TG TRANSITIONAL GUIDELINES FOR ISO/IEC :2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES

Transcription

1 TRANSITIONAL GUIDELINES FOR ISO/IEC :2015, ISO 9001:2015 and ISO 14001:2015 CERTIFICATION BODIES Approved By: Senior Manager: Mpho Phaloane Created By: Field Manager: John Ndalamo Date of Approval: Date of Implementation: SANAS Page 1 of 23

2 CONTENTS 1. Purpose and Background SANAS Transitional Assessments Changes to the Certificate and Schedule of Accreditation Overview of Changes in Requirements Existing Guidelines and Explanatory Documents... 5 Appendix A: Cross references between ISO/IEC 17021:2011 and ISO/IEC : Appendix B: Cross references between IAF MD5:2013 and IAF MD5: SANAS Page 2 of 23

3 1. Purpose and Background The purpose of this technical guidance document is to describe SANAS approach regarding the processes of handling transition to, and effective implementation of ISO/IEC :2015 together with ISO 9001:2015 and ISO14001:2015. The new ISO/IEC :2015 standard was published on the 15 th June 2015 and will replace ISO 17021:2011. The agreed transition period is 2 years from the date of publication and IAF information document ID11:2015 provides further details in this regard. This means that all Management Systems Certification Bodies will need to have successfully transferred to the new standard within 2 years from the publication date. Furthermore, the IAF has also published the mandatory document MD5:2015 on the 09 th June 2015 for the determination of audit time of quality and environmental management systems. SANAS has made an effort to identify the changes in both the ISO/IEC :2015 and IAF MD5:2015 and this gap analysis is appended to this document. SANAS has communicated transition notifications of both ISO 9001:2015 and ISO 14001:2015 in SANAS newsletter issues 10 of January 2015 and 14 of June 2015, respectively. Both IAF ID9:2015 and IAF ID10:2015 can be consulted for further information in this regard. As has been widely communicated in these newsletters, SANAS recognizes that these transitions will need to take place simultaneously. It is in this view that the guidelines contained herein should support a smooth transition process. 2. SANAS Transitional Assessments 2.1 Transitional assessments shall consist of at least an evaluation of the Certification Body s (CB) documented system in line with the new ISO/IEC : These transitional assessments will be performed as far as possible with the scheduled annual assessments in order to avoid extra costs for the CB. 2.3 The following transitional provisions shall apply for the effective implementation of ISO/IEC :2015: i) SANAS shall conduct all initial assessments in line with the requirements of ISO/IEC :2015 from 15 January 2016; ii) All assessments scheduled to take place after 15 April 2016 for accredited CBs will also be conducted against ISO/IEC :2015; iii) All findings raised against ISO/IEC :2015 during the two (2) year transitional period prior to the 15 th June 2016 will be handled as detailed observations, where submission of corrective actions to SANAS will not be required; iv) All findings raised against ISO/IEC :2015 for the transitional period between 15 June 2016 and 15 June 2017 shall be handled as non-conformances, where the submission of corrective actions to SANAS will be required; and v) As from 15 December 2016, SANAS will not accept applications of extension to scope to ISO/IEC 17021: SANAS Page 3 of 23

4 2.4 All accredited certification bodies shall submit their transition action plan to SANAS by no later than 31 December The action plan must demonstrate how the CB has analysed the new standard and its implications to their management system and operations. The action plan shall also indicate how the CB will effectively implement all the changes, system and technical, needed to comply before the transition date. As a minimum the plan should include: i) All specific actions to be taken to implement the changes; ii) The timelines and milestones for completion of actions; iii) The persons responsible for the actions; iv) Ways to measure progress, implementation, effectiveness and completion of the actions. 2.5 All records and documented changes in line with the new standard will be assessed during the scheduled annual visits and records shall demonstrate the following as a minimum: i) the internal audit and management review findings are aimed at ensuring effective implementation of ISO/IEC :2015; ii) the actions in the CB s established transition plan are adhered to and monitored to ensure timely transition; iii) the necessary changes made to documentation are implemented; and iv) all changes are implemented in all fixed-office locations/branches, where applicable. 2.6 As for the ISO 9001:2015 and ISO 14001:2015 transitions, SANAS intends to conduct transitional assessments at the same time of the CB s annual surveillance or re-assessment visit. It is therefore important to incorporate transition arrangements for these standards in the transition action plan as required in 2.4 above. This way, much of the transition assessment efforts can be incorporated into existing assessment time. 2.7 In all cases mentioned above, witnessing activities will form part of the transition process and these will take place as per the annual witnessing programme. In line with projected timelines indicated under 2.3 above, auditors witnessed will be expected to demonstrate the necessary changes made to the CB s management system and processes. As for the ISO 9001:2015 and ISO 14001:2015 transitions, witnessing activities will confirm whether CB s clients are implementing the requirements of these new standards. 3. Changes to the Certificate and Schedule of Accreditation 3.1 Once the CB has demonstrated successful transition and effective implementation of ISO/IEC :2015 and the decision by the SANAS Approval Committee is for the continuation / maintenance / renewal of accreditation, the Certificate and Schedule of Accreditation will be adapted to reflect accreditation to ISO/IEC : Once the CB has demonstrated successful transition and effective implementation of ISO 9001:2015 and ISO 14001:2015 and the decision by the SANAS Approval Committee is for the continuation / maintenance / renewal of accreditation, the Schedule of Accreditation will be adapted to reflect authorisation to certify to ISO 9001:2015 and ISO 14001:2015. SANAS Page 4 of 23

5 3.3 The effective date on the certificate will be the date of the Approval Committee s decision to grant accreditation to the new standard. 3.4 It is important to note that the three (3) year assessment cycle will remain unchanged, i.e. a 3 year cycle will not automatically commence on the date of accreditation to ISO/IEC :2015. This will only happen in the case of initial and reassessments. 4. Overview of Changes in Requirements Appendix A of this document contains a summary of significant changes in ISO/IEC :2015 as compared to the 2011 standard. This list can however not be considered a complete list of changes because some clauses are not new but have significantly changed in wording. It remains the responsibility of each CB to investigate which changes in the standard are relevant and include these in their transition plan. Appendix B of this document contains a summary of significant changes in IAF MD5:2015 compared to the 2013 version. This list can however not be considered a complete list of changes because some clauses are not new but have significantly changed in wording. It remains the responsibility of each CB to investigate which changes in the new version are relevant and include these in their audit duration calculations. Certification Bodies are expected to carry out their own gap analysis of the current ISO 9001:2008 and ISO 14001:2004 in comparison to ISO 9001:2015 and ISO 14001:2015 upon publication. 5. Existing Guidelines and Explanatory Documents SANAS P 32 SANAS R 03 SANAS R 04 Transition to new standards Nominated Representative and Signatories: Responsibilities, Qualifications & Approval Conditions for use of Accreditation Symbols, Reference to Accreditation and Combined Marks IAF has developed an informative/mandatory document so as to support continual application of the new requirements. SANAS Page 5 of 23

6 Appendix A: Cross references between ISO/IEC 17021:2011 and ISO/IEC :2015 KEY: Minor extension is not deemed critical and therefore not noted as changed. Where previous versions of referenced standards has change, they are also not included as standard changes. Forward Forward Minor extension Additional reference to competence requirements included Introduction Introduction Minor extension Includes updated references and purpose of the revised standard. 1. Scope 1. Scope Minor extension Additional note included 2. Normative references 2. Normative references No change Referenced standards updated 3. Terms and Definitions 3. Terms and Definitions Seven (7) new definitions included 3.1 Certified client No change 3.2 Impartiality Minor reduction Impartiality excludes actual or perceived 3.3 Management system consultancy Minor extension Management system consultancy note 2 extended to include types of information not considered as consultancy 3.4 Third-party certification audit Minor reduction Third party excluded 3.5 Client No change 3.6 Auditor No change 3.7 Competence No change 3.8 Guide No change 3.9 Observer No change 3.10 Technical area Minor expansion Terminology expanded to include intended results and additional note included Nonconformity New 3.12 Major nonconformity New 3.13 Minor nonconformity New 3.14 Technical expert New 3.15 Certification scheme New 3.16 Audit time New 3.17 Duration of management system audits New SANAS Page 6 of 23

7 4 Principles 4 Principles One (1) new principle added; Risk-based approach 4.1 General 4.1 General Minor expansion Principles for inspiring confidence includes risk based approach 4,2 Impartiality 4.2 Impartiality Minor expansion Additional information requiring internal and external personnel to be aware of the need for impartiality 4.3 Competence 4.3 Competence Minor expansion & 3 added to include competence support by the management system and implemented process for establishing competence criteria and the evaluation thereof. 4.4 Responsibility 4.4 Responsibility Minor reduction Client organization removed 4.5 Openness 4.5 Openness No change 4.6 Confidentiality 4.6 Confidentiality Minor reduction Proprietary information about the client is excluded 4.7 Responsiveness to complaints 4.7 Responsiveness to complaints No change 5 General Requirements 5 General Requirements 5.1 Legal and contractual matters 5.1 Legal and contractual matters Legal responsibility Legal responsibility 4.8 Risk-based approach New Risks associated that could affect certification competency, consistency and impartiality Certification agreement Certification agreement Extension Additional note regarding linked arrangements Responsibility for certification decision 5.2 Management of Impartiality 5.2 Management of Impartiality NA Certification bodies responsibility for impartiality (linked with ) Top management commitment to impartiality Publically accessible statement on importance of impartiality Responsibility for certification decision Extension Refusing, renewing and restoring following certification suspension is added New requirement SANAS Page 7 of 23 Certification body s responsibility, as opposed to a committee, for the impartiality of its activities and associated pressures that can compromise impartiality Top management commitment No change Top management commitment addressed under clause of the new standard and not clause as per ISO/IEC 17021: Policy on understanding impartiality Amended Publically accessible statement regarding impartiality is removed and replaced with the requirement to have a policy. (8.1.1 (f) requires it

8 5.2.2 Process for addressing conflict of interest (identification, analysis and documentation) Process for addressing conflict of interest (identification, analysis, evaluating, treating, monitoring and documentation) and related risks Top management review of residual risk Amended and new requirements New requirement to be public) (i) Process of addressing conflict of interest includes evaluation, treating and monitoring identified threats. (ii) Residual risks to be documented. (iii) Potential threats to be identified and demonstrated (internal and external threats to impartiality) Residual risk shall me reviewed by top management to determine levels of acceptable risk. Risk assessment New requirement Risk assessment in consultation with interested parties (balanced and no single interest predominates) NOTE 1 Threats to impartiality NOTE 1 Threats to impartiality Minor amendment Threats to impartiality addressed in terms of sources of threats not relationships NOTE 2 Interested parties New Explanation of interested parties that can form a committee approach NOTE 3 Consultation requirement New Committee approach can still be applied Threats imposed due to relationship (refer to above) No change Requirement not changed. Addressed together in clause Certifying another certification body s management system certification activities Offering management system consultancy Offering of internal audits to clients of the CB Certifying another certification body s quality management system Offering management system consultancy Minor amendment Minor amendment Management system certification activities changed to quality management system and any entity under organizational control of the certification body is included NOTE Information exchange New Note added to explain information exchange between certification body and client Offering of internal audits to clients of the CB New requirement Amended New Two year separation period recognised as a mitigating circumstance Expanded to include bodies under the CB s organizational control Internal audit offering to certified clients is stated explicitly as a significant threat to impartiality. SANAS Page 8 of 23

9 5.2.7 Certification of clients management system where relationship threats exist due to consultancy or internal audits Certification of clients management system where relationship threats exist due to consultancy or internal audits New requirement No change No change SANAS Page 9 of 23 One recognized mitigation stated explicitly in terms of a two (2) year separation period Minor amendment In line with clause and 5.2.7, a two (2) year separation period is recognised as a mitigating circumstance No change No change New requirement Recording of conflict of interests is included as a requirement 5.3 Liability and Financing 5.3 Liability and Financing No change Minor reduction The need for the Impartiality committee to review the income analysis has been removed 6 Structural Requirements 6 Structural Requirements 6.1 Organizational structure and Top Management Documenting organizational structure, duties, responsibilities etc. 6.1 Organizational structure and Top Management Documenting organizational structure, duties, responsibilities etc Certification activities structured to safeguard impartiality No change New requirement Top management Top management Amended and new requirement Formal rules of appointment Formal rules of appointment No changes 6.2 Committee for safeguarding impartiality (structure and activities) 6.2 Operational Control (and risk considerations) Major change and new requirements Processes and procedures relating to its operations is included in (a); (b) includes processes and a new requirement in (c) ensure impartiality. Committee for safeguarding impartiality has been completely removed. Effective control of certification activities is to be ensured (however)

10 and risks to be considered in terms of competency, consistency and impartiality Effective control New requirement Control of sites, agencies and franchisees Control activities New requirement Certification Body required to establish appropriate level and method of control activities Internal and external threats (refer to above) 7 Resource requirements 7 Resource requirements 7.1 Competence of management and personnel 7.1 Competence of personnel Amended Heading changed (management excluded) General considerations General considerations Minor expansion Skills added to competence requirements Determination of competence criteria Determination of competence requirements Minor rearrangement Minor Other considerations previously required have been included in clause and Reference to specific management system competence requirements or additional specifications has been amended to include reference to the ISO technical specification series) NOTE Technical areas NOTE Technical areas Amended Defining of technical area has been modified and examples removed Evaluation processes Evaluation processes Expanded Additional requirement included in terms of demonstrated competence prior to performing specific certification activities. NOTE Evaluation methods NOTE 1 Evaluation methods No change Other considerations Other considerations Additional functions requiring competence determination NOTE 2 Reference to Annex C New Reference to process flow example is included. Removed Access to technical expertise Access to technical expertise None Clause number change only 7.2 Personnel involved in the certification activities 7.2 Personnel involved in the certification activities Minor reduction Wording changed. Intent remains consistent No change No change SANAS Page 10 of 23

11 7.2.4 Selection of technical experts Familiarization of technical experts Minor amendment Selection replaced by familiarization No change No change Use of auditors/experts with demonstrated competence Removed NOTE Reference made to Removed Identification of training needs Identification of training needs Clause content same Minor expansion Includes refusing, restoring, expanding or reducing scope of certification Minor expansion Review and record competence included New requirement Monitoring of each auditor includes consideration for the type of management system to which the auditor is deemed competent Minor replacement Observation replaced with evaluation 7.3 Use of individual external auditors and external technical experts 7.3 Use of individual external auditors and external technical experts Minor amendment Independence from interests replaced with impartiality NOTE also re-worded. 7.4 Personnel Records 7.4 Personnel Records Minor reduction Personnel records for consultancy services that may have been provided is removed. 7.5 Outsourcing 7.5 Outsourcing Minor removal Two (2) notes are removed Minor expansion Added refusing, restoring, expanding or reducing the scope of certification No change Documented procedure for qualification and monitoring of providers of outsourced work Process for approval and monitoring of providers of outsourced work Minor amendment Process replaces procedures and approval replaces qualification 8 Information Requirements 8 Information Requirements 8.1 Publically accessible information 8.1 Public information Minor amendment Section title changed Audit processes publically available or upon request (a) to (f) Audit processes publically available New requirements Processes to be publically available without request and includes (a) audit processes and; SANAS Page 11 of 23

12 8.1.2 Information provided to marketplace and advertising Certificates granted, suspended or withdrawn to be publically accessible Confirmation of the validity of a given certification to any party upon request NOTE 1 Total information using different sources (b) conditions of certification (granting, refusing, maintaining, renewing, suspending, restoring, withdrawing, expanding and reducing) and; (c) types of management systems and certification schemes Information provided upon request Information upon request to include: (a) Geographic areas of operation, (b) any given certification status, (c) name, related normative document, scope and geographic location for a specific client Information provided to marketplace and advertising No change (refer to 8.1.2) Removed Certification status does not need to be publically accessible but can be provided upon request (refer to 8.1.2) Removed NOTE 2 Means of making information public NOTE 2 Information limitations NOTE 1 Information limitations 8.2 Certification Documents 8.2 Certification Documents Provision of certification documents Provision of certification documentation Minor amendment Reworded Effective date indicated on certificate not before decision Certification documentation shall identify (b) Effective date for granting, expanding, reducing, renewing not to be before decision Certification documentation shall identify Amended 8.3 Directory of certified clients Removed 8.4 Reference to certification and use of marks 8.3 Reference to certification and use of marks Additional note added explaining specifics of certificate dates corresponding with certification cycle period Minor amendments Rules replaces Policy ; Mark expanded to management systems third party mark. Seen by SANAS Page 12 of 23

13 customer is deleted Amendment Includes that the CB does not permit marks be applied by certified clients on reports and certificates Rules governing the use of any statement on packaging/product New The certification body shall have rules governing how information is accompanied with product labelling and packaging. Additional references are to be included Amended The CB shall through legally enforceable arrangements ensure that the certified (d) client discontinues use of advertising etc. and; (g) does not imply that certification applies to activities and sites outside the scope of certification Confidentiality 8.4 Confidentiality Policy and arrangements for safeguarding confidentiality of information The certification body s responsibility for management of all information Amended No change No change Responsibility is assigned to the certification body for management of all information obtained or created Minor amendment Expanded to include or authorized by contractual arrangements (such as with the accreditation body) No change Minor expansion Except as required by law Availability and use of equipment and facilities Processes and applicable equipment and facilities for secure handling Amended NA Removed 8.6 Information exchange between a certification body and its clients Information on the certification activity and requirements 8.5 Information exchange between a certification body and its clients Information on the certification activity and requirements Amended The certification body shall have processes and where applicable equipment and facilities to secure handling of confidential information (a) Includes refusing, expanding or reducing the scope of certification, renewing and restoring certification. (d) Prospective is removed SANAS Page 13 of 23

14 Minor removal Note removed regarding contractual arrangements Minor change Certification body shall take appropriate action when required. Note removed regarding a model license. 9. Process Requirements 9. Process requirements New and amendments Restructured SANAS Page 14 of 23 Process requirements addressed under different clauses is surveillance, recertification, special audits and suspension/withdrawal/reducing scope 9.1 General Requirements 9.1 Pre-certification activities New Pre-certification activities includes application; application review; audit programme; determining audit time; multi-site samplings and; multiple management systems Application New Application review New Audit programme Audit programme Minor amendment The audit programme for the certification cycle shall cover the complete management system requirements Annex F Amendment Audit programme differentiated for the initial certification cycle and subsequent cycles. Note included with additional considerations New Surveillance audit considerations Minor amendment Sufficient evidence requirements and examples Consideration when client operates shifts Determining audit time Multi-site sampling Multiple management systems standard New New Audit programme

15 9.1.2 Audit plan 9.2 Planning audits Restructured/amended Planning of audits includes requirements addressing the determination of audit objectives scope and criteria; audit team selection and assignments; audit plan General Removed Determining audit objects, scope and criteria Determining audit objectives, scope and criteria No change Preparing the audit plan (refer to ) Removed Requirements addressed in different clause Audit team selection and assignments Audit team selection and assignments Amended Includes audit team competences as identified in No change No change No change No change Audit plan General Preparing the audit plan No change Communication of the audit team tasks No change Communication of the audit plan No change Communication concerning audit team members No change Determining audit time (refer to above) Addressed in different clause. NOTE 1 and 2 included Multisite sampling (refer to above) Minor amendment Addressed in a different clause. Covers various geographic locations. Sampling limitations included Communication of audit team tasks (refer to above) Communication concerning audit team members (refer to above) SANAS Page 15 of 23

16 9.1.8 Communication of audit plan (refer to above) Conducting on-site audits 9.4 (refer to relevant clause number) General (refer to relevant clause number) Conducting the opening meeting (refer to relevant clause number) Communication during the audit (refer to relevant clause number) Observers and guides Observers, technical experts and guides Collecting and verifying information Obtaining and verifying information Identifying and recording audit findings (refer to relevant clause number) Preparing audit conclusions (refer to relevant clause number) Conducting the closing meeting (refer to relevant clause number) Audit report (refer to relevant clause number) Cause analysis of nonconformities (refer to relevant clause number) Effectiveness of corrections and corrective actions (refer to relevant clause number) Additional audits (refer to relevant clause number) Certification decision (refer to relevant clause number) Actions prior to making a decision (refer to relevant clause number) 9.2 Initial Audit and certification Application (refer to relevant clause number) New Necessary information required includes e) whether consultancy relating to management system to be certified has been provided and if so, by whom Application Review (refer to relevant clause number) Amended/reduced Application review does not address audit team appointment, team composition and appointment of certification decision maker. 9.3 Initial Certification Initial certification includes requirements for initial certification audit; Stage 1; Stage 2 and: Initial certification audit conclusions. SANAS Page 16 of 23

17 9.2.3 Initial certification audit Initial Certification audit Minor reduction New standard requirements does not require linkage between documents/requirements General Stage 1 New requirement Planning shall ensure objectives of stage 1 can be met. Note: Stage 1 does not require formal audit report. Set objectives for stage 1. (d) levels of control included. (f) possible significant aspects changed to management systems standards or other normative documents Stage 2 Amended (c) Legal compliance is replaced by meeting of statutory, regulatory and contractual requirements. Point (g) of old standard deleted Initial certification and conclusions No changes Information for granting initial certification 9.4 Conducting audits Changes General Conducting the opening meeting Communication during the audit Obtaining and verifying information Identifying and recording audit findings Minor amendment Audit findings summarizing conformity and detailing nonconformity shall be identified, classified and recorded Preparing audit conclusions Minor amendment Under the responsibility of the audit team leader, the audit team shall prepare together Conducting the closing meeting Audit report Changes Audit report requirements to include: any audit plan deviations; significant impacts; significant changes; disclaimer statement; audit team recommendation; client controlling use of certification documentation SANAS Page 17 of 23

18 and marks; verification of effectiveness of corrective actions and previous nonconformities Cause analysis of nonconformities Effectiveness of corrections and corrective actions 9.5 Certification Decision ) Audit report contents to include a statement of conformity; a conclusion on appropriateness; and confirmation of audit objectives being fulfilled General Changes Competence of appointed certification decision makers Actions prior to making a decision Information for granting initial certification Information for granting recertification 9.6 Maintaining certification General Surveillance activities Changes ) Decision makers to be employed or under enforceable arrangements under body/organization control ) Recording of certification decision and additional information requirements ) Verification of corrective actions after stage 2 audit requirements apply and; ) Transfer of certification process requirements included Recertification Changes ) Time limits to be defined ) Expiry date of existing certification on successful completion ) Circumstances for recertification not recommended or extended SANAS Page 18 of 23

19 9.6.4 Special audits Suspending, withdrawing or reducing the scope of certification 9.3 Surveillance activities 9.6 (refer to relevant clause number) 9.4 Recertification 9.6 (refer to relevant clause number) 9.5 Special audits 9.6 (refer to relevant clause number) ) Restoration requirements where certification has expired or outstanding conditions are fulfilled 9.6 Suspending, withdrawing or reducing the scope of certification 9.6 Maintaining certification 9.7 Appeals 9.7 Appeals No changes 9.8 Complaints 9.8 Complaints No changes 9.9 Records of applicants and clients 9.9 Client records Minor amendment 9.9.1) Maintenance of records of: applicants, organizations audited, certified, suspended or withdrawn 10 Management System requirements for certification bodies 10 Management System requirements for certification bodies 10.1 Options 10.1 Options Option 1 and 2 is now revised and named Option B and A respectively (i.e. swop options) 10.2 Option 1: Management System 10.2 Option A: General Management System requirements General Management System Manual Control of documents Control of records Minor amendments Management review Changes ) Review inputs expanded to include additional requirements Internal Audits Corrective actions SANAS Page 19 of 23

20 requirements in accordance with ISO General No changes Scope No changes Customer focus No changes Management Review No changes 10.3 Option 2: General management system requirements General (refer to relevant clause number) Management system manual (refer to relevant clause number) Control of documents (refer to relevant clause number) Control of records (refer to relevant clause number) Management review (refer to relevant clause number) Internal audits (refer to relevant clause number) Corrective actions (refer to relevant clause number) Preventative actions Removed Annex A Annex A Required knowledge and skills has combined auditing and leading the audit team. Additional clauses A.2 to A4.4 where A.2) competence req for MS auditors; A3) for personnel reviewing audit reports and making certification decisions; A4) Competence requirements for personnel conducting the application review to determine the audit team competence required, to select audit team members and determine audit time. Annex B Annex B Possible evaluation methods is informative Annex C Annex C Example of process flow for determining and maintaining competence is informative Annex D Annex D Desired personal behaviors is informative Annex E Annex E Minor rearrangement of flow chart indicating the audit and certification process Annex F Removed Bibliography Bibliography Updated SANAS Page 20 of 23

21 SANAS Page 21 of 23

22 Appendix B: Cross references between IAF MD5:2013 and IAF MD5:2015 CLAUSE IAF MD5:2013 CLAUSE IAF MD5:2015 Change /Status Nature of change/comment TITLE Title: IAF Mandatory Title: Determination of audit Changed Changed wording, i.e. Document for Duration time of Quality and IAF MANDATORY to Determination of QMS and EMS Audits Environmental System duration to audit time Introduction Points 0.4 and 0.5 replaced Abbreviations of QMS and EMS to full words Introduction Changed Reworded Change audit duration to audit time Changed procedures to processes Added sentence number 0.1, the correct determination of the audit time.. Changed to (information about raising non-conformances in accordance with MD5 does not lead to non-conformance against ISO17021 has been removed) 1 definitions 1 definitions Changed (definitions increased from 5 to 11) Added client organization permanent site virtual site duration of management system certification audits audit Duration changed to audit time auditor day changed to audit day added Risk category (QMS only) 2 Application 2 Application Same Note removed and source of reference included. 2.1 Audit Duration 2.1 Audit time changed Paragraph has been broken into numbers Rephrased sentences Added Travel and any breaks are not included in the on-site duration of management system certification audits CLAUSE IAF MD5:2013 CLAUSE IAF MD5:2015 Change /Status Nature of change/comment 2.2 Auditor days 2.2 Audit days Changed Added new points : Points 2.2.2; 2.2.3; Added note1 and note 2. Take into consideration high risks and low risk 2.3 Effective number of personnel 3 Methodology for determining audit duration 2.3 Calculation of the effective number of personnel 3 Methodology for determining audit time of management system Change Changed Re-phrased and added more points (subheadings) Part time personnel and employees partially in scope Repetitive process within scope Shift work employees Temporary unskilled personnel Note included reference to Annex E SANAS Page 22 of 23

23 3.1 same 3.1 changed Added note and removed the word solely 3.2 same 3.2 same same 3.3 same 3.2 same same Changed Changed contract review to application review Made cannot bold Remove second sentence where product or service realization process Removed second sentence the cab should exercise. 3.7 Audit duration changed to audit time Changed audit duration to audit time and added observers to the sentence (Audit time shall not include) 3.9 Same 3.9 same Same same 4 Initial audit duration (stage1 plus stage 2) 4 Initial management systems certification audits (stage 1 plus stage2) Changed Re-phrased and added statements CAB shall provide audit time determination and justification as part of the contract 5 Surveillance 5 Surveillance Same Changed audit duration to audit time 6 Recertification 6 Recertification Same Audit duration changed to audit time Added Note CLAUSE IAF MD5:2013 CLAUSE IAF MD5:2015 Change /Status Nature of change/comment 7 Individualized second and subsequent certification cycles 7 Individualized second and subsequent certification cycles Same No change 8 Factors for adjustments of audit time of management systems (QMS AND EMS) 8 Factors for adjustments of audit time of management systems (QMS AND EMS) Changed Audit duration changed to audit time, numbered sub-section, points i to iv Added new information under the points Added note 1 9 Temporary sites 9 Temporary sites Same Same 10 Multi-site audit duration 10 Audit time of a Multi-site management system 11 Added Control Of Externally Provided Functions Or Processes (Outsourcing) ANNEX A Note 1 explained further, added note 3 Figure QMS 1 Same TABLE QMS 2 New EXAMPLE OF RISK CATEGORIES ANNEX B Same TABLE EMS 2 Same SANAS Page 23 of 23