A2LA’s ISO/IEC 17065:2012 Transition and Applications
Mike Buzard – Senior Accreditation OfficerAdam Gouker – Accreditation ManagerAmerican Association for Laboratory
AccreditationFrederick, Maryland, U.S.A
Presentation to the TCB Council – April 2014
Overview A2LA Recognition, Structure, and Processes
Transition to ISO/IEC 17065:2012
ISO/IEC 17065:2012 Published “Explanations”
ISO/IEC 17065:2012 Requested “Explanations”
Common TCB Assessment Deficiencies
Implementation of FCC KDB Revisions (April 2014)
A2LA is: Non profit Non governmental Independent 3rd party Established in 1978
A2LA provides accreditation:
ISO/IEC 17025:2005 – Testing and Calibration Laboratories
ISO 15189:2012 – Medical Laboratories ISO Guide 34:2009 – Reference Material Producers ISO 17043:2010 – Proficiency Testing Providers ISO Guide 65:1996 – Product Certification Bodies ISO/IEC 17065:2012 – Product Certification
Bodies ISO/IEC 17020:2012 – Inspection Bodies
A2LA Recognition International Accreditation Forum (IAF) Multilateral
Recognition Arrangement (MLA) Signatory International Laboratory Accreditation Cooperation
(ILAC) Mutual Recognition Arrangement (MRA) Signatory
Recognized Accreditation Body under the National Voluntary Conformity Assessment Systems Evaluation (NVCASE) Program
FCC Recognized Test Firm Accrediting Body (TFAB) Various Gov’t to Gov’t MRA’s through NIST
A2LA Structure
A2LA Processes - Assessment Order ISO/IEC 17025 and/or ISO/IEC 17065 Read AB’s Supplemental Requirements Read Regulator / Certification Scheme
Requirements Submit Application(s) Assessor Assigned (performs doc review)
A2LA Processes - AssessmentConduct On-site AssessmentCAR’s Following AssessmentDecision on AccreditationSurveillance and Renewal
Assessments
A2LA Processes - Cycles Year 0: Initial Accreditation Year 1: On site Surveillance Assessment Year 2: Full Renewal Assessment Year 3: Annual Review, desk audit – could be on-
site Year 4: Full Renewal Assessment Year 5: Annual Review, desk audit – could be on-
site Note: this is one option per ISO/IEC 17011, clause 7.11.3
A2LA Processes - Scopes Document that identifies exactly what the
organization is accredited for: For Labs – identifies specific tests & methods For CBs – identifies product categories, product
specs, and/or certification schemes Identifies expiration date and physical
location Must be confirmed by the assessor Organizations can be accredited for
“limited” scope of activities
A2LA Processes - Scopes
SCOPE OF ACCREDITATION TO ISO/IEC 17025:2005
YOUR LABORATORY NAME 123 Elm Street
Anywhere, MD 00000 Your Name Phone: 555 555 5555
ELECTRICAL (EMC)
Valid To: December 31, 20xx Certificate Number: xxxx.01 In recognition of the successful completion of the A2LA evaluation process, accreditation is granted to this laboratory to perform the following electromagnetic compatibility tests: Test Technology Test Method(s)
Emissions
Radiated & Conducted 47 CFR, FCC Part 15, Subpart B (using ANSI C63.4-2009); 47 CFR, FCC Part 18 (using MP-5); AS/NZS CISPR 11; EN 55011; AS/NZS CISPR 13; EN 55013; EN 55022; IEC/CISPR 22; CNS 13438 (up to 6 GHz);
A2LA Processes - Scopes
SCOPE OF ACCREDITATION TO ISO/IEC 17065:2012
YOUR CB’S NAME 123 Elm Street
Anywhere, MD 00000 Your Name Phone: 555 555 5555
PRODUCT CERTIFICATION CONFORMITY ASSESSMENT BODY (CAB)
Valid To: December 31, 20xx Certificate Number: xxxx.02 In recognition of the successful completion of the A2LA Certification Body Accreditation Program evaluation, including the US Federal Communications Commission (FCC)requirements for the indicated types of product certifications, accreditation is granted to this organization to perform the following product certification schemes: Economy Scope Federal Communication Commission - (FCC) Unlicensed Radio Frequency Devices A1, A2, A3, A4 Licensed Radio Frequency Devices B1, B2, B3, B4 Telephone Terminal Equipment C *Please refer to FCC TCB Program Roles and Responsibilities, released April 4, 2012 detailing scopes, roles and responsibilities.
A2LA Processes - Assessors Independent Peer ExpertsEach with over 10 years of experience
in fieldTrained to Conformity Assessment
Standard (e.g. ISO/IEC 17025 and/or ISO/IEC 17065)
Ongoing training and evaluations (staff, AC, CAB)
A2LA Transition to ISO/IEC 17065:2012
Following A2LA “R307 – Transition Memo to ISO/IEC 17065” Adheres to IAF three-year transition period – must be
completed no later than September 15, 2015 Following our 2 year reassessment cycle:
Began accepting 17065 applications March 31, 2013No longer accepting “new” applicants for Guide 65 Current CB’s must undergo assessment to 17065 If not assessed to 17065 by March 1, 2015, must
undergo on-site assessment by June 30, 2015All requests to expand to 17065 require on-site
assessment
Explanations
From ISO/IEC 17011:2004, section 4.6.2 Follow Q/A format - A2LA’s official “explanations” of the
requirements of the relevant conformity assessment standard.
It is expected that conformity assessment bodies will implement the requirements of the standard in accordance with the explanations listed. Otherwise, areas of non-conformance will be identified by the assessor during the on-site assessment.
https://www.a2la.org/faq/faqfinder17065.cfm https://www.a2la.org/faq/faqfinder170252005.cfm
Explanations
Questions typically received from CAB’s and Assessors, but are welcome from all stakeholders
Explanations are proposed to Technical Advisory Committee for review and approval
Explanations then reviewed and approved by A2LA management
Explanations finally reviewed and approved by Criteria Council
ISO/IEC 17065:2012 Explanations (4.1.2.1)
What is a “Legally Enforceable Agreement”, and will my assessor be responsible for determining its legality? Any signed or sign-able record between the certification body
and its client/customer Must meet the requirements of clause 4.1.2.2 Must take into account the responsibilities of the two parties in
that agreement Typically referred to as a “Contract” A2LA assessors will not be determining, nor can they be held
responsible for, the legality of the certification body / client agreements
ISO/IEC 17065:2012 Explanations (4.6.a)
Does my organization’s “Publicly Available Information” need to explicitly address each of the procedures called out in this clause if one or more are not applicable to our certification activities? Yes, the Certification Body must address each required
procedure under this clause, even if the certification activities being performed do not include those actions.
For example, an organization operating a certification scheme which does not allow for extensions or reductions to the scope of certification must have documented some statement to the effect of, “We do not offer any extensions or reductions to our certifications.”
Ensures clear understanding between CB, Clients, and Accreditation/Regulatory Bodies
ISO/IEC 17065:2012 Explanations (5.2.2.a) My organization has invited numerous possible stakeholders to be
part of our “Mechanism for Safeguarding Impartiality,” but all of those stakeholders have declined to participate. How can my organization show that we are maintaining the required balanced representation in light of this? Note 2 to clause 5.2.1 and Note 1 to clause 5.2.4 of ISO/IEC 17065
identify examples of mechanisms and potential invitees Notes should be examined prior to determining that all possible
avenues have been exhausted The certification body must demonstrate (e.g. records) that they have
identified and invited potentially interested parties, And that they have ensured that no single interest predominates (e.g.
certification body cannot hold more than 50% stake in this Mechanism) Up to the certification body to take additional suitable actions to
ensure that these balanced interest requirements are met
ISO/IEC 17065:2012 Explanations (6.2.1) What are the “applicable requirements” that Internal Resources must
meet in order for my organization to comply with this clause? Hierarchy:
(1) should be defined by the Certification Scheme; (2) If not defined in the scheme, the Certification Body should define
what requirements are or are NOT applicable in their quality system, with justification on any omitted clauses of the relevant International Standard(s);
(3) If the CB and/or Scheme do not define the “applicable requirements,” an A2LA assessor will assume that all requirements in the relevant International Standard(s) are applicable.
If an Evaluation standard (testing / inspection method specified in the Certification Scheme) explicitly requires an aspect of conformity assessment such as measurement uncertainty calculations, that cannot be excluded when considering whether or not the resource meets the requirements of those standards.
ISO/IEC 17065:2012 Explanations (6.2.2.1) What are the “applicable requirements” that External Resources must
meet in order for my organization to comply with this clause? Hierarchy:
(1) should be defined by the Certification Scheme; (2) If not defined in the scheme, the Certification Body should define
what requirements are or are NOT applicable in their quality system, with justification on any omitted clauses of the relevant International Standard(s);
(3) If the CB and/or Scheme do not define the “applicable requirements,” an A2LA assessor will assume that all requirements in the relevant International Standard(s) are applicable.
If an Evaluation standard (testing / inspection method specified in the Certification Scheme) explicitly requires an aspect of conformity assessment such as measurement uncertainty calculations, that cannot be excluded when considering whether or not the resource meets the requirements of those standards.
ISO/IEC 17065:2012 Explanations (6.2.2.4) My Certification Body operates under a larger corporate umbrella, and we
send portions of our Evaluation work to another department in the corporation. Is this considered “outsourcing” the work to an outside body? Note 2 of clause 6.2.2.1: “Use of external personnel under contract is not
outsourcing.” Is a “contract” in place that covers cl. 6.1.3 requirements between the
department and the Certification Body? If so, this is NOT outsourcing. (This also answers the question, “Is the resource under the direct control of the
Certification Body?”– see clause 6.2.1) If the documentation linking the other department or its personnel to the
Certification Body does not meet the requirements called out under clause 6.1.3, or if the Certification Body cannot provide evidence that the additional requirements stated under clause 6.1.2 are met for the personnel in question, then the actions taken by the Certification Body are considered “Outsourcing,” and the Certification Body must demonstrate that it complies with the requirements related to Outsourced activities.
ISO/IEC 17065:2012 Explanations (7.3.2) A client has asked us to certify a new product which we have not
certified before, but this new product is somewhat similar to ones we have been certifying in the past. How do we determine whether or not we have “prior experience” with the new product we are being asked to certify? CB should compare the new product to old products by examining the
certification schemes (if different), the technologies, the required evaluation techniques/activities, and the technical knowledge of its own resources.
The NOTE under this clause gives excellent guidance to the CB If the certification body determines that the new product is sufficiently
similar, no records are needed The Certification Body may be asked to explain its rationale in determining
that the new product is of the same type as ones that were previously certified
If the assessor can justify that a certification was not “of the same type” as certifications previously granted, a deficiency may be written
ISO/IEC 17065:2012 Explanations (7.3.3) What type of records are required to justify our organization’s
competence and capability to perform a certification we have not performed before (such as called out in clause 7.3.2)? A2LA does not specify what form a record must take However, the records must show that an analysis was performed
(comparison of scheme requirements, competencies of its resources, verification that the CB is capable of performing the certification activities)
Records should be sufficiently detailed such that the assessor can reasonably reach the same conclusions as the CB
If insufficient information for undertaking the new certifications is presented, or evidence that the certifications were improperly granted, a deficiency may be cited
ISO/IEC 17065:2012 Explanations (7.12.3) The certification scheme operated by my organization requires that
we re-evaluate products on a four month cycle. Does the language in this clause mean that we only have to keep records for 8 months total, in order to meet the “current and previous” cycle requirement? Clause 8.4.2 - Certification Body’s procedures for record retention must be
consistent with any contractual and legal obligations. Those legal and contractual obligations would take precedence over the
shorter retention cycle given in the example above. Above and beyond any legal or scheme obligations for record retention,
A2LA requires that the accredited (or applicant) organization must keep copies of records for the entire time period between on-site assessments
Legal and scheme obligations may require longer retention periods, but under no circumstances may the Certification Body dispose of records in any shorter time period
ISO/IEC 17065:2012 Explanations (7.13.7) How should my organization demonstrate compliance to this clause if we
receive an anonymous complaint? It may not be possible for a certification body to give a formal notice of
complaint resolution to the complainant (e.g. complaint is received anonymously, complainant does not leave contact info, complainant changes contact information such as being dismissed from an employment position).
Possible evidence could include records of attempted emails with read receipts, phone logs, voicemails, certified postal mailings, or generalized resolution notices to alternate persons that are known to be related to the original complainant.
These examples are not intended to be all-inclusive, nor are they mandatory actions that must be undertaken by the Certification Body.
Ultimately, the Certification Body must show evidence that they have done reasonable due diligence in attempting to contact or locate the original complainant
In all cases, records of attempts to contact must be kept as required by clause 7.13.1.
ISO/IEC 17065:2012 Explanations (8.3.1) What does A2LA consider to be “External documents” that my
organization must control under our document control procedures? Current versions of the normative documents (e.g. test methods) that are
vital to maintaining their accreditation and to perform their certification activities.
These documents include ISO/IEC 17065:2012 General A2LA policy documents Any specific A2LA program requirement documents relating directly to their
field of accreditation
A2LA does not consider “terminology documents”, such as ISO/IEC 17000 and the VIM, to be normative documents that an organization must control within their system
Example on next slide
ISO/IEC 17065:2012 Explanations (8.3.1) Telecommunications Certification Bodies (TCB) would be expected to
possess (or have direct access to) and have under its document control system current versions of the following A2LA documents: R307 - General Requirements - Accreditation of ISO-IEC 17065 Product
Certification Bodies P101 - Rules for Making Reference to A2LA Accredited Status R102 - Conditions for Accreditation R308 - Specific Requirements - 17065 - Telecommunication
Certification Body Accreditation Program Furthermore, such a TCB would be expected to control copies of all test
methods (e.g. ANSI C63.4, FCC Rule Parts) called out in the schemes on their scope, as well as copies of the schemes themselves
ISO/IEC 17065:2012 Explanations (8.5.1.1) I am a Certification Body getting ready to apply for accreditation
to ISO/IEC 17065, do I have to perform a complete Management Review before I can become accredited? A2LA assessors will look for evidence during the on-site assessment
that a complete management review has been conducted in accordance with their documented procedure and pre-determined schedule (8.5.1.1).
If only a partial review has been conducted by the time of the on-site assessment, a deficiency will be cited and the full review must be completed before initial accreditation can be granted.
ISO/IEC 17065:2012 Explanations (8.6.1)
I am a Certification Body getting ready to apply for accreditation to ISO/IEC 17065, do I have to perform a complete Internal Audit before I can become accredited? A2LA assessors will look for evidence during the on-site assessment
that a complete internal audit has been conducted in accordance with their documented procedure (8.6.1) and pre-determined schedule (8.6.3).
If only a partial audit has been conducted by the time of the on-site assessment, a deficiency will be cited and the internal audit must be completed before initial accreditation is granted.
ISO/IEC 17065:2012 Explanations (8.6.1) My internal audit process consists of only completing the A2LA
C309 checklist – is this sufficient to demonstrate a complete internal audit? Not necessarily A CB must provide evidence that their internal audit consists of at least
the following: Determination of compliance with all ISO/IEC 17065 requirements Determination of compliance with all policies, procedures,
instructions, etc. that form its management system Review of all Certification Process steps (i.e. application,
evaluation, review, decision, certification documents, and surveillance, where applicable)
Determination of compliance with all relevant A2LA policies and requirements (e.g. “Ad Policy” / use of Accredited mark)
ISO/IEC 17065:2012 Explanations (8.6.1)
My Scope of Accreditation includes multiple product types under a larger scheme. Does my internal audit have to include every product type on my Scope? Review of records related to each Product Type on the organization’s
Scope of Accreditation must be included in their Internal Audit to ensure that the management system is being properly implemented across all certifications
The Internal Audit is considered incomplete if the organization fails to include each Product Type during its internal audit
ISO/IEC 17065:2012 Explanations (8.6.3) What does the standard mean when it says that my internal audit
shall “normally” be performed at least once every 12 months? Language of the standard states that the certification body may choose to
“Reduce or Restore” the frequency - A2LA currently does not permit a schedule which extends beyond the 12 month period specified by the standard (e.g. 8 month audit schedules are permitted, but not 16 months)
CB’s initial internal audit schedule can/should show that internal audits will be performed once in a 12 month period (or over a rolling 12 month period)
If more frequent audits are needed (feeling or evidence), do not hesitate to adjust the schedule accordingly
Any changes to the schedule (including restoring to the maximum 12 month time frame), as well as the rationale behind the decisions to change, must be documented and kept as a formal record
Changes must be supported by records that demonstrate ongoing stability and effectiveness of the management system
ISO/IEC 17065:2012 Explanations (8.6.4.d) What does the standard mean when it states that my
organization must ensure that any actions resulting from our internal audits are taken in a timely and appropriate manner?
A2LA cannot define what “timely and appropriate” means for its certification bodies. The intent of this clause is for the organization to take action as soon as they are able, in order to ensure that the organization’s quality system is running smoothly, and that the certifications being offered are not negatively impacted. An assessor may cite a deficiency if there is evidence that the quality system or offered certifications are being affected by lack of action on an internal audit finding. The certification body is still responsible for meeting all requirements related to corrective actions (section 8.7) and preventive actions (section 8.8) when acting upon their internal audit findings.
Proposed Explanations
From A2LA PCAC Meeting (April 4, 2014)Clause 4.3.1 – define what is “adequate” in terms
of insuranceClause 4.4 – pricing and discrimination (expedite
fees)Clause 7.6.4 – clarification of applicability to clause
7.6.3Clause 7.9.1 & 7.9.3 – scheduling and other details
of surveillance activities
Common TCB Assessment Deficiencies
ISO Guide 65:1996
012345678
4.1
4.2
4.3
4.4
4.5
4.6
4.7
4.8
4.9
4.10 5
5.1
5.2 6 7 8
8.1
8.2 9 10 11 12 13 14 15
FCC IC IDA HK JP
TCB QM
IAF
A2LA
2011
2012
2013
Common TCB Assessment Deficiencies
ISO/IEC 17065:2012
012345678
4.1
4.2
4.3
4.4
4.5
4.6
5.1
5.2
6.1
6.2
7.1
7.2
7.3
7.4
7.5
7.6
7.7
7.8
7.9
7.10
7.11
7.12
7.13 8.
18.
28.
38.
48.
58.
68.
78.
8
Sheme
A2LA
TCB QM
17065
Implementing FCC KDB Revisions (April 2014)
FCC KDB 668797 – TCB Checklist
FCC KDB 610077 – TCB Post Market Surveillance
FCC KDB 641163 – TCB Program Roles & Responsibilities
Questions?
Mike Buzard – Senior Accreditation Officer- Email: [email protected] Phone: 240 575 7484
Adam Gouker – Accreditation Manager- Email: [email protected] Phone: 301 644 3217