Certification Process

Taking part in or achieving ISO certification in one or more schemes & standards is a rewarding experience for any organisation and its representatives.

The certification process is highly detailed and regimented.

Being certification ready requires a significant investment on the client’s behalf in staff time / effort and organisational culture change.

An organisation wishing to gain certification needs to be committed to the journey and once certification is obtained they also need to be as committed to maintenance and committed to regular review, assessment inspiring the identification and implementation of continual improvement throughout the three year certification cycle.

All ISO certification process is based on a three year certification cycle once the certification is registered (36 months) consisting of but not limited to:

  • Certification administrative activities
    • Application form
    • Determining audit duration
    • Determining relevant ANZSIC Codes for the client
    • Allocation of team members based on client and auditor(s) ANZSIC codes
    • 3 year audit plan and schedule
    • Certification Proposal (listing all items above)
  • Certification readiness audit
    • Certification Gap Analysis
  • Certification, Initial Audits
    • Stage 1 audit
    • Stage 2 audit
    • Assessment and Recommendations for certification
  • Certification Determination
  • Certification Registration for successful organisations
  • Annual Surveillance 1 (completed within 12 months of certificate registration)
  • Annual Surveillance 2 (completed within 24 months of certificate registration)
  • Re-certification Audit (completed within 36 months of certificate registration)

CPG works with our clients to ensure that they are aware of the activities needed to maintain the certification during and ongoing each three year certification cycle.

The high level Certifications Process is outlined below:

Administrative & Management activities for the 3 year certification cycle planning

Standard (scheduled) activities during the 3 year certification cycle

Additional (potential) activities during the 3 year certification cycle

Certification – Application

The Certification Process begins with the completion of the Certification Application form.

The Certification Application form can be initiated by contacting one of our sales team, our sales team works with the client to complete the detailed application form.

The application form is received and is used to initiate the remainder of the Certification process.

Certification – Determining Audit duration

The International Accreditation Forum (IAF) provides a number of Mandatory Documents (MD 1 – 23) to provide a framework and guide a Certification Body in certification activities.

The IAF has a number of documents that guide the certification body in determining the mandatory (minimum) audit duration for the audit team to audit, assess and report on the overall conformity of a given client in respect to a given standard.

Audit duration (commonly referred to audit man days) is determined by the certification body after the review and assessment of a number of items relating to the client organisation, including but not limited to the organisation:

  • size (staff numbers, full time, part time, contractors etc..)
  • number of differing geographic jurisdictions, including international locations
  • risk assessment / rating
  • nature, specific regulatory requirements
  • standard operating hours – single shift or multiple shifts per day
  • standard working days – 5 per week or more

The IAF mandatory documents assist a certification body to determine the man days for the initial audit (stage 1 & 2), and every other audit is based on a portion of the man days determined for the initial audit.

 

Minimum determined man days:

  • Initial Audit (stage 1 & 2) = based on IAF mandatory document (clients size / man-days table)
  • Surveillance 1 = 1/3 man days of initial audit (stage 1 & 2) man days
  • Surveillance 2 = 1/3 man days of initial audit (stage 1 & 2) man days
  • Re-certification = 2/3 man days of initial audit (stage 1 & 2) man days

Certification – Determine the Scope

The certification scope defines the boundary and

Determining the scope for an organisation in relation to one or more ISO certifications is one of the most important parts of the certification process.

The scope defines the depth and boundaries of the auditing process in relation to one or more ISO standard.

The agreed scope is what the auditor(s) will audit to verify that an organisations documentation matches their actual business practices and both are in line with the requirements of one or more standard.

The scope statements is also printed on each certification (digital and printed) to clearly define and highlight to external prospective parties what areas within the organisation have been audited in relation to one or more ISO standard.

The scope statement printed on the certificate also clarifies and reminds all internal parties of their achievement.

The Certificate issued by CPG contains a QR Code which, when scanned with a device connected to the internet (eg a smart phone) connects in real time to the CPG database.

This enables an instantaneous verification to be made of all details on the certificate to confirm whether it is a genuine certificate or on rare occasion a non genuine (forged) certificate.

Certification – Assigning ANZSIC Codes

ISO certification industry uses the Australian and New Zealand Standard Industrial Classification code (ANZSIC Code) framework to classify an organisations for auditing and certification purposes.

A potential client is assigned an ANZSIC code as part of the assessment of the organisation for their certification needs.

The FULL ANZSIC code contains 1 letter and 4 digits based on a hierarchical classification with four levels, the four levels contain:

  • Division A – S
  • Subdivision two digits
  • Group one digit
  • Class one digit

For the purposes of ISO auditing and certification, CPG uses a 4 digit ANZSIC Code to classify the given organisation and to identify the auditors (based on the auditors ANZSIC codes applied to their capabilities) capable and skilled to perform the auditing services.

Certification – Assign Team Members

The Certification process is stick on the assignment of auditors for the auditing of the client, ensuring the auditor has the qualifications, skills and industry experience to be capable of auditing and assessing the client for a given ISO standard.

Team members are assigned to the GAP Analysis engagement based on skills, experience, qualifications, past performances and their pre-assigned ANZSIC codes.

NOTE:

ANZSIC codes refers to “Australian and New Zealand Standard Industrial Classification”.

ANZSIC codes are applied to each of our team members which clearly identify which industries the team members has the experience working in and or capability to conduct GAP Analysis activities in.

Certification – 3 Year Audit Program

A three year Audit Program is designed to create a framework to document all the proposed activities (at a high level) during the 3 year certification cycle.

A large portion of the content within the 3 Year Audit Program is information for the client management team of the set benchmark of work activities during the three year cycle and a tentative schedule of proposed activities throughout the 3 year cycle.

The 3 Year Audit Program is created and submitted to the client as part of the Certification proposal.

The 3 Year Audit plan contains but not limited to:

  • The client information
  • The audit man days
  • Client ANZSIC code classification
  • 3 year audit, scope, objectives, criteria
  • Assigning of proposed CPG team members
  • Definition of mandatory audits additional potential audits
  • Proposed schedule of mandatory audits
    • Initial Audit (stage 1 & 2)
    • Surveillance 1 & 2
    • Re-certification
  • Reasoning as to why additional audits may be required

Certification – Proposal (Estimate / Quote Response)

The information contained within the Certification application form establishes the basis of the Certification proposal.

The Certification proposal is a detailed document consisting of but not limited to:

  • Business classification (ANZSIC code)
  • Business assessment
  • GAP analysis
  • Certification scope
  • Certification cycle, 3 year audit plan and schedule, inclusive of timelines and milestones within the 3 year cycle
  • Determination of audit duration
  • Clarity of all type of certification audits
  • Certification registration activities
  • Expected deliverables
  • Costings
  • Team members assigned to the audit(s)
  • Auditing methodologies, audit observation status and reporting
  • Management of change

The Certification proposal document establishes the foundation of the 3 year project engagement between CPG and the client on who, what, how, why and when the certification activities are being performed.

Certification – Audit Framework

The Audit framework is designed to be simple to follow and is a repeatable framework, allowing auditing activities to be performed by any of our auditing members.

The concept of an Audit Framework is to ensure that Certification Bodies and the team members performing the auditing or certification activities conducted within an ISO audit are at a minimum as the same regardless of individuals performing the audits.

  • Audit notification
  • Assigning the work to the audit team
  • Preparing and disseminating working documents (documents, checklists etc)
  • Conducting the opening meeting
  • Communications methods prior , during and after the audits
  • Obtaining and verifying information and or observations
  • Identifying and recording audit findings
  • Preparing for the closing meeting
  • Conducting the closing meeting
  • Audit reporting
  • Post audit activities

Certification – Gap Analysis

It is not a requirement although highly recommended for a client to take part in a GAP Analysis conducted by CPG prior to starting the Initial Certification Audit.

The Certification GAP Analysis conducted by our team will assess the client readiness for comfortably to a given standard.

CPG team will submit a detailed report highlighting any areas of concern directly relating to any areas of the standard which the organisation needs to rectify prior to initial audit being scheduled and conducted by the CPG audit team.

Certification – Audit Plan(s)

The audit plan is document detailing the framework, activities and agreement between the Certification Body and the client regarding the proposed audit activities,

Audit plans are required regardless of the audit type, and they are to be completed, confirmed and agreed on by both the Certification Body and the client prior the audit commencing.

The audit plan contains but not limited to the following items:

  • The proposed start date of the audit
  • The duration of audit days at client site(s)
  • The expected times and duration of audit team meetings
  • The roles and responsibilities of the audit team members as well as guides and observers
  • Identification of the client representative for the audit
  • The allocation of appropriate resources to critical areas of the audit
  • The audit objectives;
  • The audit criteria and any reference documents
  • The audit scope, including identification of the organisational and functional units and processes to be audited;
  • Audit attendees from the CPG and the client
  • details of the open and close meetings
  • How issues arising during the audit will be managed
  • details on why an audit may be terminated, and rescheduled for another date
  • clients locations being audited
  • The audit methods to be used including the extent to which audit sampling is needed to obtain sufficient audit evidence and the design of sampling program, if applicable;
  • The working and reporting language of the audit where this is different from the language of the auditor or the auditee or both;
  • The audit report topics;
  • Logistics and communication arrangements including specific arrangements for the locations to be audited
  • any specific measures to be taken to address the effect of uncertainty on achieving the audit objectives
  • Matters related to confidentiality and information security
  • Any follow-up actions from a previous audit
  • Any follow-up activities to the planned audit

Certification – Initial Audit

The initial audit (which is the mandatory requirement) is conducted in two stages.

STAGE 1:

Initial – Stage 1 draft audit is supplied to the client for feedback, clarification, tentative scheduling and once all items are confirmed, for final sign off.

The Audit plan is the foundation of all the activities conducted within the given audit.

Initial – Stage 1, is an audit focused on a documentation Review, detailed assessment of the ordinations business practices specifically to identify all the documents that support what the client claims the organisation does and how such documentation meets the requirements of a given standard.

Stage 1 audit is conducted and at the end a detailed stage 1 audit report will be issued containing but not limited to:

  • the activities undertaken by the auditor(s) during the audit
  • audit observations, assessment of each observation with a given classification and identifying opportunities for improvement
  • summary list of all NC’s and OFI’s
  • highlights on what the organisation does well
  • recommendations to either proceed to stage 2 or inform the client that there is a number of outstanding items which need corrective action and as a result a follow audit will be scheduled.

STAGE 2:

Initial – Stage 2 draft audit is supplied to the client for feedback, clarification, tentative scheduling and once all items are confirmed, for final sign off.

The Audit plan is the foundation of all the activities conducted within the given audit.

Initial Stage 2 – is an audit focused on full certification audit, review of the documentation in relation to the requirements of a given standard. The auditor(s) will audit the ensure that the business practices performed by the organisation management, staff, contractors etc.. match what is claimed by the client within the identified documented information.

A detailed stage 2 audit report will be issued highlighting:

  • the activities undertaken by the auditor(s) during the audit
  • audit observations, assessment of each observation with a given classification and identifying opportunities for improvement
  • summary list of all NC’s and OFI’s
  • highlights on what the organisation does well
  • recommendations to either proceed to certification application or inform the client that the audit finding has identified that there are one or more items that needs to be addressed and that a follow up audit will be scheduled to confirm the effectiveness.
  • Recommendation for certification application will be process by the auditor upon successful conformation that all pre-identified items are address and now conforms.

NOTE:

One or more follow up audits may need to be scheduled, auditors will complete such audits, if and when any NC’s are raised during Stage 1 and or Stage 2 audit.

Certification – Decision

The stage 1 and stage 2 audit reports are completed and submitted to CPG.

CPG certification determination committee consisting of CPG Senior Manager(s) and CPG Technical manager (who have not been involved in the auditing process for the given client) reviews the:

  • certification proposal
  • any other notes, observation and supporting evidence available
  • stage 1 & stage 2 audit plans
  • stage 1 & stage 2 audit reports
  • stage 1 & stage 2 auditor recommendations for certification

The CPG certification committee will make a fair and just determination on granting or refusing certification to the given client.

The CPG certification determination committee submits their finding to the CPG administration team for processing the certification.

Certification – Registration

CPG operations manager facilities the creation and dispatch of the certification certificate, the creation and dispatch of the client certification pack highlighting a number of certification administrative activities for the given client, the use of marks and relevant rules and guidelines on the client marketing the certification certificate.

Certification –Surveillance 1 (12 Months)

It is a requirement for our audit team to conduct a number of surveillance audits during the three year certification cycle.

As a standard two surveillance audits must be conducted during the 3 year cycle.

  • Annual Surveillance 1 (completed within 12 months of certificate registration)
  • Surveillance 1 needs to be successfully completed within 12 months of the registered certification date to ensure the validity of the registered certificate past the first 12 months
  • Successful outcome of the audit finding (audit report) of Surveillance 1, will ensure that the client will further benefit by Certification registration for the next 12 months

Certification –Surveillance 2 (24 Months)

  • Annual Surveillance 2 (completed within 24 months of certificate registration)
  • Surveillance 2 needs to be successfully completed within 24 months of the registered certification date to ensure the validity of the registered certificate past the first 24 months
  • Successful outcome of the audit finding (audit report) of Surveillance 2, will ensure that the client will further benefit by Certification registration for the next 12 months

Both Surveillance 1 and Surveillance 2 require a confirmed Audit plan, audit reports with relevant summary of finding

Although not common there are times when additional surveillance audits are conducted during the 3 year cycle. Conducting additional surveillance audits are dependent on the client size, complexity and industry risk rating.

The Certification Audit proposal document will highlight the number of surveillance audits recommended and or needed during the 3 year cycle.

The requirement for surveillance audit (at a minimum annually) is to allow our team to verify that the client’s management system is:

  • being effectively managed
  • appropriately maintained
  • currently updated and updated recorded
  • the client continues to operate their business practices in line with the updated and maintained documented information
  • maintained organisational culture for continual assessment and improvement

NOTE:

One or more follow up audits may need to be scheduled and completed, if and when any NC’s are raised during a surveillance audit.

Certification – Re-Certification (36 months)

CPG will maintain communications over the 3 year certification cycle, and will work with the client to initiate a re-certification Audit within 36 months of the current registered certification date (provided the client wishes to maintain their Certification).

The clients request to accept a re-certification audit initiates a new 3 year certification cycle.

The re-certification audit process consisting of, but not limited to:

  • Certification Proposal (as detailed above)
  • Assigning of team members (as detailed above)
  • Re-certification stage 1 & Stage 2 (modified initial – stage 1 & 2)
  • Surveillance 1 and 2 (as listed above)
  • Certification decision and issuing of certificate (as listed above)
  • Tentative date for the next re-certification date

Any activities conducted as part of the re-certification process is as outlined previously.

Certification – Follow up Audit

A 3 year audit plan defines and tentatively schedules each of the required standard audits needed for the client to maintain the registered certification for the 3 year cycle.

A certification follow up audit is conducted between standard scheduled audits. The purpose of the certification follow up audit is to review the raised NC’s during the previous audit and to ensure (verify) that the implemented corrective actions to address the NC(s) are effective.

The Auditor will review and determine that implemented corrective actions are in line with the expectations of the requirements and that the observations no longer warrant a NC classification.

The outcome of the certification follow up audit may initiate:

  • another certification follow up audit
  • a certification special audit
  • or affect the client’s certification status by a client’s certification to be suspended, withdrawn or reduction in scope

Certification – Special Audits

CPG offers the following two special audits to cater for the ever changing client working environment:

Expanding scope

An expanding scope is conducted in response to an application for expanding the clients scope of a certification already granted, undertake a review of the application and determine any audit activities necessary to decide whether or not the extension may be granted.

This expending scope audit may be conducted in conjunction with a surveillance audit.

Short-notice audits

Short-notice audits may be conducted by CPS auditors at short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended clients.

Short notice audits will require an audit plan (and any associated fees which were not in the original Certification Proposal) which will also include the conditions under which such audits is being conducted.

CPG will exercise additional care in the assignment of the audit team because of the lack of opportunity for the client to object to audit team members.

Certification – Transfer

Certification transfers form one certification accredited body to another occur at times during the 36 months certification cycle.

The decision to make a change is generally initiated by the organisation for one or more reasons.

CPG, as a certification body our duty and focus is to the organisation (the client entire transferring IN or OUT). We ensure that the process of transfer is completed in a seamless manner to minimize the effect on the organisation.

Transfer IN

  • CPG welcomes any new client who wishes to change to CPG as their preferred Certifications Body during their 3 year certification process.
  • The client can fill in a transfer in application form by either contacting our sales team or by completing the online transfer in application form.
  • The Transfer IN application form will imitate CPG sales team to gather all relevant information, reports and supporting evidence from the current Certification body to manage the transfer
  • CPG Senior management will assess all available information and create a Certification proposal to continue the clients certification for the remaining time in the 3 year cycle
  • CPG Audit Team will conduct relevant administrative and auditing actives outlined within the CPG Certification proposal
  • CPG will re-issue a CPG certification certificate and re-register the certification for the remaining time of the 3 year cycle
  • CPG will continue to manage the Certification process for the client

 

  • CPG respects the decision for any our clients to transfer to another Certification body.
  • Once a transfer OUT request is received, the request will be validated
  • Once a valid request for transfer out is confirmed, the CPG team will communicate with the client and the new Certification body to supply the information needed for a smooth transfer out.

Certification – Transfer

Certification transfers form one certification accredited body to another occur at times during the 36 months certification cycle.

The decision to make a change is generally initiated by the organisation for one or more reasons.

CPG, as a certification body our duty and focus is to the organisation (the client entire transferring IN or OUT). We ensure that the process of transfer is completed in a seamless manner to minimize the effect on the organisation.

Transfer IN

  • CPG welcomes any new client who wishes to change to CPG as their preferred Certifications Body during their 3 year certification process.
  • The client can fill in a transfer in application form by either contacting our sales team or by completing the online transfer in application form.
  • The Transfer IN application form will imitate CPG sales team to gather all relevant information, reports and supporting evidence from the current Certification body to manage the transfer
  • CPG Senior management will assess all available information and create a Certification proposal to continue the clients certification for the remaining time in the 3 year cycle
  • CPG Audit Team will conduct relevant administrative and auditing actives outlined within the CPG Certification proposal
  • CPG will re-issue a CPG certification certificate and re-register the certification for the remaining time of the 3 year cycle
  • CPG will continue to manage the Certification process for the client

Transfer OUT

  • CPG respects the decision for any our clients to transfer to another Certification body.
  • Once a transfer OUT request is received, the request will be validated
  • Once a valid request for transfer out is confirmed, the CPG team will communicate with the client and the new Certification body to supply the information needed for a smooth transfer out.

Certification – Suspension, Withdrawal, Scope Reduction

Although rare, there are times during the 3 year certification cycle where due to unforeseen circumstances the client business changes significantly and or the client’s commitment to complete work activities as required by the Certification is not maintained.

CPG under the right circumstances has the right to:

  • Suspend the client certification
  • Withdraw the client certification
  • Reduce the scope of the client Certification

Certification – Suspension

  • CPG will be required to suspend the client certification if the client has persistently or seriously failed to meet certification requirements, including requirements for the effectiveness of the Management system
  • CPG will be required to suspend the client certification if the client does not allow surveillance or re-certification audits to be conducted at the required frequencies;

Under suspension, the client’s certification is temporarily invalid, and will be reflected accordingly with CPG and the certification registrar.

CPG will restore the client’s suspended certification if the issue that has resulted in the suspension has been resolved.

 

Certification – Withdrawal

CPG will maintain communications with the client during their suspended Certification.

CPG will give the client every opportunity to demonstrate that they have resolved the issues which has resulted in the certification being suspended. Failure to resolve the issues that have resulted in the suspension in a timely manner will result in a withdrawal or reduction of the scope of client certification.

Certification – Scope Reduction

CPG will reduce the scope of certification to exclude the parts not meeting the requirements, when the certified client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification. Any such reduction shall be in line with the requirements of the standard used for certification.

Certification – Appeals

Any client has the right to appeal if they have not been awarded a certification despite the stage 2 audit report clearly states that the client has complied with all the requirements within the audit and the audit reports recommends the client for certification

A client is encouraged to fill in an appeals form via the online portal should they feel that the decision not to certify has been made unfairly

Once an appeals form is received, a unique appeals number is issued and a conformation email will be sent to the client to acknowledge the appeal and the process CPG Management will undertake to fairly and objectively review the Audit plan, reports, decision making process and the appeal.

A concussion decision will be made in a timely manner and the client will be issued an updated report on the appeal and a recommendation of resolution activities needed to rectify any valid concerns.

Certification – Complaints

Any client has the right to raise a complaint regarding any work performed that is not in line with the Certification proposal, ISO 19001 Standard, ISO 17021 Standard or by not adhering to ethical business practices during the entire Certification process.

A complaint can be raised either verbally to the most senior CPG staff member on site at the given time or via the online portal.

Once a complaint is received, a unique complaint number is issued and a conformation email will be sent to the client to acknowledge the complaint and the process CPG Management will undertake to fairly and objectively review the complaint.

A decision regarding the complaint will be made in a timely manner and the client will be issued an updated report on the complaint and a listing any resolution activities needed to rectify any valid concerns.

Hello!