IAF Guidance for Certification Bodies

The International Accreditation Forum (IAF) provides a guidance document on the application of ISO Guide 62 for registrars (certification bodies). Issue 4 of this document provides guidance on several subjects that may be of interest:

1. Auditing an Electronic QMS

The IAF guidance says to consider the auditor competence and information security concerns when auditing an electronic (e-based) quality management system. It goes on to say that the audit plan should identify any computer-assisted auditing techniques that will be used during the assessment. These techniques may include teleconferencing, web meetings, interactive web-based communications, and remote access to QMS documentation.

2. Use of Certification Marks

The IAF guidance describes when the use of certification marks are allowed, or not allowed, on products and boxes. Marks arenot allowed on products; meaning the product itself, the product in an individual package or container, or even a report issued by a testing and analysis service. Marks are allowed on a “larger” box used for transportation of a product, as long as it is accompanied by a clear statement such as, “This product was manufactured in a plant whose quality management system is certified as being in conformity with ISO 9001:2000.” An example of a larger box would be cardboard over-packaging that can be reasonably considered as not reaching end users.

3. Remote Auditing Techniques

If remote auditing techniques are used, such as, interactive web-based collaboration, web meetings, teleconferences, and/or electronic verification of the organization processes are used to interface with the organization, these activities should be identified in the audit plan and may be considered as partially contributing to the total “on-site auditor time”. If the registrar plans an audit where the remote auditing activities represent more than 30% of the planned on-site auditor time, the registrar must obtain specific approval from their accrediting body. Electronic audits of remote sites are considered to be remote audits, even if the electronic audit is physically carried out on the organization’s premises. Regardless of the remote auditing techniques used, the organization must be physically visited at least annually.

This guidance was issued December 15, 2005 and has an application date of December 15, 2006. For full details, see the IAF Guidance Document at the IAF web site: (http://www.iaf.nu).