1.Planning audits
A.Determining audit objectives, scope and criteria
The audit objectives will be determined by the AGAH AFARIN ARIA. The audit scope and criteria,
including any changes, will be established by the AGAH AFARIN ARIA after discussion with the client.
The audit objectives shall describe what is to be accomplished by the audit and shall include the following:
a)determination of the conformity of the client’s management system, or parts of it, with audit criteria;
b)determination of the ability of the management system to ensure the client meets applicable statutory,regulatory and contractual requirements;
c)determination of the effectiveness of the management system to ensure the client can reasonably
expect to achieving its specified objectives;
d)as applicable, identification of areas for potential improvement of the management system.
B.Audit team selection and assignmentsThe AGAH AFARIN ARIA have a process for selecting and appointing the audit team as per PR06, including the audit team leader and technical experts as necessary, taking into account the competence needed to achieve the objectives of the audit and requirements for impartiality. If there is only one auditor, the auditor shall have the competence to perform the duties of an audit team leader applicable for that audit.
In deciding the size and composition of the audit team, consideration shall be given to the following:
a)audit objectives, scope, criteria and estimated audit time;
b)whether the audit is a combined, joint or integrated;
c)the overall competence of the audit team needed to achieve the objectives of the audit
d)certification requirements (including any applicable statutory, regulatory or contractual requirements);
e)language and culture.
The necessary knowledge and skills of the audit team leader and auditors may be supplemented
by technical experts, translators and interpreters who shall operate under the direction of an auditor, Where
translators or interpreters are used, they shall be selected such that they do not unduly influence the audit.
Auditors-in-training may participate in the audit, provided an auditor is appointed as an evaluator. The evaluator shall be competent to take over the duties and have final responsibility for the activities and findings of the auditor-in-training.
The audit team leader, in consultation with the audit team, shall assign to each team member
responsibility for auditing specific processes, functions, sites, areas or activities. Such assignments shall
take into account the need for competence, and the effective and efficient use of the audit team, as well as System Certification Activities PR01/01
Review date: 7/9/1400
different roles and responsibilities of auditors, auditors-in-training and technical experts.
Observers
The presence and justification of observers during an audit activity shall be agreed to by the AGAH AFARIN ARIA and client prior to the conduct of the audit. The audit team shall ensure that observers do not
unduly influence or interfere in the audit process or outcome of the audit.
NOTE Observers can be members of the client’s organization, consultants, witnessing accreditation body
personnel, regulators or other justified persons.
Technical experts
The role of technical experts during an audit activity shall be agreed to by the AGAH AFARIN ARIA and
client prior to the conduct of the audit. A technical expert shall not act as an auditor in the audit team.
The technical experts shall be accompanied by an auditor.
Guides
Each auditor shall be accompanied by a guide, unless otherwise agreed to by the audit team leader and
the client. Guide(s) are assigned to the audit team to facilitate the audit. The audit team shall ensure that
guides do not influence or interfere in the audit process or outcome of the audit.
The responsibilities of a guide can include:
a)establishing contacts and timing for interviews;
b)arranging visits to specific parts of the site or organization;
c)ensuring that rules concerning site safety and security procedures are known and respected by the audit
team members;
d)witnessing the audit on behalf of the client;
C.Audit plan
The AGAH AFARIN ARIA ensures that an audit plan is established prior to each audit identified in the audit
programme to provide the basis for agreement regarding the conduct and scheduling of the audit activities as per
PR01-FR02/01 (Audit plan).
The audit plan shall be appropriate to the objectives and the scope of the audit. The audit plan shall at
least include or refer to the following:
a)the audit objectives;
b)the audit criteria;
c)the audit scope, including identification of the organizational and functional units or processes to be audited;
d)the dates and sites where the on-site audit activities will be conducted, including visits to temporary sites andremote auditing activities, where appropriate;
e)the expected duration of on-site audit activities;
f)the roles and responsibilities of the audit team members and accompanying persons, such as
observers or interpreters.
Audit plan will provide by auditor, then will send to customer.
Planning coordinator will make communication with customer and auditor to specified audit time.
2.Initial certification
The initial certification audit of a management system shall be conducted in two stages: stage 1 and stage 2.
Before conducting of any audits, for ensuring of impartiality, auditor names and audit plan will send to customer about 10 days before audit day.
nonconformity
non-fulfilment of a requirement
major nonconformity
nonconformity that affects the capability of the management system to achieve the intended results
Note 1 to entry: Nonconformities could be classified as major in the following circumstances:
— if there is a significant doubt that effective process control is in place, or that products or services will meet
specified requirements;
— a number of minor nonconformities associated with the same requirement or issue could demonstrate a
systemic failure and thus constitute a major nonconformity.
minor nonconformity
nonconformity that does not affect the capability of the management system to achieve the intended results
A.Stage 1
Planning ensures that the objectives of stage 1 can be met and the client shall be informed of any “on site” activities during stage 1. Stage 1 does not require a formal audit plan.
The objectives of stage 1 are to:
a)review the client’s management system documented information;
b)evaluate the client’s site-specific conditions and to undertake discussions with the client’s personnel
to determine the preparedness for stage 2;
c)review the client’s status and understanding regarding requirements of the standard, in particular
with respect to the identification of key performance or significant aspects, processes, objectives and operation of the management system;
d)obtain necessary information regarding the scope of the management system, including:
— the client’s site(s);
— processes and equipment used;
— levels of controls established (particularly in case of multisite clients);
— applicable statutory and regulatory requirements;
e)review the allocation of resources for stage 2 and agree the details of stage 2 with the client;
f)provide a focus for planning stage 2 by gaining a sufficient understanding of the client’s
management system and site operations in the context of the management system standard or other normative document;
g)evaluate if the internal audits and management reviews are being planned and performed, and that the
level of implementation of the management system substantiates that the client is ready for stage 2.
All of records of Stage 1 audit will be registered in PR01-FR03/01 (Stage 1 Audit report).
In determining the interval between stage 1 and stage 2, consideration shall be given to the needs of the client to resolve areas of concern identified during stage 1 and it is not more than 6 months. The AGAH AFARIN ARIA may also need to revise its arrangements for stage 2. If any significant changes which would impact the management system occur, the AGAH AFARIN ARIA considers the need to repeat all or part of stage 1. The client shall be informed that the results of stage 1 may lead to postponement or cancellation of stage 2.
A.Stage 2
The purpose of stage 2 is to evaluate the implementation, including effectiveness, of the client’s management system. The stage 2 shall take place at the site(s) of the client. It shall include the auditing of at least the following:
a)information and evidence about conformity to all requirements of the applicable management system standardor other normative documents;
b)performance monitoring, measuring, reporting and reviewing against key performance objectives and targets(consistent with the expectations in the applicable management system standard or other normative document);
c)the client’s management system ability and its performance regarding meeting of applicable statutory,regulatory and contractual requirements;
d)operational control of the client’s processes;
e)internal auditing and management review;
f)management responsibility for the client’s policies.
Stage 2 including, PR01-FR06/01 (Checklist of ISO 9001:2015), PR01-FR010/0 (Checklist ISO 14001:2015),
PR01-FR09/0 (Stage 2 Audit report).
All of NCs, type of NC, description of NC, specification of customer, will register in PR01-FR07/0 (NC) and will give to the customer, after closing of NC, customer must fill the root cause, correction and corrective action related to NC.
The audit team analyses all information and audit evidence gathered during stage 1 and stage 2 to review the audit findings and agree on the audit conclusions.
to close the nonconformities in the certification audit, the required time could not be more than 90 days for major nonconformities. If the firm could not eliminate the nonconformities on time, a stage 2 audit is performed again.
3.Conducting audits
AGAH AFARIN ARIA have a process for conducting on-site audits. This process includes an opening meeting at the start of the audit and a closing meeting at the conclusion of the audit as PR01-FR06/01 (Checklist of ISO 9001:2015), PR01-FR010/0 (Checklist ISO 14001:2015).
A.Conducting the opening meeting
A formal opening meeting, shall be held with the client’s management and, where appropriate, those
responsible for the functions or processes to be audited. The purpose of the opening meeting, usually
conducted by the audit team leader, is to provide a short explanation of how the audit activities will be undertaken
as PR01-FR06/01 (Checklist of ISO 9001:2015), PR01-FR010/0 (Checklist ISO 14001:2015).
The degree of detail will be consistent with the familiarity of the client with the audit process and shall consider the following:
a)introduction of the participants, including an outline of their roles;
b)confirmation of the scope of certification;
c)confirmation of the audit plan (including type and scope of audit, objectives and criteria), any changes, andother relevant arrangements with the client, such as the date and time for the closing meeting, interim meetings between the audit team and the client’s management;
d)confirmation of formal communication channels between the audit team and the client;
e)confirmation that the resources and facilities needed by the audit team are available;
f)confirmation of matters relating to confidentiality;
g)confirmation of relevant work safety, emergency and security procedures for the audit team;
h)confirmation of the availability, roles and identities of any guides and observers;
i)the method of reporting, including any grading of audit findings;
j)information about the conditions under which the audit may be prematurely terminated;
k)confirmation that the audit team leader and audit team representing the certification body is
responsible for the audit and shall be in control of executing the audit plan including audit activities
and audit trails;
l)confirmation of the status of findings of the previous review or audit, if applicable;
m)methods and procedures to be used to conduct the audit based on sampling;
n)confirmation of the language to be used during the audit;
o)confirmation that, during the audit, the client will be kept informed of audit progress and any concerns;
p)opportunity for the client to ask questions
B.Identifying and recording audit findings
Audit findings summarizing conformity and detailing nonconformity will be identified, classified and recorded to enable an informed certification decision to be made or the certification to be maintained as per, PR01-FR06/01 (Checklist of ISO 9001:2015), PR01-FR010/0 (Checklist ISO 14001:2015), PR01-FR09/0 (Stage 2 Audit report).
Opportunities for improvement may be identified and recorded, unless prohibited by the requirements of a management system certification scheme. Audit findings, however, which are nonconformities, shall not be recorded as opportunities for improvement.
A finding of nonconformity shall be recorded against a specific requirement, and shall contain a clear statement of the nonconformity, identifying in detail the objective evidence on which the nonconformity is based. Nonconformities shall be discussed with the client to ensure that the evidence is accurate and that the nonconformities are understood. The auditor however shall refrain from suggesting the cause of nonconformities or their solution.
The audit team leader shall attempt to resolve any diverging opinions between the audit team and the client concerning audit evidence or findings, and unresolved points shall be recorded.
C.Preparing audit conclusions
Under the responsibility of the audit team leader and prior to the closing meeting, the audit team shall:
a)review the audit findings, and any other appropriate information obtained during the audit, against the audit objectives and audit criteria and classify the nonconformities;
b)agree upon the audit conclusions, taking into account the uncertainty inherent in the audit process;
c)agree any necessary follow-up actions;
d)confirm the appropriateness of the audit programme or identify any modification required for future audits (e.g. scope ofcertification, audit time or dates, surveillance frequency, audit team competence).
D.Conducting the closing meeting
formal closing meeting, where attendance shall be recorded, shall be held with the client’s management and, where appropriate, those responsible for the functions or processes audited. The purpose of the closing meeting, usually conducted by the audit team leader, is to present the audit conclusions, including the recommendation regarding certification. Any nonconformities shall be presented in such a manner that they are understood, and the timeframe for responding shall be agreed.
The closing meeting shall also include the following elements where the degree of detail shall be consistent with the familiarity of the client with the audit process:
a)advising the client that the audit evidence obtained was based on a sample of the information;
thereby introducing an element of uncertainty;
b)the method and timeframe of reporting, including any grading of audit findings;
c)the certification body’s process for handling nonconformities including any consequences relating
to the status of the client’s certification;
d)the timeframe for the client to present a plan for correction and corrective action for any nonconformities identified during the audit;
e)the certification body’s post audit activities;
f)information about the complaint and appeal handling processes.
E.Audit report
AGAH AFARIN ARIA provides a written report for each audit to the client. The audit team may identify opportunities for improvement but shall not recommend specific solutions. Ownership of the audit report shall be maintained by AGAH AFARIN ARIA. The audit report provides an accurate, concise and clear record of the audit to enable an informed certification decision to be made and shall include or refer to the following:
a)identification of the certification body;
b)the name and address of the client and the client’s representative;
c)the type of audit (e.g. initial, surveillance or recertification audit or special audits);
d)the audit criteria;
e)the audit objectives;
f)the audit scope, particularly identification of the organizational or functional units or processes
audited and the time of the audit;
g)any deviation from the audit plan and their reasons;
h)any significant issues impacting on the audit programme;
i)identification of the audit team leader, audit team members and any accompanying persons;
j)the dates and places where the audit activities (on site or offsite, permanent or temporary sites)were conducted;
k)audit findings, reference to evidence and conclusions, consistent with the requirements of the type of audit;
l)significant changes, if any, that affect the management system of the client since the last audit took place;
m)any unresolved issues, if identified;
n)where applicable, whether the audit is combined, joint or integrated;
o)a disclaimer statement indicating that auditing is based on a sampling process of the available information;
p)recommendation from the audit team
q)the audited client is effectively controlling the use of the certification documents and marks, if applicable;
r)verification of effectiveness of taken corrective actions regarding previously identified nonconformities, ifapplicable.
F.Cause analysis of nonconformities
All of NCs, type of NC, description of NC, specification of customer, will register in PR01-FR07/0 (NC) and will give to the customer, after closing of NC, customer must fill the root cause, correction and corrective action related to NC then, effectiveness on NC will review by auditor.
G.Effectiveness of corrections and corrective actions
AGAH AFARIN ARIA reviews the corrections, identified causes and corrective actions submitted by the client to determine if these are acceptable. AGAH AFARIN ARIA verifies the effectiveness of any correction and corrective actions taken. The evidence obtained to support the resolution of nonconformities will be recorded. The client shall be informed of the result of the review and verification by reviewing of NC by Auditor and send it to customer. The client shall be informed if an additional full audit, an additional limited audit, or documented evidence (to be confirmed during future audits) will be needed to verify effective correction and corrective actions by letter that sent to customer by AGAH AFARIN ARIA.
4.Certification decision
AGAH AFARIN ARIA ensures that the persons or committees that make the decisions for granting or refusing certification, expanding or reducing the scope of certification, suspending or restoring certification, withdrawing certification or renewing certification are different from those who carried out the audits. The individual(s) appointed to conduct the certification decision shall have appropriate competence. As per PR10/01 (Certification Decision Competence Appraisal).
5.Maintaining certification
AGAH AFARIN ARIA maintains certification based on demonstration that the client continues to satisfy the requirements of the management system standard. It may maintain a client’s certification based on a positive conclusion by the audit team leader without further independent review and decision, provided that:
a)for any major nonconformity or other situation that may lead to suspension or withdrawal of
certification, the certification body has a system that requires the audit team leader to report to the
certification body the need to initiate a review by competent personnel, different from those who carried out the audit, to determine whether certification can be maintained;
b)competent personnel of the AGAH AFARIN ARIA monitor its surveillance activities, including monitoring
the reporting by its auditors, to confirm that the certification activity is operating effectively.
A.Surveillance activities
AGAH AFARIN ARIA develop its surveillance activities so that representative areas and functions covered by the scope of the management system are monitored on a regular basis, and take into account changes to its certified client and its management system.
Surveillance audits are on-site audits, but are not necessarily full system audits, and shall be planned together with the other surveillance activities so that AGAH AFARIN ARIA can maintain confidence that the client’s certified management system continues to fulfil requirements between recertification audits. Each surveillance for the relevant management system standard shall include:
a)internal audits and management review;
b)a review of actions taken on nonconformities identified during the previous audit;
c)complaints handling;
d)effectiveness of the management system with regard to achieving the certified client’s objectives
and the intended results of the respective management system (s);
e)progress of planned activities aimed at continual improvement;
f)continuing operational control;
g)review of any changes;
h)use of marks and/or any other reference to certification.
At least 9-12 month before certificate expiry, customer must audit and NC must close.
B.Recertification
The purpose of the recertification audit is to confirm the continued conformity and effectiveness of the management system as a whole, and its continued relevance and applicability for the scope of certification. A recertification audit will be planned and conducted to evaluate the continued fulfilment of all of the requirements of the relevant management system standard or other normative document. This will be planned and conducted in due time to enable for timely renewal before the certificate expiry date.
recertification audit activities may need to have a stage 1 in situations where there have been significant changes to the management system, the organization, or the context in which the management system is operating.
The recertification audit includes an on-site audit that addresses the following:
a)the effectiveness of the management system in its entirety in the light of internal and external
changes and its continued relevance and applicability to the scope of certification;
b)demonstrated commitment to maintain the effectiveness and improvement of the management
system in order to enhance overall performance;
c)the effectiveness of the management system with regard to achieving the certified client’s objectives
and the intended results of the respective management system (s).
For any major nonconformity, AGAH AFARIN ARIA define time limits for correction and corrective actions. These actions shall be implemented and verified prior to the expiration of certification.
If the AGAH AFARIN ARIA has not completed the recertification audit or is unable to verify the implementation of corrections and corrective actions for any major nonconformity prior to the expiry date of the certification, then recertification won’t be recommended and the validity of the certification shall not be extended. The client will be informed and the consequences will be explained.
Following expiration of certification, AGAH AFARIN ARIA can restore certification within 6 months provided that the outstanding recertification activities are completed, otherwise at least a stage 2 will be conducted. The effective date on the certificate will be on or after the recertification decision and the expiry date shall be based on prior certification cycle.
C.Special audits
I.Expanding scope
AGAH AFARIN ARIA will, in response to an application for expanding the scope of a certification already granted, undertake a review of the application and determine any audit activities necessary to decide whether or not the extension may be granted. This may be conducted in conjunction with a surveillance audit.
II.Short-notice audits
It may be necessary for AGAH AFARIN ARIA to conduct audits of certified clients at short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended clients.
In such cases:
a)AGAH AFARIN ARIA describe and make known in advance to the certified clients, the conditions under whichsuch audits will be conducted;
b)AGAH AFARIN ARIA exercise additional care in the assignment of the audit team because of the lack ofopportunity for the client to object to audit team members.
III.Suspending, withdrawing or reducing the scope of certification
AGAH AFARIN ARIA have a policy and documented procedure(s) for suspension, withdrawal or reduction of the scope of certification, and specify the subsequent actions by AGAH AFARIN ARIA.
AGAH AFARIN ARIA suspend certification in cases when, for example:
— the client’s certified management system has persistently or seriously failed to meet certification
requirements, including requirements for the effectiveness of the management system;
— the certified client does not allow surveillance or recertification audits to be conducted at the required frequencies;
— the certified client has voluntarily requested a suspension.
Under suspension, the client’s management system certification is temporarily invalid.
AGAH AFARIN ARIA restore the suspended certification if the issue that has resulted in the suspension has been resolved. Failure to resolve the issues that have resulted in the suspension in a time established by AGAH AFARIN ARIA result in withdrawal or reduction of the scope of certification.
In most cases, the suspension would not exceed six months.
AGAH AFARIN ARIA reduce the scope of certification to exclude the parts not meeting the requirements, when the certified client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification. Any such reduction shall be in line with the requirements of the standard used for certification.
6.Appeals
AGAH AFARIN ARIA has a documented process to receive, evaluate and make decisions on appeals as per PR11/0.
AGAH AFARIN ARIA is responsible for all decisions at all levels of the appeals-handling process. AGAH AFARIN ARIA ensures that the persons engaged in the appeals-handling process are different from those who carried out the audits and made the certification decisions.
Submission, investigation and decision on appeals will not result in any discriminatory actions against the appellant.
The appeals-handling process includes at least the following elements and methods:
a)an outline of the process for receiving, validating and investigating the appeal, and for deciding what
actions need to be taken in response to it, taking into account the results of previous similar appeals;
b)tracking and recording appeals, including actions undertaken to resolve them;
c)ensuring that any appropriate correction and corrective action are taken.
AGAH AFARIN ARIA receiving the appeal is responsible for gathering and verifying all necessary information to validate the appeal.
AGAH AFARIN ARIA will acknowledge receipt of the appeal and provide the appellant with progress reports and the result of the appeal.
The decision to be communicated to the appellant will be made by, or reviewed and approved by, individual(s) not previously involved in the subject of the appeal.
AGAH AFARIN ARIA gives formal notice to the appellant of the end of the appeals-handling process.
7.Complaints
AGAH AFARIN ARIA is responsible for all decisions at all levels of the complaints handling process.
Submission, investigation and decision on complaints won’t result in any discriminatory actions against the complainant.
Upon receipt of a complaint, AGAH AFARIN ARIA confirms whether the complaint relates to certification activities that it is responsible for and, if so, will deal with it. If the complaint relates to a certified client, then examination of the complaint will consider the effectiveness of the certified management system.
Any valid complaint about a certified client shall also be referred by AGAH AFARIN ARIA to the certified client in question at an appropriate time.
AGAH AFARIN ARIA has a documented process to receive, evaluate and make decisions on complaints. This process is subject to requirements for confidentiality, as it relates to the complainant and to the subject of the complaint.
The complaints-handling process include at least the following elements and methods:
a)an outline of the process for receiving, validating, investigating the complaint, and for deciding what actionsneed to be taken in response to it;
b)tracking and recording complaints, including actions undertaken in response to them;
c)ensuring that any appropriate correction and corrective action are taken.
AGAH AFARIN ARIA receiving the complaint is responsible for gathering and verifying all necessary information to validate the complaint.
Whenever possible, AGAH AFARIN ARIA will acknowledge receipt of the complaint, and shall provide the complainant with progress reports and the result of the complaint.
The decision to be communicated to the complainant shall be made by, or reviewed and approved
by, individual(s) not previously involved in the subject of the complaint.
Whenever possible, AGAH AFARIN ARIA give formal notice of the end of the complaints-handling process to the complainant.
AGAH AFARIN ARIA determines, together with the certified client and the complainant, whether and, if so to what extent, the subject of the complaint and its resolution shall be made public.
8.Client records
AGAH AFARIN ARIA maintains records on the audit and other certification activities for all clients, including all organizations that submitted applications, and all organizations audited, certified, or with certification suspended or withdrawn.
Records on certified clients includes the following:
a)application information and initial, surveillance and recertification audit reports;
b)certification agreement;
c)justification of the methodology used for sampling of sites, as appropriate;
NOTE Methodology of sampling includes the sampling employed to audit the specific management
system and/or to select sites in the context of multi-site audit.
d)justification for auditor time determination
e)verification of correction and corrective actions;
f)records of complaints and appeals, and any subsequent correction or corrective actions;
g)committee deliberations and decisions, if applicable;
h)documentation of the certification decisions;
i)certification documents, including the scope of certification with respect to product, process or
service, as applicable;
j)related records necessary to establish the credibility of the certification, such as evidence of the
competence of auditors and technical experts;
k)audit programmes.
AGAH AFARIN ARIA keeps the records on applicants and clients secure to ensure that the information is kept confidential. Records are transported, transmitted or transferred in a way that ensures that confidentiality is maintained.
Records of certified clients and previously certified clients are retained for the duration of the current cycle plus one full certification cycle.