Certification process

1 Procedure for processing the service

Table of contents

1.1 Information meeting

On request, the Swiss Safety Center certification bodies will conduct an information meeting with the company interested in certification before the order is placed. The following points, among others, can be discussed:

  • The aim and benefits of certification,
  • basic requirements for certification,
  • Procedure of the certification process,
  • basis of the standard, verification level, scope of application,
  • expected costs,
  • expected dates.

1.2 Contract conclusion

The order for the provision of services is placed by the client by countersigning the offer signed by the certification body.

For certifications according to special standards, we need additional data from you as a basis for calculating the certification costs and preparing the quotation. For example, for automotive suppliers (ISO/TS 16949), food producers (BRC, IFS) or medical products (Directive 93/42/EC). You will receive a questionnaire enclosed, which you must complete truthfully and return to us. The questions include information such as company size, activity, shift work and risk categories.

1.3 Organisation and preparation

The client can find a checklist for individual assessment and preparation for a Swiss Safety Center Audit on their homepage. The client is free to edit the list.

In addition, the client receives a form on which the information required for the certificate is entered in the desired languages - in particular the scope of application. The completed form should be available at the time of the audit to enable the certificate to be issued without delay.

Furthermore, the auditors are appointed. It is ensured that the auditors have not performed or will not perform any consulting activities regarding the establishment of a management, product or personal certification system for the commissioning client for at least three years before the planned audit and one year after the certificate is issued. This complies with the requirement for independence of the certification body and the auditors.

If particular, specialised problems need to be solved in order to assess the system or in the regulated area (where EC directives or regulations exist), an appropriate technical expert is called in. The auditor we appoint has the relevant expertise and experience in their field.

In principle, it is possible for the team of auditors to consist only of the audit manager. The decision is made by the head of the certification body for management systems. The criteria for using only one auditor are the type and size of the company and the complexity of the procedures, e.g:

  • Craft or small businesses with a small number of employees,
  • Production or service consists of simple and straightforward manufacturing or services,
  • the degree of organisation is an uncomplicated vertical structure with a small number of managers.

This is always a case-by-case decision by the head of the Swiss Safety Center certification body for management systems, but is based on the specifications of the accreditation body. The reasons are documented and submitted for the certificate application at the latest. The auditor appointed is always the lead auditor.

When awarding the contract, the customer has the right to reject one or more nominated auditors. At the customer's request, the customer will be informed of the certifications in which the members of the audit team have participated in the last two years prior to the planned audit date.

The Swiss Safety Center certification body points out that the higher-level accreditation body can send 'assessors' and 'assessors in training' to the audits at any time.

1.4 Pre-audit (optional)

Pre-assessments can be arranged by the certification body. These include:

a)  Assessment of the management system on the basis of submitted documents. The purpose of this pre-assessment is to identify weaknesses in the description of the management system in comparison with the requirements of the applicable standard. The client receives a report on the result of the pre-assessment.

b)   Carrying out a pre-audit.
The purpose of this pre-audit is to identify weaknesses in the implementation of the management system. The scope of the pre-audit is determined in consultation with the client. The pre-audit is usually carried out by an auditor who should preferably be a member of the audit team for the certification audit. The results of the pre-audit must be communicated to the client in the form of findings in the final meeting. In addition, the client receives a pre-audit report.

The services under a) and/or b) can be commissioned as required, but are not necessarily a prerequisite for the successful implementation of the certification procedure. The pre-audit must not take on the character of a consultation in the sense of setting up the system, neither in terms of the time spent nor in terms of content. This would mean that the independence for certification would no longer be given. The client cannot derive any entitlement to certification from the performance of a preliminary assessment of the management system documents or a preliminary audit. Instead of a pre-audit, we recommend carrying out an internal audit.

1.5 Audit stage 1: Providing and analysing the system documentation

The Stage 1 audit determines whether the organisation is ready for an on-site audit. This is intended to avoid unnecessary costs. This audit usually takes place at the location of the organisation to be certified.

The stage 1 audit comprises the following activities:

  • The valid management system documents of the client (management manual and any other applicable documents such as process descriptions, work and test instructions) are checked by the auditors for fulfilment of the agreed standard requirements, taking into account the scope of application. The basis for this is the Swiss Safety Center audit questionnaire.
  • Familiarisation with the premises so that special conditions can be taken into account in the audit schedule for the Stage 2 audit.
  • Obtain information about the applicable laws and guidelines.
  • Ensure that the internal audits and management review are carried out in accordance with the requirements.
  • Plan audit focus areas based on existing activities and risks.
  • Plan the personnel and time requirements for the Stage 2 audit (audit schedule).

 

The client receives a report.

There must be no more than 6 months between the Stage 1 audit and the Stage 2 audit.

If the management system documents do not fulfil the requirements, an additional discussion on the further procedure or a pre-audit can be arranged at the request of the client.

For certification in accordance with ISO 14001, the following areas in particular are checked in the Stage 1 audit:

  • the environmental aspects developed and the associated effects on the environment as well as the definition of the significant environmental aspects,
  • the overview of the legal requirements (incl. authorisations, etc.),
  • the planned measures for continuous improvement,
  • the structure and effectiveness of the internal audit process,
  • the documentation,
  • the planned steps for implementing the management system up to the certification audit.

For individual certifications, e.g. for BRC and IFS, the audit stage 1 is covered on the one hand by the questionnaire and on the other hand by the evaluation of the documentation on site.

1.6 Audit planning and audit programme

Audit planning is carried out by the lead auditor on the basis of the client's system documentation and the organisational and operational structure contained therein. The lead auditor draws up an audit programme for the certification audit, which is agreed with the client.

Swiss Safety Center reserves the right to charge 30% of the agreed time on site if audit appointments are cancelled at short notice, i.e. less than 2 weeks before the audit.

The audit planning of product certification audits is based on the respective standard.

1.7 Audit stage 2: Certification audit at the client's company

The certification audit is conducted by one or more auditors (lead auditor, second auditor, experts, etc.).

As part of the audit in the company, the auditors check and evaluate the effectiveness of the management system introduced. The basis is the verification level of the agreed (standard) requirements. The Swiss Safety Center audit question list serves as a guideline and the auditors are obliged to carry out further interviews and investigations tailored to the specific activities of the organisation, insofar as these are related to the (standard) requirements.

The company's task during the audit is to demonstrate the practical application of its documented procedures and their effectiveness.

The auditors' task is to examine the practical application of the documented procedures and assess whether they fulfil the (standard) requirements. The benefits of the system and its effectiveness are also discussed.

At the end of the audit, the client is informed of the results of the assessment in a final meeting. Deviations are explained on the basis of the available deviation reports, which are countersigned by the company's audit representative.

If the requirements for the award of a certificate are not met, the client must take appropriate measures for improvement. The effectiveness of these measures must be analysed in a follow-up audit.

The dates for the completion of any necessary corrective measures to be defined and implemented by the company are agreed jointly.

Finally, the client receives a comprehensive audit report with any deviation reports, notes and recommendations as well as the auditors' assessment.

If such serious deviations become apparent during a certification audit that the auditors cannot make a recommendation to issue a Swiss Safety Center certificate, the audited organisation will be informed immediately. It then has the option of cancelling the certification audit or continuing it as a pre-audit. If the company decides in favour of the pre-audit route, the further procedure will be agreed with the company. The audit documentation is prepared in agreement with the company. The costs for the new certification audit are based on the valid price list. The company will be charged at least the costs incurred up to the cancellation (including the report).

The audit process for the various certifications is illustrated in the appendix.

1.8 Post-audit

Follow-up audits are required to examine the fulfilment of scheduled deviations or if this is necessary due to extraordinary events, e.g. due to complaints or incidents and accidents.

If follow-up audits are required for parts of the management system, the date for the follow-up audit is set.
audit is set. The audit manager is responsible for putting together the audit team for the follow-up audit. In this case, the certification procedure is suspended until these deviations have been rectified. The audit manager decides whether the follow-up audit is to take place on site at the organisation or by correspondence. The documentation of the follow-up audit is carried out in the same way as for the certification audit. The re-audit is remunerated on a time and material basis in accordance with the current price list. The end of the certificate's validity is determined by the date of the positively completed follow-up audit.

1.9 Granting of certificates

1.9.1 Certificate

At the suggestion (audit report) of the Swiss Safety Center team of auditors, the certification body manager decides on the granting of the certificate; in the case of individual standards, the owner of the standard or a designated representative decides.

For this purpose, an audit report with any audit deviation reports and the auditors' assessment are submitted to the certification body manager with the application.

The Swiss Safety Center certificate is generally valid for three years from the last day of certification or recertification at the company's site, provided that the surveillance audits are carried out with positive results. In special justified cases or at the request of the client, a shorter interval for the surveillance audits can be agreed. In special cases, a new certificate is issued annually.

Before the validity period expires, recertification must be carried out in the company to extend the validity of the certificate for a further certification cycle.

The granting of the certificate and the certificate validity period depend on the specific requirements of the respective standard. (e.g. BRC Global Standard Food).

The Swiss Safety Center certification body has the fundamental right to schedule an audit at short notice in the event of justified suspicion of significant changes to the organisation or the management system that may affect the effectiveness of the system or the scope of the certificate.

 

1.9.2 Loss of the certificate

a)      Withdrawal of the certificate

Swiss Safety Center has the right to withdraw an issued certificate if:

  • the certificate is misused,
  • surveillance reveals that essential requirements that were met at the time the certificate was issued are no longer met,
  • due to complaints and/or other incidents, it must be assumed that the requirements of the rules on which the certificate is based are no longer fulfilled.
  • for all other reasons arising specifically from these conditions or formally agreed between the Swiss Safety Center certification body and the client.

 

b)     Suspension of the certification

If certification is suspended in accordance with the certification rules of the Swiss Safety Center, the certified party loses the right to use the mark. In such a case, existing documents, media etc. bearing the mark may still be used for a maximum of one month from the date on which the suspension of certification takes legal effect. The suspension can be granted for a maximum of 3 months, after which the certificate will be withdrawn. This also applies if the client applies for suspension. After a certificate has been withdrawn, re-certification is possible. However, an audit comparable to an initial certification must be carried out (which results in additional work compared to recertification).

c)       Revocation of the certification

If certification is revoked in accordance with the certification rules of the Swiss Safety Center, the certified party loses the right to use the mark. In such a case, existing documents, media etc. bearing the mark may still be used for a maximum of one month after the revocation of the certification becomes legally effective.

d)      Other loss of the right to use signs

The right to use the mark expires both on expiry of the validity date and in the event of wilful or grossly negligent infringement of the provisions of these regulations. If the right to use the mark expires, the user of the mark may continue to use existing documents, media and the like in which the mark is used for a maximum of one month from the date of expiry.

 

1.9.3 Certification mark

Holders of valid Swiss Safety Center certificates are granted the right to use the Swiss Safety Center certification mark when the certificate is issued. The mark may only be used for business purposes. This includes documents for business correspondence, advertising, leaflets, brochures, company cars, etc.

The following rules apply to the representation of the sign:

  • The mark may only be displayed in the form approved by the Swiss Safety Center and must be easily legible and clearly visible.
  • The mark must always include the standard according to which certification was obtained.
  • The mark may be displayed in the specified colour (Swiss Safety Center = black/red;      TÜV = blue) or in a different colour, but then only in one colour.

 

The holder of a Swiss Safety Center certification mark can also use the Swiss Certification (SAS) mark, but only in combination with the Swiss Safety Center certification mark.

The user of the mark shall ensure that the use of the mark in advertising or other measures is in accordance with these requirements. Use of the mark is restricted to legal entities and may not be transferred to third parties or successors or be the subject of an assignment or sale or any enforced measure without the authorisation of the Swiss Safety Center certification body.

The mark for certified management systems may not be used to label individual products or services, not even in close connection with the products in such a way as to suggest that the products or services themselves are certified.

The use of the mark is limited to the scope of the company's certification specified in the certification document.

The accreditation relates to the Swiss Safety Center.

1.10 Monitoring audits

Monitoring audits are generally due every 12 months. The date of the first monitoring audit following the initial certification may not be more than 12 months after the last day of the stage 2 audit. The exact date is agreed between the auditor and the client. The target date is calculated from the date of the last day of the stage 2 certification audit + 14 days (duration for preparing the audit report) and a multiple of 12 months.

When monitoring, the design of performance-oriented processes such as environmental performance, product and service quality have a higher priority than the design of administrative and organisational elements. Simply developing the management system further without improving performance does not fulfil the requirement of continuous improvement.

Random samples are taken in the following areas as part of the Monitoring audits:

the effectiveness of the management system in terms of achieving the objectives and realising the policy/strategy,

  • the assessment by management (management reviews),
  • internal audits,
  • evidence of continuous improvement in performance,
  • analysing the benefits and effectiveness,
  • the resolution of deviations,
  • the procedures for the periodic assessment of compliance with legal requirements,
  • changes to the management system and the organisation,
  • the correct use of the certification mark.

 

To enable the auditor from the Swiss Safety Center certification body to prepare, the client sends them the documents relevant to the random samples. These include the assessment by the management (management review), reports from internal audits and an overview of the changes to the system to be analysed.

Monitoring audits are usually carried out by an auditor. The client receives a written report.

Monitoring audits are carried out in accordance with the requirements of the respective standard.

1.11 Conclusion of contract for the subsequent period

In order to ensure a smooth service and to be able to optimally take the client's needs into account, contracts for recertification are discussed in advance during the last monitoring audit before recertification, which is usually the second monitoring audit.

1.12 Recertification

Recertification must be completed before the certificate expires.

During recertification, the effectiveness of the entire management system is randomly checked. The same principles apply as for the certification audit. The audit procedure corresponds to sections 3.2.1, 3.2.2 and 3.3.1 in this document.

The client shall send the valid manual to the auditor at least one month before the audit date, together with a list of all changes made.

As a rule, recertification is the most favourable time to change auditors so that new ideas can be introduced. This can take place after the first certification cycle, i.e. usually after three years, but should be considered after two cycles at the latest.

Following successful recertification, the certified organisation receives a new certificate. This remains valid for another three years, provided that the annual Monitoring audits are successfully completed.