A LOOK AT EXPECTED AMENDMENTS TO ISO/IEC
Download
Report
Transcript A LOOK AT EXPECTED AMENDMENTS TO ISO/IEC
A2LA’s ISO/IEC 17065:2012
Transition and Applications
Mike Buzard – Senior Accreditation Officer
Adam Gouker – Accreditation Manager
American Association for Laboratory Accreditation
Frederick, Maryland, U.S.A
Presentation to the TCB Council – April 2014
Overview
A2LA Recognition, Structure, and Processes
Transition to ISO/IEC 17065:2012
ISO/IEC 17065:2012 Published “Explanations”
ISO/IEC 17065:2012 Requested “Explanations”
Common TCB Assessment Deficiencies
Implementation of FCC KDB Revisions (April 2014)
A2LA is:
Non profit
Non governmental
Independent 3rd party
Established in 1978
A2LA provides accreditation:
ISO/IEC 17025:2005 – Testing and Calibration Laboratories
ISO 15189:2012 – Medical Laboratories
ISO Guide 34:2009 – Reference Material Producers
ISO 17043:2010 – Proficiency Testing Providers
ISO Guide 65:1996 – Product Certification Bodies
ISO/IEC 17065:2012 – Product Certification Bodies
ISO/IEC 17020:2012 – Inspection Bodies
A2LA Recognition
International Accreditation Forum (IAF) Multilateral
Recognition Arrangement (MLA) Signatory
International Laboratory Accreditation Cooperation (ILAC)
Mutual Recognition Arrangement (MRA) Signatory
Recognized Accreditation Body under the National Voluntary
Conformity Assessment Systems Evaluation (NVCASE)
Program
FCC Recognized Test Firm Accrediting Body (TFAB)
Various Gov’t to Gov’t MRA’s through NIST
A2LA Structure
A2LA Processes - Assessment
Order ISO/IEC 17025 and/or ISO/IEC 17065
Read AB’s Supplemental Requirements
Read Regulator / Certification Scheme Requirements
Submit Application(s)
Assessor Assigned (performs doc review)
A2LA Processes - Assessment
Conduct On-site Assessment
CAR’s Following Assessment
Decision on Accreditation
Surveillance and Renewal Assessments
A2LA Processes - Cycles
Year 0: Initial Accreditation
Year 1: On site Surveillance Assessment
Year 2: Full Renewal Assessment
Year 3: Annual Review, desk audit – could be on-site
Year 4: Full Renewal Assessment
Year 5: Annual Review, desk audit – could be on-site
Note: this is one option per ISO/IEC 17011, clause 7.11.3
A2LA Processes - Scopes
Document that identifies exactly what the
organization is accredited for:
For Labs – identifies specific tests & methods
For CBs – identifies product categories, product specs, and/or
certification schemes
Identifies expiration date and physical location
Must be confirmed by the assessor
Organizations can be accredited for “limited” scope
of activities
A2LA Processes - Scopes
SCOPE OF ACCREDITATION TO ISO/IEC 17025:2005
YOUR LABORATORY NAME
123 Elm Street
Anywhere, MD 00000
Your Name Phone: 555 555 5555
ELECTRICAL (EMC)
Valid To: December 31, 20xx
Certificate Number: xxxx.01
In recognition of the successful completion of the A2LA evaluation process, accreditation is granted to
this laboratory to perform the following electromagnetic compatibility tests:
Test Technology
Emissions
Radiated & Conducted
Test Method(s)
47 CFR, FCC Part 15, Subpart B (using
ANSI C63.4-2009);
47 CFR, FCC Part 18 (using MP-5);
AS/NZS CISPR 11; EN 55011;
AS/NZS CISPR 13; EN 55013;
EN 55022; IEC/CISPR 22;
CNS 13438 (up to 6 GHz);
A2LA Processes - Scopes
SCOPE OF ACCREDITATION TO ISO/IEC 17065:2012
YOUR CB’S NAME
123 Elm Street
Anywhere, MD 00000
Your Name Phone: 555 555 5555
PRODUCT CERTIFICATION CONFORMITY ASSESSMENT BODY (CAB)
Valid To: December 31, 20xx
Certificate Number: xxxx.02
In recognition of the successful completion of the A2LA Certification Body Accreditation Program
evaluation, including the US Federal Communications Commission (FCC)requirements for the indicated
types of product certifications, accreditation is granted to this organization to perform the following
product certification schemes:
Economy
Scope
Federal Communication Commission - (FCC)
Unlicensed Radio Frequency Devices
Licensed Radio Frequency Devices
Telephone Terminal Equipment
A1, A2, A3, A4
B1, B2, B3, B4
C
*Please refer to FCC TCB Program Roles and Responsibilities, released April 4, 2012 detailing scopes,
roles and responsibilities.
A2LA Processes - Assessors
Independent Peer Experts
Each with over 10 years of experience in field
Trained to Conformity Assessment Standard
(e.g. ISO/IEC 17025 and/or ISO/IEC 17065)
Ongoing training and evaluations (staff, AC, CAB)
A2LA Transition to ISO/IEC 17065:2012
Following A2LA “R307 – Transition Memo to ISO/IEC 17065”
Adheres to IAF three-year transition period – must be completed
no later than September 15, 2015
Following our 2 year reassessment cycle:
Began accepting 17065 applications March 31, 2013
No longer accepting “new” applicants for Guide 65
Current CB’s must undergo assessment to 17065
If not assessed to 17065 by March 1, 2015, must undergo onsite assessment by June 30, 2015
All requests to expand to 17065 require on-site assessment
Explanations
From ISO/IEC 17011:2004, section 4.6.2
Follow Q/A format - A2LA’s official “explanations” of the
requirements of the relevant conformity assessment standard.
It is expected that conformity assessment bodies will implement
the requirements of the standard in accordance with the
explanations listed. Otherwise, areas of non-conformance will be
identified by the assessor during the on-site assessment.
https://www.a2la.org/faq/faqfinder17065.cfm
https://www.a2la.org/faq/faqfinder170252005.cfm
Explanations
Questions typically received from CAB’s and Assessors, but are
welcome from all stakeholders
Explanations are proposed to Technical Advisory Committee for
review and approval
Explanations then reviewed and approved by A2LA management
Explanations finally reviewed and approved by Criteria Council
ISO/IEC 17065:2012 Explanations (4.1.2.1)
What is a “Legally Enforceable Agreement”, and will my assessor be
responsible for determining its legality?
Any signed or sign-able record between the certification body and its
client/customer
Must meet the requirements of clause 4.1.2.2
Must take into account the responsibilities of the two parties in that
agreement
Typically referred to as a “Contract”
A2LA assessors will not be determining, nor can they be held responsible for,
the legality of the certification body / client agreements
ISO/IEC 17065:2012 Explanations (4.6.a)
Does my organization’s “Publicly Available Information” need to
explicitly address each of the procedures called out in this clause if one
or more are not applicable to our certification activities?
Yes, the Certification Body must address each required procedure under this
clause, even if the certification activities being performed do not include those
actions.
For example, an organization operating a certification scheme which does not
allow for extensions or reductions to the scope of certification must have
documented some statement to the effect of, “We do not offer any
extensions or reductions to our certifications.”
Ensures clear understanding between CB, Clients, and
Accreditation/Regulatory Bodies
ISO/IEC 17065:2012 Explanations (5.2.2.a)
My organization has invited numerous possible stakeholders to be part of our
“Mechanism for Safeguarding Impartiality,” but all of those stakeholders have
declined to participate. How can my organization show that we are maintaining
the required balanced representation in light of this?
Note 2 to clause 5.2.1 and Note 1 to clause 5.2.4 of ISO/IEC 17065 identify examples of
mechanisms and potential invitees
Notes should be examined prior to determining that all possible avenues have been
exhausted
The certification body must demonstrate (e.g. records) that they have identified and
invited potentially interested parties,
And that they have ensured that no single interest predominates (e.g. certification body
cannot hold more than 50% stake in this Mechanism)
Up to the certification body to take additional suitable actions to ensure that these
balanced interest requirements are met
ISO/IEC 17065:2012 Explanations (6.2.1)
What are the “applicable requirements” that Internal Resources must meet in
order for my organization to comply with this clause?
Hierarchy:
(1) should be defined by the Certification Scheme;
(2) If not defined in the scheme, the Certification Body should define what requirements
are or are NOT applicable in their quality system, with justification on any omitted clauses
of the relevant International Standard(s);
(3) If the CB and/or Scheme do not define the “applicable requirements,” an A2LA
assessor will assume that all requirements in the relevant International Standard(s) are
applicable.
If an Evaluation standard (testing / inspection method specified in the Certification
Scheme) explicitly requires an aspect of conformity assessment such as measurement
uncertainty calculations, that cannot be excluded when considering whether or not the
resource meets the requirements of those standards.
ISO/IEC 17065:2012 Explanations (6.2.2.1)
What are the “applicable requirements” that External Resources must meet in
order for my organization to comply with this clause?
Hierarchy:
(1) should be defined by the Certification Scheme;
(2) If not defined in the scheme, the Certification Body should define what requirements
are or are NOT applicable in their quality system, with justification on any omitted clauses
of the relevant International Standard(s);
(3) If the CB and/or Scheme do not define the “applicable requirements,” an A2LA
assessor will assume that all requirements in the relevant International Standard(s) are
applicable.
If an Evaluation standard (testing / inspection method specified in the Certification
Scheme) explicitly requires an aspect of conformity assessment such as measurement
uncertainty calculations, that cannot be excluded when considering whether or not the
resource meets the requirements of those standards.
ISO/IEC 17065:2012 Explanations (6.2.2.4)
My Certification Body operates under a larger corporate umbrella, and we send portions of
our Evaluation work to another department in the corporation. Is this considered
“outsourcing” the work to an outside body?
Note 2 of clause 6.2.2.1: “Use of external personnel under contract is not outsourcing.”
Is a “contract” in place that covers cl. 6.1.3 requirements between the department and the
Certification Body?
If so, this is NOT outsourcing.
(This also answers the question, “Is the resource under the direct control of the Certification
Body?”– see clause 6.2.1)
If the documentation linking the other department or its personnel to the Certification Body does
not meet the requirements called out under clause 6.1.3, or if the Certification Body cannot provide
evidence that the additional requirements stated under clause 6.1.2 are met for the personnel in
question, then the actions taken by the Certification Body are considered “Outsourcing,” and the
Certification Body must demonstrate that it complies with the requirements related to Outsourced
activities.
ISO/IEC 17065:2012 Explanations (7.3.2)
A client has asked us to certify a new product which we have not certified
before, but this new product is somewhat similar to ones we have been
certifying in the past. How do we determine whether or not we have “prior
experience” with the new product we are being asked to certify?
CB should compare the new product to old products by examining the certification
schemes (if different), the technologies, the required evaluation techniques/activities,
and the technical knowledge of its own resources.
The NOTE under this clause gives excellent guidance to the CB
If the certification body determines that the new product is sufficiently similar, no
records are needed
The Certification Body may be asked to explain its rationale in determining that the
new product is of the same type as ones that were previously certified
If the assessor can justify that a certification was not “of the same type” as certifications
previously granted, a deficiency may be written
ISO/IEC 17065:2012 Explanations (7.3.3)
What type of records are required to justify our organization’s competence and
capability to perform a certification we have not performed before (such as
called out in clause 7.3.2)?
A2LA does not specify what form a record must take
However, the records must show that an analysis was performed (comparison of
scheme requirements, competencies of its resources, verification that the CB is capable
of performing the certification activities)
Records should be sufficiently detailed such that the assessor can reasonably reach the
same conclusions as the CB
If insufficient information for undertaking the new certifications is presented, or
evidence that the certifications were improperly granted, a deficiency may be cited
ISO/IEC 17065:2012 Explanations (7.12.3)
The certification scheme operated by my organization requires that we reevaluate products on a four month cycle. Does the language in this clause mean
that we only have to keep records for 8 months total, in order to meet the
“current and previous” cycle requirement?
Clause 8.4.2 - Certification Body’s procedures for record retention must be consistent
with any contractual and legal obligations.
Those legal and contractual obligations would take precedence over the shorter
retention cycle given in the example above.
Above and beyond any legal or scheme obligations for record retention, A2LA requires
that the accredited (or applicant) organization must keep copies of records for the
entire time period between on-site assessments
Legal and scheme obligations may require longer retention periods, but under no
circumstances may the Certification Body dispose of records in any shorter time period
ISO/IEC 17065:2012 Explanations (7.13.7)
How should my organization demonstrate compliance to this clause if we
receive an anonymous complaint?
It may not be possible for a certification body to give a formal notice of complaint
resolution to the complainant (e.g. complaint is received anonymously, complainant
does not leave contact info, complainant changes contact information such as being
dismissed from an employment position).
Possible evidence could include records of attempted emails with read receipts, phone
logs, voicemails, certified postal mailings, or generalized resolution notices to alternate
persons that are known to be related to the original complainant.
These examples are not intended to be all-inclusive, nor are they mandatory actions
that must be undertaken by the Certification Body.
Ultimately, the Certification Body must show evidence that they have done reasonable
due diligence in attempting to contact or locate the original complainant
In all cases, records of attempts to contact must be kept as required by clause 7.13.1.
ISO/IEC 17065:2012 Explanations (8.3.1)
What does A2LA consider to be “External documents” that my organization
must control under our document control procedures?
Current versions of the normative documents (e.g. test methods) that are vital to
maintaining their accreditation and to perform their certification activities.
These documents include
ISO/IEC 17065:2012
General A2LA policy documents
Any specific A2LA program requirement documents relating directly to their field of
accreditation
A2LA does not consider “terminology documents”, such as ISO/IEC 17000 and the VIM, to be
normative documents that an organization must control within their system
Example on next slide
ISO/IEC 17065:2012 Explanations (8.3.1)
Telecommunications Certification Bodies (TCB) would be expected to possess (or have direct access
to) and have under its document control system current versions of the following A2LA documents:
R307 - General Requirements - Accreditation of ISO-IEC 17065 Product Certification Bodies
P101 - Rules for Making Reference to A2LA Accredited Status
R102 - Conditions for Accreditation
R308 - Specific Requirements - 17065 - Telecommunication Certification Body Accreditation
Program
Furthermore, such a TCB would be expected to control copies of all test methods (e.g. ANSI
C63.4, FCC Rule Parts) called out in the schemes on their scope, as well as copies of the
schemes themselves
ISO/IEC 17065:2012 Explanations (8.5.1.1)
I am a Certification Body getting ready to apply for accreditation to ISO/IEC
17065, do I have to perform a complete Management Review before I can
become accredited?
A2LA assessors will look for evidence during the on-site assessment that a complete
management review has been conducted in accordance with their documented
procedure and pre-determined schedule (8.5.1.1).
If only a partial review has been conducted by the time of the on-site assessment, a
deficiency will be cited and the full review must be completed before initial accreditation
can be granted.
ISO/IEC 17065:2012 Explanations (8.6.1)
I am a Certification Body getting ready to apply for accreditation to ISO/IEC
17065, do I have to perform a complete Internal Audit before I can become
accredited?
A2LA assessors will look for evidence during the on-site assessment that a complete
internal audit has been conducted in accordance with their documented procedure
(8.6.1) and pre-determined schedule (8.6.3).
If only a partial audit has been conducted by the time of the on-site assessment, a
deficiency will be cited and the internal audit must be completed before initial
accreditation is granted.
ISO/IEC 17065:2012 Explanations (8.6.1)
My internal audit process consists of only completing the A2LA C309 checklist –
is this sufficient to demonstrate a complete internal audit?
Not necessarily
A CB must provide evidence that their internal audit consists of at least the following:
Determination of compliance with all ISO/IEC 17065 requirements
Determination of compliance with all policies, procedures, instructions, etc. that
form its management system
Review of all Certification Process steps (i.e. application, evaluation, review,
decision, certification documents, and surveillance, where applicable)
Determination of compliance with all relevant A2LA policies and requirements (e.g.
“Ad Policy” / use of Accredited mark)
ISO/IEC 17065:2012 Explanations (8.6.1)
My Scope of Accreditation includes multiple product types under a larger
scheme. Does my internal audit have to include every product type on my
Scope?
Review of records related to each Product Type on the organization’s Scope of
Accreditation must be included in their Internal Audit to ensure that the management
system is being properly implemented across all certifications
The Internal Audit is considered incomplete if the organization fails to include each
Product Type during its internal audit
ISO/IEC 17065:2012 Explanations (8.6.3)
What does the standard mean when it says that my internal audit shall
“normally” be performed at least once every 12 months?
Language of the standard states that the certification body may choose to “Reduce or
Restore” the frequency - A2LA currently does not permit a schedule which extends
beyond the 12 month period specified by the standard (e.g. 8 month audit schedules are
permitted, but not 16 months)
CB’s initial internal audit schedule can/should show that internal audits will be
performed once in a 12 month period (or over a rolling 12 month period)
If more frequent audits are needed (feeling or evidence), do not hesitate to adjust the
schedule accordingly
Any changes to the schedule (including restoring to the maximum 12 month time
frame), as well as the rationale behind the decisions to change, must be documented
and kept as a formal record
Changes must be supported by records that demonstrate ongoing stability and
effectiveness of the management system
ISO/IEC 17065:2012 Explanations (8.6.4.d)
What does the standard mean when it states that my organization must
ensure that any actions resulting from our internal audits are taken in a
timely and appropriate manner?
A2LA cannot define what “timely and appropriate” means for its certification
bodies. The intent of this clause is for the organization to take action as soon as
they are able, in order to ensure that the organization’s quality system is running
smoothly, and that the certifications being offered are not negatively impacted. An
assessor may cite a deficiency if there is evidence that the quality system or
offered certifications are being affected by lack of action on an internal audit
finding. The certification body is still responsible for meeting all requirements
related to corrective actions (section 8.7) and preventive actions (section 8.8)
when acting upon their internal audit findings.
Proposed Explanations
From A2LA PCAC Meeting (April 4, 2014)
Clause 4.3.1 – define what is “adequate” in terms of insurance
Clause 4.4 – pricing and discrimination (expedite fees)
Clause 7.6.4 – clarification of applicability to clause 7.6.3
Clause 7.9.1 & 7.9.3 – scheduling and other details of
surveillance activities
IA
F
A2
LA
8
7
6
5
4
3
2
1
0
TC JP
B
Q
M
HK
ID
A
IC
FC
C
15
14
13
12
11
10
9
8.
2
8.
1
8
7
6
5.
2
5.
1
5
4.
9
4.
10
4.
8
4.
7
4.
6
4.
5
4.
4
4.
3
4.
2
4.
1
Common TCB Assessment Deficiencies
ISO Guide 65:1996
2011
2012
2013
8
7
6
5
4
3
2
1
0
8
Sh .8
em
e
A2
TC LA
B
Q
M
8.
7
8.
6
8.
5
8.
4
8.
3
8.
2
8.
1
7.
9
7.
10
7.
11
7.
12
7.
13
7.
8
7.
7
7.
6
7.
5
7.
4
7.
3
7.
2
7.
1
6.
2
6.
1
5.
2
5.
1
4.
6
4.
5
4.
4
4.
3
4.
2
4.
1
Common TCB Assessment Deficiencies
ISO/IEC 17065:2012
17065
Implementing FCC KDB Revisions
(April 2014)
FCC KDB 668797 – TCB Checklist
FCC KDB 610077 – TCB Post Market Surveillance
FCC KDB 641163 – TCB Program Roles & Responsibilities
Questions?
Mike Buzard – Senior Accreditation Officer
- Email: [email protected]
- Phone: 240 575 7484
Adam Gouker – Accreditation Manager
- Email: [email protected]
- Phone: 301 644 3217