BUREAU VERITAS CERTIFICATION

SALES PROCESS
17021-
5.1.2, 9.1.1-2, 9.5.3.3
1:2015
17065:2012 7.2-3
14065:2013 8.2.1-2

Revision Comment on the changes Review Approval Date

3.14 Clarification in § 5 Approving Proposals D Kumar CER MS Committee September 8, 2021

§ 5 updated to show when the CRF should be approved by the ICC and when
3.13 F Gomes CER MS Committee August 18, 2021
it can be approved locally

3.12 Update in 11.7 where references to 12.3, 12.4 and 12.5 were removed. F. Gomes CER MS Committee July 15, 2021

3.11 Duplicate para on Additional Sites removed, Realigned the numbers. F. Gomes CER MS Committee June 24, 2021

3.10 “ISO TS” replaced by IATF 16949 S ter-Horst CER MS Committee April 19, 2021

Clarification on the use of Technical T&Cs in UKAS accredited certification F. Gomes CER MS Committee February 22, 2021
3.9 contracts in § 6.3.
Removal of any reference to ISO 37001 or ABMS, due to accreditation F. Gomes CER MS Committee December 22, 2020
3.8 resignation.
New version of table containing schemes with additional instructions M. Picouleau CER MS Committee November 27, 2020
3.7
Removal of clause 8 - Transfer of Accredited Certification, as there is now a
3.6 specific procedure on transfers F. Gomes S. Ter-Horst December 20, 2019
Addition of specific requirements for Aerospace certificate transfer in § 8.2.2
3.5 and 8.5. F. Gomes S. Ter-Horst September 2, 2019
Update of 8.5 Decision as per MD2-2017 and multisite calculation clarified
3.4 (§12.6) R. Sharma Fabien Joly September. 5 ,2018
Control and validation of changes in the Generic Terms and Conditions for
3.3 UKAS accredited certification (§ 6.3) F. Gomes F. Joly-de-Bresillon July 30, 2018
Revised in line with MD1 -2018
3.2 R. Sharma Fabien Joly February.21.2018
Added link to IATF ISO TS 16949 Conditions of Services
3.1 S. Reemers A. Mihalova Jan. 27, 2017
Clarifies rules for transfer in §8
3.0 S. Reemers P. Jeanmart October 24, 2016
Updated visual table and IAF MD references on front page
Clarification regarding multi-site organizations in §3 and 12
2.4 Updated Pre-transfer review section §8.2 S. Reemers F. Gomes September 29, 2016
Added possible 0.5 man-day for surveillance audit in §12.5
Added link to NACE codes in §8
1.5 S. Reemers P. Jeanmart April 15, 2016
Transferred Multi-Site Calculation from “Sales –Multi-site calculation”
Added requirement for Certification Body to inform client of changes in § 8
1.4 S. Reemers P. Jeanmart March 7, 2016

Amended table for additional instructions: ISO 13485 WITH specific

1.3 instructions. S. Reemers P. Jeanmart March 2, 2016

Procedure “Impartiality”
NACE http://ec.europa.eu/competition/mergers/cases/index/nace_all.html
Latest versions of IAF Mandatory Documents MD 1,2, 5 and 11,21 and 22 for QHSE products

BVC Conditions of services

For IATF 16949, Conditions of Services available in Legal Community
https://iww.connections.bureauveritas.com/communities/service/html/communityview?communityUuid=4e10e0f3-
ba0d-4f8b-a2fa-a0fb04f46150#fullpageWidgetId=W33dc87f46650_4850_8af1_378661838c22&file={70DED459-
0000-C21A-AB98-442EDB4322BC}

Application Form specific to products

Template "Certification Transfer Form"

This procedure defines instructions for all BVC products and services.
Some products and services require additional instructions, defined in separate documents. Please, refer to the list below:

Sales Process Rev3.14 1/9 August 24, 2021

 Enterprise Risk Energy & Social
QHSE Transportation Food
Management Sustainability Responsibility
 Biosafety
 ISO 13485  Aerospace  GDPR  2BSvs  PSCI  BRC
 ISO 9 14 18
19 45  IATF 16949  ISO 20000  CDM  SA 8000  EN 15593
 TL 9000  IRIS  ISO 22301  EU ETS CORSIA  SMETA  FSA
 NSQ-100  TAPA  ISO 27001  EUTR  FSMA
 IMS  ISO 27701  FSC CoC  FSSC 22000
 Multi-Site
Calculation  ISO 28000  FSC FM  FAMI-QS
  ISCC REDCert  Global G.A.P.
 ISO 55001  ISO 14064  GMP+
 PIMS  ISO 50001  HACCP
 TISAX  RSPO  ISO 22000
 IFS
 ASC Farm
 MSC ASC CoC
 MSC Fishery

Sales Process Rev3.14 2/9 August 24, 2021

1 Generic offer process
The generic process is:

2 Application requirements
To develop a proposal for potential or existing client, information is obtained from the client through the document “Application
Form”. The information required includes:
• Standard of certification
• Details of activities for the definition of scope
• Client information:
 Name, address, contact information
 Information on sites to be covered by certification (complexity of sites, campus, multi-site)
 Number and importance of temporary sites
 Number of employees and details on shift activity
 Significant aspects of organization process and operations, and relevant legal obligations
 Information about outsourced process used by the client that will affect conformity to requirement
 Information concerning the use of consultancy related to the management system Standard of certification

This necessary information and or data can be transmitted to BVC in any format (e.g. phone conversations, e-mail, product-
related brochures provided by the client) and consolidated in Application Form. Records are retained either with the client file or
by the commercial department. Some of this information can be obtained from product related brochures, provided by the client.
Brochures provide BVC personnel and auditors with a better understanding of the client’s organization and activities.

3 Application requirements for multi-site organization

3.1 Permanent and temporary sites
A permanent site is a location, physical or virtual, where an organization performs work or provides a service on a continuing
basis.

A temporary site covered by the organization's management system may be subject to audit on a sample basis to provide
evidence of the operation and effectiveness of the management system. It may, however, be included within the scope of a
multi-site certification subject to agreement between the Certification Body and the client. Where included in the scope, such
sites shall be identified as temporary.

Sales Process Rev3.14 3/9 August 24, 2021

3.2 Virtual site
A virtual site is a location from where an organization performs work or provides a service using an on-line environment to allow
persons irrespective of physical locations to execute processes. An example of such a virtual site is a design & development
organization with all employees performing work located remotely, working in a cloud environment.

3.3 Multi-site organization

A multi-site organization is an organization having
• an identified central function (hereafter referred to as a central office but not necessarily the headquarters of the
organization) at which certain activities are planned, controlled or managed, and
• a network of local offices or branches (sites) at which such activities are fully or partially carried out.

A multi-site organization does not need to be a unique legal entity, but all sites shall
• have a legal or contractual link with the central office, and
• be subject to a common management system, which is laid down, established and subject to continuous surveillance
and internal audits by the central office.

The central office has rights to require that the sites implement corrective actions when needed in any site. Where applicable
this shall be set out in a formal agreement between central office and sites.

Examples of possible multi-site organizations are:

• Organizations operating with franchises
• Manufacturing companies with a network of sales offices (this document would apply to the sales network)
• Service companies with multiple sites offering a similar service
• Companies with multiple branches.

3.4 Central Function and processes

The organization shall identify its central function. The central function is part of the organization and shall not be subcontracted
to an external organization. The Central Function is responsible for and centrally controls the management system. It is where
control and authority from top management is exerted over every site.

A primary process is directly related to products or activities, where any failure impacts directly the conformity regarding objective
of applicable normative documents. Such processes are sometimes referred to as “core or value creating processes”, addressed
in the Annex SL under Clause 8.

A secondary process is a supporting process which does not have a direct impact on the conformity regarding objective of
applicable normative documents.

4 Application Review requirements

The application received from the client is reviewed to:
• Determine the type of accreditation that can be offered;
• Ensure that BVC has the ability and competence to perform the audit;
• Determine the audit scope;
• Ensure competent resources are available to perform the audit;
• Ensure impartiality threats have been reviewed (with the support of the Impartiality Committee where necessary) and
results of the review confirm the risks are at an acceptable level as described in Impartiality Procedure.
• Determine audit time
• Confirm that a single management system is deployed across the organization; in case of multisite organization AND
understand the legal and contractual arrangements for each site;

Specificities per scheme are detailed in Appendices.

If BVC declines the application following the application review, the reasons for declining an application shall be documented
and made clear to the client.

Audit time is determined according to

• specific rules per product
• the complexity of client sites and processes.

Unless otherwise specified in specific instructions, the application review documents are recorded to demonstrate all items
above have been considered, and reasons for accepting the application and issuing the proposal are justified.

Proposal is issued and sent to the client, including:

• Client details;
• Audit time for the 3-year cycle and/or the basis for audit time estimation including justifications, if any;
• Standard and scope;
• BVC conditions of services

Sales Process Rev3.14 4/9 August 24, 2021

5 Approving Proposals
Each BVC entity and production centre produces an authorization matrix that demonstrates who is authorized to approve and
sign proposals. The matrix is product and contract value dependent and reflects the status of local entity in BVC network. (See
technical appendices document available in https://bureauveritas.sharepoint.com/teams/documentation-CER-
MS/IFA%20Library/Forms/AllItems.aspx ). When the country is not acting as critical location for the scheme, the client
application & Contract review should be prepared by the local office and then, it shall be sent to the relevant ICC/CL for the final
approval before proposal issuance.

The persons approving proposals shall be trained for the products for which they are approved and demonstrated to the
Technical Manager that they have enough understanding and knowledge of the proposal process to produce accurate proposals.

The Technical Manager shall only take a sample of proposals to review (Recommend 5%) to ensure that the process is
undertaken in accordance with BVC requirements. It is not required for the Technical Manager to conduct a 100% review of all
proposals.

6 Types of Contract
BVC services are covered by a signed contract with the client. To facilitate this process, BVC established two types of contracts.
Unless specifically requested by the client, expiring term contracts are not offered.

6.1 Open Ended Contracts (BVC Standard Contract)

These contracts have no expiry date and are developed in such a manner to allow BVC services to be offered on a continuous
basis, without requirement to re-sign the contract. These contracts allow for audit day and price increases to be undertaken
where necessary or in accordance with the contract terms.

In case individual countries wish to use open-ended contracts, they shall comply with the BV conditions.

6.2 Expiring contracts

They are only used when client refuses to sign Open Ended Contract, and are established for defined periods, this can be any
period in agreement with the client; however, the minimum period is one year. Where the contract period is less than 3 years or
the duration of certification cycle, this shall be reflected in the certificate validity.

6.3 Technical Terms and Conditions for Certification Services

The Technical Terms and Conditions for Certification Services applied shall be those available in CER MS.

Particular attention must be given to any UKAS accredited certification contract, that necessarily shall bear the specific UKAS
Technical Terms and Conditions for Certification Services, which establishes that the accredited entity for the certification service
is Bureau Veritas Certification Holding SAS – UK Branch.

Any amendments, and translations of the above-mentioned terms and conditions, required by clients, shall be agreed and
validated by TQR H.O.

Contracts for UKAS together with local AB accredited certification shall clearly display which certification is being delivered under
UKAS accreditation and which under local AB accreditation.

7 Contract Review
7.1 Signed proposal
When a client signs the proposal, this then becomes the contract, therefore once this is received from a client the sales back
office shall review the document to ensure that no changes have been made or requested by the client. If all details are consistent
with the original proposal, the signed contract is passed to the production back office for action, the sales back office shall also
indicate the clients preferred initial audit period.

If the clients ask for a second and different accreditation after contract review stage, and initial certification decision has been
made and the certificate issued, this requires a new and separate certification decision.

7.2 Contract review for multi-site organization

BVC provides to the organization information regarding its terms and conditions and the relevant management system
standards, before starting the audit process. BVC shall not proceed if any of the provisions are not met. Before starting the audit
process, BVC shall inform the organization that the certificate will not be issued if during an initial audit non-conformity are found.

BVC ensures that the initial contract review identifies the complexity and scale of the activities covered by the management
system subject to certification, and any differences between sites as the basis for determining the level of sampling.

BVC identifies organization central function with which it has a legally enforceable agreement for provision of certification
activities.

BVC shall check, in each individual case, to what extent sites of an organization operate substantially the same kind of processes
according to the same procedures and methods. Only after a positive examination that all the sites proposed for inclusion in the
multi-site exercise meet the eligibility provisions may the sampling procedure be applied to the individual sites.

Sales Process Rev3.14 5/9 August 24, 2021

If all the sites of a service organization, where the activity subject to certification is performed, are not ready to be submitted for
certification at the same time, the organization is required to inform BVC in advance of the sites to be included in the certification
and those which are to be excluded.

8 Changes to contracts
Amendments to contract shall be considered when significant changes are occurring to management system of the client, such
as but not limited to, increase and decrease of audit days, additional sites, extension and reduction of scope, additional products,
number of employees.

In addition, a review shall be made to determine audit activities necessary to decide whether the certification can be maintained
or not. These additional audit activities can be performed either during surveillance audit or additional audit.

Where amendments to the contracts are made, the reasons for the changes shall be documented. The information, collected
for the original contract review, is modified and the differences highlighted.

Adjustments to the relevant sections of the contract shall be made i.e. Audit days, product codes (NACE Codes online
http://ec.europa.eu/competition/mergers/cases/index/nace_all.html), sites and the contract shall be agreed by the client.
BVC shall notify its clients of any changes to certification requirements. This rule is in BVC General Conditions of Services.

9 Generic contract renewal

The process is as follows:

Sales Process Rev3.14 6/9 August 24, 2021

10 Renewal Process for Expiring Contracts
Data collected for Initial certification shall be verified and updated, especially in case of changes in the organization and number
of employees. In order to make a proposal, the following output is required:
• Audit day (both on-site and off-site ensuring rules for 'on and off' site time are respected) allocation for main period
of proposed contract
• Records of audit day calculations and justifications for any changes shall be retained with the client file.
• Product Code allocation
• Accreditations that can be offered
• Compliance with Bureau Veritas Certification Pricing Policy
• Compliance with local rules.

The approval of proposal and contract review are carried out with same approach and requirements as for initial proposals.

11 Multi-site Calculation
11.1 Eligibility of an organization for sampling
The processes at all the sites must be substantially of the same kind and must be operated to similar methods and procedures.
Where some of the sites under consideration conduct similar, but fewer processes than others, they may be eligible for inclusion
under multi-site certification, providing that the sites(s) which conduct the most processes, or critical processes are subject to
full audit.

Organizations which conduct their business through linked processes in different locations are also eligible for sampling, if all
other provisions of this document are met. Where processes in each location are not similar but are clearly linked, the sampling
plan shall include at least one example of each process conducted by the organization (e.g. fabrication of electronic components
in one location, assembly of the same components by the same company in several other locations).

The organization’s management system shall be under a centrally controlled and administered plan and be subject to central
management review. All relevant sites (including the central administration function) shall be subject to the organization’s internal
audit programme, and all shall have been audited in accordance with that program, prior to the Certification Body starting its
audit.

It shall be demonstrated that the central office of the organization has established a management system in accordance with
the relevant management system standard under audit, and that the whole organization meets the requirements of the standard.
This shall include consideration of relevant regulations.

The organization shall demonstrate its ability to collect and analyze data (including but not limited to items listed below) from all
sites including central office and its authority, and demonstrate its authority and ability to initiate organizational change if required:
• System documentation and system changes;
• Management review;
• Complaints;
• Evaluation of corrective actions;
• Internal audit planning and evaluation of the results;
• Changes to aspects and associated impacts for environmental management systems (EMS) and
• Different legal requirements.

Not all organizations fulfilling the definition of multi-site organization are eligible for sampling, in cases such as:
- all the sites perform significantly different activities;
- the client requests each site to be audited;
- there is a sector scheme or regulatory requirement stipulating that each site is to be audited systematically.

The audit time allocated to each site depends on whether that site performs primary processes or not.

When specific rules apply, scheme requirements shall take precedence.

11.2 Sampling Methodology

The sample shall be partly selective based on the factors set out below and partly non-selective and shall result in a
representative range of different sites being selected, without excluding the random element of sampling.
At least 25% of the sample shall be selected at random.

Considering the provisions mentioned below, the remainder shall be selected so that the differences among the sites selected
over the period of validity of the certificate is as large as possible.

The site selection may include among others the following aspects:
• Results of internal site audits and management reviews or previous certification audits;
• Records of complaints and other relevant aspects of corrective and preventive action;
• Significant variations in the size of the sites;
• Variations in shift patterns and work procedures;
• Complexity of the management system and processes conducted at the sites;
• Modifications since the last certification audit;
• Maturity of the management system and knowledge of the organization;
• Environmental issues and extent of aspects and associated impacts for environmental (EMS) management systems;
• Differences in culture, language and regulatory requirements; and
Sales Process Rev3.14 7/9 August 24, 2021
 • Geographical dispersion.
• Whether the sites are permanent, temporary or virtual.

This selection does not have to be done at the start of the audit process. It can be done once the audit at the central office is
completed. In any case, the central office shall be informed of the sites included in the sample. This can be on relatively short
notice but shall allow adequate time for audit preparation.

11.3 Size of Sample

Methodology for Auditing and sampling of a Multi-site Organization where all sites are performing very similar
processes/activities.

BVC determines the sample to be taken when auditing sites as part of the audits and certification of a multi-site organization.

Each BVC office shall record each application of multi-site sampling justifying it is operating in accordance with this document.
The following calculation is the basic procedure used for sampling of multi-site organizations. The minimum number of sites to
be visited per audit is:
Initial audit: the size of the sample shall be the square root of the number of remote sites: (y=Mx), rounded to the upper whole
number.

Surveillance audit: the size of the annual sample shall be the square root of the number of remote sites with 0.6 as a coefficient
(y=0.6 Mx), rounded to the upper whole number.

Re-certification audit: the size of the sample shall be the same as for an initial audit. Nevertheless, where the management
system has proved to be effective over a period of three years, the size of the sample could be reduced by a factor 0.8, i.e.:
(y=0.8 Mx), rounded to the upper whole number.

BVC reviews each application and the risk levels of activities of the organization and decides to adjust either the sampling
methodology and / or sampling levels. In all cases where adjustments are made, justifications are recorded and supported by a
robust risk analysis.

Central function shall be audited during every initial certification and recertification audit, and at least once a calendar
year as part of surveillance.

The size or frequency of the sample shall be increased where BVC’s risk analysis of the activity covered by the management
system subject to certification indicates special circumstances in respect of factors such as:
• The size of the sites and number of employees (e.g. more than 50 employees on a site);
• The complexity or risk level of the activity and of the management system;
• Variations in working practices (e.g. shift working);
• Variations in activities undertaken;
• Significance and extent of aspects and associated impacts for environmental management systems (EMS);
• Records of complaints and other relevant aspects of corrective and preventive action;
• Any multinational aspects; and
• Results of internal audits and management review.

In such cases a sampling plan and methodology are defined and recorded.

When the organization has a hierarchical system of branches (e.g. head (central) office, national offices, regional offices, local
branches), the sampling model for initial audit as defined above applies to each level.

Example:
1 head office: visited at each audit cycle (initial or surveillance or recertification)
4 National offices: sample = 2: minimum 1 at random
27 regional offices: sample = 6: minimum 2 at random
1700 local branches: sample = 42: minimum 11 at random.
The sample of regional offices should include at least one regional office controlled by each national office. The sample of local
branches should include at least one local branch controlled by each regional office. This may result in the sample size at
each level exceeding the minimum sample size calculated as described above

11.4 Additional Sites

On the application of a new group of sites to join an already certified multi-site network, each new group of sites shall be
considered as an independent set for the determination of the sample size. After inclusion of the new group in the certificate,
the new sites shall be cumulated to the previous ones for determining the sample size for future surveillance or recertification
audits.

11.5 Methodology for Auditing of Multi-site Organizations Where all Sites do not perform similar processes or activities
The audit programme shall consist of an initial audit and recertification audit of all sites. In surveillance audits, 30% of sites,
rounded up to the whole number, shall be covered in a calendar year. Each audit will include the central function. The sites
selected for the second surveillance audit will normally be different from the sites selected for the first surveillance audit
The audit programme shall be designed to ensure that all processes covered by the certification scope are audited over each
cycle.

Sales Process Rev3.14 8/9 August 24, 2021

11.6 Methodology for Auditing Multi-site Organizations that Include a Combination of Sites that can be Sampled and Other
Sites that cannot be Sampled

The audit programme shall be established using Section 12.3 for those sites that can be sampled and Section 12.4 for the
remaining part of the organization where Section 12.3 is not appropriate.

11.7 Audit Time per IAF Rule

An organization that satisfies the eligibility criteria may consist of sites that can be sampled, sites that cannot be sampled or a
combination of both. The audit time must be enough to undertake an effective audit irrespective of the makeup of the
organization.

The audit time per selected site (whether it comes from sampling, from non-sampling, or from mixed methodology, including
elements of the central function if applicable, shall be calculated for each site using the applicable IAF documents (e.g. IAF MD
5 for quality and environmental management systems, IAF MD 11 for integrated management systems) and, where necessary,
any applicable sector scheme requirements for the calculation of man-days.
. Unless precluded by specific schemes, the reduction of audit time per sampled site shall not be greater than 50%.

For example, 30% is the maximum reduction in audit time allowed by IAF MD 5 while 20% is to be considered the maximum
reduction allowed for the single management system processes performed by the central function and any potential centralized
processes (e.g. purchasing).

For surveillance audits, minimum audit time can be 0.5 day, as an exception, if it is justified and documented.

The methodology described below is to be used to build the auditor time and justify how the calculation has been established.
Starting point:
Sampling: Apply the rule for sampling, by selecting sites for initial and surveillance audits:
• Calculate the audit days in each site separately
• Adjust the auditor days site by site, considering the complexity of activities, the processes, the level of decentralization
of the company, the clauses not applicable to the site. Total reduction for man days per site shall not to exceed 50%
in any case
Justify the decision for variations and keep record in the file

11.8 Audit team and leader

Team Leader shall ensure that
- the same management system governs activities at all sites,
- the same management system is applied to all the sites and;
- all the eligibility criteria for the organization are met.

This requirement also applies to a management system where electronic documents, process control or other electronic
processes are used. BVC shall justify and record the rationale for proceeding with a multi-site approach.

If more than one audit team is involved in the audit or surveillance of the network, BVC managing office shall designate a unique
audit leader, who shall consolidate the findings from all audit teams and produce a synthesis report.

Team Leader shall identify the technical competence required for each part of the audit and for each site, shall allocate
appropriate team members for each part of the audit.

Sales Process Rev3.14 9/9 August 24, 2021