The planning of Noordbeek Certification shall ensure that the objectives of stage 1 can be met and the client shall be informed of any ‘on site’ activities during stage 1.
The objectives of stage 1 are to:
Documented conclusions with regard to fulfilment of the stage 1 objectives and the readiness for stage 2 shall be communicated to the client, including identification of any areas of concern that could be classified as a nonconformity during stage 2.
In determining the interval between stage 1 and stage 2, consideration shall be given to the needs of the client to resolve areas of concern identified during stage 1. Noordbeek Certification may also need to revise its arrangements for stage 2. If any significant changes which would impact the management system occur, Noordbeek Certification shall consider the need to repeat all or part of stage 1. The client shall be informed that the results of stage 1 may lead to postponement or cancellation of stage 2.
The purpose of stage 2 is to evaluate the implementation, including effectiveness, of the client’s management system. The stage 2 shall take place at the site(s) of the client. It shall include the auditing of at least the following:
The audit team shall analyse all information and audit evidence gathered during stage 1 and stage 2 to review the audit findings and agree on the audit conclusions.
Where multi-site sampling is used for the audit of a client’s management system covering the same activity in various geographical locations, Noordbeek Certification shall develop a sampling programme to ensure proper audit of the management system. The rationale for the sampling plan shall be documented for each client.
Multi-site sampling is only allowed if:
If Noordbeek Certification wishes to use a sample-based approach a procedure should be followed to ensure the follow:
The audit shall address the client’s head office activities to ensure that a single ISMS applies to all sites and delivers central management at the operational level. The audit shall address all the issues outlined above.
A nonconformity is a non-fulfilment of a requirement. This can be:
For any major nonconformities, Noordbeek Certification has to review, accept and verify the correction and corrective actions before granting certification, expanding or reducing the scope of certification, renewing, suspending or restoring, or withdrawing of certification. For any minor nonconformities, Noordbeek Certification has to review and accept the client’s plan for correction and corrective action.
If Noordbeek Certification is not able to verify the implementation of corrections and corrective actions of any major nonconformity within 6 months after the last day of Stage 2, Noordbeek Certification shall conduct another Stage 2 prior to recommending certification.
Surveillance audits are on-site audits, but are not necessarily full system audits, and shall be planned together with the other surveillance activities so that Noordbeek Certification can maintain confidence that the client’s certified management system continues to fulfil requirements between recertification audits. Each surveillance for the relevant management system standard shall include:
The purpose of the recertification audit is to confirm the continued conformity and effectiveness of the management system as a whole, and its continued relevance and applicability for the scope of certification. A recertification audit shall be planned and conducted to evaluate the continued fulfilment of all of the requirements of the relevant management system standard or other normative document. This shall be planned and conducted in due time to enable for timely renewal before the certificate expiry date.
The recertification activity shall include the review of previous surveillance audit reports and consider the performance of the management system over the most recent certification cycle.
Recertification audit activities may need to have a stage 1 in situations where there have been significant changes to the management system, the organization, or the context in which the management system is operating (e.g. changes to legislation).
The recertification audit shall include an on-site audit that addresses the following:
For any major nonconformity, Noordbeek Certification shall define time limits for correction and corrective actions. These actions shall be implemented and verified prior to the expiration of certification.
When recertification activities are successfully completed prior to the expiry date of the existing certification, the expiry date of the new certification can be based on the expiry date of the existing certification. The issue date on a new certificate shall be on or after the recertification decision.
Not completing the recertification audit
If the client has not completed the recertification audit or Noordbeek Certification is unable to verify the implementation of corrections and corrective actions for any major non-conformity prior to the expiry date of the certification, then recertification shall not be recommended and the validity of the certification shall not be extended. The client shall be informed and the consequences shall be explained.
Following expiration of certification, Noordbeek Certification can restore certification within 6 months provided that the outstanding recertification activities are completed, otherwise at least a stage 2 shall be conducted. The effective date on the certificate shall be on or after the recertification decision and the expiry date shall be based on prior certification cycle.
Noordbeek Certification B.V.
Rijndijk 235
2394 CD Hazerswoude
Chamber of Commerce 80529585