SN Registrars (Holdings) Limited trading as DAS Certification & QEC Certification & SNR Certification

Date: 09/06/2017

Briefng Note 33: For local and head ofce reviewers

Agents management needs to ensure that visits are ready for review for the UK Head Ofce as soon as visit has
been conducted and NCR responses received (if any). It is the agents managements responsibility to have
reviewed the reports and other documentation for accuracy and completeness by a competent person before
submitting to the UK Head Ofce review and decision making.

Reminders for reviewers:

1) EA/NACE codes
EA/NACE codes are defned based on the clients management system scope. When you start to defne
EA/NACE codes, please look for a verb in the scope as that defnes a startng point for EA/NACE defnition.
The audit scope shall describe the extent and boundaries of the audit, such as sites, organizatonal units /
actvities, travel issues and processes to be audited.
The scope of certification need to be clear with respect to the type of activities, products and services as
applicable at each site and shall not being misleading or ambiguous. Contract review and three-year
surveillance programme need to clearly identfy if a site visit is needed see point 2 below (verbs referring
to the need for site visits are: Constructon of, erection of, servicing of, installaton of, installation and
testng of etc.).

2) Client site visit required

Temporary sites could range from major project management sites to minor service/installaton sites. The
need to visit such sites and the extent of sampling should be based on an evaluaton of the risks of the
failure of the management system to control a service or product output associated with the clients
operation.
A need to arrange a site visit to check the installaton, service and constructon scope etc. needs to be
identfed in the application and planned in the contract review and audit plan and evidenced in the audit
report and three-year surveillance audit programme.

3) Integrated management system

The details of calculatng audit duraton for integrated management system have been added to the
updated contract review (attached). In order to claim full 20% reducton, the all example points need to be
met:
Examples of time savings and reduction justifications:
1. Time saved due to one opening and one closing meeting;
2. Time saved as one integrated audit report is produced;
3. Time saved in optimized logistics;
4. Time saved in auditor team meetings; and,
5. Time saved auditing common elements simultaneously, e.g. document control, management reviews, internal audits, procedures

4) Categorising fndings and root cause investigation

What is a nonconformity? According to the defnition in ISO 9000 (3.6.2), a nonconformity is "non-
fulfilment of a requirement.
Major nonconformity = nonconformity that affects the capability of the management system to achieve
the intended results. Nonconformities could be classified as major in the following circumstances:

FP34/01 Rev. 0 May 2013 Page 1 of 1

Member of SN Registrars (Holdings) Ltd
 if there is a significant doubt that effective process control is in place, or that products or services will
meet specifed requirements;
a number of minor nonconformities associated with the same requirement or issue could demonstrate
a systemic failure and thus consttute a major nonconformity.

Minor nonconformity = nonconformity that does not affect the capability of the management system to
achieve the intended results.

Opportunity for Improvement (OFI) = Opportunites for improvement may be identfed and recorded.
Audit fndings, however, which are nonconformites, shall not be recorded as opportunities for
improvement.

There should be three parts to the response of an organisaton to nonconformity:

Correcton = acton to eliminate a detected nonconformity (ISO 9000, clause 3.6.6)
Analysis of cause = root cause (see briefng note 28)
Correctve acton = action to eliminate the cause of a detected nonconformity or other undesirable
situaton (ISO 9000, clause 3.6.5)

5) Root cause analysis

Root cause analysis (RCA), Correctve acton to prevent recurrence and verificaton of effectiveness
Ofces are reminded that when audit teams identfy a non-conformity (justfied with verifable objective
evidence during the process based audit) this is all that is entered into the eCMS, the responsibility to
conduct a root cause analysis is with the client who after the audit should access the eCMS using their
login and password to review the fndings and enter the RCA evidence with proposed corrective action to
prevent recurrence.
Root cause and corrective action MUST NOT be identifed in the audit report by the auditor during the
audit or at the closing meetng.
Auditors are reminded to ensure that when clients are conductng an RCA a suitable methodology such as
5whys is applied.

You are required to sign the Briefng note below and return to elaine@snregistrars.com and
Contact Sari for any further clarification

Regards

Sari Leino, Head of Global Operations

Briefng note received, understood and will be complied with and provided to UK and our assessor on their next
agent ofice / witness audit.

Location: Date: