Certification Process

Procedures

  1. AUDIT PURPOSE

    The Certification process consists of the following key stages, enquiries and quotations, application, Stage-I, Stage-II and surveillance visits. Re-Audits are also features of the certification process.

    Certification process

    ENQUIRIES are received in several forms, by telephone or letter. These result in the sending out of an Information Brochure pack, including an application form to be completed for the purpose of revision and providing a quotation of fees for certification based upon the information made available, to be submitted to the client for acceptance.
    Upon acceptance of the fee quotation, the Operation manager send to the client’s the contract agreement to be approved and completes a Contract Review including allocation of the scope sector of the client’s activities coming under the applied scope of registration with the application to check that there is no discrepancy.

    The audit time “Man-days” calculation is conducted based on
    • IAF MD 5 DETERMINATION OF AUDIT TIME OF QUALITY AND ENVIRONMENTAL MANAGEMENT SYSTEMS” requirement,
    • ISO 22003 for Food Safety Management System.
    • IAF MD 1, IAF Mandatory Document for the Audit and Certification of a Management System Operated by a Multi-Site Organization.

    The audit time calculations are documented in the contract review, excel file with their necessary justification.

  2. Selection of Audit team

    The TM in co-ordination with OP selects the audit team according to the auditor contract review and auditor allocation .After selection of audit team, the team members sign the conflict of interest agreement .The technical expertise is selected for a specific scope sector and assigned as and when required. Before their appointment the Qualification, Industry experience and current technical knowledge are verified for any particular audit.
    The Auditors should understand that they are visiting the Client’s establishment as representatives of PCI and their conduct must reflect professional and ethical standards of the highest order.

    • Auditors are expected to:
      1. Be smartly dressed and well groomed.
      2. Be calm and polite during communication.
      3. Be well prepared and objective in conducting the audits ensuring effective time management.
      4. Be direct and decisive
      5. Seek objective evidence of compliance and non-compliance
      6. Use only PCI documentation
      7. All auditors are required to declare a denial of their involvement in providing Consultancy or professional interest of any company before undertaking an auditing assignment in the company.
    • Auditors are not expected to:
      1. Correspond directly with the client unless authorized by PCI.
      2. Offer advice that may be interpreted as consultancy to the company being assessed regarding to the nonconformities or potential for improvement.
    • AUDITOR’S RESPONSIBILITIES:

      For each Audit a Lead Auditor (LA) will be nominated who will be responsible for the management of the audit and the performance and conduct of each of the Auditor and/or Observers/Technical experts present on behalf of PCI.
      The Lead Auditor (LA) is responsible for planning and conduct of the Audit. LA is also responsible for ensuring that all relevant information concerning the Audit is reported.
      LA shall allocate tasks to each member of the audit team and LA shall ensure that the members of the team are fully prepared and capable of undertaking the auditing functions professionally and effectively. Audit recommendations are arrived at by the Audit team at the Pre-closing meeting where the LA will debrief the entire Auditor’s. The final report & recommendation, however, shall be decided by the LA himself.
      The audit team members should fill-up Audit Check lists for evaluating management system elements assigned to them. These lists should be filled up in a manner as to provide evidence of an in-depth probe into management systems. These should also bring out evidence of both positive and negative findings about the company’s management systems.

  3. Audit Planning/Preparation

    After ensuring the geographical location of various departments/functions and the quantum of work in each, the team leader should allocate time and auditing function to each auditor, including allocation of technical experts, if any, for critical areas of the auditees’ activities, in the Audit Plan
    The audit plan shall be sent by mail to the client prior to the audit for their acceptance and the same is explained in details at the time of opening meeting.
    In case of combined audits, the audit plan must ensure the following points:
    All areas and activities applicable to each management system standard covered by the scope of the visit are assessed by appropriate competent auditors.
    Sufficient time is allocated to accomplish a complete and effective audit of the client’s management system(s) for the management system standards covered by the scope of the audit.

    • Audit Programs

      An Audit program for the full certification cycle shall be developed by lead auditor allocated to the client to clearly identify the audit activities required to demonstrate that the client's management system fulfils the requirements for certification to the selected standard(s) or other normative document(s). This audit program shall be created during the early stages of the relationship with the client and shall be revised each audit. In the case where the client operates shifts, the activities that take place during these shifts shall also be considered in the audit Program and the audit plan.
      The audit Program shall include a two-stage initial audit, surveillance audits in the first and second years, and a recertification audit in the third year prior to expiration of certification or within 6 months following expiration. Surveillance audits shall be conducted once a calendar year and the first surveillance audit following initial certification shall not be more than 12 months from the certification decision date.
      The three-year certification cycle begins with the certification or recertification decision. The determination of the audit Program and any subsequent adjustments shall consider the size of the client organization, the scope and complexity of its management system, products and processes, shift operations, as well as demonstrated level of management system effectiveness and the results of any previous audits.
      The audit Program clearly describes what audit activity PCI intends to carry out over the full certification cycle. This is different from an audit plan which describes activities at a single audit event.

    • Initial certification

      All initial audits are planned in two stages that are normally not performed back to back.

    • Stage 1 Audit

      Stage 1 audit is a review of a client company’s readiness for audit and in all cases; at least part of the Stage 1 audit shall be carried out at the organization’s premises. Stage 1 does not require a formal audit plan and shall be performed against the following objectives:

      1. To audit the client’s management system documentation.
      2. To review the client’s location and site-specific conditions and to undertake discussions with the clients personnel to determine the preparedness for the stage-2 audit.
      3. To review the client’s status and understanding regarding requirement of the standard, in particular with respect to the identification of key performance or significant aspects, processes objectives and operation of the management system.
      4. To collect necessary information regarding the scope of the management system, processes and locations of the client’s, and related statutory and regulatory aspects and complex (e.g quality environmental, legal aspects of the client’s operation, associated risks, etc.)
      5. To review the allocation of resources for stage-2 audit and agree with client on the details of the stage-2 audit.
      6. To provide a focus for planning the stage 2 audit by gaining a sufficient understanding of the client’s management system and site operations in the context of possible significant aspects.
      7. To evaluate if the internal audits and management review are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for the stage-2 audit.

      Documented conclusions are produced at the end of stage 1 and is communicated to the client, including the identification of any areas of concern that could be classified as non-conformities during the stage 2 audit. An unsatisfactory Stage 1 can be repeated if needed. After a satisfactory Stage 1 the arrangements for Stage 2 can be finalised (audit duration, audit team, audit plan, interval between Stage 1 and Stage 2). The client shall be informed that the results of stage 1 may lead to postponement or cancellation of stage 2. It is expected that the Management System has been in place for at least about three months before the Stage-I audit is considered.
      PCI does not recommend back to back Stage 1 and 2 audits and the interval between the stage 1 and stage 2 audit cannot be longer than 6 months.

    • Stage-II Audit

      The Certification Audits Stage-II are planned on dates agreed with the client. A detailed audit plan giving the allocation of the audit team members and the time plans for various auditing functions / depts. is forwarded to the Auditee Company in advance together with the agreed traveling arrangements.
      The Lead Auditor is responsible for the detailed planning and organization of the audit plan. This plan is based upon the competence and audit Mandy requirements of the contract review and is designed to verify the relevant clauses of the standard and give the appreciate areas of the company’s establishment.
      The purpose of the stage-II audit is to evaluate the implementation including, effectiveness, of the client’s management system and documentation at site. It shall include the auditing of at least the following:

      1. Conformity to applicable management system and evidence of implementation.
      2. Review of objective and targets and check the performance on monitoring, measurement and reporting.
      3. Management System performance for legal compliance.
      4. Monitoring of process control
      5. Verification of internal auditing and management Review process
      6. Verification of management responsibility of its commitment towards policies.

      An audit report is produced at the end of stage 2, including the identification of findings of both Stage 1 and 2.

    • Conducting audits
      The Audits shall comprise of the following elements:
      1. An “Opening Meeting” between the Audit Team and the Company’s representatives.
      2. The Auditing.
      3. A Separate audit team meeting.
      4. A “Closing Meeting” at which the findings of the Audit Team are given to the company.
    • OPENING MEETING

      The Opening Meeting is held on arrival and immediately before the commencement of the Audit. The meeting is chaired by the Lead Auditor and addresses the following:

      1. Introduction of auditors and company representatives.
      2. Explanation of the purpose of Audit/surveillance and statement of confidentiality.
      3. Confirmation of agreement on the scope of Audit.
      4. Discussion of quality manual or previous Audit/surveillance reports as applicable
      5. Confirmation of formal communication channels between the audit team and the client.
      6. Confirmation of Program of Audit/surveillance and Audit methodology.
      7. Confirmation of the availability, roles and identities of any guides and observers.
      8. The method of reporting, including any grading of audit findings;
      9. Information about the conditions under which the audit may be prematurely terminated (i.e. the raise of major non-conformity, any department refused the audit, etc.);
      10. Confirmation that the audit team leader and audit team representing PCI is responsible for the audit and shall be in control of executing the audit plan including audit activities and audit trails;
      11. Methods and procedures to be used to conduct the audit based on sampling;
      12. Confirmation of the language to be used during the audit which is either Arabic or English;
      13. Arrangement of responsible guides by the company being assessed to accompany the auditors and other administrative arrangements such as Room, transport, tea, lunch, etc. for Auditors. Requirements for any Protective clothing, helmet etc. under any Health and safety regulations.
      14. Confirmation that, during the audit, the client will be kept informed of audit progress and any concerns;
      15. Explanation of purpose of closing meeting and the tentative plan for the same.
      16. Opportunity for the client to ask questions.

    • Audit team meeting

      Prior to the closing meeting, PCI audit team shall have a separate meeting to:

      1. Review the audit findings, and any other appropriate information collected during the audit, against the audit objectives;
      2. Agree upon the audit conclusions, taking into account the uncertainty inherent in the audit process;
      3. Identify any necessary follow-up actions;
      4. Confirm the appropriateness of the audit Program or identify any modification required (e.g. scope, audit time or dates, surveillance frequency, competence).
    • CLOSING MEETING

      The objective of the closing meeting is to enable the Team Leader to present the summary of the result of the audit to the client company and the team’s recommendations. The closing meeting could also be used to arrive at mutual agreement on the corrective actions and their completion dates
      The closing meeting shall be chaired by the Lead Auditor and addresses the following:

      1. Reaffirmation of scope of activities assessed and re-assurance of confidentiality. A disclaimer that non-conformances in the report are based on a sampling only and it should not mean, that other deficiencies do not exist.
      2. Significance of categories of non-compliance and summary of findings.
      3. A summary of the findings including such opportunities for improvement which would strength the client’s quality system.
      4. An invitation to the company to discuss specific points.
      5. A recommendation regarding certification, emphasizing that the final decision regarding certification will be taken by PCI.
      6. Agreement on a date by which corrective actions will be effected, pointing out that registration may be granted based upon written confirmation that corrective action has been or will be taken and submission of a Corrective Action Plan together with the objective evidences, as applicable.
      7. An explanation of the continual Audit (surveillance) procedure and other future actions.
      8. Information about PCI complaint and appeal handling processes and giving a reference to PCI website where the client can see PCI’s full policy of handling appeals and complaints.

      The attendants of opening and closing meeting are recorded in the attendance

    • REPORTING

      The Stage1 Audit, Stage 2 Audit and Surveillance Audit visits will be reported on PCI Audit Report Forms (QMS- stage 1 audit report , QMS- stage 2 audit report , QMS- Surveillance/recertification audit report PCI F05-10 , FSMS- stage 1 audit report , FSMS- stage 2 audit report PCI F5-012, FSMS- surveillance/recertification audit report PCI shall ensure that the ownership of the report is maintained by them.

      The above-mentioned report formats shall include:
      1. sufficient comments to demonstrate the means of determining conformity or nonconformity with the specified requirements for each of the sites within the scope of the audit;
      2. any useful comparison with the results of previous assessments of the organization; and
      3. an explanation of any differences from the information presented to the organization at the closing meeting.

      Non-conformities shall be reported on the audit report. Non-conformity shall be issued by the auditor as soon as practicable and urgently communicated to the organization. This will allow the company’s representative(s) to accept agreement of the facts by signing the Non-compliance report, thus evoking later defensive arguments when detailed evidence may not be readily available.

      Nonconformity shall be issued if a member of the audit team, in their professional judgment, discovers a breach of an Act of Parliament, or a contravention of a regulatory requirement and will be urgently communicated to the organization as soon as practicable. If the audit team leader decided the nonconformity is Major, this will result in suspend the audit activities till the audit team make the decision clear for the organization representative. After the clearance of the decision the organization is free to choose whether to complete the assessment or to stop at this point, but in both cases a re-assessment visit is required for certification and it shall be re-planed within 90 days otherwise the process will be cancelled.
      Non-conformities, in addition to the information required at the head of the form shall refer, as appropriate, to the following:

      1. The requirement of standard against which the non-compliance is listed.
      2. The documents verified including a precise observation/evidence.
      3. The observed non-compliance against the company’s documented procedure.

      All non-conformities, identified, during an audit should be distinctly classified under the following categories: -
      Major Non-Conformity (Category ‘A’): A major non-compliance relates to the absence of a required procedure or the total breakdown in the implementation of a procedure. A number of minor non-compliances listed against the same clause represents a total breakdown of a system and thus collectively constitute a major non-compliance. Correction and corrective actions are to be closed within 90 days and verified either by desktop review or where appropriate during an additional follow up visit, agreed with the client.

      Minor Non-Conformity (Category ‘B’): A minor non-compliance relates to a single observed lapse in the effective implementation of a documented procedure/work instruction which indicates a deficiency requiring a corrective action. Corrective action plan approved by the team leader is acceptable and verification of implementation of corrective actions will be performed at the next visit.

      Observation (Category ‘C’): An observation is a matter about which the Assessor is concerned but which cannot be clearly stated as non-compliance. Observations also indicate trends which may cause problems in the future and need to be considered for corrective action by the company but does not justify verification by the auditor.

      Non-conformities/Observations shall never be worded in such a way as to advise the company of action which should be taken in order to comply with the requirements.

      The closure of raised non-conformities in the audit shall be done, upon either documentation review by PCI audit team leader and result of assessment of the corrective action is recorded in the CAR form , and the operation manager informs the client about the audit team leader assessment conclusion, or the assessment may be in a re-assessment visit and the audit team leader himself inform the client about the assessment result of the corrective action.

      However, it must be emphasized that any concerns the assessor may have, and particularly the specific reasons for non-certification must be detailed in the comments sectioned as major non compliances. The Auditor is also encouraged to make positive comments regarding the Audit here.
      The auditors are required to specifically report on the status as well as the degree of reliability that can be placed on the implementation of client’s internal audit and the management review

      In case of there are major non-conformities which are considered to render the management system deficient and inoperable, a recommendation for certification should either not be made. Depending upon the extent and nature of deficiencies, a recommendation for a supplementary audit for verification of corrective actions or re-audit may be made. In any case, a company will not be considered for grant of certification unless it has demonstrated effective implementation of the procedures for internal audits and the conduct of Management Review.

  4. Recommendation

    A clear and unambiguous recommendation must be made with defined time scales for corrective action.

  5. Follow up Action

    The report of audit shall be forwarded to the PCI office by the lead auditor within one week of the completion of audit together with other documents relating to the audit for certification decision. Where local practice requires the audit report is only submitted after closure of Nonconformity, the final report shall be submitted within 7 days of the closure of the Nonconformity.

  6. Certification decisions

    PCI has the responsibility of the decisions for granting the certificate and the certificate once issued is valid for 3 years. Decision of granting the certificate remains with Certification Manager who will be independent completely from the auditing activities and recording the result in the issue checklist, in the absence of Certification Manager the certificate issuance will be done by the operation manager, Certification Manager is responsible for granting, maintaining, renewing, extending, reducing, suspending and withdrawing of certification.
    The certificate will issue based on the information confirmed by the client When the Certificate has been signed, the operation manager send to the client the certificates and LOGO roles and regulations (PCIF05-wi 20) . Also he asked the client to send the feedback for the audit activities .On receipt of the feedback, it will be reviewed by TM for taking appropriate corrective actions for continuous improvement of PCI certification services. An unsatisfactory performance recording shall be treated as a complaint will be analyzed every year and the results reviewed during the Management Review Meeting.
    The operation manger maintains the Client file which includes:

    1. Application Form
    2. Signed Contract and quotation
    3. Contract Review
    4. The stage 1 report.
    5. The stage 2 reports together with CAR.
    6. Technical review checklist
    7. Copy of previous reports, closed CARS And certificate, in case of recertification or transfer
    8. A Copy of the Certificate.
    9. Client Feedback

  7. SURVEILLANCE AUDITS

    Surveillance audits shall be conducted at least once a calendar year, with the first surveillance after initial certification not more than 12 months from the certification decision date.
    The conduct of a Surveillance visit is similar to that of an initial audit in that it consists of an opening meeting, Audit and closing meeting. However, it is undertaken on a selected sample of the company’s activities.
    The Team Leader shall check if the company’s management system has been amended since the last visit. The effectiveness of the changes indicated will be verified by the Team Leader.
    The corrective action against the non-conformities identifies during the previous visits shall be verified to ensure that corrective actions have been effectively implemented, as per the agreed corrective action plan and the CAR closed out.
    It is a fundamental requirement that the following elements are checked at each visit:

    1. The verification and closing out of the corrective action of previously raised non-compliances.
    2. The company’s own system review procedure, including internal audits.
    3. Management Responsibility including review of the analysis of data and improvement Plans.
    4. Corrective Actions.
    5. Management Review.
    6. Changes required to Scope of Registration if any.
    7. Use/miss-use of logo with certificate number.
    8. Achievement of the measurable targets and objectives.
    9. Number of employees in the company
    10. Treatment of Complaints
    11. Objectives and targets
    12. Hazard identification and assessment of controls
    13. Legal and other requirements;
    14. The management system at temporary sites.
    15. The proposed sampling of multiple sites

    Other requirements of applicable Standard shall be sampled over the Program period. The areas covered at previous visits will be taken into consideration when deciding which areas to audit. It is intended that the implementation of the whole of the company’s documents Management system is verified by use of surveillance visits over a period of 3 years, after initial Audit.
    Corrective Action Plans arising from a surveillance visit must be returned, to the PCI office, by the company within 1 month from the date of Audit.

  8. REAUDIT FOR RENEWAL OF CERTIFICATION

    The recertification audit shall be planned 90-120 days from expiration date to allow closure of any NCRs, and any approval of corrective actions before expiration of current certificate.
    Following expiration of certification, PCI can restore certification within 6 months provided that the outstanding recertification activities are completed, otherwise at least a stage 2 audit shall be conducted. This will result in new cycle dates based on the new certification decision date.
    When appropriate, Stage 1 can be offered at recertification, where there have been significant changes to the management system or the organization of the client. This can be offered to large clients to perform a review of previous cycle performance. However, a Stage 1 is not normally required at recertification although it may be needed if there have been significant changes to the management system, the organization or context in which the management system operates.

    The purpose of a recertification audit is to evaluate the continued fulfilment of all of the requirements of the relevant management system standard. It provides for a review of the past performance of the management system over the period of previous certification, including examination of the documents/records relating to the internal audits, management review and effectiveness of corrective and preventive actions, etc.
    In the case of multiple site or certification to multiple management system standards being provided by the C.B., the planning for the audit ensures adequate on site audit coverage to provide confidence in the certification.
    The re-certification audit shall include on site audit covering the followings:

    1. Verification of management systems effectiveness w.r.t. change (internal and external) and applicability to the scope of certification
    2. Verification of the management commitment for overall performance improvement.
    3. Verification of the achievement of policies and objectives.

    In case of non-conformities observed during re-certification audit time limits are fixed for corrective action before the expiry date of certification.
    PCI makes the decision based on:

    1. Complaints received from users of certification
    2. Performance of system over period of certification.
    3. Results of the re-certification audit.

  9. Suspension, Withdrawal, Cancellation, Extension and Reduction of Certification:

    1. Suspension

      PCI shall suspend certification in the following situations: - The client's certified management system has persistently or seriously failed to meet certification requirements, including requirements for the effectiveness of the management system as verified by Team leader and reported to technical manager, - Any certified client does not allow surveillance or recertification audits to be conducted at the required frequencies despite several reminders and follow ups by operation manager, or - Certified client has voluntarily requested a suspension due to financial or other justified reasons.
      Under the status of suspension, the client's management system certification is temporarily invalid. PCI has enforceable arrangements with its clients to ensure that in case of suspension the client refrains from further promotion of its certification. PCI will make the suspended status of the certification publicly available by entering the name of client in the website and may inform the Customer’s clients/Impartiality committee and any other measures as suggested appropriate by the impartiality committee.

    2. Withdrawals

      Failure to resolve the issues that have resulted in the suspension in the time established by the PCI will result in withdrawal or reduction of the scope of certification as per the recommendation of the technical manager who refers to the lead auditor who will get in touch with the clients management and get the feedback on the necessary actions as were identified during the audit or as requested by the client.
      In most of the cases the suspension will not exceed 6 months unless specifically decided by certification manager as per the situation and gravity of the clients business operations and further guided by the impartiality committee members/expert panel.

    3. Cancellation

      The grounds for cancellation of certificate are as follows:

      1. In case the organization is not able to resolve the issue of suspension within 90 days from the date of suspension.
      2. The evidences submitted by the organization for the reason of suspension as defined above are not found satisfactory.
      Upon the cancellation the certificate will be surrendered from the client, the PCI website will be updated that the organization’s certificate is cancelled (not valid).

      After the cancellation of the certificate: - If the organization is found to use the certificate or certification information in any manner, legal action will be taken against the organization as per the contractual agreement

    4. Extension

      Upon the request of the client at any point of certification cycle, the scope of certification can be extended after the verifications conducted as per the PCI certification process.
      Examples of extensions can be addition of the site/unit, product line, business line, and this can be done by conducting the extra mandays of the audits as per the complexity of the extensions requested after arrangements with PCI operation manager.

    5. Reduction

      PCI will reduce the client's scope of certification to exclude the parts not meeting the requirements, when the client has persistently or seriously failed to meet the certification requirements for those parts of the scope of certification as reported by Team leader and confirmed by technical manager. Any such reduction shall be in line with the requirements of the standard used for certification. And a revised certificate will be issued and the register of clients and website will be updated accordingly. Plan of the surveillance will also be amended by operation manager with respect to the reduction of the audit man days/need of expert as per the situation of the unit/manpower of the client’s organisation getting affected due to the reduction.

    6. Short-notice audits (Special Audits)

      It may be necessary for the PCI to conduct audits of certifies clients at short notice to investigate complaints, or in response to changes, or as follow up on suspended clients. In such cases:

      1. The PCI shall describe and make known in advance to the certified clients the conditions under which these short notice visits are to be conducted, and
      2. The PCI shall exercise additional care in the assignment of the audit team because of the lack of opportunity for the client to object to audit team members.

  10. INFORMATION EXCHANGE BETWEEN PCI AND ITS CLIENTS

    PCI provides and updates clients on the following:

    1. Information on the various certification activities.
    2. Notice of changes by PCI.
    PCI has legally enforceable arrangement to ensure that the certified client informs PCI on matters related to management system certification changes

  11. Transfer of certification

    PCI may receive requests to take over an accredited certification of any organization certified by another accredited certification body for one or more of the following reasons: -

    a) Dissatisfaction with the services provided by the existing certification body.
    b) Loss of Accreditation
    c) Lack of Scope of certification body.
    d) Recognition, merger or restructuring involving the certificated organization
    e) Winding up of the existing certification body from the current location.

    PCI is responsible for ensuring that each certified organization complies with the Rules and Regulations of PCI accredited Certification Scheme, before transfer of certification from another accredited certification body, and this is recorded in the pre-transfer request All applications for transfer of certification shall be treated in accordance with IAF MD2

    Upon receipt of a request from any existing certified company for transfer of its certification to PCI via completely filled Application form. Based upon the information provided by the organization, a quotation will be prepared following a contract review by operation manager, based upon the following considerations:

    f) The audit man-days required for a review and assessment of the key elements of the applicants documented management systems based upon its manpower strength.

    The period remaining out of the three year term of validity of the currently held Certificate of Registration issued by another accredited Certification body and verifies the accreditation of the certificate whether it is an accredited Certificate or not. Also the certification body from which the organization was earlier certified has the accreditation from the IAF MLA or not.

    In this situation documents are reviewed and performance of past during the certification period is assessed and then decision is taken by certification manager whether to conduct the stage-I audit or based upon the past performance Stage-II audit can be done following the PCI methodology of the certification.

    It should be made clear to the client organization that Certificate to be issued by PCI. Upon transfer of certification will be valid up to remaining period of the previous Certificate, except where a complete reassessment has been conducted for renewal of certification.

    Upon acceptance of the fees proposals and agreement with PCI, Technical manager will arrange for the audit of the client’s documented quality system by a competent Lead Auditor, as per the contract review, on a mutually agreeable date.
    The Lead Auditor together with an audit team member, if required, will review the clients documented management system and assess the key elements of the system for effective implementation e.g. Management Responsibility, Internal Audit System, Customer Complaints, Corrective Actions, Document Control and Monitoring, Measurement and Analysis for continual improvement etc.
    The Lead Auditor will specifically review the reports of the previous surveillance audits and the corrective actions reports. Any outstanding non-conformity, together with any major non-conformity identified will require to be closed before recommendation for issue of certification is given.
    The Lead Auditor will complete the audit documentation as per PCI Assessment reporting formats including records of opening and closing meeting and forward the same to PCI office for verification for issue of certificates.
    It is the responsibility of the organization requesting transfer of certification to PCI to keep its previous certification body advised of its decision to transfer the certification to PCI and indemnify PCI from any claims for loss / disputes with the previous certification body.