Rules for Certification

Certification Rules:

General

ASRICERT Indonesia must verify whether it is appropriate to conduct the certification of an organisation. The decision is made upon the results of a self-declaration of the organisation using a questionnaire, a pre-visit or a follow-up audit as an alternative. The organisation nominates a contact person from its management responsible for communicating with ASRICERT  Indonesia and for handling the audits.

The Questionnaire

The questionnaire for the preparation of a certification audit contains a description of the organisation. The questionnaire is completed by the organisation alone or with assistance of ASRICERT Indonesia It is then used to verify whether the management system fulfils the requirements for a certification audit.

The Certification offer

If the information supplied in the questionnaire is meaningful and complete, ASRICERT Indonesia will prepare an offer based on the audit time guidelines for the desired standard, and other factors related to the certification, such as location, language and scope of certification. The offer is developed following documented procedures that do not favour or discriminate against any applicant organization.

The Review and evaluation of client documented information

Around four weeks before the certification audit the organization submits the management system documents in their current version to the lead auditor. The documented information are evaluated by an auditor with the aid of a questionnaire. A report on the evaluation of the documents is written and sent to the organisation if the documents do not fully comply with the requirements of the standard. Corrective action must be taken before the on-site audit can commence.

Audit preparedness of certification audit

A complete internal audit addressing all requirements of the applicable standard must have been performed by the organisation. The organisation’s management must have performed a review of the management system. If these requirements are fulfilled, the on-site audit can commence.

Approximately one – two weeks prior to the audit the organisation receives the audit plan for review and agreement. The organisation may request the replacement of any proposed audit team member if reasons, such as conflict of interest exist.

The implementation and effectiveness of the management system are reviewed on site by a competent audit team using a method of interviews and sampling of evidence of the implementation and effectiveness of the management system. Deviations detected by the audit team are documented. Non-conformities require corrective action such as follow-up audit or submission of new evidence before the certification can be issued. Scope and extent of a follow-up audit are limited to the management system requirements affected by the non-conformity.

Pre-audit (request by client)

A pre-audit consists of a limited review of selected management system documentation followed by the conduct of a brief on-site audit. Purpose of the pre-audit is to identify weak points in the documentation and the implementation of the management system. The results of the pre-audit are explained to the organisation verbally or in a report. A pre-audit is normally conducted by a single auditor and can only be conducted once per certification. The organisation must address deviations found during the pre-audit before the certification audit commences. The auditors will review the corrective action resulting from the pre-audit during the certification audit.

Although the results of a pre-audit may influence the further audit scheduling and planning, it can not be used to reduce the on-site audit time of the certification audit.

Stage One Audit

Purpose of a stage one audit is to verify information received from the organisation and to determine the crucial organisational, quality, environmental related characteristics of the organisation. The results of a stage one audit can lead to a modification of the initial certification (stage 2) offer, if circumstances require. It is also possible to conduct a partial review of the documents during the stage one audit.

Stage Two Audit

The purpose of the stage 2 audit is to evaluate the implementation, including effectiveness, of the client’s management system. The stage 2 audit shall take place at the site(s) of the client. It shall include at least the following:

  • information and evidence about conformity to all requirements of the applicable management system standard or other normative document;
  • performance monitoring, measuring, reporting and reviewing against key performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document);
  • the client’s management system and performance as regards legal compliance;
  • operational control of the client’s processes;
  • internal auditing and management review;
  • management responsibility for the client’s policies;
  • links between the normative requirements, policy, performance objectives and targets (consistent with the expectations int the applicable management system standard or other normative document), any applicable legal requirements, responsibilities, competence of personnel operations, procedures, performance data and internal audit findings and conclusions.

Corrective Actions and Follow-up

The company is required to submit a corrective action Plan addressing the non-conformities within a given time frame. Corrective actions against all major conformities require to be verified during a follow up visit and / or through provision of objective evidence of effective implementation, prior to confirmation of certification. Observations are also recorded relating to various elements of the quality systems which do not significantly affect the operation of the system but do nevertheless indicate a problem which may need correction.

a)     In the event of major non conformities being identified in respect of the implementation of any element of the management system or several minor non-conformities being recorded against any one element which renders the system deficient but operable, a recommendation for certification is made subject to a CAR (Corrective Action Request) being submitted within 180 days and corrective actions being verified onsite and closed out through a special visit for the assessment date, before certification is granted or as decided by Certification Decision Maker as certification decision committee.

b)     Where the audit has revealed only minor non conformities which need to be addressed through corrective actions, the certification may be recommended subject to the CAR (Corrective Action Request) being submitted by the company within 90 days (max) together with objective evidences of the corrective actions taken. The corrective actions plan is required to be closed out upon physical verification of the satisfactory implementation at the first subsequent audit.

c)      In the case of where “opportunities for improvement: having been recorded during the certification audit, the actions, as applicable, are observed for effectiveness at the subsequent audit visit.

Certification decision

Accordance certification decision instruction that ASRICERT certification body ensured a process to conduct an effective review prior to making a decision for granting certification, expanding or reducing the scope of certification, renewing, suspending or restoring, or withdrawing of certification.

The certification decision committee consist of the persons or committees that make the decisions for granting or refusing certification, expanding or reducing the scope of certification, suspending or restoring certification, withdrawing certification or renewing certification are different from those who carried out the audits. The individual(s) appointed to conduct the certification decision have appropriate competence accordance ASRICERT personnel competency procedure.

Suspension, Withdrawal, Extension and reduction the scope of Certification

Suspension: The grounds for suspending the certificate are as follows:

  1. If the certified organization is not getting the Surveillance audit conducted as per the certification agreement;
  2. If the client is found to misuse the logo of the Certification Body or is using any kind of misleading statement which might affect the reputation of the certification body and the accreditation board.

Any certificate issued by ASRICERT Indonesia may be withdrawn in the event of any of following defaults by a certificate holder.

  • If a surveillance audit is not arranged within 3 months of the due date in response to notice issued by ASRICERT Indonesia
  • major lack of effective implementation of corrective of actions within agreed time limits in respect of non-conformities identified during surveillance audits.
  • failure to pay appropriate fees.
  • continued misuse of Accreditation mark/logo e.g. misleading publications, advertisement or contravention of the stipulated conditions for the use of marks/logo. Upon suspension or cancellation of certificate of registration, the name of the organization shall be deleted from the ASRICERT’s Indonesia approved list of certified companies.

Extension: Upon the request of the client at any point of certification cycle, the scope of certification can be extended after the verifications conducted as per the ASRICERT Indonesia certification process.

Reduction: Upon the request of the client or during the surveillance audit as identified/verified by the audit team, the scope of certification can be reduced after the verifications conducted as per the ASRICERT Indonesia certification process.

  1. If there is any complaint from the customer’s customer ASRICERT Indonesia needs to verify the complaint and in case if the certified organization is found guilty the certificate will be suspended and will remain suspended until the complaint is not resolved;
  2.  In case of non-payment of the fee as per the contractual agreement;
  3. If during the Surveillance audit system found not to comply with Standard requirement.

Withdrawn: The grounds for cancellation of certificate are as follows:

  1. in case the organization is not able to resolve the issue of suspension within 90 days from the date of suspension;
  2. the evidences submitted by the organization for the reason of suspension as defined above are not found satisfactory;
  3. upon the suspension the certificate will be surrendered from the client, the ASRICERT Indonesia web site will be updated that the organization’s certificate is cancelled (not valid). After the cancellation of the certificate if the organization is found to use the certificate or certification information in any manner legal action will be taken against the organization as per the contractual agreement;
  4. Note: The evidences can be verified onsite or offsite depending upon the nature of the reason for the suspension.

Issue of a Certificate

A certificate is issued following a positive review of the audit by the certification body. If the contract for certification has been signed, the certificates are handed to the organisation together with the contract and audit report. The certificate is only issued if all non-conformities have been corrected. The certificate is valid for three years provided at least annual surveillance audits are performed at the organisation.

Surveillance

Before a surveillance audit all relevant information about the organisation and the management system shall be updated to provide for significant changes which may have an effect on the scope or other issues of the organisation’s certification.

Certain requirements of the standard are audited every year, including use of the certificate and complaints against the management system. The remaining requirements are distributed over the surveillance audits. Typically a surveillance audit is performed by a single, competent auditor. The date and auditor are agreed with the organisation.

In case of non-conformities, the same procedure as with a certification audit is adopted. In the case of severe, repeated or unattended non-conformities or violations of the certification contract, the certificate may be suspended or withdrawn. After the surveillance audit the organisation receives a report.

Re-Certification

Before the period of validity expires, a re-certification audit shall be performed to extend the certificate for a further three years. The effectiveness of the entire management system is tested during the audit. Changes to the management system must be announced by the organisation in advance. The audit is performed in a comparable manner to a certification audit.

Special Audits

A special visit may require to be made to the certificate company’s premises in the following circumstances:

ASRICERT Indonesia has reason to believe that the documented systems are inadequately maintained with major deficiencies in operation.

In case of any change in the management system standard due to which the certification requirements are going to be changed, client will be intimated in advance for the transition audit and audit will be scheduled after the consent of the organization. But the audit has to be done before the defined timeframe.

Upon intimation by the certified company, of any significant change in the certified documented system. Including extension of scope visit will decide, whether the extension of scope sector can be granted or not. This may be clubbed with the surveillance audit this surveillance audit program shall include at least

  • Internal audit and management review
  • A review of actions taken on NC identified during the previous audit.
  • Treatment of complaint
  • Effectiveness of the management system w.r.t. achieving the certified client objectives.
  • Progress of planned activities aimed at continual improvement
  • Continuing operational control
  • Review of any changes
  • Use of marks and or any other reference to certification

Short Notice Audit

As a result of a complaint, by any party, any adverse publicity or contravention of the conditions of certification or other information received and suspended client. The special visits will be undertaken after due notice has been given and details agreed between ASRICERT Indonesia and visits will be undertaken after due notice has been given and details agreed between the certified company. Due care is take of the following.

  • Information is given to the client in advance regarding the re-source of the visit with details.
  • Due care is taken to select the auditor to Safeguard Lack of Reason to client for objection to the auditor.

Disputes and Appeals

If there is reason for the organization to dispute or to appeal a decision of the Certification Body, they can address the certification body head directly or via the auditing office. If the certification body head cannot remove the disagreement, the organisation may present his case to the appeals committee for a ruling.

Use of Logo or Mark

The use of Logo is governed by the ASRICERT Indonesia conditions and instructions applicable to use of Logo or Mark. The use of Accreditation and certification marks by certified companies. In case of lab certification, a separate instruction will be issued to the clients.

Multisite Certification

A multisite organisation is an organisation having an identified central function (central office) at which certain activities are planned, controlled or managed and a network of local offices or branches (sites) at which such activities are fully or partially carried out.

To qualify for multisite certification, an organisation must fulfil certain conditions which are reviewed by the auditors during the contract review (before the offer). If eligible, a sampling method can be used to limit the site visits to a representative number of sites in addition to the central office. Over the period of certification, the group should be visited in its entirety.

Whether the sampling method may be used, and how many and which sampled sites shall be audited, remains a decision of the certification body.