Terms and Definitions
Glossary of Industry Terms
Download the PDF Version of this page
Terms and Definitions are designed to assist in understanding
the “language” of the certification/registration industry. Each definition
is based on the expertise and understanding of of SQA management. Should
any definition conflict with other definitions or interpretations contained
in other “official” requirements, the definition in the “official” requirement
takes precedence. In these cases, refer the question/conflict to SQA.
General Index:
-
Third-Party
Organizations
-
Requirements
-
Standards Nomenclature
-
Audit Planning
-
Certification
Activities
-
Certificate Issues
-
Reports
-
Compliance, Conformity, and Non-conformity Terms and Related Assessment
Actions
-
Accreditation
Body:
An organization authorized by a national government to grant
accreditation to certification bodies (registrars). In the United
States, the accreditation body is ANSI/RAB (Registrar Accreditation
Board). Although a registrar may have more than one accreditation,
a Multilateral Agreement (MLA) through the International Accreditation
Forum (IAF) exists among international accreditation bodies to ensure
continuity in accreditation requirements and mutual recognition.
Approval Body:
Similar to an accreditation body, but sector-specific. For example,
ISO/TS 16949 is administered by the International Automotive Task
Force (IATF), which has five oversight boards worldwide. In the
United States, activities associated with this standard are administered
by the International Automotive Oversight Board (IAOB).
Certification Body:
Also known as a “registrar”; an organization that is accredited
by one or more accreditation bodies. Accreditation is granted based
on assessment of the registrar’s management system relative to international
standards such as ISO Guide 62 (for Quality Management Systems)
and ISO Guide 66 (for Environmental Management Systems). This accreditation
gives authority to grant certifications to organizations for one
or more internationally recognized standards, such as ISO 9001:2000; ISO 14001, 1996; etc.
-
There are five basic categories of requirements:
-
The applicable standard, e.g., ISO 9001:2000,
ISO 14001, 1996
-
The SQA Description of, and Agreement for, Services
-
The client’s own defined system
-
Requirements imposed by the customer.
-
Requirements of law and regulations.
Note-1: In the course of executing its assessment
activities, SQA may issue a nonconformance against any of the
first four requirements.
Note-2: Generally, laws and other government
regulations are not treated the same as “requirements.” However,
should a noncompliance with a law or other government regulation
be observed during an assessment, it may or may not be deemed
a nonconformance depending upon how the management of the organization
has dealt with (or, will deal with) the problem.
-
EMS:
Environmental Management System; typically for conformance and
certification to ISO 14001.
QMS:
Quality Management System; may be one or more of the following:
ISO 9001, AS9100, ISO/TS 16949.
CMS:
Combined Management Systems; two or more management systems
are in place, but no integration has taken place. For example, an
organization is certified to ISO 9001:2000 and ISO 14001, 1996,
but the organization operates each system separately. In this case,
there are two completely separate systems.
DQMS:
Dual Quality Management Systems; two or more quality management
systems are in place at the same time. For example, an organization
may have AS9100a in place at the same time. This
is similar to a combined management system, the difference being
that in this example, both management systems are quality related.
IMS:
Integrated Management System; a single management system that
addresses the requirements of both an EMS and QMS. One example of
this would be ISO 9001:2000 and ISO 14001, 1996. Integration requires
that as many of the common elements of both standards be integrated
into one management system. Typical elements that are integrated
include management review, internal auditing, calibration, corrective
and preventive action, document control, and others. The existence
of two separate management systems is not the same as one integrated
system. (See “Combined Management Systems.”) Even though an organization
may have an integrated management system, SQA will issue a separate
certificate for each standard.
-
Audit Plan:
A formal description of the assessments activities that will
be executed. Audit plans typically include: the standard, auditor
identification, dates, identification of the client, location of
the client, the number of employees and requirements that will be
assessed.
Audit Schedule:
A list of dates, times and elements or process that will be
assessed.
Central Office:
A core group of personnel that is highly dedicated to executing
activities for the main manufacturing or service providing facility.
This group may consist of top management and/or other functions,
such as purchasing, training, internal auditing. Also, the central
office is responsible for monitoring the activities of all related
sites as their performance relates to quality and delivery issues,
with emphasis on corrective actions. Central office activities are
always included in the initial assessment, and, as a minimum, on
an annual basis during the surveillance phase of each three-year
certificate period.
Number of Employees:
The total number of employees within the management system necessary
for the effective functioning of that system. They include full
time, part time, seasonal, and temporary personnel on all shifts.
This number is used as one key factor in determining the duration
of all assessment activities. Should it increase or decrease, the
number of audit-days may be affected accordingly.
Permitted Operations:
(Applies to EMS only): One of the criteria used to determine
the complexity of an organization relative to its potential impact
upon the environment. A “permitted operation” is one where the organization
is mandated by law or regulation to measure and report resultant
data to a governmental authority. (For counting purposes, if an
organization has five electroplating lines, each requiring monthly
measurements and reporting, this would count as one “permitted operation”
– plating. However, if an organization has one plating line, one
chemical conversion line, and one water treatment plant, each requiring
monthly measurements and reporting, this would count as three “permitted
operations”.)
Process:
In the strictest sense, any activity that has inputs, transformation
activities, and outputs. However, from a practical perspective,
a process is a major grouping of generally related activities. For
example, the process manufacturing at a stamping company may consist
of coil loading, die setting, first-piece sample, approval, stamping,
drawing, degreasing, and packaging; the process sales may consist
of order taking, contract review, issuance of shop orders, communication;
the process design may consist of customer input, market research,
preliminary concept, project submittal, project approval, design,
checking, review, prototype, verification, validation, change control.
In the service sector, a process will be much the same. For instance,
a hotel could have a major processes called housekeeping that would
consist of accessing the room, replacing linens, vacuuming, dusting,
replacing toiletries, etc.
Readiness Review:
A special requirement for ISO/TS 16949 assessments in which
the auditor will determine if an organization is ready for the initial
or upgrade assessment no more than 90 days prior to the event. This
review requires that at least 12 months of performance data (quality
and delivery) is available as well as other information such as
internal audit results, management review, etc.
Remote (or support) Sites:
Off-site facilities where specific activities that are an integral
part of the overall management system are located. Typical activities
may include design, purchasing, sales. Other activities may also
be executed on a remote basis, as defined by the specific organizational
structure. Remote site activities are always included in the initial
assessment, and, as a minimum, on a once-every-three-year basis
during the surveillance phase of each three-year certificate period
– with one major exception: design activities must be assessed annually
during the three-year certificate period. NOTE: In most cases, these
remote sites cannot achieve certification on their own. Their activities
must be tied to one or more manufacturing or service facilities.
-
Certification
Process:
The registrar’s course of action for certifying an organization
to a nationally or internationally recognized standard for which
the registrar is accredited. This mandatory course of action includes
a document review, an on-site assessment and a final report of the
objective evidence. This will be followed by surveillance and re-certification
assessments for maintaining the validity of the certificate.
Document Review:
A required assessment of a documented management system executed
to determine the level of conformity with a standard’s applicable
requirements for documentation. The documents typically include
policies and procedures but may also include instructions and forms.
These documents must be formally approved prior to a recommendation
for certification.
Pre-Assessment:
A discretionary and preliminary assessment of a management system
to help determine if there may be any glaring errors or omissions;
it is not part of the official certification process. Hence, any
audit-days utilized for pre-assessment may not be counted toward
the required days for the certification assessment. Also, the results
of the pre-assessment cannot in any way influence the actual certification
assessment. Pre-assessments may be conducted as a desk audit – also
called a perception audit, or as a mini-audit, also called a rehearsal
audit.
Initial Assessment:
Typically conducted after the official document review; the
first time the entire management system is assessed for certification.
For a QMS, this activity is termed the certification audit. For
an EMS, it is termed the Stage-2 audit. Conclusions will be based
upon interviews with multiple personnel from all applicable functions,
as well as a review of applicable records. The intent of this assessment
is to validate, to interested parties, that the management system
conforms with the requirements of the organization’s designated
standard(s).
Stage-1:
The first part of a two-part initial assessment process for
an environmental management system. During this part, the EMS will
be assessed for readiness. This will consist of a review of the
management system documentation, current environmental permits and
associated records, a facility review, a grounds review, and a review
of internal audits and management review records.
Stage-2:
The second part of a two-part initial assessment process for
an environmental management system. During this part, the EMS will
be assessed for implementation and effectiveness. Conclusions will
be based on interviews with numerous personnel from all levels of
the organization and a review of records.
Surveillance Assessment:
Annual or semi-annual assessments conducted to validate the
ongoing conformance, improvement and effectiveness of a certified
management system. For each assessment, the auditor will select
a sampling of the elements or clauses of the applicable standard,
or, management system processes. The selected sampling is at the
auditor’s discretion and will be based on the management system’s
performance, previous audit results, findings uncovered during the
surveillance, among others. However, it is typical that certain
“core elements” will be assessed to a limited degree, e.g., internal
audits, management review, corrective actions.
Re-Certification Assessment:
A mandatory assessment activity conducted once every three years,
in the third year of the three-year certificate period. The length
of this assessment will be two-thirds of the time required for an
initial assessment and is based on conditions as they exist at the
time of the re-certification assessment. All elements, clauses or
processes of the management system will be assessed to ensure that
the system remains effectively implemented and can be renewed for
another three-year certification period.
Assumption Assessment (Applies to a certified organization seeking
to change registrars.):
An audit conducted by one accredited registrar when “taking
over” or assuming another accredited registrar’s certificate. The
one-day assumption audits include a review of previous audit reports
and nonconformities from the existing registrar as well as a review
of customer performance metrics, internal audit reports and management
review records, although it may include more as warranted by the
governing assumption rules of the standard to which the organization
is currently certified.
Upgrade Assessment:
A change from one revision level of a standard to a newer
level. For instance, changing from ISO 9001, 1994 to ISO
9001:2000 with design; or to ISO/TS 16949, 2002. Revisions typically
happen once every five to seven years.
Scope Change Assessment:
Audit activities associated with assessing significant changes
in a certified management system. Examples of such changes include,
but not limited to: the addition of a new manufacturing process;
inclusion of a new facility on an existing certificate; change of
company ownership, etc.
Process Audit:
An approach to auditing based on inputs, activities, and outputs,
all of which are supported by objectives and other metrics. The
focus is to assure the flow of information and associated product
or service is such that the quality and delivery of the product
or service is maintained throughout the process; the interaction
between functions is paramount.
-
Certificate Term:
The limited amount of time for which a certificate is issued
by a Certification Body. In most cases, certificates are issued
for three-year terms. During this period, the certificate remains
valid provided it is not de-listed or withdrawn. When an existing
certified QMS is upgraded to ISO/TS 16949, a new three-year certificate
period will be started.
Scope Statement:
A written statement that defines the limits of the certification
– what is included and excluded. It may make reference to support
facilities, as applicable. It should make reference to what an organization
manufactures or what service it provides. It should never contain
qualitative terms such as best, high-quality, ultra, excellent.
If the organization is responsible for design activities, the word
“design” must be included in the statement. If the organization
is not responsible for design, the word “design” may not appear
in the scope statement.
Unacceptable: “Producer of high quality injection molded
parts, supported by world-class design activities, serving only
the finest automotive manufacturers.”
Acceptable: “The design and manufacture of injection molded
products for the automotive industry; with sales and purchasing
services provided by our corporate facility in Akron, OH.”
Multi-Site Schemes (Does not apply to automotive, e.g.,
ISO/TS 16969):
Exist with organizations that have multiple facilities in various
geographic locations, all of which perform predominantly the same
type of service or manufacture similar products. In addition, the
facilities utilize similar processes, and the management system
is centrally managed and administered. Certification, surveillance
and re-certification assessments are generally done on a sampling
basis, that is, not all sites need to be assessed by the certification
body. (Exception: The “central office” must be assessed annually,
and remote support sites must be assessed at least once during each
three-year certificate period.) However, it is required that the
organization perform its own internal audit and management review
for all sites to be included in the multi-site scheme prior to granting
certification. One certificate will be issued listing the sites
included; an appendix may be required.
Corporate Schemes (Generally, limited to automotive, e.g., ISO/TS 16949):
Exist with organizations that have multiple facilities in various
geographic locations, all of which are centrally managed and administered
and adhere to the same management system. Sampling of sites is not
permitted, however, a reduction of audit days for each site may
be granted. Also, it is not required that each site within the corporate
scheme produce similar products via similar processes, as is the
case in multi-site certifications. One certificate will be issued
listing the sites included; an appendix may be required.
Timing (issuance of the certificate):
Three weeks following the closing meeting, provided there is
a recommendation for certification. If there are open nonconformities
at the time of the closing meeting, the certificate will be issued
within three weeks after the lead auditor has delivered all required
objective evidence to the SQA office. (The client will receive advance
notice of the certificate number. They will also be asked to review
and approve a draft copy of the certificate; delivery of the final,
official certificate will be influenced by the turn-around time
for this client review.)
Updated certificates due to scope changes or updates to standards
are also issued within three weeks after the lead auditor has delivered
all required objective evidence to the SQA office. Updated certificates
due to re-certification will be delivered one month prior to the
expiration date of the current certificate, provided all open nonconformities
are closed and the lead auditor has delivered all required objective
evidence to the SQA office.
The Certificate:
Contains some basic information - client identification; standard;
scope statement; certificate number; original, current and expiration
dates; one or more accreditation/approval marks; the SQA mark. New
clients will receive two framed certificates and one un-framed certificate
(for copying purposes). Three copies of renewed or re-issued certificates
will be delivered, without frames.
-
Final Report:
The formal documentation of all assessment activities leading
up to and including the initial and/or Stage-2 assessment. This
provides evidence to official, authorized parties that a legitimate
assessment has been conducted by qualified auditors. It is also
used by the Certification Panel as one of the main parts of the
decision making process that leads to certification.
Surveillance Report:
Similar to a Final Report, only less detail is required; contains
a recommendation regarding continuation of certification during
the current three-year period; is also used for upgrades and scope
changes.
Re-Certification Report:
Similar to a Final Report, only less detail is required; contains
a recommendation regarding continuation of certification for a new
three-year period.
Assumption Report:
The report that results from the initial assessment executed
for the purpose of assuming a certificate from another registrar,
which is generally limited to a review of the two most current surveillance
reports, any outstanding corrective actions, the initial certification
report, and a general review of the organization’s current performance
relative to quality, customer satisfaction, and delivery.
Special Investigation Report:
A non-standard assessment. Such assessments are typically executed
to verify the effectiveness of customer-imposed sanctions, e.g.,
new business hold-quality.
-
Conformance:
Adherence with requirements of standards, e.g., ISO 9001,
etc.
Compliance:
Adherence with requirements of laws and government regulations.
Opportunity for Improvement (OFI):
A situation or condition of a management system that may be
weak, cumbersome, redundant, overly complex, or in some other manner,
may, in the opinion of the auditor, offer an opportunity for an
organization to improve its current status. These OFIs do not require
any action on the part of the organization, however, the organization
should give them serious consideration in view of the auditor’s
knowledge and exposure to similar systems. An OFI may be an improvement
to the management system or could prevent future problems.
Minor Nonconformance:
A nonconformity that, based on the judgment and experience of
the auditor, is not likely to result in the failure of the management
system or reduce its ability to assure controlled processes or products.
It may be either:
- A failure in some part of the supplier's management system relative
to a specified requirement.
- A single observed lapse in following one item of a company's management
system.
Major Nonconformance:
A nonconformity that is either:
- The absence (omission, not addressed) or total breakdown (commission,
failure, not implemented) of a system to meet a specified requirement.
A number of minor nonconformities against one requirement can represent
a total breakdown of the system and thus be considered a major nonconformity.
- Any noncompliance that would result in the probable shipment of
a nonconforming product. Conditions that may result in the failure
of or materially reduce the usability of the products or services
for their intended purpose.
- A noncompliance that, in the judgment and experience of the auditor,
is likely to either to result in the failure of the management system
or to materially reduce its ability to assure controlled processes
and products.
Corrective Action Assessment:
Assessment time resulting from the issuance of a Corrective
Action Request (CAR). This is used for the purpose of reviewing
objective evidence for the closure of a CAR, and is generally in
addition to the regularly scheduled initial or surveillance assessment
times. In the case of ISO/TS 16949 assessments, it is mandatory
that this time be in addition to any regularly scheduled assessment
time. Approval of action requires that the auditor assess the action
for implementation and effectiveness. It may be conducted on or
off-site, depending upon the severity of the nonconformance.
Quality Alert Status:
Notification to top management that the quality and/or environmental
management system has been found by the SQA auditor in a state of
degradation, as evidenced by a series of minor nonconformance's,
a major nonconformance, or other serious breakdown.
Probation Status (Limited to automotive standards, e.g., ISO/TS 16949.):
Official notification by the registrar to top management and
other concerned parties that the organization’s certification is
in jeopardy due to: a failure to close a minor nonconformity within
a given time period, an issued major nonconformance or a customer
imposed sanction. If the situation is not corrected in a specified
amount of time, the certification status will change to de-listed
and the certificate will be withdrawn. Alternatively, the rescinding
of “probation status” requires an assessment of the corrective action
for implementation and effectiveness; may also require removal of
the customer-imposed sanctions.
Suspension Status:
The same as “Probation Status,” except that this term is primarily
used for all non-automotive certifications.
De-listed Status:
Official notification that the certificate is no longer valid
or recognized. This may be due to “probation” or “suspension” not
being resolved within the required time frame. It may also be imposed
based on the organization’s request. Or, it may be imposed by the
registrar as the result of other issues such as failure to comply
with the SQA Agreement for Services.
|
Supplier
Development: What? Why? & How? Now available. $95.00