ISO 17065 - 2012 - Cairo 17-19 Oct

Download as pdf or txt
Download as pdf or txt
You are on page 1of 19

2016-10-10

ISO/IEC 17065:2012
Conformity assessment —
Requirements for bodies certifying products,
processes and services

2016-10-17--19 Fredrik Langmead


1

Clause 1 and 2
1
Clause 1
• Note that we are considering only third-party activities.
• The term ”product certification” implies third-party!

2 3
Clause 2
• Normative!
• This means that these standards shall to be used!
• Definitions and requirements in these standards apply to the
work of product certification to the extent that ISO/IEC 17065
is referring to them

Clause 3 Terms and definitions


• Have a look at the 13 definitions. Let us discuss them!
They are important.

• Note that the definitions of ISO/IEC 17000 apply as well!

• Some of them are absolutely necessary to use for some


clauses of the standard since they provide details that are
not found in these clauses, e.g. 3.2, 3.10.

1
2016-10-10

Old term Certification System –


new term Certification Scheme
ISO 17000 as well as ISO/IEC 17065 clause 3.9 uses the term
”system” in the meaning ”how to assess conformity to
requirements”.

When writing ISO/IEC 17065 the working group exchanged the


term ”system” (in the old ISO Guide 65) with ”scheme”. This does
sometimes create some confusion! In several clauses of the
ISO/IEC 17065 you can see that ”scheme” is used only in the
context of ”how to assess conformity to requirements”, e.g. clause
7.3.2, 3.10

The working group has made an informal comment that ”if


necessary, we have to update ISO 17000”……….

What is a scheme?
Scheme = identification and specification of
- product/process/service
- requirements
- methods of conformity assessment

Product
type of product/process/service incl. appropriate groups of these

Requirement
requirement on characteristics of the product/process/service + ”other
certification requirements” (other certification requirements may be related
to marks of conformity, obligation to pay fees, obligation to inform of
changes etc.)

Methods of conformity assessment


testing, inspection, auditing of management system

4.1.1 Legal responsibility


The certification body shall be a legal entity, or a defined
part of a legal entity, such that the legal entity can be held
legally responsible for all its certification activities.
NOTE A governmental certification body is deemed to be a
legal entity on the basis of its governmental status.

2
2016-10-10

4.1.2 Certification agreement


Certification agreement:

• Can be documented in many different ways!

• The CB shall in some way create a documented


agreement with its clients that include all in 4.1.2.2.

• It is not necessary that agreements uses the same


wording as the standard but the intention of the standard
shall be covered!

Group Assignment –
Certification Agreement

• Review the Certification Agreement provided for this


assignment.

• Is it conforming to the requirements of clause 4.1.2.2?

• Identify any NCs.

Clause 4.1.3
Use of licenses, certificates and marks of conformity:

• License = agreement that allow the client to use the


certificate/mark in order to promote the product

• Schemes shall include the requirements on the use of


certificates/certification documents and marks

• Schemes shall include the requirements on the use of


marks if marks are used (not mandatory)

• Marks and certificates can be designed in many different


ways

3
2016-10-10

Clause 4.1.3
Use of licenses, certificates and marks of conformity:
• Which requirements to be applied for ”the use” is not
stated in ISO/IEC17065!
• Incorrect or misleading use is never acceptable.
• 4.1.3.2: ……”suitable action”…can be many things.
No action or unreasonably small action = nonconformity.
The CB shall do what it can to eliminate the misuse and
its consequences.

10

4.2 Impartiality
4.2.3 Analysis on an ongoing basis: when a change is
planned or happens, the potential risks for impartiality shall
be reviewed! One review per year is normally not fulfilling
this. The CB is expected to act impartially at all times.

4.2.4 Identified risks shall be eliminated or minimized.

4.2.5 Top Management commitment can be indicated in


many different ways! E.g. policies, website, management
system, staff training etc.

4.2.6 Borderline for consulting? Only certified products?


Products of the same type as certified products?

11

4.2.7 Related bodies/legal entities

Holding

LE 1 LE 2 LE 3 LE 4 Ext.

Div. 1.1 Reg. 1.1 Reg. 1.2 CB LE 3.1 Div. 4.1

B.A. 1.1.1 Dep. 2.1 LE 3.2 Div. 4.2

B.A. 1.1.2 Div. 4.3

12

4
2016-10-10

4.2 Impartiality
4.2.8/4.2.10

CBs management personnel and personnel in the review (7.5)


and certification decision-making (7.6) process shall not be
involved in legal entity offering or produces certified product or
provides consultancy. The same with personnel of the separate
legal entity.

For personnel used in Evaluation (7.4) requirements on


impartiality is found in clause 6.2.

Committees are covered in 4.2.12.

13

4.2 Impartiality
4.2.1, 4.2.11 and 4.2.12 are more on the ”principle level”
and can be used when no detailed requirement fits the
situation.

14

Beehive!
Discuss with your colleague! 10 minutes.

Which clauses of ISO/IEC 17065 contain the requirements


regarding impartiality for
• internal personnel
• personnel in outsourced activities?

and what are the requirements?

(this exercise will take you into chapter 6 as well!)

15

5
2016-10-10

4.3 Liability and financing


The intention with these requirements are:
• The CB should be managed on a ”long term”-basis in a
way that it can support its certified clients over time

• The CB shall be able to continue its operations for a


foreseeable future.

16

4.4 Non-discriminatory conditions


Another important aspect for accreditation!
Evidence of this should be possible to find in the CBs
management system.
Complaints could provide information that this is not
working.
If a client applies for certification and fulfills the criteria, the
CB may not refuse the client.
However, give some attention to the note to clause 4.4.3
Regarding clause 4.4.4: CBs are expected to not involve
irrelevant requirements in the Certification work.

17

4.5 Confidentiality
4.6 Publically available information
More important aspects for accreditation!

4.5.1 ”Responsible through legally enforceable


commitment” = Certification agreement, contracts with
client and personnel, etc.

4.6a Very important! Scheme description is the basis for


the certification! Referenced on certificates!

4.6 a and c are expected to be detailed in the certification


scheme.

18

6
2016-10-10

5.2 Mechanism for safeguarding


impartiality
• Important aspect for accreditation!
• Has previously been a mandatory accreditation
requirement to use a committee.
• Many CBs use a committee.
• Other types of Mechanisms will have to be assessed case-
by-case.
• The clause is linked to clause 4.2.4 (risks)? How?
• Learn the details of the clause!

19

Stakeholders or interested parties

the clients of the


certification
bodies the customers
of the
consumers and organizations
other members whose products,
of the public processes or
services are
Parties that have certified;
an interest in
certification
include, but are
not limited to:

non-
governmental
governmental
authorities
organizations

20
2016-03-01

Group Assignment
Mechanism for safeguarding impartiality
A CBs mechanism involves the following persons:
• a representative of a relevant Legislative Authority
• a representative from a manufacturer of the product
• a representative from a company importing the product
• 2 clients of the certified product
• the Quality Manager of the CB
• the General Manager of the CB
A: Is this Mechanism fulfilling the requirements of Clause 5.2.2a?
B: What happens if we add the Technical Manager of the CB?
Discuss this for 10 minutes!

21

7
2016-10-10

6 Resource Requirements
6.1 Certification body personnel

Clause 6.1.1.1 should be used as reference when a CB lack


sufficient resources of any kind.

Competence requirements are very important for


accreditation of CBs!

Clause 6.1.1.2 is a generic requirement on competence,


including technical competence.

This can of course include aspects of knowledge about


testing, inspection and auditing.

22

6.1.2 Management of competence for


personnel involved in the certification process

Note:
• All personnel in the certification process!
• The certification process is defined by activities in clause 7

6.1.2.1 a): CB shall create competence criteria that personnel


shall meet in order to be allowed to perform work (become
formally authorized to perform work)

Note: Each function! Not only personnel working with


evaluation.

23

6.1.2 Management of competence for


personnel involved in the certification process
6.1.2.1 b) Training: any kind of competence development
that is needed to give a person the required competence.
Normally this involves types of knowledge that has not
been possible to achieve prior to start the work to get
authorized.

6.1.2.1 c) demonstrate = the way of working to provide


objective evidence that a person is competent, e.g.
diplomas, witnessed training assessments, work
experience records etc. This includes procedures on who
and how authorizations are created.

24

8
2016-10-10

6.1.2 Management of competence for


personnel involved in the certification process
6.1.2.1 e) Monitor = follow up on a persons working
methods, performance, competence etc.
Can e.g. be done by
• reviewing reports/documents created by the person,
incl. e.g. handling of offers/contracts or non-conformities
• witnessing the person when performing work

6.1.2.2 Record shall be maintained


Also 6.1.3 Contract with the personnel shall be established

25

6.2 Resources for evaluation


“…it shall meet the applicable requirements…”
This is a matter of judgement! The type of scheme and the
specific situation can make a requirement applicable or
not.
Following the applicable requirements is always to be done
for:
• Testing according to ISO/IEC 17025
• Inspection according to ISO/IEC 17020
• Auditing according to ISO/IEC 17021-1

26

Product certification at a Certification Body

ISO 17065

Sales Application Planning Evaluation Review Decision

Testing Inspection Audit


ISO 17025 ISO 17020 ISO 17021-1

27

9
2016-10-10

6.2.2 External Resources (outsourcing)


6.2.2.2 Using non-independent suppliers (as compared to those
under clause 6.2.2.1) may be acceptable. Objective evidence is
needed. Factors that can justify and provide confidence are e.g.:
• CB is witnessing the work in order to confirm correct
performance
• Keeping records of equipment design and calibration
• Supporting photos/films
• Traceable objects
Compare this with 6.2.2.4 b) where independence is required.
See as well 6.2.2.4 c)

28

6.2.2 External Resources (outsourcing)


6.2.2.4 The note to this clause states that CBs can rely on
other bodies work when assessing a supplier, e.g.
accreditation.
When such information is not available, the CB should ideally
perform an assessment of the supplier that is on the same
level as if it had been an accreditation assessment.
This requires the CB to be:
• competent in the product field in question
• able to assess according to the applicable requirements of
the relevant standard/s, including ISO/IEC 17020/21/25

29

7 Process Requirements
7.1 General
7.2 Application
7.3 Application Review
7.4 Evaluation
7.5 Review
7.6 Certification Decision
7.7 Certification documentation
7.8 Directory of certified products
7.9 Surveillance
You know this from previous slides in the training!

30

10
2016-10-10

Product certification at a Certification Body

7.2/7.3 7.4 7.5 7.6

Sales Application Planning Evaluation Review Decision

Testing Inspection Audit


Often performed by resource not belonging to the CB

31

7 Process Requirements
The remaining clauses are part of the certification process
but they may theoretically never happen…
(except for 7.12 which is mandatory of course…)

7.10 Changes affecting certification


7.11 Termination, reduction, suspension or withdrawal
7.12 Records
7.13 Complaints and appeals

32

7.1.1 A Scheme is essential to have …

There is no certification of products


without a scheme!

33

11
2016-10-10

7.1.1 A Scheme is essential to have …


The certification scheme shall include the certification
activities i.e.
• testing/inspection/auditing
• clearly documented
• traceable by name and version
• etc.

34

7.1.2 Normative documents


This clause mentions standards. The meaning of
”standard” is including
• International standards (ISO)
• Regional standards (e.g. EN in Europe…)
• National standards (e.g. Swedish Standards Institute)
and it includes as well
• industry standards
• company standards

(Ref ISO Guide 2…..)

35

7.1.2 Normative documents


ISO/IEC 17065 also mentions ”other normative
documents”

Such documents can be created by organizations or


persons that cannot be considered as a standardization
body.

Many of these documents are given the name ”standard”


in some way since there is no ”copy-right” for the use of
this word.

Scheme-owners create such documents.

36

12
2016-10-10

7.1.2 Normative documents


Standards and normative documents shall contain the
requirements on the product/process/service.

They may contain requirements on how these


requirements are to be assessed for conformity (e.g.
testing, inspection, auditing)

When the normative documents do not describe the


methods for conformity assessment, the Scheme owner
and/or the CB have to describe them in the scheme
description.

37

7.1.3 Documented explanations

If explanations are created it is expected that


• these explanations are referred to the scheme (become
part of the scheme) and
• they are used in a uniform manner for all clients applying
for certification.

38

7.2/7.3 Application/Application review


The CB shall obtain all necessary information from its client

The CB shall ensure that


• the information is sufficient
• difference in understanding between the certification body
and the client is resolved
• the scope is defined
• the means are available
• competence and capability to perform the activity

13
2016-10-10

7.4.1 - 3 Prepare for evaluation


7.4.1 Note: …shall have a plan….! The plan is intended to
benefit the client and the CB in that activities, resources
and people can be prepared and made available so that
evaluation activities can be successfully and efficiently
performed

7.4.2 Identifying personnel and give them responsibilities


create better possibility to get evaluation activities
successfully and efficiently performed

7.4.3 All necessary information/documentation is available


to perform testing/inspection/auditing for the applied
certification scope.

40

7.4.5 Evaluation results prior application


7.4.5 speaks about evaluation that has been performed
prior to receiving the application. This is quite common in
certification of products.
When this happens:
• apply the requirements in 6.2.2

41

7.4.6 Information of results to client

ISO/IEC 17065 does not require a documented report from


the Product CB to the client.
Any type of method to inform the client, meeting the
requirement of clause 7.12.1, is accepted.

but…
The expected results from testing, inspection and auditing
is expected to be reports (as per requirements of ISO/IEC
17020/21/25) issued to/for the Product CB as basis for the
Review and Decision

42

14
2016-10-10

7.4.7 Client’s non-conformities

Schemes may define many different ways to structure


NCs, e.g. Major/Minor, triple-category etc.
However, applicable requirements of ISO/IEC 17020/21/25
shall be applied. This means e.g. that auditing according to
ISO/IEC 17021-1 shall apply minor and major NCs as
required by the standard.

43

7.4.8 - 9 Completion of evaluation


Clause 7.4.8 implies that a client may very well end the
evaluation at this point. The CB can of course not decide
whether the client want to continue after having
understood the result of the evaluation.

Clause 7.4.9 means that the next phase in the Certification


Process, the Review, cannot commence until the
Evaluation is fully documented.

44

7.5.1 - 2 Review
Any person with correct competence that has not been
involved in the evaluation work may perform the review.
This includes contracted personnel!

The review is meant to verify that the previous work has


been correctly performed. This work is intended to protect
the CB from issuing certificates that are later found to be
issued based on an incorrect basis.

45

15
2016-10-10

7.5.1 - 2 Review
The review should ideally cover that:
• the contracting activities were correctly performed,
providing a correct basis for the work that is performed
after the application/sales-phase
• the planning of the work has the correct content, including
using correctly qualified personnel
• the evaluation work has been correctly performed (where
and which activities) and reported, including the correct
handling of non-conformities
• the work performed supports to issue a certificate with a
scope of certification according to what has been applied
for by the client and when this is not possible there is a
justification to the proposed scope.

46

7.6.1 - 2 Decision
With the decision to certify the CB legally takes on the
commitment to support that there is fulfilment of
requirements of the product. This commitment covers the
validity period of the certificate.
As for the Review, any person with correct competence
that has not been involved in the evaluation work may
take the Decision. This includes contracted personnel!

47

7.6.4 Organizational Control


A contracted person taking the decision may be found in
an organization that is defined to be under the
Organizational Control of the CB.
This is a new feature in ISO/IEC 17065.
This feature is likely to be used by internationally active
CBs that do not have sufficient resources on a local
branch/office for a specific scheme.

48

16
2016-10-10

7.7 Certification documentation


May consist of
several pages!

Annexes provide
vital information!

Think of
traceability!

49

7.7.2 Defined authorization


An ink signature is OK but other types of indication of the
decision is permitted! Electronic means to verify a
correctly performed decision is becoming frequently used.

Note that the certification documentation is not the only


mean to indicate a decision! If the CB uses a separate
Decision document, the certification documentation need
not be the ”original indication” of a decision, it can instead
be the document that explains/delivers the message on
what has been decided.

50

7.9.3 Surveillance
This clause is the exception to the rule of not putting
requirements on schemes in the ISO/IEC 17065.

Some kind of relevant surveillance activities are required


when using on-product marks. This could be e.g.:
• testing or inspection samples from the factory
• testing or inspection of samples from the market
• auditing of a management system
but these activities must have a clear connection to the
certified characteristics of the product/process/service

51

17
2016-10-10

7.10 Changes affecting certification


When certification scheme introduces new or revised
requirements the following actions shall be included, if
required:
• evaluation (7.4)
• review (7.5)
• decision (7.6)
• issuance of revised formal certification documentation
(7.7) to extend or reduce the scope of certification;
• issuance of certification documentation of revised
surveillance activities (if surveillance is part of the
certification scheme)

7.11 Suspension

7.11.3 – 4 Suspension = withdrawal for a specific time


period, the time period is specified by the scheme or the
CB.

7.11.6 reinstate suspension

53

7.13 Complaints and appeals


Appeals are used when someone (client, authority, client’s
competitor…..) is challenging the CB that a decision
(positive or negative) is incorrect.

54

18
2016-10-10

8 Management system requirements


Option A: according to this standard
Option B: ISO 9001

To improve the management system there are two tools:


8.5 Management reviews
8.6 Internal audits

55

Annex A Principles

Go to the standard…

19

You might also like