GERMANCERT’s auditing services follow the sequence and diagram as shown below:
1.QUOTATION AND CONTRACT
When a potential client is interested in acquiring an ISO certification, they simply need to contact GERMANCERT, either by telephone or e-mail. After discussing and exchanging information about the client’s enterprises, GERMANCERT submits a proposal including the expected duration of the audit and the corresponding time schedule. If the client agrees to the proposed quotation, both parties enter into a contract.
Upon the client’s wish, GERMANCERT carries out a first preparatory assessment of the organisation, it is called pre-audit or preliminary audit. After this voluntary pre-audit, This voluntary pre-audit is followed by the procedure prescribed by the regulations.
3. AUDIT STAGE 1 – SYSTEM ANALYSIS (INITIAL CERTIFICATION)
A system analysis is carried out mostly on site (remote locations are not included in this survey) that assesses and evaluates the organisation’s system documentation on the basis of a first assessment of the company’s goals as well as of its management system and an internal audit. The auditor explains the findings and results of the survey and confirms or alters the time schedule, giving the client sufficient time to correct non-conformities or weaknesses prior to the Stage 2 Audit.
5. AUDIT STAGE 2 – SYSTEM AUDIT (INITIAL CERTIFICATION)
The next step, Audit Stage 2, takes place after a positive evaluation of the correction of the faults communicated as a result of the Audit Stage 1. The time lapse between Audit Stage 1 and Audit Stage 2 is usually three months and should not exceed six months. The purpose of Audit Stage 2 is to evaluate the implementation and effectiveness of the client’s management system. It is required to take place on site.
5. SYSTEM EVALUATION
The auditors’ team, the technical reviewer and the CEO evaluate the audit results and discuss whether certification should be granted, prepare deviation reports (if necessary), determining time lines for corrective measures.
6. CERTIFICATION DECISION
When all faults and deviations are solved and the corrective measures have been satisfactorily implemented by the client, the technical reviewer decides to approve to the certification.
The certification is valid for a period of three years subject to the findings of the surveillance audits.
8. FIRST SURVEILLANCE AUDIT
Surveillance audits are carried out on site but are not necessarily comprehensive system audits. However, they must be planned along with other surveillance activities, so that GERMANCERT can trust that the certified system continues to fulfil the ISO requirements during the periods between recertifications. The surveillance audit must include at least the following items: internal audits and management evaluation; audits of the essentially relevant processes; an evaluation of the measures taken to remove the non-conformities found at the last previous audit; handling of complaints; the effectiveness of the management system with regard to attaining the goals of the certified client; the progress of the activities planned to achieve continuous improvement; sustained operational control; evaluation of changes, etc.
Surveillance audits must take place at least once a year. The date of the first surveillance audit should not exceed 12 months since the last day of Audit Stage 2. Surveillance audits may take place every six months depending on the client’s wishes.
9. SECOND SURVEILLANCE AUDIT
The second surveillance audit normally takes place 12 months after the first surveillance audit. It comprises the assessment of the relevant processes according to the audit cycle plan as well as all the processes not assessed at the first surveillance audit. Along with the first surveillance audit, all processes must be surveyed at least once in the course of the two-year period prior to recertification.
The recertification audit is planned and implemented in the course of the third year of the initial certification’s validity period. Its purpose is to evaluate the conformity and effectiveness with regard to all the norms of the determining management systems or of other normative documents and of the management system as a whole and to confirm the sustained applicability in the certification’s scope. It is obligatory that the recertification audit be planned and carried out before the validity of the certificate expires, including the removal of non-conformities and the certification decision.
11. CERTIFICATION REFUSAL/WITHDRAWAL
GERMANCERT is entitled to refuse or withhold certification approval when changes in the client’s situation hinder the compliance with the certified norm or the client fails to meet his obligation to inform GERMANCERT about those changes. Certification can also be denied when the implementation of the corrective measures fails to remove the deficiencies. In such cases, it is possible to carry out a special audit.
12. CERTIFICATION MAINTENANCE
This refers to the decision to maintain the validity of an existing certification. Responsible for an certification-worthy retainment is a competent person or an appointed technical reviewer or an expert team composed of an appointed technical reviewer and a competent person.
GERMANCERT has the obligation to maintain the certification based on the statement that the client continues to comply with the requirements of the norms ruling the management system. GERMANCERT is allowed to maintain a client’s certification based on a positive conclusion of the audit team leader without further independent evaluation and decision if the following conditions are met:
- GERMANCERT has a system applicable to every essential non-conformity or other situations that may lead to suspension or withdrawal of a certification. If this is the case, GERMANCERT requests the audit team leader to declare the necessity of an evaluation to be performed by competent staff. This staff must be different from those who have carried out the audit and they are required to determine whether the certification may be maintained;
- GERMANCERT assesses its surveillance activities by competent staff including the auditors’ reports, confirming the effective performance of these activities;
- GERMANCERT develops its surveillance activities in such a manner that significant sectors and activities are surveyed in compliance with the management system’s scope, taking into consideration changes occurred with respect to GERMANCERT’s clients and their respective management systems.
- 13. SUSPENSION, WITHDRAWAL OR RESTRICTION OF THE SCOPE OF CERTIFICATION
GERMANCERT has a policy and documented procedures for the suspension, withdrawal or limitation of a certification’s scope and determines which corrective measures should be taken.
GERMANCERT suspends the certification when:
- a client’s certified management system does not comply with the qualification requirements – including those relating to its effectiveness – in a permanent or grave manner;
- the certified client denies the implementation of the surveillance or recertification audits with the required frequency;
- the suspension is requested voluntarily by the certified client.
In case of suspension, the client’s management system certification is temporarily withdrawn.
GERMANCERT has the obligation to withdraw the suspension, when the problem that caused the suspension is solved. When the problem responsible for the suspension is not solved within the time prescribed by GERMANCERT, the certification must be withdrawn or its scope restricted.
GERMANCERT is obliged to restrict the scope of the certification in order to exclude those parts that do not comply with the norms should the client permanently or seriously fail to fulfil these parts’ certification requirements. Such a limitation must take place in accordance with the requirements of the certification’s applicable norms.