Professional Documents
Culture Documents
DNV Certification: Customer Communications
DNV Certification: Customer Communications
DNV Certification: Customer Communications
Customer Communications
January 2009 update to the Rules for Achieving IATF Recognition Affect on organizations
The 3rd Edition of the Rules for Achieving IATF Recognition waiver from the relevant IATF Oversight office. This
were released in November 2008, and are required to be requirement will result in making it more difficult to change
implemented by Certification Bodies (CB) by January 1, the periodic audit frequency.
2009. The revised requirements found in the 3rd Edition
Rules will affect both DNV and our customers by changing Table 5.1
the way audits are planned and performed. To help you, our
customer, better understand these changes and why DNV is Surveillance
interval
6 months 9 months 12 months
plan, audit report, all findings, all corrective actions, and The audit planning activity shall be undertaken prior to
all verification actions performed by the other certification arrival on-site, and shall include a review of the following
body prior to each audit. If the organization does not provide information supplied by the client, as inputs to the plan:
the CB this information, the remote support site must be Updates to the quality management system, e.g.
visited. processes, quality manual
Updates to customer specific requirements
5.6 Establishing the Audit Team Customer performance data
The CB’s flexibility regarding the scheduling of auditors has
Internal performance data
been greatly diminished with the release of the 3rd Edition
Rules. The Oversight Bodies are concerned that auditors Management review results
used on subsequent certification cycles may become overly Internal audit results
familiar with an organization thus decreasing objectivity. To New customers or part information
address this concern, the CB must comply with the following Customer satisfaction and complaint summary
revised requirements: including verification of customer reports,
The CB must appoint at least one auditor from the scorecards, and special status conditions
initial certification/re-certification audit team to
Auditors must evaluate this information prior to planning the
participate in all surveillance audits of the three (3)
audit. The results of their evaluation must be incorporated
year audit cycle.
into the agenda and audit of the organization.
For each subsequent recertification and surveillance
audit, different auditors shall be used. 5.8 Conducting the Audit
Any deviations from these requirements e.g. reuse of The 3rd Edition rules do not identify any significant
auditors, changing auditors from initial recertification changes regarding the performance of audits, however they
audit team, now requires prior approval by the still mandate the process approach be utilized to perform
IAOB. assessments.
significantly increase the content of an opportunity for It is important to remember that any major finding, results
improvement. in the initiation of the decertification process. The short
timeframes specified will require the certified organization
5.11 Non-Conformity Management to place great emphasis on addressing the issue and getting
The definitions of a Major and Minor non-conformity are the a response to the CB.
same in the 3rd Edition rules, however, some organizational
response requirements for findings have been revised. 6.9 Recertification Audits
When planning a recertification audit, Lead Auditors must
In line with ISO/IEC 17021 requirements, the CB now
consider the performance of the management system over the
must require the organization to provide a description of the
period of certification. This includes a review of surveillance
specific correction when responding to findings. Correction
audit reports from the previous certification cycle. The on-
is defined as “evidence containment of the condition to
site recertification audit must take previous performance
prevent risk to the customer has been taken”.
into consideration and evaluate the management system for
Major findings now require an on-site follow-up visit for the following items:
closure, unless adequate justification can be provided. a) The effectiveness of the management system in its
6.1 Application for ISO/TS 16949:2002 Certification entirety, in the light of internal and external changes,
The information required to be obtained from a new or and its continued relevance and applicability to the
existing customer prior to providing a quote for a new site scope of certification.
has increase slightly to include: b) Demonstrated commitment to maintain the
Information regarding outsourced processes. effectiveness and improvement of the management
Automotive customer supplier codes. system in order to enhance overall performance.
This information is considered by the IAOB to be critical c) Whether the operation of the certified management
for both audit planning and use of the IATF database by the system contributes to the achievement of the client’s
OEM customers. The intent is to ensure it is gathered early policy and objectives.
in the certification planning stages. d) The effective interaction between all the processes
defined in the quality management system and the
6.8 Surveillance Audit overall effectiveness of the management system.
The timeframe for responding to major findings issued during
surveillance audits has changed significantly. Certified The IAOB expects the focus of recertification audits to be
organizations are now required to provide the CB, root cause on improved performance over time.
analysis and provide evidence that they have implemented a
It is important to remember that the timing of recertification
correction within twenty (20) days from the end of the site
audits is critical. Recertification audits must be timed to
audit (see section 8.0). The 20 days allowed are not only for
ensure that the organization has adequate time to complete
the certified organization to respond, but also for the CB to
corrective actions and address non-conformities, prior to the
review the correction, and determine if the certificate should
expiration of the certificate, allowing additional time for the
be suspended (see section 8.0). In support of fulfilling this
processing of audit documentation.
20-day timeframe, DNV Certification will require a client
response with objective evidence be submitted by our clients
within 10 days of the last day of the audit. This will help
ensure that both the organization and DNV meet our joint
responsibilities within the mandated 20-day timeframe for
“correction”.
DNV Certification
Customer Communications
In order to properly schedule a recertification audit, the date The new CB shall complete all transfer activities and
should be calculated 90 to 120 days prior to the expiration a transfer audit, including closure of any non-
of the certificate to ensure adequate time is allowed. All conformities and a certification decision, prior to the
organizations should work with their assigned schedulers to next scheduled surveillance audit with the previous
ensure recertification audits are scheduled in this manner. CB or the expiration of the existing certificate.
New CB shall advise the client not to cancel a
7.0 Transfer Audit contract with existing CB prior to completion of all
Further restrictions have been placed on the transfer of transfer activities.
certification between different CBs. There are several
reasons for the revised requirements, including: Transfer audits always result in the start of a new 3 year
Too many organizations changing accreditation certification cycle.
bodies too often.
Failure to adequately evaluate the organization’s 8.2/8.3 Decertification Process
performance prior to transferring the certificate. The decertification process was carried over almost intact
Organizations changing registrars to keep the same from the 2nd Edition Rules, with the slight exception of
auditor. corporate scheme certifications. In the case of a suspension
within a corporate audit scheme, the suspension shall only
To address these concerns, the changed/new requirements apply to the affected site(s) and not all sites included in the
include: corporate scheme. To further clarify, corporate audit schemes
The CB shall ensure that clients applying for are still allowed, however if one site on a corporate scheme
transfer, have not transferred from another IATF loses their certification, all other sites can remain certified. All
recognized CB with the previous three (3) year findings, regardless of which site they were written against,
period. would still have to comply with Section 8.2 Analysis of the
The client shall provide the new CB with the situation which states, “When the affected site is part of a
previous audit report and all findings issued by the corporate audit scheme, the analysis shall include a review
existing CB for the site and any remote support of the concern and its impact across all sites.” This change
functions. removes any penalties previously in place that prohibited the
The new CB should ensure that the audit team corporate scheme approach.
members, if subcontracted, have not previously
Summary
audited the client.
This communication is intended to provide organizations
The client cannot be on any OEM special status certified by DNV Certifications to ISO/IEC TS 16949:2002,
condition, nor have their current ISO/TS 16949:2002
an overview of the most significant changes to the Rules
certification cancelled, or withdrawn.
for Achieving IATF Recognition 3rd Edition, however it is
The IAOB feels that all certified organizations should have not all-inclusive. If you have additional questions please
a right to choose their certification provider however, they feel free to contact your regional office for more specific
are too often penalized for trying to make a change. To guidance.
improve support for organizations that wish to change their
registrars, the 3rd Edition Rules have included the following
revised requirements which should help prevent any lapses
in certification.