least the following: a) Information and evidence about conformity to all requirements of the applicable management system standard or other normative document b) Performance monitoring, measuring, reporting and reviewing against key, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document). c) The client’s management system and performance as regards to legal and other requirements d) Operational control procedures of the client’s processes. e) Internal auditing and management review f) Management commitment and responsibility for the client’s policies g) Links between the normative requirements, policy, performance objectives, and targets (consistent with the expectations in the applicable management system standard or another normative document), any applicable legal and other requirements, responsibilities, the competence of personnel, operations procedures, performance data, and internal audit findings and conclusions. h) Various mandatory records to ensure that the management system is operational i) Evidence of the monitoring of customer satisfaction j) The organization adheres to its own OHSMS policies, objectives and procedures. k) The OHS management system conforms to all the requirements of the OHS standard and is achieving the organization’s policy objectives for providing a safe and healthy working environment. l) Verify effective implementation of OHS including temporary sites. |
5.5 |
Audit shall begin with an opening meeting followed by a site visit. If the audit is for more than one calendar day duration, a meeting shall be conducted to apprise the client of the findings of the day including any non-conformities, progress of the audit, any problem faced, and modification to the audit plan, if required |
5.6 |
Before meeting the client/ closing meeting, the team leader shall have a meeting with the team members who will exchange findings and review the audit progress and system implementation status till that time. |
5.7 |
Each team member shall ensure that the Auditor’s notes are legible, containing the name of the main auditee, date and area/ process audited, what and where was seen, reference of documents/ records reviewed, any nonconformity identified with objective evidence, category of non-conformity, observations, etc. |
5.8 |
As far as possible at least one member of the team shall possess the relevant code, who shall be assigned to audit the core processes of the management system. In case team members don’t have competency, in such case a specialist with an appropriate code shall be arranged. |
5.9 |
It is the responsibility of the team leader to ensure that the audit is completed for areas/ processes by the team that all requirements are covered and that the team members have provided necessary inputs to him for completing the report. |
5.10 |
If an audit is to be conducted in a language not known by any team member including the team leader, a suitable interpreter should be arranged, ensuring impartiality. |
5.11 |
If any non-conformity is identified, the auditor shall explain the same to the auditee to his satisfaction. In case of a Major non-conformity, the team leader shall be informed who will inform the management about the same and give them the option either to terminate further audit or to continue. |
5.12 |
While recording nonconformity, sufficient objective evidence, standard/ specification clause number, and client documents. Reference number (if any) in addition to the area where it was found shall be recorded in clear terms so that the auditee or any other person reading it can easily understand |
5.13 |
In addition to non-conformity, any observation for improvement, positive issues should also be recorded, in the report. |
5.14 |
While deciding on a recommendation, issues like the number and category of non-conformities, any concentration of non-conformities against any clause (s), and the view of team members shall be considered. |
5.15 |
At the end of the assessment, a written report, duly signed by the team leader and client representative shall be prepared and handed over to the client which shall include nonconformities identified if any, recommendations for certification or otherwise. |
5.16 |
It is advisable to request the client to have a close look at the “Certification detail” in the report for any possible error in name, address, scope, spelling mistake, etc. |
5.17 |
When the recommendation is made for certification the audit reports, confirmation of the information provided to the GUARDIAN used in the application review, a recommendation whether or not to grant certification, together with any conditions or observations, the need for taking corrective action and need of verification of the corrective action taken (i.e. when there is nil or few minor non- conformities), by site visit or otherwise must be taken into account & explained. The client should complete the corrective action within a maximum of 90 days from the date closing meeting. |
5.18 |
A copy of the report should be given to the client and one copy with attendance record and auditors notes to be sent to the Head office of GUARDIAN. |
5.19 |
For multi-site certification “Procedure for selection site P06 shall be followed. |
5.20 |
The Lead Auditor needs to submit a copy of the report to the client and accept the report to the GUARDIAN Head Office. |
5.21 |
The Lead Auditor shall identify the recommendations conditions with Non-Conformity or without Non-Conformity, the observations shall be well communicated in the report. |
5.22 |
Non-conformities shall be classified as. Major or Minor according to their potential effects on the management system. The consequences of these shall be termed as follows: |
3. Granting Initial Certification
Clause |
GUARDIAN’s Procedure |
6.0 |
Granting Initial Certification |
6.1 |
The information provided by the audit team to GUARDIAN for the certification decision shall be as per GUARDIAN procedure no. P 07 “Procedure for issue, change, and cancellation of certification. and shall include, as a minimum. a. The audit reports, b. Comments on the nonconformities and, where applicable, the correction and corrective actions taken by the client, c. Confirmation of the information provided to GUARDIAN used in the application review, and d. A recommendation on whether or not to grant certification, together with any conditions or observations. GUARDIAN shall make the certification decision based on an evaluation of the audit findings and conclusions and any other relevant information (e.g. public information, comments on the audit report from the client). |
6.2 |
The Guardian’s Certification Committee shall analyze all information and audit evidence gathered during the stage 1 and stage 2 audits to review the audit findings and agree on the audit conclusions. For decision making, non-compliances / nonconformities may be classified into 2 categories: a. Major non-conformity – which must be rectified before certification can be recommended by the Lead Auditor. b. Minor non-conformity – This does not affect the recommendation for approval but must be addressed before the issue of your certificate. c. Observation: Observation need not be addressed mandatorily, but this is an indication that such incidents may be potential nonconformities in the future. |
6.3 |
In case of the transition to a new standard like (ISO 9001:2015 or ISO 14001:2015); GUARDIAN shall restrict the expiry date of the certificate by the last date of the standard, unless and otherwise required by the client with the commitment to timely make the transition before the due date as specified. |
6.4 |
GUARDIAN Shall not accept applications for previous versions of ISO 9001-2015, ISO 14001-2015 & ISO 45001-2018. |
5.23 | Nonconformity | |||
Type of NC | Pre- Audit | Certification Audit | Surveillance or recertification audit | |
Major | - No certification
- Completion - time scale open - Full certification audit |
-No certification until completion within 60 days or new full audit verification based on objective evidence (on documents or on-site)
- Next surveillance audit within 6/9 months |
- Completion within 15 days
- Verification based on objective evidence (on documents or on-site) - Certification suspended: Information to the customers. - New verification based on objective evidence - Next surveillance audit within 6/9 months |
|
Minor | No certification | - Certification completion effective or effectively planned within 30 days
- Verification based on objective evidence (on documents or on-site)
|
Completion effective or effectively planned within 30 days
- Verification based on objective evidence (on documents or in site) - Certification suspended: information to customers |