audit and certification procedure · 2018-10-24 · audit and certification procedure document code...
TRANSCRIPT
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 1 / 24
1.0 AIM
The aim of this procedure is to define how management systems certification in PCA
CERTIFICATION is done from the application to the presentation of the certificate.
2.0 SCOPE
All the management system certification process given by PCA includes the regulations and
responsibilities of the parties about 1st and 2nd stage audit, monitor audit, follow-up audit,
recertification and special audits.
3.0 RESPONSIBILITIES
It is the responsibility of all the workers to request for corrective and preventive activities for the
present and potential nonconformities.
The Management Representative is responsible for deciding on the corrective activities to remove
the present nonconformities, to delegate the personnel responsible for the performance of the
activity, and to inspect the activity. The Certification Manager is responsible for deciding on the
corrective activities for the customer complaints, to delegate the personnel responsible for the
performance of the activity and to inspect the activity.
4.0 DEFINITIONS
Major Nonconformity: This is the nonconformity type when the competency and/or conformity
for one of the items of the related management system standard is not provided or when there is
a certain degree of suspicion on the ability of the management system to perform the results it
aims.
Minor Nonconformity: This is the nonconformity type which does not reduce the abilities of the
management system in reaching its aims and which does not collapse the system.
Observation: These are evidences that are not clear enough to be defined as nonconformities or
cannot be referred to the relevant standard and have the potential to be nonconformities.
5.0 APPLICATION
In the certification process od PCA activities are performed according to LS. 20 Certification flow
chart.
5.1 RECEIVING THE APPLICATION
It is required for the customer applying to be certified to fill in the FR-01 Certification Application
Form completely, the information about the application should be clear, if necessary the company
should be called and the unclear information should be made clear.
During the application stage information about the following topics should definitely be given and
these are evaluated by the Certification Manager.
The certification that is required,
The number of workers in the company,
The number of shifts in the company,
The number of geographical locations and their addresses,
Standard/standards related to the application,
The standard items excluded from ISI 9001, if there are any,
External processes,
Information about seasonal work or campaigns, if there are any,
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 2 / 24
Necessary legal regulations, legislations, standards about the product,
Whether there are system or product documents or not,
Information about whether consultancy has been received about founding the management
system,
The process excluded, activities, environment dimension and its effect are taken into
consideration.
The legal conditions for ISO 22000 FSMS
Study of HACCP (Hazard Analysis)
Process lines
5.2 PCA CUSTOMER MANAGEMENT SYSTEM (From this point on PCA will be called E-
DOCUMENT Program.) From its address PCA is contacted as “NEW CUSTOMER MODULE”.
The application form of the customer applying for the certification is checked by the secretary
and if there are missing information it is sent back to the customer. The application form sent to
our company is once again checked by the secretary and it is then, sent to Planning Executive.
After taking the application, the Planning Executive records it to the relevant Year Applications
Excel Table, then enters the PCA E-DOCUMENT Program as “New Customer Module”. After that,
specifies the company nace code with “NACE MODULE” by searching it with a word or code.
5.3 a- Evaluating the application: The Customer information that is entered to the system is
checked automatically by PCA E-Document with “EVALUATION MODULE” and the Planning
Executive is informed about the decision. After being evaluated by using the following probabilities
and situations, it is given by PCA E-DOCUMENT:
- Is it within the scope of PCA? (If PCA does not have the EA/GRUP code, the Planning Executive
cannot make the appointment.)
- If it is within the scope of PCA: Is it possible to form an audit group for the related code? (It
identifies the number of auditors in the relevant code, if there are no auditors – technical expert
in that NACE/GRUP CODE, it shows a warning, sayin NO SUITABLE AUDITOR.)
After the application is evaluated, if it is discovered that the company is not within the scope of
PCA or if there no suitable audits, the company is informed that their application has not been taken into consideration by the planning executive.
- According to the risk group, they decide whether 1st stage Audit is going to be made on-site or
at desk. (See TL-07)
- The duration of the certification and observation audits are giveb automatically by PCA E-
DOCUMENT according to TL-01 Instructions on Determining Audit Dration.
- The Nace appointment, the audit duration and the approval of the decreasing and increasing
factors are given by The Certification Manager.
5.2 PREPARING THE BIDS
In relation with the instructions and information given according to the results of the application
evaluation process executed by the Certification Manager, the bids are prepared and presented
to the company with FR-04 Bid/Contract Form by the Planning Executive.
The bid includes the first certification, 1st and 2nd observation audit and certifications. In the
preparation of the bid, PCA software is used. After the company information is recorded fully in
the software, the bid is prepared by the software automatically and printed out. After it is signed
by the Certification Manager, it is sent to the company.
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 3 / 24
TL-03 Pricing Regulation is used in giving the bids.
5.5. PLANNING THE AUDIT
The Planning Executive (with the help of Customer Relations Department) designs the
organisations such as, date, accommodation, transportation with the customer and decides on
the committee to execute the audit.
5.5.a- The Appointment of the Audit Committee: The Planning Executive, by using the
information given by the customer during the application, determines the lead audit, audit or
technical experts who have the necessary competency and after contacting them, appoints the
ones who are available at the time of the audit to the audit committee. In order to clarify the
relationship between them and the customer, the people who are going to be working at the audit
committee are sent the FR-05 Audit Committee Appointment Form, which includes necessary
information, and are asked to sign it. In addition, the names and surnames of each committee
member are sent to the customer with FR-06 Customer Audit Confirmation Form. If the customer
requests the biodata of the audit committee, the Planning Executive also sends them by e-mail
or fax. If the customer has logical reasons, they have the right to object the audit committee. In
this case, a new committee is formed.
PCA Planning Executive determines the Audit Committee with PCA E-DOCUMENT “AUDIT
MODULE” and gives the printouts of the 1st stage Audit Set to the Auditor with “FORMS MODULE”.
In order for the FORMS MODULE to open, when the selected audit committee is clicked, all the
nace codes should be GREEN. If there is a RED audit – nace code, the planned committee is not
suitable for the audit. The APPROVAL is given by the Certification Manager after this colour
differences are checked and the FORMS Module is opened after the approval, in this way the
PLANNING EXECUTIVES can print out the audit set and hand them to the auditors.
Negotiating with the audit committe and giving information on previous events, talking about the
audit and answering the questions from the auditors are the responsibilities of the Lead Auditor.
About the problems that cannot be solved by the Lead Auditor, the Certification Manager is
consulted.
5.6. DETERMINING THE SCOPE OF THE AUDIT (CERTIFICATE)
The scope should be easy to understand and clear in the application,
The scope should be neither too general (as in accreditation scope) nor too special.
It should reflect the work of the company in practice.
It should be clear, easy to understand and be able to represent the product/service and
should have expressions that reflect the NACE codes,
It should be suitable for auditing, that is, the application should be visible,
It should be approved during the certification process,
The scope of the customer should be defined well during application,
It should meet the need of the customer, and could make use of Marketting documents.
The stages requiring scope control;
By negotiating with the company and checking their web site during application stage,
During the 1st stage of the audit
During the opening and closing meetings of the certification audit
During the certification audit
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 4 / 24
During the decision stage (certification, maintenance, renewal, suspence-cancelation,
scope widening),
In observation and recertification audits
Correct Scope Examples
Pump and compressor manufacturing,
International conveyance by land services,
Food production and catering services,
Cheese and yoghurt production, etc.
Wrong Scope Examples
Production of food products,
All kinds of metal pieces production,
Plastics production,
Legal services,
General building services,
All sorts of infrastructure and upperstructure contract services,
Production of dairy products.
5.7. 1st STAGE AUDIT
The first stage audit is the first level in the certification audit. In this stage no advisory decision
is given about the certification. In this stage of the audit the company is analyzed to look for
objective evidenceabout whether it meets the regulations of the related standards or not, no
detailed audit is executed.
The evaluation is done to see whether the company is ready for the 2nd stage of the audit or not
and if there are missing parts, the customer is informed about them. In addition, the company
should be informed that it is not possible to make decisions at the end of the 1st stage and that it
is only a preparation audit. The management system documents of the customer are analyzed to
see whether they meet the regulations of the related standard or not.
In the 1st stage audit the conditions are analyzed, the durations of the audits are validated and
the plan of the 2nd stage audit is prepared in order to execute the 2nd audit more effectively. The
results of the 1st stage are recorded in FR-08 ISO 9001:2008 1st Stage Report, FR-11 ISO
14001:2004 1st Stage Report or FR-14 ISO 22000:2005 1st Stage Report and according to the
results of the 1st stage, the 2nd stage is planned and executed. In combined systems the audit
results are recorded in FR-58 ISO 9001- ISO 14001 1st Stage Audit Report Form. If any
nonconformity is detected at the end of the 1st Stage audit, it is necessary to give enough time
for them to be corrected before making any plans for the 2nd stage audit and the results should
be detected.
The following are the main aims of the 1st Stage audit;
To inspect the system documentation of the customer,
To validate some information; such as, the number of effective workers; shift,
subcontractor, part-time, social security records, seasonal work or campaign periods.
To evaluate the characteristics of the company location and the environment and to make
meetings with the personnel in order to start planning the 2nd stage audit,
To consider the effectiveness of the company’s status and their degree of meeting the
standard regulations (especially the management of the administrative system being used, its
performance and strengths, and processes)
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 5 / 24
To come to agreement with the customer in terms of the scope of its management system,
processes, the location of the company and legal regulations,
To review the resources necessary for the 2nd stage audit and to make agreement with the
customer about the details of the 2nd stage audit,
Following the process of gaining enough information about the customer, to focus on the
planning of the 2nd stage audit,
To evaluate that the customer has planned and executed its internal audits and
management reviews effectively and to determine the efficacy level of application of the
management system and to see if the customer is ready for the 2nd stage audit.
ISO 9001:2008 audits;
The ISO 9001:2008 1st stage audits of the Class 1 Highest Risk, Class 2 High Risk companies, as
described in TL-07 Risk Groups of Accreditation Scopes Regulation, are executed as field audit.
The 1st stage audits of the Class 3 Medium Risk and Class 4 Low Risk groups, as described in TL-
07 Risk Groups of Accreditation Scopes Regulation, are executed by analyzing documents as a
desk audit or through telephone conversation with the customer after The Lead Audit takes into
account the following criteria and gets approval from the customer. Audit plan is not prepared for
desk audits.
a) The process structure of the plantation
b) The number of branches/plantations to be audited
c) The organisational structure of the company (whether the authority and responsibilities that
need to be specified for the 2nd stage audit are clear or not)
d) The complexity of the documentation structure
e) Whether the documentation system is competent enough for the 2nd stage audit to be executed
or not
f) The location and the environment of the company
g) The size of the company
h) The presence of the uncertainities about the conformity to the legal and product regulations
ISO 14001:2004 audits;
The ISO 9001:2008 1st stage audit of the Class 1 Very High, Class 2 High Risk companies, and
Class 3 Medium Risk companies, as specified in “TL-07 The Accreditation Scopes of the Risk
Groups” instruction, are executed at the customer’s site.
The 1st stage audits of the Class 4 Low Risk companies, as specified in “TL-07 The Accreditation
Scopes of the Risk Groups” instruction, are executed by analyzing documents as a desk audit or
through telephone conversation with the customer after The Lead Audit takes into account the
following criteria and gets approval from the customer. Audit plan is not prepared for desk audits.
a) The process structure of the plantation
b) The number of branches/plantations to be audited
c) The organisational structure of the company (whether the authority and responsibilities that
need to be specified for the 2nd stage audit are clear or not)
d) The complexity of the documentation structure
e) Whether the documentation system is competent enough for the 2nd stage audit to be executed
or not
f) The location and the environment of the company
g) The size of the company
h) The presence of the uncertainities about the conformity to the legal and product regulations
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 6 / 24
ISO 22000 audits;
In the documentation scope of ISO 22000 standard, Food Chain Groups activity scope is taken
into account within determined TSE ISO 22003 standard scope. In the documentation of ISO
22000, stage 1 examinations are done at the customer’s place (at the field).
Group code Groups Sector examples
A Animal breeding Animal breeding, fishing, egg production,
milk production, beekeeping, hunting, fish
hunting, hunting with traps
B Agriculture Fruit vegetable, cereals, spices, gardening
products
C Food processing (weak animal
products, Long termed products
in room temperature)
Red meat, winged-animal products, milk
and milk products, eggs, cans, biscuitsi
crackers, vegetable tallow, drinking water,
fizzy drinks, pasta, flour, sugar, salt
D Provender production Animal provender, fish provender
E Convenience food services
(Catering)
Hotels, restourants, food factories
F Distrubition Retail places, wholesaler, markets
G Transportation and storage Transportation and storage
H Services Water procurement, cleaning, sewer, waste
extermination, producti process and
equipment devolopment, vet services
I Materials and equipments that
are in touch with food
Materials and equipments that are in touch
with food
J Equipment production Process equipment, vending machines
K (Bio)Chemical production Additives, vitamins, pesticides, medicine,
fertilizer, cleaning prodcuts, biocultures
The Content of ISO 9001-First Stage Audits and the Audit Report
The audit report includes;
The evaluation of the circumstances at the site
The status of the company
The evaluation of thr aim, scope, and exclusions
The evaluation of the key points such as management system processes and objectives
Creating the opportunity to detect major non-conformities such as failure to fulfil the
expectations about the products and substructure
Compliance with ISO 9001 documentation conditions (examining the documents is a part
of Stage 1)
Meeting the key personnel and other employees for their opinions and suggestions
The implementation status of the corrective activities, internal audits, and review meeting
decisions
The level of competency for Stage 2
The evaluation of the resources (logistics, transport, accommodation, guides etc.)
The planning of Stage 2 includes the essential notes for the audit dates
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 7 / 24
The Content of ISO 14001-First Stage Audits and the Audit Report
The audit includes controlling the following issues;
Examining whether there is an environmental management system and it is being used
Examining whether there is an environmental policy with objectives and targets
Examining whether there is an environmental management system program and it is
being used
Compliance with legal conditions (non-sanitary enterprise license, emission license,
discharge license, and operating license etc.)
ISO 14001 documentation structure
Records indicating environmental accidents or extra-legislative activities if available
Providing resources
Communication records
Environmental dimensions
Executing internal audits
Review by the administration meetings
Whether there is deviation from the application and the contract
The efficiency of the management system for Stage 2 audits
The date of Stage 2 audits
ISO 22000 GGYS Stage 1 Audit:
Purpose of stage 1 audit is providing a look for planning second stage audit by spotting
company’s food security dangers, analysis, HACCP plan and prorequsite programs, politics and
aims and especially creating an understanding in the context of company’s situation of being
ready to an audit with considering the things below. There is no following up after Stage 1 audit
but there is stage 2 Audit.
In this stage lead auditor examines the things below at the place where customer has
shown activity in stage 1 audit (Look R40.06):
Evaluating field and field conditions of company which applies with the purpose of getting
ready to stage 2 examination,
Evaluating the company’s status if it provides the GGYS related standarts’ necessities
especially appropration of important factors, processes, aims and operations by reviewing
it.
The things below should be checked by gathering necessary information related to GGYS
scope;
-Information about managing danger analysis(first step),
-Methodology of danger analysis and defining acceptable steps,
-ÖGP (Prerequisite Plan) and/or HACCP plans,
-Basic information of company’s field or fields and processes there,
-Evaluation and qualification of related legislations and rules,
-Related risks,
-Environment and quality factors at the scope that company applied.
Discussing the details of stage 2 examination,
Field operation of probable important factors and understanding GGYS clearly at the
company and planning stage 2 examinations in this direction,
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 8 / 24
Checking if the company is ready for stage 2 examination by control and evaluation of
management review and if inner examinations are done.
Controlling that the company’s ÖGP(Prerequsite Plan) is prepared according to the work
done and, legal and compolsory necessities,
Controlling if the company has enough processes that are defined at GGYS’s food security
dangers
Controling the compatiblity between food security rules and company’s GGYS,
Information about GGYS policy and its applications,
Controlling if validity, verification and rehabilitation rules fit to GGYS standard necessities,
GGYS document and regulations, inner communication and communication with related
suppliers, customer and related groups,
Controlling the company’s additional documents for preparing it to stage 2 examination,
Customer must be informed that stage 2 audit could be delayed or cancelled because of
the results of stage 1 audit.
There is a possibility that any part of GGYS doesn’t need to be audited at stage 2 audit because
this part is audited at stage 1 audit and determined that it is running successfully, efficient and
fits with necessities. However, PCA must concretize the GGYS parts that are audited before are
countinueing to fit to the documentation rules. In this situation, stage 2 audit reports must contain
these evidences and it is declared that fitness is detected at stage 1 audit.
After Stage 1 audit, the second stage might be postponed or cancelled. The customer is informed
about the decision. If ISO 9001, ISO 14001 and ISO 22000audits cause deviation from man-day
number, this deviation is declared to the customer so as to re-calculate the number and the salary
and it is recorded on the audit report. The lead auditor is supposed to record the results on the
audir report.
The date of Stage 2 is determined and the course of the auit is discussed. An audit plan (FR-07)
which covers all the processes and activities of customer is prepared and delivered to the
customer. For the Stage 1 audits which cannot be executed on the site, the audit plan is sent to
the customer by the lead auditor at least 3 days in advance (if applicable).
Audit Plan is:
based on ISO 19011 standard requirements and the scope
prepared by the lead auditor
shared with the audit team
supposed to include the scope of the audit
supposed to include the time of evaluation at the beginning and the end of the day
instructive for the audit team and the department/process/activity supervisors of the
organization to be audited
prepared so as to explain the duties of each auditor, the processes, the conditions,
departments, and activities to be audited
prepared in such a way that each auditor works at least for 8 hours and the course of the
audit starts from the management and proceeds with the policy, aim, and targets; in accordance
with the work flow of the company.
prepared in such a way that the planning and reporting activities do not exceed 10% of
the time stated in the audit duration chart during the period of time spent for ISO 9001 audit.
is revised, if need arises, during the audit according to the findings and needs.
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 9 / 24
includes matters to be checked and estimated dates for certification audits, Stage 1 audit,
Stage 2 audit, and re-certification audit that are to be executed within the 3-year certification
cycle.
The audit dates are determined in agreement with the customer and the audit team by the
planning supervisors. The audit plan is sent to the customer with FR-06 Customer Audit
Confirmation Form by mail or fax. The customer confirms FR-06 form in case of no objection and
sends back to PCA.
The customer has the right to object to the audit plan or the audit team. In this case, FR-06 Form
is not confirmed and the written objection is conveyed to PCA. The objection must be based on
reasonable grounds (PR-08 Dealing Complaints and Objections Form). In case of an objection,
PCA contacts the customer and they reach a compromise. The plan needs to be confirmed again
after the compromise.
If there is non-conformity, it is recorded on the non-conformity form. The classification of the
non-conformity must be stated. The company must determine the root causes of the non-
conformity and plan the necessary corrective actions. When the corrective actions are executed,
their impact must proved with objective evidence and be presented to the lead auditor PCA main
office. The lead auditor revises the acceptability of the corrective actions and if they are approved,
the planning supervisor is informed. Then Stage 2 audit begins. If the corrective actions are not
approved, te company is informed and asked to take new corrective actions.
In the documentation of ISO 9001, ISO 14001 and ISO 22000, the time interval between Stage
1 and Stage 2 audits must no more than 6 months. If there is more than 6 months between the
two stages, Stage 1 is repeated.
The findings of ISO 9001 Stage 1 audit is recorded on FR-08 ISO 9001 Stage 1 Report and the
findings of ISO 14001 Stage 1 audit is recorded on FR-11 ISO 14001 Stage 1 Report and FR-14
ISO 22000 Stage 1 Report by the audit team. The lead auditor is responsible for revising the
report and its delivery to PCA.
5.8. 2nd STAGE AUDIT
It is a part of the initial certification audit and it checks whether the organization has competency
to fulfil, maintain, and improve the customer conditions. The audits are process-based. The lead
auditor is responsible for the management and reporting of the audit. It is executed according to
the scope and audit plan. The amount of objective evidence to prove the competency is checked
and reported.
The objective of the audit is to confirm the compliance with all the conditions for the standard,
the legal conformity, the design of the system, the customer’s policies and procedues.
In all management system audits, the legal conformity of the company is checked. The licences
and permits are checked. The objective evidence is reported. The certification is not confirmed if
the company fails to prove the conformity and the audit results in non-conformity. The corrective
actions suggested for the non-conformities must be added to the report.
The minor non-conformities must be corrected as early as possible, but more demanding actions
can be postponed until the next audit provided that they are stated in Corrective Actions Plan.
Major non-conformities are signed off after all the corrective actions are completed. The non-
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 10 / 24
conformities that do not require follow-up audits can be signed off by the lead auditor or an auditor
from the audit team; or another lead auditor from another team.
The findings of ISO 9001 Stage 2 audit is recorded on FR-09 ISO 9001 Stage 2 Report and the
findings of ISO 14001 Stage 2 audit is recorded on FR-12 ISO 14001 Stage 2 Report and FR-14
ISO 22000 Stage 2 Report by the audit team. The lead auditor is responsible for revising the
report and its delivery to PCA.
ISO 22000 FSMS Audit Report:
After audit, audit reports are filled and delivered to the Certification Manager.
Stage 1 Audit Report includes given below;
• Sufficient information about FSMS of the company,
• Information about main performance of the company or analysis of essential impacts,
• An evaluation about whether the company is ready for the Stage 2 audit.
Stage 2 Audit Report includes given below;
• Information of customer audited,
• Information about representatives of customer audited,
• Information about audit team,
• Audit purpose,
• Audit scope, functional units and processes,
• Audit criteria,
• References of FSMS standard
• References of PRP of the company,
• Field audit place and dates
• Audit findings (includes positive sites of the company)
5.9. REVISION OF THE REPORT THE CERTIFICATION DECISION
The decision of the certification is made by the certification committee in PCA. The committee
decision is based on the completeness of the report, the scope of the certificate, the convenience
of the audit plan, the sufficiency of audit findings, and the comprehensibility of the non-
conformities and that they have been signed off, and the compliance with the audit plan made by
the main office.
The committee asks for advice from a lead auditor, auditor, or a technical expert from another
audit team if they do not have the expertise in the scope of the certificate in question.
The certification committee must confirm the following issues before they decide on the
certification:
a) The sufficiency of the information provided by the audit team for the certification conditions
and the scope
b) Whether the efficiency of the corrective actions has been revised, approved, and confirmed
1. Non-compliance with one or more than one conditions in the management system
standard
2. Whether there is a serious doubt about the sufficiency of the management system of
the company in terms of fulfilling the conditions.
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 11 / 24
c) Revision and confirmation of the corrective actions that the company has planned for non-
conformities.
The file of a customer that does not eliminate the non-conformities with regard to Stage 2 audit
in 6 months is cancelled. If the customer applies for a certificate after the 6-month period, the
procedure starts all over. The report is reviewed in 3 days after the lead auditor hands it (following
the correction of the nonconformaties) in to the main office of PCA and the decision about
certification is made. For the decision, the customer might be asked to provide additional
information, documents, or corrective activities.
Also, the audit team might ask for FR-21 Audit Team Feedback Form for faults/deficiencies and
additional information. The feedback records are used as input for the performance evaluation of
the audit team.
The original text of the audit report is PCA’s property and customer is provided with another copy
of the report. The final decision about the certificate is recorded on FR-20 Certification Decision
Form. If the decision is affirmative, the certificate is printed/published. The original text along
with a copy of the audit report, the logos the customer can use, the instruction on logo use, and
the flags are shipped to the customer. The pack can also be received from PCA office.
In case of our customer contact with fax number 0216 517 63 49 or email to the address
[email protected], the information about the certificate will be provided.
The certificate includes the following information:
PCA’s full title, address, the certification mark, and accreditation mark
The name of the customer
The full address of the customer or the certified location
The date of certification decision and expiry date, the dates of recertification and the
changes in the scope; the issue number of the certificate indicated with “/” marks
The certificate number
The Scope of the Certificate (product, process, or service categories)
The standards used for the certification or the names of the other documents that has the
feature of standards
The dates on the certificate and their validity:
Audit date: it is the last day of the Stage 2 audit. As for the transfer audits, the last day
of the monitoring audit is written on the certificate.
Registration date: The date of certification date made by the committee is written down.
Reprint date: If a certificate is reprinted due to expansion of the scope, address change,
title change etc., the date is corrected with “/” marks which show the reprinted version of
the certificate.
Validity date: the 364th day beginning from the certification decision is written down. If
the certificate is extended after the interim audit, another 365 days are added.
- The certificate is for 3 years.
- The certificate is reprinted every year.
- The date of the decision is also the date of the publication.
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 12 / 24
- The certificaes are signed by the general manager.
- EA codes are printed on system certificates.
A different certificate is issued for each office of a company with more than one location. The
certificate can be issued in other languages on customer’s request.
The published certificates are valid for 3 years and the validity depends on the monitoring audits,
and the maintenance of management system conditions which comply with international
accreditation rules.
The validity of a published certificate can be seen on www.pca-tr.com. All decisions are made
impartially and independently, without any material or moral pressures, in line with PCA
CERTIFICATION policies and procedures, and other related international guides and standards.
5.10. MONITORING AUDIT
Monitoring audits are on-site audits but they do not require auditing the whole system. It is
planned in order to control the maintenance of compliance with the management system
requirements. Monitoring audits are executed at least once a year according to the results of the
former audits, the lead auditors suggestions about the time, and customer complaints.
During the certification of management systems, in addition to the suggestions of the lead auditor,
the expiry dates of licences and permits of the company are also considered. Depending on the
significance of the issue, the monitoring audit can be moved to an earlier date or implemented
more frequently. In monitoring audits, the efficiency in eliminating former non-conformities is
controlled. The audit is planned so as to control all standard requirements at least once until the
re-certification audit.
Monitoring audits must include:
revision of internal audits and management
revision of the corrective actions for the non-conformities detected during the former
audits
dealing with the complaints
the efficiency of the management system in terms of fulfilling the targets
the course of improvement activities
operational controls
reviewing the changes
logo use and other references to the certificate (advertising material, packages, the web
site etc.)
The following statements of ISO 9001 standard are audited during every monitoring audit. Other
issues to be audited are defined by the lead auditor according to former audit results and changes
in the Customer’s management system.
4 ................... Quality Management System
5 ................... Responsibilities of the Administration
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 13 / 24
7.1 ................ Planning of Product Realization
7.5 ................ Presentation of Products and Services
8 ................... Assesment, Analysis, Improvement
The following statements of ISO 14001 standard are audited during every monitoring audit. Other
issues to be audited are defined by the lead auditor according to former audit results and changes
in the Customer’s management system.
4.1 General requirements
4.3 Planning
4.3.1 Environmental aspects
4.3.2 Legal and other requirements
4.3.3 Objectives, targets, and programs
4.4.5 Document control
4.4.6 Operational control
4.5.1 Monitoring and assesment
4.5.2 Evaluation of conformity
4.5.3 Nonconformity, corrective and preventive actions
4.5.4 Records control
4.5.5 Internal Audit
4.6 Review by the management
The ISO 22000 articles below are surely audited in every audit. Other articles which will be audited
are determined from previous audit’s results and changes in customer system by Lead Auditor:
4.1 General conditions
5.3 Food Security Policy
5.4 Responsibility, Task, and Charge
4.2 Documentation and Control
6.2 Human Resources
6.4 Working Envorinment
7.3 Primary stages of concretizing danger analaysis
7.5 Creating operational ÖGP(Prerequsite Plan)s
7.6 Creating HACCP plan
7.7 Updating information and documents
7.10 Unsuitability control
8.3 Control of observation and measurement
8.4 GGYS verifying
8.5 Rehabilitation
5.8 Management’s review
At least one third of the time spent for certification audits must be reserved for monitoring audits.
Surveillance audits shall be conducted at least once a calendar year, except in recertification
years. The date of the first surveillance audit following initial certification shall not be more than
12 months from the certification decision date.
The time can be lengthened if the customer has a compelling reason. Planning starts two months
in advance.
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 14 / 24
The audit dates are determined in agreement with the customer and the audit team by the
planning supervisors. The audit plan is sent to the customer with FR-06 Customer Audit
Confirmation Form by mail or fax. The customer confirms FR-06 form in case of no objection and
sends back to PCA.
The customer has the right to object to the audit plan or the audit team. In this case, FR-06 Form
is not confirmed and the written objection is conveyed to PCA. The objection must be based on
reasonable grounds (PR-08 Dealing Complaints and Objections Form). In case of an objection,
PCA contacts the customer and they reach a compromise. The plan needs to be confirmed again
after the compromise.
The findings of ISO 9001 monitoring audit is recorded on FR-09 ISO 9001 Stage 2 Report and the
findings of ISO 14001 monitoring audit is recorded on FR-12 ISO 14001 Stage 2 Report by the
audit team. The lead auditor is responsible for revising the report and its delivery to PCA.
The audit report is delivered to PCA main office firsthand, via fax, e-mail, or cargo etc. Fax and
e-mail can only be used is urgent situations. The original text must be delivered to PCA in one
week at the latest.
If there are non-conformities, they are tracked by the main office. If possible, the signing off
should be executed by the auditor who had reported the non-conformities in question. In other
cases, the signing off can be executed by other auditors.
5.11. CERTIFICATION MAINTENANCE DECISION
After the report is given to the PCA office by the Lead Audit (after correcting the nonconformaties),
it is reviewed in three days and the decision is given on the sustainability of the certificate. If
necessary, additional information, document or corrective activities can be requested from the
customer.
As a result of the monitor audits, the decision on the report analysis and the sustainability of the
certificate is given for ISO 9001, ISO 14001 and ISO 22000 by the Certification Committee. When
giving decision, the following table is taken into account:
S/N Durum Situation Sonuç Result
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 15 / 24
1 When a minor nonconformity is
detected during audit
The customer is given a month to correct the
nonconformities.
If they are not corrected in 1 month, the
certificate is suspended. Suspension period is 6
months.
If the corrections are made in 6 months, the
certificate is maintained, if not, it is cancelled.
The above mentioned periods can be
lengthened at most for 1 month with the
approval of The Certification Committee.
2 When a major nonconformity is
detected during audit
If nonconformity is not corrected in 1 month,
the certificate is suspended. Suspension period
is 6 months.
If the corrections are made in 6 months, the
certificate is maintained, if not, it is cancelled.
The above mentioned periods can be
lengthened at most for 1 month with the
approval of The Certification Committee.
3
No obeying the contract regulations
(use of logo, reference to the
certification, payments, etc.)
According to the decision of the Certification
Committee;
a) The customer is requested to perform
corrective activities. The duration for the
corrective activity is 1 month. If this time is
exceeded or the corrective activity is not
performed the certificate is suspended. The
suspension period is 6 months.
If the result is still negative the certificate is
cancelled (all the decisions are given by the
Certification Manager)
b) The certificate is suspended directly. The
duration for the corrective activity is at most 1
month. If this time is exceeded or the
corrective activity is not performed the
certificate is suspended (all the decisions are
given by the Certification Manager).
4 The delay in the monitor audit for
more than 1 month
The certificate is suspended. Suspension period
is 6 months. If there is no audit at the end of 6
months, the certificate is cancelled. The audit
executed during the suspension period should
be a full audit.
5
The company itself requests for
cancellation or suspension for any
reason (strike, natural disaster, halt
of production / service, financial
reasons, etc.)
At most 6 months is given for the suspension
with the decision of The Certification Committe,
after this, if no audit is executed, the certificate
is cancelled. If the audit is executed, normal
certification procedure is applied. This audit
should be a full one.
If there is a request for cancellation, it
cancelled directly.
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 16 / 24
6
Loss of legal conformity or being
unable to show this
The certificate is suspended immediately.
Suspension period is 6 months. If legal
conformity is regained during 6 months
suspension period, the certificate is
maintained.
If conformity cannot be realised, the certificate
is cancelled.
The above mentioned periods can be
lengthened at most for 1 month with the
approval of The Certification Committee.
The suspension period is generally 6 months but The Certification Committee can extend the
period 1 more month. The certification committee can give additional 1 month in the following
situations;
If strike, natural disaster, halt of production / service, financial problems occur before the
end of the 6 month suspension period.
If great changes occur in Management System and Procedures before the end of the 6
month suspension period
In the event of suspension, the management system certificate of the customer is not valid for a
certain time. When the certificate is suspended or cancelled, the customer should give its
certificate back to PCA, stop using logo and references. This situation is under contract.
If, because of nonconformity to contract regulations or logo usage, the customer cannot complete
the corrective activities on time, PCA can initiate a legal action. The status of the suspended or
cancelled certificates are recorded in PCA web site www.pca-tr.com and are announced the related
parties.
All the decisions are given totally impartially and freely, without any material or moral constraints,
in line with PCA CERTIFICATION’ s policy and procedures and other related international guides
and standards.
5.12. RECERTIFICATION AUDIT
At the end of the 3 year certification, a full audit is given just like the first certification audit.
Before the recertification audit, the company is asked, orally or written, by Planning Executive,
whether there has been a change in its customer organisation or management system, which
might affect the audit (ex.: regulations, scope, address, legal conditions, number of workers,
environmental dimension, etc.).
In the event of changes; the customer is requested to fill in the application form again or write
the changes to PCA. The audit has two stages. The duration of the recertification is calculated
again by the Certification Manager according to the changes.
If there are no serious changes the 1st stage audit is not executed. The duration of the
recertification is calculated as the 2/3 of the first certification duration. In the recertification stage
the reports of the previous audit are analysed, if the Lead Audit finds it necessary, 1st stage audit
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 17 / 24
can also be planned. The 1st stage of the recertification has the same scope and is executed using
the same method as the 1st stage of the first certification.
Recertification Audit dates are determined 2 months before the recertification by planning
executives after confirmation from the customer and audit committee. The prepared audit plan is
sent to the customer through fax/mail by using FR-06 Customer Audit Confirmation Form and the
customer is contacted. If the customer does not have any objection to the prepared recertification
audit plan or to the audit committee, it approves the FR-06 Customer Audit Confirmation form
and seds it to PCA.
The customer has the right to object the audit committee and the recertification audit plan. To do
this, the customer has to send the FR-06 Customer Audit Confirmation Form without signing it
and the objection should be written to PCA. In order for the objection to be approved, there should
be a reasonable justification (See PR-08 Handling the Complaints and Objections Procedure). The
customer is contacted about the objections to the Recertification Audit Plan and agreement is
made about the plan and approval is taken again by using the same method.
The following points are taken into consideration during recertification field audits:
a) In the light of internal and external changes, the effectiveness of the management system
in its entirety, the relevance and applicability of the effectiveness of the management
system,
b) Demonstration commitment to maintain the effectiveness and improvement of the
management system to improve overall performance,
c) The effectiveness of the management system in terms of achieving the objectives of the
certified client and the intended results of the relevant management system.
Recertification audits should be execured before the 3 year period ends. If noncorformity is
detected during recertification audits, the customer should make corrective activities and these
activities need to be verified before the period of the present certificate ends. For recertification
audits, the time for correcting nonconformities is 2 months, in this respect the planning of
recertification audits is done 3 months before the certificate time ends. In recertification audit the
reports of the 2nd stage of the related standard are used. The Lead Audit is responsibible for the
completion and delivery of the report to PCA.
The validity period of the existing certification for the validity period of the re-certification shall
be based on the successful completion of the re-certification activities after the end of the existing
certification. The date of issuance of the new document may be the date of the re-certification
decision or a later date.
If the document can not be verified again before the expiration of the validity period, or if it can
not verify that the correction and corrective action has been carried out for any major
nonconformities, re-certification is not recommended and the validity of the document is not
extended. The customer is informed and the ones to be done in the future are explained.
At the end of the certification period, re-certification may be made within 6 months following the
validity period of the document provided that the re-certification activities are completed,
otherwise at least one Stage 2 should be done. The current date on the document must be re-
certification date or later and the previous certification cycle must be based on validity.
5.13. RECERTIFICATION DECISION
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 18 / 24
Recertification decision is given according to the recertification audit results, the results of the
monitoring of the system during certification period and the customer complaints, if there are
any.
The report is reviewed in 3 days following its delivery to the PCA office by the Lead Audit (following
the nonconformaties, if there are any) and the decision about the renewal of the certificate is
given. In giving recertification decision, the same method is used with the first certification
decision. Recertification decision is given by the Certification Committee.
If the customer does not correct the nonconformaties before the certificate time ends,
recertification is not done, the audit is renewed covering the first certification audit. The process
is the same with the first certification. In such cases, it is not necessary to execute the 1st stage
audit.
The status of the expiring certificates is recorded in PCA web site www.pca-tr.com and when
necessary, it is announced to the relevant parties. All decisions are made impartially and
independently, without any material or moral constraints, in line with PCA CERTIFICATION policies
and procedures, and other related international guides and standards.
5.14. FOLLOW-UP AUDIT
This is the audit executed in cases where the correction of one or more nonconformaties cannot
be made at document level and can only be made on site. These audits can also be performed for
the suspended certificates to be sustained.
In follow-up audits only the activities regarding the noncorformaties are checked. However, if the
Lead Audit finds it necessary, he/she can also detect the other items of the standard which might
affect the conformity.
In follow-up audits the reports of the 2nd stage of the related standard are used. However, in the
check list, only the detected standard items are filled in. Other items are left empty. The Lead
Audit is responsible for the completion and delivery of the report to PCA.
After the report is given to the PCA office by the Lead Audit (after correcting the nonconformaties),
it is reviewed in three days and the related decision procedure is applied. If necessary, additional
information, document or corrective activities can be requested from the customer. Sometimes
to remove suspensions follow-up audit might be necessary.
5.15. CHANGE OF SCOPE (SCOPE LIMITATION / WIDENING)
The request for the scope change, together with its reasons, is taken from the customer in written
form. If the change of scope is to limit it, the Certification Committee gives a decision after
evaluating the situation. It is not necessary to execute an additional audit for scope limitation.
The customer is sent the certification with the limited scope.
If the scope change includes widening it, The Certification Manager first evaluates the PCA’s
competency for the new scope. If it is competent, after taking the opinion of the auditor who has
taken part in operational auditing of the company, he/she evaluates the request.
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 19 / 24
At the end of the evaluation;
a) If the company is not competent enough to make a change in infrastructural or legal terms,
the request is not accepted even without auditing. This situation is announced to the company by
explaining its reasons in written form.
b) If the previous audit includes the request of change, if it is only a different way of defining the
scope, the request is accepted without auditing again.
c) If the previous audit does not include the request of change, the first certification process is
applied again. At this stage, if there is a need for additional documents, they are requested from
the company. At least one of the appointed auditors or experts should be appointed with a suitable
EA or NACE code related to the topic. The Lead Audit determines the items that need to be audited
in the scope of change requested. The audit duration is determined according to the number of
workers. During the audit, it is necessary to check whether internal audits and management
reviews have already been completed or not.
The customer is informed about the requests for change which are not within the scope of
accreditation. If the customer accepts the certificate without accreditation, the audit is executed
by applying the above mentioned rules. The decision process is the same with the decision of the
first certification.
If the scope widening wants to be made together with the monitor audit, the decision on whether
some additional time is needed or not is given by the Certification Manager and the auditor who
has executed operational audit in that company before. If necessary, monitor duration is
lengthened. In addition, the new audit committee is formed again considering the new scope.
The ISO 9001 14001 customers are requested to inform their requests for any process or scope
change to PCA. Because the risks, environmental factors and their effects that appear with the
new scope might be affecting the new scope as well and if there is a possibility of being out of
control, the audit might start earlier without waiting for monitor audit.
The requests for scope change that come during the audit are reported to the central office and
they act according to the decision given by the Certification Manager at the end of the evaluations.
The 2nd stage audit report of the related standard is used for the change of scope audits.
5.16. SHORT-TERM AUDITS
Short-term audit is a type of audit that is executed when there is the violation of PCA rules with
regard to certification, monitoring, re-certification, scope, and follow-up audits, unfair use of logo,
or in cases of customer complaints.
PCA has the right to execute short-term special audits for situations mentioned above. This right
has been recorded in the contract made with the customer. The Certification Manager gives the
decision for short-term private audits. The Management Representative’s advice about this might
also be taken.
The scope and the criteria of the audit are determined by the Certification Manager and the
appointed Lead Audit. This situation can be valid for the whole, one part or only for one
process/section depending on the conditions.
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 20 / 24
The duration for the short-term audits is determined according to the number of workers in line
with TL-01 Instructions on Determining Audit Times and IAF rules. The procedure on the
sustainability of the certificate, explained in item 5.9 of that document is applied.
The findings of the 2nd stage of ISO 9001 audit are written in FR-09 ISO 9001 2nd Stage Report,
and ISO 14001 2nd stage audit findings, in FR-12 ISO 14001 2nd Stage Report and FR-15 ISO
22000 2nd Stage Report by the members of all the audit committee. The Lead Audit is responsible
for preparing and handing in the report to PCA.
5.17. CHANGE OF ADDRESS AUDIT
In cases of change of address the customer is requested to give a written letter and necessary
documents (trade journal, settlement plan, flow process chart, is exists, etc.) as addition.
If required, the audit can be performed with the decision of the director of certification.
5.18. CHANGE OF TITLE
In title changes the customer is requested to apply in written form together with a letter and the
necessary documents (trade gazette, etc) showing the change. The title is changed with the
decision of the Certification Manager.
5.19. TRANSFER AUDIT
The transfer requests of companies are taken with FR-01 Certification Application Form by the
Customer Representative, checked and given to the Certification Manager with the aim for the
transfer request to be given.
The transfer process is applied only for the applications coming from the companies accredited
by the bodies accredited according to IAF MLA contract. If other certification bodies apply for the
transfer, they are treated as new customers and the certification process starts from the 1st stage
of certification.
The system documents and audit reports of the previous certification body are requested,
analysed and the company is visited for the transfer. If the company is suitable for the transfer,
the audit process begins with signing a contract. In transfer audit, duration of the second stage
will be choosen.
During the analysis the following points are considered and recorded in FR-74 Transfer
Certification Application Review Form.
Whether the activities of the company are included within the scope of PCA’s services or not,
The reasons of transfer,
Whether the certificate is accredited or not,
The nonconformaties detected in the previous certification, monitoring and/or recertification
audit reports,
The complaints received and the actions performed,
The updated situation in the certificate transfer,
Any relation with the legal bodies.
The applications of the companies under suspension or in the process of suspension are not
accepted. The nonconformities detected in the system documents are reported to the customer
in written form. The nonconformities need to be corrected and approved by the present
certification body before the transfer audit. As a result of these audits if there are any doubts,
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 21 / 24
the company is treated as a new customer or an audit can be executed in the problematic areas
only.
If the work relation of the previous accreditation body has ended or if its accreditation has
cancelled, suspended or withdrawn, the audit duration starts from the fist stage of the
certification.
5.20. THE AUDITS OF THE MANAGEMENT SYSTEMS AND GREAT CHANGES IN THE
PROCESSES
These are audits executed for the management system and the serious changes in processes,
restructuring; that is, the change in the top management, organisational changes, changes in
corporate body, mergers, big changes in the management systems or processes, change in
production/service, standard version changes. The process of the audit is applied in the same way
as decribed in 5.16 Short-term Audits.
The documenting director will review the amendment and decide whether or not the stage 1 is
required. If Stage 1 is deemed necessary, the results of the inspection are recorded in the relevant
Stage 1 audit report.
5.21. DETERMINING THE AUDIT COMMITTEE AND THE AUDIT DURATIONS
All the audit committee appointments mentioned in this document and the audits executed by
PCA are done according to PR-07 Audit Committee Appointment, Assignment and Evaluation
Procedure, and the number of personnel-day and the durations of audits are determined according
to TL-01 Instruction on Determining the Audit Duration.
In the first certification audits, there is no need for the members of the 1st stage audit committee
and the 2nd stage audit committee to be exactly the same. The first audit committee is determined
according to personnel-day and it is necessary to have at least one auditor in the committee
within the activity scope of the customer. The Lead Audit is responsible for the management and
the report writing of the audit.
All the audits are process-based, executed and reported according to ISO 19011 standard. In
addition, they are made impartially and independently, without any material or moral constraints,
in line with PCA CERTIFICATION policies and procedures, and other related international guides
and standards.
5.22. THE OPENING AND CLOSING MEETINGS
The audit committe has to conduct an opening meeting at the beginning and at the end of all the
on-site audits (except for 1st stage audits). The Lead Audit leads the opening and closing meetings
and the topics in the agenda are discussed. In order to avoid possible problems, the audit rules,
scope, number of workers and audit plan should be understood and approved at the opening
meeting. The audit findings, nonconformaties, if they exist, and the findings on the legal
conformity of the customer are all explained in the closing meetings. If there are nonconformaties,
the customer is expected to find a solution for them.
5.23. AUDIT REPORTS
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 22 / 24
The audit reports are completed during the audit. The activities showing the effectiveness are
recorded, the examples should be defined with references. The following areas should be covered
within the scope of the audit (ex: certification necessities and audited areas), the important
samples followed and the audit methods, observations, positive applications, the details of the
nonconformaties, objective evidences and relating them with the relevant standard necessities
and the documents necessary for the certification, the suitability of the management system of
the customer to the certification regulations, and the comments, clear definitions of the
nonconformaties and their suitability, the comparison concerning the previous audits of the
customer and its benefits.
The audit committee can define the opportunities related to the recovery but cannot make any
offers related to private solutions. The report is handed in or sent to the PCA central office by fax,
e-mail, cargo, etc. Fax or e-mail can only be used in emergency, in such cases, the original reports
should be given to PCA central office in 1 week. The centre office traces the nonconformaties, if
there are any.
If it is possible to recover the nonconformaties, this is done by the auditor who has written them.
In other cases, other committee members or another appointed auditor can make the recovery.
Audit notes, the question lists to be used in the audit, charts, observation reports, reports
concerning the findings are all parts of the audit report and these reports are also presented to
the Certification Manager by the auditors.
The report must indicate the adequacy of the organization and procedures. It must be clear and
legible with the signatures of the customer representative.
While writng the observations, the language should be understandable and clear, the objective
proof should definitely be mentioned, conditional sentences should not be used because if one
regulation is not obeyed, it means nonconformity. While the nonconformaties are being written,
they should be understandable and clear, and should definitely have objective proof. When making
the minor/major classification, and identifying the related standard item, one should be careful.
At the end of the report, the audit committee should definitely mention their decision. The coding
of the audit reports are done according to TL-05 Instructions on Audit Report Coding.
5.24. MAKING CHANGES IN CERTIFICATION REGULATIONS
The certification regulations are announced to all the related parties by publishing them on PR-06
Audit and Certification Procedure web site. The changes in any related procedure are updated by
PCA on web site www.pca-tr.com. The changes in regulations are evaluated by considering the
feedback and opinions from the customer and are revised if necessary and the latest form of the
change is published on the web page again.
5.24.1 Changes in the share distribution of PCA certification, and changes in the company names
are announced on web site www.pca-tr.com.
5.25. SUSPENSION / WITHDRAWAL / LIMITATION / CANCELATION BY PCA
Certification committee makes a decision about the maintenance of the certification for
nonconforming situations which might cause the certification to be suspended or withdrawn.
The certification committee suspends the certification on condition that the certified management
system of the customer, including the regulations concerning the effectiveness of the
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 23 / 24
management system, fail continuously.
The certification committee can also suspend the certification on condition that the certified
customer does not allow monitoring or recertification observation at necessary frequency.
The certification committee decides to withdraw or limit the certification if after the audit of the
management system of the company, whose certification or the maintenance of certification is
requested, some nonconformaties are detected and if the customer company fails to solve the
problems at the given time.
The audit committee which is executing the observation of audited company might decide to limit
its scope if they detect that it does not realise some of the scopes that it has declared or has
existed in the previous audit. In this case, the Certification Committee has to limit its scope in a
proper way according to the necessary observation, evidence and proofs. When the PCA
Certification limits the scope, it should request the company to change all the advertisements of
the company.
When the customer keeps failing to meet some of the regulations of the certification, PCA should
limit the scope of the customer to exclude the parts which do not meet the certification
regulations. (Such a limitation should conform to the regulations of the standard being used for
certification.)
If the certified company itself requests to be suspended for a period of time, the certification
committee can also suspend the certification. The details are given in item 5.15.
If the suspended company does not do anything to correct the points of suspension for 6 months,
the committee should meet again and decide to cancel the certification.
As a result of the investigation on a complaint received by PCA about the customer company, if
it is detected that the complaining company is right and if the subject is serious enough to be
taken into account (not obeying the contract regulations, noncorforming the confidentiality rules,
being illegal, etc.), the certification committee should decide to cancel the certification.
If it is detected in one way or other, without even receiving any complaints, that the company is
not obeying the contract regulations, not conforming to the confidentiality rules, and performing
illegal acts, PCA Certification committee takes the decision to cancel the certificate of the
company.
PCA is responsible for all the the decisions, whether they be suspension / withdrawal / limitation
/ cancelation. For suspension / withdrawal / limitation / cancelation decisions, the Certification
Committee Decision Forms are prepared by the Leader of the Certification Committee Manager.
Suspension / withdrawal / limitation / cancelation decisions will be confirmed after they are
approved by the Leader of the Certification Committee.
6.0 NECESSARY DOCUMENTS
TL-01 Instructions on Determining Audit Times
TL-03 Instructions on Pricing
TL-07 Instructions on Accreditation Scopes of the Risk Groups
PR-07 Appointing and Evaluating Audit Teams Procedure
FR-02 ISO 14001 Additional Information Form
FR-03 ISO 22000 Additional Information Form
FR-04 Certification Contract
FR-05 Contract for Assigning Audit Team
FR-06 Customer Audit Confirmation Form
FR-07 ISO 9001 Audit Plan
AUDIT AND CERTIFICATION PROCEDURE
Document Code
PR-06 Prepared by: Administration Representative
Approved by: General Manager First
Publication 15.02.2010
Revision No 17
Revision Date 21.05.2018
Page No 24 / 24
FR-08 ISO 9001:2008 1st Stage Report
FR-08 ISO 9001:2008 2nd Stage Report
FR-11 ISO 14001:2004 1st Stage Report
FR-12 ISO 14001:2004 2nd Stage Report
FR-14 ISO 22000:2005 1st Stage Report
FR-15 ISO 22000:2005 2nd Stage Report
FR-20 Certification Decision Form
FR-30 Adress Change Contract
FR-60 Audit Program
FR-58 ISO 9001+14001 1st Stage Audit Report
FR-59 ISO 9001+14001 2nd Stage Audit Report
FR-75 ISO 14001 Audit Plan
FR-76 ISO 9001-14001 Integrated Audit Plan