Audit Questions and Scoping:
The ISO/IEC and ISO/IEC audit journey begins with the audit questionnaire, which helps Accedere in understanding the audit scope. It provides us basic information about the client’s organization, its management system, size & types of operation. Audit questionnaire also helps the auditor & auditee in setting the assessment objectives regarding the scope, standards & specifications.
Based on the scope & objectives of clients Accedere quotes an offer & enters into a detailed contract specifying the terms, assessment criteria, all relevant deliverables, etc. each agreement is customized to individual client needs.
Stage 1 Audit:
Stage 1 Audit is a part of the registration process and not an optional activity. During Stage 1, it is established whether the requirements of the standard(s) are being met by the auditee organization. This can be done by review of the available evidence. The goal of the Stage 1 audit is to determine if the client's ISMS is developed sufficiently to be certified.
Stage 2 Audit:
The auditor team applies the defined standard & evaluates the effectiveness of the Information Security Management System & processes. Changes to the auditee organization’s documentation since the previous visit are reviewed and outstanding non-conformance(s) are followed up. The auditee organization’s ISMS is assessed according to the schedule and audit trails. Documents reviewed, personnel interviewed and other pertinent data are recorded. Non-conformances are raised after the proper investigation against activities found non-compliant. The Observations are issued identifying areas of improvement only.
After all the audit processes are completed and all major non-conformities of Stage 2 are closed, the Certification Body evaluates all the processes & its results to take the certification decision. The decision of the Certification Body is independent and not influenced by any auditor or audit team member involved in the audit of the particular client. The audit results will be provided to the client in the form of an audit report. The certificate is issued to the client only when all requirements are fulfilled.
A surveillance audit shall be conducted at least once per year. SA is intended to verify the continued effective maintenance of the auditee organization’s quality management system, satisfy the needs of the auditee organization and maintain the integrity of the registration process as a whole.
At the end of each 3 years cycle, a recertification audit is carried out. The purpose of the recertification audit is to confirm the continued and effective management system as a whole is followed and the continued relevance and applicability of the scope of certification, commitment to enhance and maintain overall effectiveness and improvement of the management system, and whether the operation of a certified client contributes to the achievement of the client's policy and objective. If all requirements are fulfilled a new certificate is issued.
Extensions/Reduction/Change to Scope:
Audits for the change or extension in scope will be carried out in the same way as the initial audit. An Audit Report will be completed in the normal way and submitted to the Certification Committee for approval. If successful, a new certificate will be issued by Accedere.
Accedere shall initiate withdrawal/suspension procedures, if the auditee organization fails to effectively respond to a corrective action request or if the corrective action is not satisfactory. The following reasons are considered grounds for suspension or cancellation:
- Major non-conformance(s) or effective corrective action not implemented within a specified time.
- Improper use of the certificate, symbol, or logo not remedied to the satisfaction of Accedere.
- The client ceases to supply products or services of the certified quality system for an extended period.
- The client’s certified management system has persistently failed to meet any of the requirements for certification including requirements for the effectiveness of the management system.
- Client fails to meet financial obligations to Accedere.
- The client makes a formal request to withdraw certification.
- Infringement by the client of any contractual conditions between the client and Accedere.
- Existence of a serious complaint, or a large number of second- or third-party complaints, which indicates that the quality management system is not being maintained.
- The client is unable or unwilling to ensure conformance to revisions of standards.
- The client does not allow routine surveillance to be conducted at the required frequency.
Certification (Accedere Shield) and Certification Mark/Logo:
Accedere issues mark corresponding to the relevant standard for which approval has been given, by way of a current Certificate of Registration. The certification mark (Accedere Shield) used must correspond to the standard against which the company has been audited and achieved registration (i.e. ISO/IEC). NOTE: Any misuse of marks may result in the withdrawal of certificates.
To ensure that the correct markings are used the following rules shall be observed by all companies who receive certification through Accedere:
- The marks shall be displayed only in the appropriate form, size, and color detailed in this section.
- The organization’s certificate number is printed under the mark.
- When the mark is printed on an unfolded portion of A4 size stationery, it shall be displayed in a size no larger than 30 mm high. On larger portions of unfolded stationery, the size may be proportionately increased.
- Certification marks shall normally have a minimum height (excluding the certificate number) of 20 mm. Any enlargement or reduction shall retain the same proportions as those of the masters. The Certification Mark and the certificate number shall be considered as a single entity for purposes of enlargement or reduction.
- In exceptional circumstances, which are usually dictated because of space limitation or cost, the marks may be reproduced at a reduced height, provided that irrespective of the height of reproduction, the mark must be legible, with no infilling.
- Embossed, relief, or die-stamped versions may be used. The marks may be reproduced as watermarks.
- Electronic reproduction of the marks is permitted (including Internet websites) provided that the requirements are met and the organization’s certificate number is printed under the mark is reproduced so that infilling does not occur degradation and/or distortion of the mark graphic is avoided computer files of the marks shall be prepared from mark masters. Redrawn approximations may not be used.
- Certification Marks/logos shall not be used in any way that might mislead the reader about the status of a certified organization, activities outside the scope and imply that product, process, or service is certified. Holders of Certificate shall not make, use, or permit any misleading statement and certification document.
- Holders of certificates issued by Accedere may use the appropriate mark in the manner prescribed, on stationery and publicity material or other items relevant to their certificate. The Certification Mark shall always be used in conjunction with the Accedere Shield. Holders of certificates may use the Accedere Shield without Certification Marks if they wish.
- Holders of certificates should not use their certification in such a manner that would bring the certification body and/or system into disrepute and lose public trust.
- The term ‘publicity material’ shall not include notices, labels, documents, or written announcements affixed to or otherwise appearing on goods or products, unless the goods or products have been manufactured under any product conformity scheme. This restriction shall also apply to primary (e.g. blister packs) packaging, promotional products, and test certificates/certificates of analysis.
- Upon suspension or withdrawal of its certification, the use of mark or logo shall be discontinued from all advertising matter, stationery, etc that contains a reference to certification. The use of the logo on all stationery/advertising material shall be amended if the scope of certification is reduced.
- Upon reduction in scope, advertising matter shall be amended.
Other Restrictions on the Use of the Marks:
- The certification marks shall not be displayed on vehicles, except in publicity material containing a certification mark as part of a larger advertisement, provided the mark is used in the publicity material following the conditions detailed elsewhere in this information sheet.
- The certification marks shall not be displayed on buildings and flags.
- Certification marks may be displayed on internal walls and doors, and on exhibition stands.
- Certification marks shall not be used in such a way as to suggest that Accedere has certified, or approved, any product or any service supplied by a licensee of a mark, or in any other misleading manner.
- Certification marks shall not be used in such a way as to imply that Accedere accepts responsibility for activities carried out under the scope of certification.
- All quotations for relevant audit may contain a certification mark for which Accedere holds Intellectual Property.
- Use of Accedere’s Certification Marks for Testing and Calibration is not allowed.
- Any use of a certification mark that might contravene the conditions laid down in this publication shall be referred to the relevant body.
- Certification Bodies shall ensure that they audit the use of national Certification Marks by their certificate holders. Conditions for the use of the marks by such certificate holders are given in these rules.
- Reproduction of the marks shall be based on master versions supplied at the time of certification, to which certificate holders must add their certificate number.
- Do not use its certification in such a manner that would bring the certification into disrepute and lose public trust.
- Accedere’s logo shall not be used on visiting cards.
Accedere will take action and deal with incorrect references to certification status or misleading use of certification documents, marks, or audit reports. The action may include requests for correction and corrective action, suspension, withdrawal of certification, publication of the transgression, and if necessary legal action.