Requirements for granting multisite certification

1.0. Purpose:
To document, establish, implement and maintain the system for conducting the audit of a multi-site organization, in accordance with requirements of ISO/IEC 17021 & IAF MD 01 Mandatory Document for the Certification of Multi-site based on sampling.
2.0. Scope:
This procedure is applicable to the audit of a multi-site as defined in section 4.1.1, and does not apply to organizations that have multi-sites where fundamentally different processes or activities are used at different sites or a combination of sites, even though they may be under the same management system. This procedure is applied to all types of audits, initial surveillance and re-certification of a multi-site organization.
3.0. Responsibility:
Quality Manager
4.0. Procedure:
4.1. General requirements
4.1.1. Multi-site organization is defined as an organization having an identified central function (central office) at which certain activities are planned, controlled or managed and a network of local offices and branches (sites) at which such activities are fully or partially carried out. Examples of possible multi-site organizations are: –

  1. Organizations operating with franchises.
  2. Manufacturing companies with a network of sales offices (applying to sales network).
  3. Service organizations with multiple-site offering a similar service.
  4. Companies with multiple branches.

4.1.2. A multi-site organization need not be a unique legal entity, but all sites shall have a legal or contractual link with the central office and be subjected to a common management system. The management system is laid down, established and subject to continuous surveillance and internal audits by the central office. This means that the central office has rights to ensure that the sites implement corrective actions when needed at any site.
4.1.3. The processes at all the sites have to be substantially of the same kind and have to be operated to similar methods and procedures. Where some of the sites under consideration conduct similar, but fewer processes than others, they may be eligible for inclusion provided that the site or sites, which conduct most processes or critical processes, are subject to full audit. All the sites shall be in the same country.
4.1.4. Organizations which conduct their business through linked processes in different locations, are also eligible for sampling under multi-site. Where processes in each location are not similar but are clearly linked, the sampling plan shall include at least one example of each processes conducted by the organization (e.g. fabrication of electronic component in one location, assembly of the same components – by the same company in several other locations).
4.1.5. The organization’s management system shall be under a centrally controlled and administrated plan and be subject to central management review. All the relevant sites including the central office shall be subject to the organization’s internal audit program and all sites have been audited prior to certification audit. Following certification an internal audit shall be done at each site within the certification period.
4.1.6. The central office has established management system in accordance with the relevant ISO and/ or other international management system standards and the whole organization meets the requirements of the standard including relevant legal regulations.
4.1.7. The organization should demonstrate its ability to collect and analyze data (system documentation and changes, management review, complaints, corrective actions, internal audit, legal requirements etc.) from all sites including the central office and its authority and also demonstrate its authority and ability to initiate organization changes if required.
4.1.8. If all the sites of an organization where the activity subject to certification is performed and not ready to be submitted for certification at the same time, the organization shall be required to inform NGCL in advance of the sites that it wants to be included in the certification and those which are to be excluded.

4.2. Audit process
4.2.1. In case of a multi-site organization the application review & agreement are conducted as per procedure QP-03. At this stage the review shall identify the following: –

  1. The complexity and the scale of the activities covered by the management system and any differences between sites as a basis for determining the level of sampling.
  2. Identify the central function of the organization with which NGCL has a legally enforceable agreement for the provision of certification.
  3. To what extent sites of an organization operate substantially the same kind of processes according to the same procedures and methods.
  4. Are all the sites included in the certification ready to be submitted for certification at the same time. Sites not ready shall be excluded from the scope of certification.

4.2.2. The planning & preparation for audit including selection of audit team are done as per documented procedure QP-05. 
4.2.3. The audit of the multi-site including stage-1 and stage-2 audit is performed as per the procedure for initial audit, Q-06. If more than one audit team is involved in the audit, NGCLshall designate a unique audit leader whose responsibility is to consolidate the findings from all audit teams and to produce a synthesis report (FT-44).
4.2.4. The central office and the sites selected are audited as per this procedure.
4.2.5. Whenever any non-conformity is found at an individual site, either through the organization’s internal auditing or auditing by NGCL, the auditor shall investigate whether it leads to a system deficiency affecting all other sites or limited to the particular site only. If it is found a system deficiency correction and corrective action should be performed both at central office and at the individual sites. If the corrective action is found limited to only the site where the nonconformity has been reported, the auditor should seek the justification for limiting its follow up corrective action.
4.2.6. The auditor shall verify the evidence of these actions and accordingly increase its sampling frequency and/ or the size of the sample until it is satisfied that the control is re-established.
4.2.7. At the time of the decision making process, if any site has nonconformity pending the certification shall be denied to the whole network pending satisfactory corrective action.
4.2.8. If any site has nonconformity, the exclusion of that problematic site from the scope is not permitted at this stage. Audit exclusion should have been agreed before the certification as stated in 4.2.1. (d).

4.3. Certification Document
4.3.1. The certification documents are issued as per NGCL procedure (QP-11). The sites included in the certificate are either individually audited or audited as per sampling scheme outlined in section 4.4.
4.3.2. These documents shall identify the central office and a list of all sites to which the certification document relate. This document shall indicate clearly the certified activities performed by the network of sites on the list. If the certification scope of the sites is only issued as part of the general scope of the organization, its applicability to all sites shall be clearly stated.
4.3.3. The certificates may be issued to the organization for each site under condition that they contain the same scope or sub-scope of that scope and make a clear reference to the main certification document.
4.3.4. NGCL shall withdraw the entire certificate if the central office or any of the sites does not fulfill the necessary provisions for the maintenance of the certification.
4.3.5. NGCL shall inform the organization, through document (PD-04), about additional requirements for granting multi-site certification and this document shall be sent along with the quotation (Procedure QP-03). This document shall also be made publicly available on the NGCL website.
4.3.6. NGCL shall grant additional sites to the existing certification either through the routine surveillance (QP-08), special audit (QP-07) or re-certification audit (QP-09). Sampling for the additional sites shall be done as specified in section 4.4 & 4.7.

4.4. Sampling
4.4.1. Methodology
4.4.1.1. Part of the sample shall be selected based on factors stated in section 4.4.1.3. and partly non-selective and should result in a representative of different sites selected, including the random element of sampling.
4.4.1.2. At least 25% of the sample should be selected at random.
4.4.1.3. The site selection may include among others the following aspects: –

  • Results of internal audit sites and management reviews or previous certification audits.
  • Records of complaints and other relevant aspects of corrective and preventive action.
  • Significant variations in the size of the sites.
  • Variations in shift patterns and work procedures.
  • Complexity of management system and the process conducted at the sites.
  • Modifications since the last certification audit.
  • Maturity of management system and the process conducted at the sites.
  • Differences in culture, language and regulatory requirements, and
  • Geographical dispersion.

4.4.1.4. It is not necessary to select the sites before starting of the audit process but can also be done after the audit of the central office. The central office needs to be informed of the sites to be included in the certification anyhow. This can be on relatively short notice but should allow adequate time for the preparation of the audit.
4.4.2. Size of the Sample
4.4.2.1. NGCL shall maintain records of multi-site sampling justifying it in accordance with this procedure. 
4.4.2.2. For management systems other than FSMS: The following calculation is an example based on the example of a low to medium risk activity with less than 50 employees at each site. The minimum number of sites to be visited per audit is as under:-

  1. Initial audit: The size of the sample should be square root of the number of remote sites (Y = √X), rounded to the upper whole number (X= number of remote sites, Y= sample size).
  2. Surveillance audit: The size of the annual sample should be square root of the number of remote sites with 0.6 as a coefficient. (Y =0.6 √X), rounded to the upper whole umber.
  3. Re-certification audit: The size of the sample should be the same as the initial audit. Nevertheless, where the quality management system has proved to be effective over period of three years, the size of the sample could be reduced by a factor 0.8 (i.e. Y= 0.8 √X), rounded to the upper whole number.

4.4.2.4. The central office shall be audited during every initial certification and re-certification audit and at least annually as part of surveillance.
4.4.2.5.NGCL shall increase the size or frequency of sample based on the risk analysis of the activity covered by the organization’s management system, under special circumstances in respect of the following factors: –

  • The sizes of the sites and the number of employees (e.g. more than 50 employees on a site).
  • The complexity or risk level of the activity and of the management system as defined in WI-03, for the different management system.
  • Variations in working practices (e.g. shift working).
  • Variations in activities undertaken.
  • Records of complaints and other relevant aspects of corrective and preventive action.
  • Any multinational aspects.
  • Results of internal audit and management review.

4.4.2.6. When the organization has a hierarchical system of branches (e.g. Head or central office, National Offices, regional offices, local branches), the sampling model for the initial audit as defined above applies at each level.
For example, (for other management systems except FSMS)

  • 1 Head office: visited at each audit cycle (initial or surveillance or re-certification).
  • 4 national offices: sample = 2: minimum 1 at random.
  • 27 regional offices: sample = 6: minimumc2cat random.
  • 1700 local branches: sample = 42: minimum 11 at random.

4.5. Audit times
4.5.1. NGCL shall justify the time spent on multi-site audits in FT-04 and the number of man days per site, including central office shall be calculated as per procedure QP-04, procedure for determining auditor time.
4.5.2 NGCL may apply reduction in auditor time from that sent out in QP-04 taking into account clauses that are not relevant to the central office and/ or the local sites and shall record the reasons for the justification of such reductions in FT-04. The sites, which carry out most or critical processes, shall not be subject to reductions.
4.5.3. The total time spent on initial assessment and surveillance is the total sum of the time spent at each site plus the central office and should never be less than that which would have been calculated for the size and complexity of the operation if all the work had been undertaken at a single site (i.e. with all the employees of the company in the same site).

4.6. Temporary site
4.6.1. A temporary site is one set up by an organization in order to perform specific work or a service for a finite period of time and which will not become a permanent site (e.g. construction site).
4.6.2. Temporary sites that are covered by the organization’s management system may be subject to audit on a sample basis to provide evidence of the operation and effectiveness of the management system.
4.6.3. If the organization desires to include the temporary sites within the scope of certificationNGCL shall do so under an agreement with the client organization. Where included in the scope such sites shall be identified as temporary.
4.7. Additional sites
4.7.1. It is a new site or group of sites that will be added to an existing certified multi-site network.
4.7.2. On application of a new group of sites to join an already certified multi-site network, each new group of sites should be considered as an independent set for the determination of the sample size as per the steps detailed in sections 4.4.1 & 4.4.2.
4.7.3. After inclusion of the new group in the certificate, the new sites should be cumulated to the previous ones for determining the sample size for the future surveillance or re-certification audits.
5.0 Records

  1. FT-44, synthesis report.
  2. Other records as per procedures QP-03, QP-04, QP-05, QP-06, QP-08, QP-09.

6.0 References

  1. QP-03, Procedure for application review, quotation & agreement.
  2. QP-04, Procedure for determining auditor time.
  3. QP-05, Procedure for planning & preparation of audit.
  4. QP-06, Procedure for initial audit.
  5. QP-08, Procedure for surveillance audit.
  6. QP-09, Procedure for re-certification audit.
  7. PD-04, Requirements for granting multi-site certification.
  8. QP-11, Procedure for Granting, Maintaining, Renewing, Extending, Reducing, Suspending and Withdrawing of Certification.
  9. WI-03, Work instruction – certification panel.