T.018 Certification Process Specific Requirements For Other Types of Audits Transcript V1.0
T.018 Certification Process Specific Requirements For Other Types of Audits Transcript V1.0
T.018 Certification Process Specific Requirements For Other Types of Audits Transcript V1.0
CONTENTS
3. Purpose .................................................................................................................................... 2
2. TODAY’S TOPICS
In this module we will be covering the following topics related to the FSSC 22000 Scheme:
3. PURPOSE
The purpose of this training is to provide the Licensed Partners with a general overview on how to
deal with scope extensions and changes, transfer, and transition audits.
The information covered in this module, is intended to provide support to FSSC Scheme Managers.
4. LEARNING OBJECTIVES
Upon completion of this module, you should:
• Understand how to deal with transfer audits, transition audits and scope extensions and
scope changes and
5. TRANSFER AUDITS
Slide 6 – Transfer Audit Requirements
The transfer of certification is defined as the recognition of an existing and valid management
system certification, granted by one accredited certification body, (the “issuing certification body”),
by another accredited certification body, (the “accepting certification body”) for the purpose of
issuing its own certification.
The requirements for transferring certificates are set out in IAF MD2.
In the first instance the new CB needs to determine the eligibility of a certification for transfer. It
is important to note that only existing, valid, and accredited FSSC 22000 certificates may be
transferred. It is not possible to transfer expired or suspended certificates.
Once it has been determined that the certification qualifies for a transfer, a pre-transfer review
needs to be conducted. This review shall be conducted by means of a documentation review and
where identified as needed by this review, for example there are outstanding major
nonconformities, shall include a pre-transfer visit to the transferring client to confirm the validity
of the certification. The pre-transfer visit is not an audit.
The pre-transfer review shall be conducted by one or more persons who shall have the same
competence that is required for an audit team appropriate for the scope of certification.
The review shall cover the following aspects as a minimum and the review and its findings shall be
fully documented:
• Does the client’s certification fall within the accredited scope of the issuing and accepting
CB? This means that both CBs shall be accredited for the scope in question.
• Does the issuing CB’s accreditation scope fall within the ABs MLA scope?
It is a FSSC requirement that ABs be a signatory of the IAF MLA. The accepting CB shall
verify on the IAF website whether or not the AB as indicated on the client certificate, is
listed on the IAF register and that they are listed for FSMS certification.
• What are the reasons for the Certificate transfer? So, why does the client want to transfer
certification?
• What is the validity status of the Certificate and is it an accredited certification. The validity
of a FSSC 22000 certificate can be verified on the FSSC website of certified organizations.
• Are copies of all previous reports in the cycle available? In the case where a client is in
their second cycle of certification, then the recertification audit report and any subsequent
surveillance audit reports are required.
• What is the status of any outstanding NCs?
• Are there any outstanding complaints or legal challenges?
• What Stage in the Audit Cycle is the Certificate? This is important to establish an audit
plan and audit program. Where available, the audit program of the issuing CB should be
reviewed.
In accordance with clause 9.5.2 of ISO/IEC 17021-1:2015, the accepting certification body shall not
issue certification to the transferring client until:
(i) it has verified the implementation of corrections and corrective actions in respect of all
outstanding major nonconformities; and
(ii) it has accepted the transferring client’s plans for correction and corrective action for all
outstanding minor nonconformities.
If there are missing information or the review is unsuccessful, then the client is treated as a new
client, requiring a Stage 1 + Stage 2 audit. The justification for this action shall be explained to the
transferring client and shall be documented by the accepting certification body and the records
maintained.
The normal certification decision making process in accordance with clause 9.5 of ISO/IEC 17021-
1:2015 shall be followed including that the personnel making the certification decision be different
from those carrying out the pre-transfer review.
If no problems are identified by the pre-transfer review, the accepting CB may transfer the
certificate. The certification cycle shall be based on the previous certification cycle and the
accepting certification body shall establish the audit program for the remainder of the certification
cycle. This includes determining the next audit duration for either the surveillance audit or the
recertification audit using the FSSC calculation.
NOTE: The accepting certification body can quote the organization’s initial certification date on the
certification documents with the indication that the organization was certified by a different
certification body before a certain date. However, FSSC requires the initial certification decision
date on the certificate to be that of the accepting CB, so linked to the date of certification decision
of the pre-transfer review. Likewise, the date of certification decision and issue date will be that
of the accepting CB.
The valid until date will remain the same as on certificate of the other CB as it links to the
certification cycle.
The scope on the new certificate will remain the same or it can be reduced in certain cases.
When requested, the issuing certification body shall provide to the accepting certification body all
the documents and information required by this document. Where it has not been possible to
communicate with the issuing certification body, the accepting certification body shall record the
reasons and make every effort to obtain necessary information from other sources.
The transferring client shall authorize that the issuing certification body provides the information
sought by the accepting certification body. The issuing certification body shall not suspend or
withdraw the organization’s certification following the notification that the organization is
transferring to the accepting certification body if the client continues to satisfy the requirements
of certification.
The accepting certification body and/or the transferring client shall contact the accreditation body
which accredits the issuing certification body where the issuing certification body.
(i) has not provided the requested information to the accepting certification body, or
The accreditation body shall have a process for addressing the situation, including the suspension
or withdrawal of the accreditation, where the issuing certification body does not cooperate with
the accepting certification body or suspends or withdraws the transferring client’s certification
without cause.
Once the accepting CB has issued the certification it shall inform the issuing CB.
The process in the FSSC Portal is described in an article in MyFSSC, so please review this carefully.
There will also be further training sessions linked to the steps to be followed in the Portal when
dealing with a transfer.
Slide 10 - Example
We are now going to look at an example to demonstrate how to determine the audit program and
how this ties in with the relevant dates on the certificate:
Based on the information received from the issuing CB and that on the certificate, the cycle can
be determined.
The initial Stage 1 audit was conducted on 10/01/2019 + the Stage 2 on 15-16/02/2019. The DoCD
linked to the Stage 2 was made on 13/04/2019.
The first surveillance was conducted on 20-21/02/2020 – in this case it is also important to verify
that the first surveillance audit was conducted within 12 months of the DoCD linked to the Stage
2.
The transfer review by the issuing CB 15/12/2020 and certification decision made on same date to
accept and transfer the certificate.
The DoCD is therefore 15/12/2020 – this will also be the initial certification decision date on the
certificate issued.
The valid until date will align with the existing certification cycle, so 12/04/2022 (which is displayed
on the certificate of the other CB).
Based on the cycle and the audit reports received, the audit program can be compiled - it shows
that the next audit due is the SV2 that should take place around Feb 2021, followed by the
recertification in Jan/Feb 2022 to ensure a new certificate can be issued prior to the expiry date of
12/04/2022.
6. TRANSITION AUDITS
Slide 12 – TRANSITION AUDITS
Transition audits are where a certified organization with valid certification to ISO 22000 or a GFSI
recognized scheme such as BRC, IFS or SQF wants to move to FSSC 22000.
In the first instance the certified organization shall supply a copy of their current certificate and
the CB needs to determine the validity of the certificate. This can normally be done by a search
on the public register of the Scheme owner.
Only valid certificates and those with a relating scope statement can be accepted for a transition
audit.
When calculating the minimum FSSC 22000 audit duration, this shall be two-thirds of the initial
certification audit time, with a minimum of 1 auditor day (8 working hours) PLUS TFSSC as defined
in §4.3.1.) Conducting an additional Stage 1 audit is at the discretion of the CB.
The transition audit shall result in an FSSC 22000 certificate with a validity of three (3) years.
Transition to FSSC 22000-Quality is only possible when the organization has a valid ISO 22000 or
FSSC 22000 certificate AND a valid ISO 9001 certificate. In this case, the audit duration is two-thirds
of the initial combined audit time (see 4.3.5.) plus TFSSC.
Slide 13 – Example
The organization has a valid BRC certificate and wants to transition to FSSC 22000.
Is the certificate still valid? The validity of the BRC certificate can be verified on the BRC directory
• Is the scope equivalent? Here it is important to compare the scope as indicated on the
application form submitted by the organization and that on the current BRC certificate.
• Does the scope fall within the FSSC 22000 scope and is the CB licensed to conduct audits
in this scope with the Foundation?
• Does the CB have the necessary resources incl. auditor competency?
If YES to all of the above, then the transition audit can be planned and conducted following the
normal CB process.
Following the successful completion of the certification process, a new 3-year certificate is issued
based on the DoCD of the transition audit.
The process in the FSSC Portal is described in an article in MyFSSC, so please review this carefully.
There will also be further training sessions linked to the steps to be followed in the Portal when
dealing with a transition audit.
7. SCOPE CHANGES
We will be looking at scope extensions and scope changes.
As explained in another training module, a scope extension is where the scope of the certified
organization is extended. The scope extension can be as part of the annual audit, in which case
the audit duration might need to be adjusted taking into consideration the #HACCP and FTEs for
instance. Where the scope extension takes place as part of the annual audit, then it is NOT
considered as a special audit.
Where the scope extension audit takes place at a different time than the annual audit, this is a
special audit. It is not a full audit and the audit duration needs to be sufficient for the CB to assess
the new scope addition. The audit documentation for this additional audit has to be uploaded in
the portal as a special audit and the certificate will be updated following a successful extension –
also in the portal.
A scope extension is where products or specific processes are added to the existing scope of
certification. This can result in adding a new category/sub-category or it can be a scope extension
within the same category or sub/category.
For Example:
A company that produces paper packaging and now starts producing metal packaging. This is a
scope extension within the same category, namely category I.
Where a company produces canned meat products and now starts producing sliced ham products
(that needs chilling) - This is a scope extension into another category, so from category CIV to also
add category CI.
Merely adding a production line, but still for products within the current scope of certification does
not constitute a scope extension.
Apart from extending the scope of certification, it can also happen that a company moves from
one location to another. This is not considered to be a scope extension, but a scope change.
Organizations moving to another site/location shall at least have a Stage 2 audit. A Stage 1 audit
is at the discretion of the CB.
Even though the FSMS remains the same, the move results in a change in environment, a different
building, equipment and potentially resources – all of which could impact the hazard analysis and
the status of the FSMS and therefore at least a Stage 2 is required.
Following the successful completion of the audit, a new 3-year certificate is issued based on the
DoCD of the Stage 2 audit.
It is possible to maintain a reference to the initial certification date with a comment in the
certificate indicating the organization was certified at a previous location before a certain date.
Also refer to the article in MyFSSC on how to deal with organizations moving to a different location
in the portal.
Slide 18
Thank you for attending this training. I hope you found the information useful, and please read
the Scheme, ISO and IAF documentation carefully to ensure you meet the relevant requirements.
<< END>>
History Log