Initial Certification Audit: |
The initial certification audit shall be conducted in two stages: stage 1 and stage 2 in all management system certification schemes ISO 9001, ISO 14001, ISO 45001, ISO 21001, ISO 27001, ISO 37001.. |
Stage 1 Audit |
GUARDIAN proceeds with Initial Certification Audit (Stage-1) audit activity on completion of contract review and acceptance for Guardian’s certification agreements. Stage 1 audit which is conducted before the Certification audit at client’s option to provide a macro level assessment of the status of implementation and identification of any major deficiencies in the compliance of the documented quality system with the requirements of the certification standards, for corrective actions to be taken in advance of the certification audit. It provides valuable inputs to give confidence to the clients and saves time for taking necessary corrective action, later. Stage 1 audit is done in all cases and it is also ensured that the auditor signs the conflict of interest before every visit. |
Stage I audit is intended to |
a) Ensure that the clients management system documentation meets the requirements of the applicable standard/specification. b) To collect information for planning of stage II audit and determine the client’s readiness for stage II audit including interval between stage I and Stage II audits. Stage I audit shall have an audit plan as per format GUARDIAN-F-005. Normally the Stage I audit shall be performed at client’s site. In exceptional cases stage I could be carried out without a visit (off site). Such decision shall be justified in audit report, which may be based on the client’s size, location, risk consideration, previous knowledge, etc. In such situation the client’s management shall be informed that the planning of stage II audit might not be accurate. Objective of Stage-1 Audit is: |
a) review the client’s management system documented information; b) evaluate the client’s site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for stage 2; c) review the client’s status and understanding regarding requirements of the standard, in particular with respect to the identification of key performance or significant aspects, processes, objectives and operation of the management system; d) obtain necessary information regarding the scope of the management system, including: —the client’s site(s); —processes and equipment used; —levels of controls established (particularly in case of multisite clients); —applicable statutory and regulatory requirements; e) review the allocation of resources for stage 2 and agree the details of stage 2 with the client; f) provide a focus for planning stage 2 by gaining a sufficient understanding of the client’s management system and site operations in the context of the management system standard or other normative document; g) evaluate if the internal audits and management reviews are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for stage 2.
NOTE If at least part of stage 1 is carried out at the client’s premises, this can help to achieve the objectives stated above. |
The stage 1 audit shall be conducted on site as per the man-days defined in the Contract Review. Audit shall start with opening meeting and shall be concluded with closing meeting in which client shall be informed about the readiness for Stage 2 audit. Exceptional circumstances : In exceptional circumstances, part of stage 1 can take place off-site but shall be fully justified. The evidence need to be submitted demonstrating that stage 1 objectives are fully achieved. Off-Site audit can only be permitted in Exceptional circumstances with the permission of the CEO, indicative circumstance are as following: i Very remote location ii Short seasonal production iii Difficult environmental condition of the auditing, like in glacier |
The audit shall be performed by verifying and with the following: |
Audit Objective |
Please refer Procedure 13 |
At the end of audit the team leader shall prepare an audit report declaring: a. Client’s status regarding readiness for stage 2 audit. b. Identified areas preventing the client being deemed ready. c. Areas of concern, which could be classified as non-conformity during stage II audit. d. During stage I audit no non-conformities shall be identified. |
e. In case it is concluded that the client is not ready for stage II audit then stage I audit shall be performed again. f. Team leader then shall prepare an audit plan for stage II audit based on defined processes of the client. g. Stage 1 audit findings documented and communicated to the client by the Team Leader |
For most management systems, it is recommended that most part of the stage 1 audit be carried out at the client's premises in order to achieve the objectives stated above. Any part of the management system that is audited during the stage 1 audit, and determined to be fully implemented, effective and in conformity with requirements, may not need to be re-audited during the stage 2 audit. However, the GUARDIAN shall ensure that the already audited parts of the management system continue to conform to the certification requirements. In this case, the audit report shall include these findings and shall clearly state that conformity has been established during the stage 1 audit. |
Stage 1 audit findings shall be documented and communicated to the client, including identification of any areas of concern that could be classified as nonconformity during the stage 2 audit. Agreement (GUARDIAN-F-004) shall contain a clause to mandatory information to the client that the results of the stage 1 may lead to postponement or cancellation of the stage 2 audit. |
In determining the interval between stage 1 and stage 2 audits, consideration shall be given to the needs of the client to resolve areas of concern identified during the stage 1 audit. Stage-1 and stage 2 can be planned together, but in case stage 2 is not conducted due to finding raise in Stage-1, Client shall be liable to pay full fees for the cancellation of the audit plan. GUARDIAN may also need to revise its arrangements for stage 2. The interval between stage 1 and stage 2 shall not be longer than 6 months. Stage 1 shall be repeated if a longer interval is needed. But in case of time-gap between stage-1 & Stage-2 audit for ISO 9001:2015 & ISO 14001:2015 exceed 2 months, client need to provide INCIDENCE REPORT (Incidence after stage-1 Audit, which may affect the risk assessment or risk prospective of the client) and its treatment(if applicable). |
The report shall be evaluated by AM and plan for the subsequent audits of the organization is discussed with the client. A detailed report shall be prepared by the Team Leader and a copy shall be given to the client. |
It is expected that the generally the management system has been in place for at least about three months before the Pre-Audit is considered. However, the time can be decided by CEO. |
Any part of management system audited at stage I audit and determined to be fully implemented, effective, and in conformity with requirements of management system can be left during the Stage 2 audit. |
In case OHSMS Stage 1 & Stage 2 audit is carried out by different auditor, the auditor need to take a copy of the report from GUARDIAN, QM is responsible for confirming from the auditor. |
Stage 2 Audit |
Stage II audit is intended to: a) Ensure that the clients management system conforms to the requirements of the applicable standard/specification including its effectiveness. b) To provide guidelines for associated follow up audits/ surveillance audit and recertification audit. |
The purpose of the stage 2 audit is to evaluate the implementation, including effectiveness, of the client's management system. The stage 2 audit plan is verified to ensure that the majority of the audit time is given to verify the effective implementation of the management system in the locations where the organization’s activities take`s place including on-site audits of temporary sites for ISO 45001 (In Management System Audit 80% of the audit time shall be given onsite). |
GUARDIAN ensures Stage 2 audit meets the following requirement Stage 2 Audit shall take place at the site (s) of client |
Stage 2 audit shall be conducted within maximum 90 days of completion of stage 1 audit |
Team leader shall prepare an audit plan communicate to the client after completion of stage 1 audit |
Stage 2 audit shall include at least the following: a) Information and evidence about conformity to all requirements of the applicable management system standard or other normative document b) Performance monitoring, measuring, reporting and reviewing against key, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document). c) The client’s management system and performance as regards to legal and other requirements d) Operational control procedures of the client’s processes. e) Internal auditing and management review f) Management commitment and responsibility for the client’s policies g) Links between the normative requirements, policy, performance objectives, and targets (consistent with the expectations in the applicable management system standard or other normative document), any applicable legal and other requirements, responsibilities, the competence of personnel, operations procedures, performance data, and internal audit findings and conclusions. h) Various mandatory records to ensure that the management system is operational i) Evidence of the monitoring of customer satisfaction j) The organization adheres to its own OHSMS policies, objectives, and procedures. k) The OHS management system conforms to all the requirements of the OHS standard and is achieving the organization’s policy objectives for providing a safe and healthy working environment. l) Verify effective implementation of OHS including temporary sites. |
The audit shall begin with an opening meeting followed by a site visit. If the audit is for more than one calendar day duration, a meeting shall be conducted to apprise the client of the findings of the day including any non-conformities, progress of the audit, any problem faced, and modification to the audit plan, if required |
Before meeting the client/ closing meeting, the team leader shall have a meeting with the team members who will exchange findings and review the audit progress and system implementation status till that time. |
Each team member shall ensure that Auditor’s notes are legible, containing the name of the main auditee, date and area/ process audited, what and where was seen, reference of documents/ records reviewed, any nonconformity identified with objective evidence, category of non-conformity, observations, etc. |
As far as possible at least one member of the team shall possess the relevant code, and shall be assigned to audit core processes of the management system. In case team members don’t have competency, in such case a specialist with an appropriate code shall be arranged. |
It is the responsibility of the team leader to ensure that the audit is completed for areas/ processes by the team that all requirements are covered and that the team members have provided necessary inputs to him for completing the report. |
If an audit is to be conducted in a language not known by any team member including the team leader, a suitable interpreter should be arranged, ensuring impartiality. |
If any non-conformity is identified, the auditor shall explain the same to the auditee to his satisfaction. In case of a Major non-conformity, the team leader shall be informed who will inform the management about the same and give them the option either to terminate further audit or to continue. |
While recording nonconformity, sufficient objective evidence, standard/ specification clause number, and client documents. Reference number (if any) in addition to area where it was found shall be recorded in clear terms so that the auditee or any other person reading it can easily understand |
In addition to non-conformity, any observation for improvement, or positive issues should also be recorded, in the report. |
While deciding on recommendations, issues like the number and category of non-conformities, any concentration of non-conformities against any clause (s), view of team members shall be considered. |
At the end of the assessment, a written report, duly signed by the team leader and client representative shall be prepared and handed over to the client which shall include non-conformities identified if any, recommendations for certification or otherwise. |
It is advisable to request the client to have a close look at the “Certification detail” in the report for any possible error in name, address, scope, spelling mistake, etc. |
When a recommendation is made for certification the audit reports, confirmation of the information provided to the GUARDIAN used in the application review, a recommendation whether or not to grant certification, together with any conditions or observations, the need for taking corrective action, and need of verification of the corrective action taken (i.e. when there is nil or few minor non- conformities), by site visit or otherwise must be take into account & explained. The client should complete the corrective action within a maximum of 90 days from the date closing meeting. |
A copy of the report should be given to the client and one copy with the attendance record and auditors' notes to be sent to the Head office of GUARDIAN. |
For multi-site certification “Procedure for selection site P06 shall be followed. |
The Lead Auditor need to submit a copy of the report to the client and sent report to the GUARDIAN Head Office. |
The Lead Auditor shall clearly identify the recommendations conditions with Non-Conformity or without and Non-Conformity, the observations shall be well communicated in the report. |
Nonconformities shall be classified as. Major or Minor according to their potential effects on the management system. The consequences of these shall be termed as follows: |
Nonconformity |
Type of NC |
Pre- Audit |
Certification Audit |
Surveillance or recertification audit |
Major |
- No certification - Completion - time scale open - Full certification audit |
-No certification until completion within 60 days or new full audit verification based on objective evidence (on documents or on-site) - Next surveillance audit within 6/9 months |
- Completion within 15 days - Verification based on objective evidence (on documents or on-site) - Certification suspended: Information to the customers. - New verification based on objective evidence - Next surveillance audit within 6/9 months |
Minor |
No certification |
- Certification completion effective or effectively planned within 30 days - Verification based on objective evidence (on documents or on-site)
|
Completion effective or effectively planned within 30 days - Verification based on objective evidence (on documents or in site) - Certification suspended: information to customers |
Granting Initial Certification |
The information provided by the audit team to GUARDIAN for the certification decision shall be as per GUARDIAN procedure no. P 07 “Procedure for issue, change, and cancellation of certification. and shall include, as a minimum.
|
Guardian’s Certification Committee shall analyze all information and audit evidence gathered during the stage 1 and stage 2 audits to review the audit findings and agree on the audit conclusions. For decision making, non-compliances / nonconformities may be classified in 2 categories: a. Major non-conformity – which must be rectified before certification can be recommended by the Lead Auditor. b. Minor non-conformity – This does not affect the recommendation for approval but must be addressed prior to the issue of your certificate. c. Observation: Observation needs not to be addressed mandatorily, but this is an indication that such incidents may be potential non-conformities in the future. |
In case of the transition to a new standard like (9001:2015, ISO 14001:2015, ISO 45001:2018, ISO 21001:2018, ISO 27001:2022, and ISO 37001:2016, GUARDIAN shall restrict the expiry date of the certificate by the last date of the standard, unless and otherwise required by the client with the commitment to timely make the transition before the due date as specified. |
GUARDIAN Shall not accept applications for previous versions of ISO 9001:2015, ISO 14001:2015, ISO 45001:2018, ISO 21001:2018, ISO 27001:2022, and ISO 37001:2016. |