Text

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Introduction The traditional approach to taking credit for a commercial grade service is to perform a commercial grade dedication (CGD). The typical acceptance method used to perform this type of CGD is a commercial grade survey (CGS). This document evaluates the ISO 17065 accreditation process as a replacement to that traditional approach. The context of this evaluation/comparison is the service being provided by an IEC 61508 functional safety certifying body (CB).

Summary of Process The comparison process used in this document is to develop a CGS checklist and then compare it to ISO 17065 accreditation. To develop the CGS checklist, the following steps are used: identify the safety function, perform a technical evaluation to identify the critical characteristics (CCs), and then identify the applicable audit sections of the Nuclear Procurement Issues Corporation (NUPIC) audit checklist. A commercial grade survey is typically performed using a tailored 10CFR50 App B checklist. The checklist is trimmed down to specifically address the identified critical characteristics. The NUPIC checklist encompasses the requirements of 10CFR50 App B and is therefore an acceptable starting point. To complete this process, this tailored NUPIC checklist is then compared to the accreditation requirements of ISO 17065.

CGS Checklist Development Safety Function: Evaluate the safety case for specific equipment to determine if an adequate level of safety integrity exists.

Technical Evaluation:

Failure Mode Effect Critical Characteristic Acceptance Criteria Personnel are not qualified to Conclusions of the 1. Personnel qualification Documented evidence exists to perform the work evaluations will likely be confirm qualification of personnel inaccurate Outsourced evaluations are not Conclusions of the 2. Outsourced entity Documented evidence exists to conducted by an entity that is evaluations will likely be qualification confirm qualification of entity qualified to perform the work inaccurate performing evaluations Standards, procedures, and/or Conclusions of the 3. Standards, procedures, Basis documents are appropriate for schemes used as the basis for evaluations will likely be and/or schemes validity the evaluation being performed.

evaluation requirements are not invalid correct Input information (e.g. OEM Conclusions of the 4. Input information validity Input information is applicable and Safety Case, Failure Data) is not evaluations will likely be valid correct invalid Changes have occurred during The results of the 5. Change management and Contractual arrangements are in place ongoing production of a evaluation are not reporting mechanisms between the OEM and the CB to Page 1 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY) certified product that invalidate applicable to the product ensure the CB is notified of changes the certification currently being produced made to the product The certifying body does not Conclusions of the 6. Organizational management The discipline of the organization is have organizational discipline to evaluations could be demonstrated by implementation and ensure consistency in invalid adherence to a quality management evaluations program that ensures consistent performance of evaluations Identifying Applicable NUPIC Checklist (10CFR50 App B based) Audit Sections:

Audit Critical Section Description Applicability Section Characteristics 1 Contract Review Yes- 1.2 & 1.4 only 5 2 Design Yes- 2.2, 2.4- 2.6 only 3- 5 3 Commercial Grade Dedication No 4 Software Quality Assurance No 5 Procurement Yes- 5.3 only 2 Fabrication/Assembly Activities, Material Control and Handling, No 6

Storage and Shipping 7 Special Processes No 8 Tests, Inspections, and Calibration No (ISO 17025 scope) 9 Document Control/Adequacy Yes 1- 6 10 Organization/Program Yes 6 11 Nonconforming Items/Part 21 Yes (with no Part 21)- 11.3 only 5 12 Internal Audits Yes 6 13 Corrective Action Yes 6 14 Training/Certification Yes 1 15 Field Services No 16 Records Yes 1- 6 Page 2 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

ISO 17065 Table of Contents- For

Reference:

Page 3 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Comparison Applicable NUPIC Checklist (10CFR50 Compensatory ISO 17065 Elements Notes App B based) Audit Sections Measures 1.2- Verify that measures are 4.1.2.1 the certifying body (CB) shall have a legally The contract between the None needed established and implemented for the enforceable agreement for the provision of the certifying body (CB) and the translation of customer purchase certification activities to its client client (equipment order/contract technical and quality 4.1.2.2.a the CB shall ensure its certification manufacturer) is an requirements into the suppliers agreement requires the client always fulfills the important aspect of the control documents. certification requirements, including directed certification process. This corrective actions contract must establish the 4.1.2.2.b the CB shall ensure its certification CB as the authority over the agreement requires that ongoing production of the resulting certification of the certified product continues to fulfill requirements product being evaluated.

4.1.2.2.c.1 the CB shall ensure its certification The commercial grade agreement requires the client to make survey (CGS) checklist, arrangements for the conduct of the evaluation and which is 10CFR50 App B surveillance based, is focused on product 4.1.2.2.c.2 the CB shall ensure its certification procurements where the agreement requires the client to make purchaser is the authority.

arrangements for investigation of complaints This make it less than a 4.1.2.2.c.3 the CB shall ensure its certification perfect fit for the service agreement requires the client to make being surveyed, but this arrangements for the participation of observers section 1.2 is the best place 4.1.2.2.d. the CB shall ensure its certification to capture the requirements agreement requires the client to make claims for this client-certifier consistent with the scope of certification agreement (contract). These 4.1.2.2.e. the CB shall ensure its certification requirements highlighted agreement requires the client not to use the from ISO 17065 meet or product certification in a negative manner or make exceed the expectations of misleading statements concerning the cert the CGS.

4.1.2.2.f the CB shall ensure its certification agreement requires the client to discontinue marketing the cert after it is no longer valid.

Page 4 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Applicable NUPIC Checklist (10CFR50 Compensatory ISO 17065 Elements Notes App B based) Audit Sections Measures 4.1.2.2.g the CB shall ensure its certification agreement requires the client to only reproduce certification documents in their entirety 4.1.2.2.h the CB shall ensure its certification agreement requires the client to comply with the requirements of the certification in all marketing material 4.1.2.2.i the CB shall ensure its certification agreement requires the client to comply with certification marking requirements 4.1.2.2.j the CB shall ensure its certification agreement requires the client to keep records of and make known complains made related to the certification. The client shall also be required to act in response to complaints and to document those actions.

4.1.2.2.k the CB shall ensure its certification agreement requires the client to inform the CB, without delay, of changes in their ability to conform to cert requirements 4.1.3.1 the CB shall control the mechanisms for indicating a product is certified 4.1.3.2 the CB shall take action to correct any inaccurate indications of product certifications 4.2 certification activities shall be undertaken impartially, and CBs must track and manage any potential and confirmed risks to maintaining impartiality on an ongoing basis.

This does not preclude the CB from providing information to the client regarding identified deficiencies.

Page 5 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Applicable NUPIC Checklist (10CFR50 Compensatory ISO 17065 Elements Notes App B based) Audit Sections Measures 1.4- Verify that measures are 7.4 Evaluation- The CB shall have a plan for Again, the NUPIC checklist is None established and implemented to performing the evaluation and shall follow the plan not a perfect fit for an audit ensure that final record packages, ensuring compliance with the other applicable or survey of a certifying including Certificates of sections of this standard. body, but this section 1.4 is Compliance/Conformance, 7.4.6 & 7.4.7 The client shall be informed of any the best fit for capturing this demonstrate that purchase nonconformities and given the option to work to aspect of the CBs order/contract technical and quality resolve them. responsibility to ensure requirements were satisfied. 7.4.8 If the client choses that path, the evaluation certification requirements shall be repeated. are met and appropriately 7.4.9 The results of all evaluation activities shall be documented. These documented prior to review. requirements highlighted 7.5 Review- The CB shall assign a person to review from ISO 17065 meet or the evaluation results who was not involved in the exceed the expectations of evaluation. This review shall be used to determine the CGS.

if a certificate will be issued.

7.6.1 Certification decision- the CB shall be responsible for its decisions relating to certification.

7.6.2 The CB shall assign at least one person to make the certification decision based on the evaluation, review, and any other relevant information. This person or group shall be independent from the performance of the evaluation.

7.7 Certification documentation- The certificate issued to the client shall meet all the requirements of this section.

7.8 The CB shall maintain information on certified products including the details of what the product is, who the manufacturer is, and what certificates were granted.

7.12 Records- The CB shall retain records to demonstrate that all certification process Page 6 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Applicable NUPIC Checklist (10CFR50 Compensatory ISO 17065 Elements Notes App B based) Audit Sections Measures requirements (for this standard and the scheme) have been fulfilled.

7.13 Complaints and appeals- The CB shall have a documented process to receive, evaluate and make decisions on complaints and appeals. The CB shall record and track complaints and appeals, as well as action undertaken to resolve them.

2.2- Verify that measures are 7.1.1 General- The CB shall operate using a The CB is not engaged in any At this time, it is established and implemented to certification scheme design activities but is heavy unclear how an control the translation of design 7.1.2 Evaluation requirements of products shall be focused on verifying that the accreditation requirements into design documents. contained in specified standards design of the product being team is 2.4- Verify that measures are 7.1.3 If explanations are needed to link the evaluated meets the structured to be established and implemented for the standards to the scheme, those explanations must requirements of the able to verify identification and control of design be developed by technically competent and applicable standards (in this the technical interfaces. impartial persons or committees case, the focus is IEC 61508). adequacy of the 2.5- Verify that measures are 7.2 Application- the CB shall obtain all the This section 2 of the NUPIC CBs scheme.

established and implemented for the necessary information to complete the certification checklist is the best fit for Additional verification of design adequacy. process in accordance with the scheme. capturing the technical observations 2.6- Verify that measures are 7.3.1.a- The CB shall ensure the information aspects of the certification and interviews established and implemented to collected about the client and product is sufficient process. The CBs scheme is of CBs and ABs control design changes including 7.3.1.b- Differences in understanding between the especially important for are needed to changes for spare/replacement parts. CB and client are resolved accurately evaluating the gain a deeper 7.3.1.c- The scope of certification is defined manufacturer and their understanding 7.3.1.d- The means are available to perform all product against the relevant of this technical evaluation activities standards. aspect.

7.3.1.e- The CB has the competence and capability to perform the certification activities 7.3.2- The CB shall have a process to identify when the clients request for certification includes a type of product, a normative document, or a certification scheme with which the CB has no prior experience Page 7 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Applicable NUPIC Checklist (10CFR50 Compensatory ISO 17065 Elements Notes App B based) Audit Sections Measures 7.3.3- In cases of 7.3.2, the CB shall ensure it has the necessary competence 7.3.4- The CB shall decline to undertake a specific certification if it lacks competence or capability 7.3.5- If the CB relies on previous certifications to omit any activities that shall be recorded in their records 5.3- Verify that measures are 6.2.2.1 When the CB utilizes external resources to ISO 17025 has already been None established and implemented for the perform tasks such as testing, those resources shall evaluated to be acceptable evaluation, selection and assessment be in compliance with the appropriate standard, to support CGD of testing of sub-suppliers including such as ISO 17025 and calibration services. If distributors, services (calibration, testing is utilized during the NDE, testing, heat treatment, etc.) certification process, that and software. previous evaluation becomes relevant. These requirements highlighted from ISO 17065 meet or exceed the expectations of the CGS.

9.2- Verify that measures are 8.3 Control of documents- The CB shall establish These requirements None established and implemented to procedures to control the document that relate to highlighted from ISO 17065 control the preparation, the fulfillment of this standard. meet or exceed the review/approval, and issue of expectations of the CGS.

documents (i.e., procedures, instructions, drawings, work orders, etc.) including changes.

10.2- Verify that adequate measures 4.1.1 the CB shall be a legal entity that can be held It is important to note that None are established and implemented for responsible option B (discussed in 8.1.3) management, direction, and 4.3.1 the CB shall have adequate financial requires that even if a execution of the Quality Assurance arrangements to cover liabilities arising from its certifying body is accredited Program. operations to ISO 9001 the CB must still demonstrate compliance to Page 8 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Applicable NUPIC Checklist (10CFR50 Compensatory ISO 17065 Elements Notes App B based) Audit Sections Measures 4.3.2 the CB shall have the financial stability and the management system resources required for its operations requirements of this ISO 4.4 the CB shall conduct operations in a non- 17065 standard.

discriminatory manner 4.5 the CB shall be committed to maintaining confidentiality of clients information 4.6 the CB shall maintain and make available upon request information about their cert scheme, a description of how the CB makes money, a description of the rights and duties of applicants and clients, and information about handling complaints and appeals 5.1.1 certification activities shall be structured and managed so as to safeguard impartiality 5.1.2 the CB shall document its organizational structure 5.1.3 the management of the CB shall identify the person or group of people who have overall authority and responsibility for keys areas of the operations of the CB (listed out in the standard) 5.1.4 the CB shall have formal rules for the appointment, terms of reference and operation of any committees that are involved in the certification process 5.2.1 the CB shall have a mechanism for safeguarding its impartiality 5.2.2.a the mechanism shall be formally documented to ensure a balanced representation of significantly interested parties 5.2.2.b the mechanism shall be formally documented to ensure access to all the information necessary to enable it to fulfil all its functions Page 9 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Applicable NUPIC Checklist (10CFR50 Compensatory ISO 17065 Elements Notes App B based) Audit Sections Measures 5.2.3 if the top management of the certification body does not follow the input of this mechanism, the mechanism shall have the right to take independent action 5.2.4 although every interest cannot be represented in the mechanism, a certification body shall identify and invite significantly interested parties 8.1.1 The CB shall establish and maintain a management system that is capable of achieving the consistent fulfillment of the requirements of this standard in accordance with either of the following two options 8.1.2 Option A- the management system shall address sections 8.2- 8.8 of this standard 8.1.3 Option B- the management system can be in accordance with ISO 9001 and must also address sections 8.2- 8.8 of this standard.

8.2 General management system documentation-The CBs top management shall establish, document, and maintain policies and objectives for fulfillment of this standard and the certification scheme, and shall ensure they are implemented throughout the organization 8.5 Management review- The CBs top management shall establish procedures to review its management system at planned intervals, in order to ensure its continuing suitability, adequacy and effectiveness, including the stated policies and objectives related to the fulfilment of this standard Page 10 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Applicable NUPIC Checklist (10CFR50 Compensatory ISO 17065 Elements Notes App B based) Audit Sections Measures 11.3- Verify that measures are 7.4.6 & 7.4.7 The client shall be informed of any The CB is not evaluating None established and implemented to nonconformities and given the option to work to specific physical items. They disposition items which do not resolve them. are evaluating the design conform to requirements. 7.4.8 If the client choses that path, the evaluation and processes of specific shall be repeated. items. Therefore, non-7.9 Surveillance- The CB shall perform surveillances conformities are handled of the use of certification marks from a design or process 7.10.1 Changes affecting certification- When the adequacy perspective.

certification scheme requirements change the clients shall be informed.

7.10.2 The CB shall consider other changes affecting certification, including changes initiated by the client, and shall decide upon the appropriate action.

7.11 Termination, reduction, suspension or withdrawal of certification- When a nonconformity with certification requirements is substantiated, either as a result of surveillance or otherwise, the CB shall consider and decide upon the appropriate action.

7.13 Complaints and appeals- The CB shall have a documented process to receive, evaluate and make decisions on complaints and appeals. The CB shall record and track complaints and appeals, as well as action undertaken to resolve them.

12.2- Verify that measures are 8.6 Internal audits- The CB shall establish These requirements None established and implemented to procedures for internal audits to verify that it fulfils highlighted from ISO 17065 ensure a comprehensive system of the requirements of this standard and that the meet or exceed the planned and periodic internal audits. management system is effectively implemented expectations of the CGS.

12.3- Assess the overall effectiveness and maintained.

of the internal audit process by review of previous internal audits Page 11 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Applicable NUPIC Checklist (10CFR50 Compensatory ISO 17065 Elements Notes App B based) Audit Sections Measures and comparison of the results/issues identified in these audits with those identified by this NUPIC audit.

13.2- Verify that measures are 7.13 Complaints and appeals- The CB shall have a The ISO 17065 requirements None established and implemented to documented process to receive, evaluate and make exceed the 10CFR50 App B assure that conditions adverse to decisions on complaints and appeals. The CB shall based requirements by quality are promptly identified and record and track complaints and appeals, as well as including preventative corrected. action undertaken to resolve them. actions.

13.3- Verify that deficiencies 8.7 Corrective actions- The CB shall establish identified/reported by customers, to procedures for identification and management of the supplier, (e.g., receipt inspection nonconformities in its operations.

rejections, source verification 8.8 Preventative actions- The CB shall establish rejections, return material procedures for taking preventive actions to authorizations, site eliminate the causes of potential nonconformities.

nonconformances, etc.) are adequately evaluated and entered into the suppliers nonconformance or corrective action program, as applicable.

13.4- Verify the overall effectiveness of the corrective action process.

14.2- Verify that measures are 6.1.1.1 The CB shall have a sufficient number of These requirements None established and implemented to people highlighted from ISO 17065 ensure quality program 6.1.1.2 The people shall be competent meet or exceed the indoctrination and training of 6.1.1.3 The people shall keep confidential expectations of the CGS.

personnel who perform activities information related to certification activities affecting quality. 6.1.2.1 The CB shall establish, implement, and 14.3- Verify that inspection/test maintain a procedure for managing competencies personnel, auditors, calibration, of personnel repair personnel and similar 6.1.2.2 The CB shall maintain records on the specialists (i.e., ASME Code design personnel involved in the certification process personnel to ASME Section III) are Page 12 of 13

COMPARISON OF AN ISO 17065 ACCREDITATION TO A COMMERCIAL GRADE DEDICATION (IN THE CONTEXT OF THE CRITICAL CHARACTERISTICS OF THE SERVICE PROVIDED BY THE CERTIFYING BODY)

Applicable NUPIC Checklist (10CFR50 Compensatory ISO 17065 Elements Notes App B based) Audit Sections Measures qualified and have certifications on 6.2.1 When the CBs internal resources perform file. tasks such as testing, those resources shall be in compliance with the appropriate standard, such as ISO 17025 6.2.2.2 Records must be kept to justify confidence in evaluations outsourced to non-independent bodies (e.g. client laboratories) 16.2- Verify that adequate measures 7.12 Records- The CB shall retain records to These requirements None are established and implemented to demonstrate that all certification process highlighted from ISO 17065 ensure that all QA records not requirements (for this standard and the scheme) meet or exceed the transferred to the member are have been fulfilled. expectations of the CGS.

maintained in facilities that provide 8.3 Control of documents- The CB shall establish storage, retention requirements and procedures to control the document that relate to protection against environmental the fulfillment of this standard.

effects, damage and loss. 8.4 Control of records- The CB shall establish procedures to define the controls needed for the identification, storage, protection, retrieval, retention time and disposition of its records related to the fulfilment of this standard Conclusion Based on this comparison, accreditation to ISO 17065 covers the majority of the scope of a CGS. The only aspect that still needs further investigation is how the accreditation relates to ensuring the CBs scheme is in compliance with the requirements of IEC 61508. This directly relates to critical characteristic #3 from the technical evaluation. Additional interactions with CBs and ABs is needed to gain a better understanding of how the technical requirements of the CBs scheme are verified. Beyond this technical aspect, this comparison shows that accreditation to ISO 17065 provides adequate confirmation of the CBs processes and management systems (i.e. quality assurance aspects). All critical characteristics except #3 would be able to be determined to be acceptable within the scope of a CGD of the CB service, based on the CBs accreditation to ISO 17065.

Page 13 of 13