Skip to main content Scroll Top

FAQ

FAQ Question 48.7 On-site evaluation for multi-site certifications
Question 48.7 On-site evaluation for multi-site certifications

In the case of a Multi-site certified client, a random sample is taken from the central site and three other sites as part of a monitoring programme (which is in line with IAF MD 1, 6.1.2, sampling).

The actual audit plan shows that representatives from two sites will come to the central site and then the certification body will “audit” the representatives of these two sites at the central site.

In addition to the audit at the central site (including the representatives from two sampled sites), it is only planned that one further location of the three sampled sites will be “really” audited on site.

This procedure clearly contradicts good auditing practice. Certainly, it is arguable with reference to the ISO/IEC 17021-1:2015 standard clauses 9.6.2.2 f and 9.3.1.3d that operations shall be audited, including more people than one or two representative(s). Ultimately, however, it includes some aspects of interpretation.

Questions:

1) Is this procedure permissible?

2) If not, which clause of the standard (or IAF requirement) should be used to justify to the certification body that the audit of all sampled sites must be carried out on site at the respective locations in the case of multi-site certifications?

September 2024

1) NO

2) The clauses in support of the answers are :

  • Definition of a site in IAF MD1

2.2 Permanent Site :

site (physical or virtual) where a client organization performs work or from which a service is provided on a continuing basis.

The definition of a person is different from the definition of a site (a person is definitely not a site) : so, interviewing a person from a site is not auditing this site/location, and cannot be considered as auditing the site.

  • Definition of an audit in ISO/IEC 17000

6.4 audit:

process for obtaining relevant information about an object of conformity assessment (4.2) and evaluating it objectively to determine the extent to which specified requirements (5.1) are fulfilled

Note 1 to entry: The specified requirements are defined prior to performing an audit so that the relevant information can be obtained.

Note 2 to entry: Examples of objects for an audit are management systems, processes, products and services.

  • Methods to obtain information ISO/IEC 17021-1

9.4.4.2

Methods to obtain information shall include, but are not limited to:

  1. a) interviews;
  2. b) observation of processes and activities;
  3. c) review of documentation and records.

In the example  given in the question, the interviews of the representatives, b) and c) are missing.