The audit follows the process specified in ISO 17021:2015, supplemented by ISO 16919:2014 and is summarised in the following diagram.
ISO 17021 requires that bodies providing audit and certification to do a number of things. To support these PTAB:
- makes the decision on granting, refusing, maintaining, renewing, suspending, restoring, or withdrawing certification. Required Personnel competencies are cited in ISO 17021:2015 section 7.2.1 and ISO 16919;
- shall never subcontract to have a decision made to grant, maintain, renew, extend, reduce, suspend or withdraw a certification;
- shall not outsource its activities;
- procedures will ensure that the the audit team who visited the repository do not take part in making the certification or re-certification decision; the people PTAB assigns to make the certification decision shall be employed by, or shall be under legally enforceable arrangement with PTAB;
- shall make decisions on renewing certification based on the results of the recertification audit, as well as the results of the review of the system over the period of certification and complaints received from users of certification;
- maintains the client’s certification based on the evidence that the client continues to satisfy the requirements of the management system standard and provided that:
- for any major nonconformity or other situation that may lead to suspension or withdrawal of certification, the certification body has a system that requires the audit team leader to report to the certification body the need to initiate a review by competent personnel (see 7.2.8), different from those who carried out the audit, to determine whether certification can be maintained;
- competent personnel of the certification body monitor its surveillance activities, including monitoring the reporting by its auditors, to confirm that the certification activity is operating effectively.
PTAB will monitor the client’s systems relevant to ISO 16363 certification on a regular basis.
The PTAB monitoring will take the form of
- enquiries from the certification body to the certified client on aspects of certification,
- reviewing any client’s statements with respect to its operations (e.g. promotional material, website),
- requests to the client to provide documents and records (on paper or electronic media), and
- other means of monitoring the certified client’s performance.
- The PTAB surveillance audits will take place on-site.
Each surveillance for ISO 16363 shall include:
- internal audits and management review;
- a review of actions taken on nonconformities identified during the previous audit;
- complaints handling;
- effectiveness of the management system with regard to achieving the certified client’s objectives and the intended results of the respective management system (s);
- progress of planned activities aimed at continual improvement;
- continuing operational control;
- review of any changes;
- use of marks and/or any other reference to certification.
PTAB plans and conducts the recertification audit to evaluate the continued fulfillment of all of the requirements of ISO 16363 to allow a timely renewal before the expiry date of the certificate.
The recertification activity will include the review of previous surveillance audit reports and will consider the performance of the management system over the most recent certification cycle.
There may need to have a stage 1 if there have been significant changes to the management system, the organization, or the context in which the management system is operating.
PTAB will conduct recertification audits of the client.
The recertification will include an on-site audit that addresses:
- the effectiveness of the management system in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification;
- demonstrated commitment to maintain the effectiveness and improvement of the management system in order to enhance overall performance;
- whether the operation of the certified management system contributes to the achievement of the organization’s policy and objectives.
These will consider the performance of the management system over the period of certification, and include the review of previous surveillance audit reports.
If there have been significant changes in the client’s management system or its context then a stage 1 audit may be required.
If nonconformities or lack of evidence are identified PTAB will define time limits for correction and corrective actions to be implemented prior to the expiration of certification.
PTAB make decisions on renewing certification based on the results of the recertification audit, as well as the results of the review of the system over the period of certification and complaints received from users of certification.