Terms and Definitions

Terms and Definitions are designed to assist in understanding the “language” of the certification/registration industry. Each definition is based on the expertise and understanding of of SQA management. Should any definition conflict with other definitions or interpretations contained in other “official” requirements, the definition in the “official” requirement takes precedence. In these cases, refer the question/conflict to SQA.

General Index:

  1. Third-Party Organizations

  2. Requirements

  3. Standards Nomenclature

  4. Audit Planning

  5. Certification Activities

  6. Certificate Issues

  7. Reports

  8. Compliance, Conformity and Non-conformity Terms and Related Assessment Actions


1. Third-Party Organizations

Accreditation Body:
An organization authorized by a national government to grant accreditation to certification bodies (registrars). In the United States, the accreditation body is ANSI/RAB (Registrar Accreditation Board). Although a registrar may have more than one accreditation, a Multilateral Agreement (MLA) through the International Accreditation Forum (IAF) exists among international accreditation bodies to ensure continuity in accreditation requirements and mutual recognition.

Approval Body:
Similar to an accreditation body, but sector-specific. For example, IATF 16949 is administered by the International Automotive Task Force (IATF), which has five oversight boards worldwide. In the United States, activities associated with this standard are administered by the International Automotive Oversight Board (IAOB).

Certification Body:
Also known as a “registrar”; an organization that is accredited by one or more accreditation bodies. Accreditation is granted based on assessment of the registrar’s management system relative to international standards such as ISO Guide 62 (for Quality Management Systems) and ISO Guide 66 (for Environmental Management Systems). This accreditation gives authority to grant certifications to organizations for one or more internationally recognized standards, such as ISO 9001:2000; ISO 14001, 1996; etc.


2. Requirements

There are five basic categories of requirements:

  1. The applicable standard, e.g., ISO 9001:2000, ISO 14001, 1996
  2. The SQA Description of, and Agreement for, Services
  3. The client’s own defined system
  4. Requirements imposed by the customer.
  5. Requirements of law and regulations.

Note-1: In the course of executing its assessment activities, SQA may issue a nonconformance against any of the first four requirements.

Note-2: Generally, laws and other government regulations are not treated the same as “requirements.” However, should a noncompliance with a law or other government regulation be observed during an assessment, it may or may not be deemed a nonconformance depending upon how the management of the organization has dealt with (or, will deal with) the problem.


3. Standards Nomenclature:

Environmental Management System; typically for conformance and certification to ISO 14001.

Quality Management System; may be one or more of the following: ISO 9001,  AS9100, IATF 16949.

Combined Management Systems; two or more management systems are in place, but no integration has taken place. For example, an organization is certified to ISO 9001:2000 and ISO 14001, 1996, but the organization operates each system separately. In this case, there are two completely separate systems.

Dual Quality Management Systems; two or more quality management systems are in place at the same time. For example, an organization may have  AS9100a in place at the same time. This is similar to a combined management system, the difference being that in this example, both management systems are quality related.

Integrated Management System; a single management system that addresses the requirements of both an EMS and QMS. One example of this would be ISO 9001:2000 and ISO 14001, 1996. Integration requires that as many of the common elements of both standards be integrated into one management system. Typical elements that are integrated include management review, internal auditing, calibration, corrective and preventive action, document control, and others. The existence of two separate management systems is not the same as one integrated system. (See “Combined Management Systems.”) Even though an organization may have an integrated management system, SQA will issue a separate certificate for each standard.


4. Audit Planning

Audit Plan:
A formal description of the assessments activities that will be executed. Audit plans typically include: the standard, auditor identification, dates, identification of the client, location of the client, the number of employees and requirements that will be assessed.

Audit Schedule:
A list of dates, times and elements or process that will be assessed.

Central Office:
A core group of personnel that is highly dedicated to executing activities for the main manufacturing or service providing facility. This group may consist of top management and/or other functions, such as purchasing, training, internal auditing. Also, the central office is responsible for monitoring the activities of all related sites as their performance relates to quality and delivery issues, with emphasis on corrective actions. Central office activities are always included in the initial assessment, and, as a minimum, on an annual basis during the surveillance phase of each three-year certificate period.

Number of Employees:
The total number of employees within the management system necessary for the effective functioning of that system. They include full time, part time, seasonal, and temporary personnel on all shifts. This number is used as one key factor in determining the duration of all assessment activities. Should it increase or decrease, the number of audit-days may be affected accordingly.

Permitted Operations:
(Applies to EMS only): One of the criteria used to determine the complexity of an organization relative to its potential impact upon the environment. A “permitted operation” is one where the organization is mandated by law or regulation to measure and report resultant data to a governmental authority. (For counting purposes, if an organization has five electroplating lines, each requiring monthly measurements and reporting, this would count as one “permitted operation” – plating. However, if an organization has one plating line, one chemical conversion line, and one water treatment plant, each requiring monthly measurements and reporting, this would count as three “permitted operations”.)

In the strictest sense, any activity that has inputs, transformation activities, and outputs. However, from a practical perspective, a process is a major grouping of generally related activities. For example, the process manufacturing at a stamping company may consist of coil loading, die setting, first-piece sample, approval, stamping, drawing, degreasing, and packaging; the process sales may consist of order taking, contract review, issuance of shop orders, communication; the process design may consist of customer input, market research, preliminary concept, project submittal, project approval, design, checking, review, prototype, verification, validation, change control. In the service sector, a process will be much the same. For instance, a hotel could have a major processes called housekeeping that would consist of accessing the room, replacing linens, vacuuming, dusting, replacing toiletries, etc.

Readiness Review:
A special requirement for IATF 16949 assessments in which the auditor will determine if an organization is ready for the initial or upgrade assessment no more than 90 days prior to the event. This review requires that at least 12 months of performance data (quality and delivery) is available as well as other information such as internal audit results, management review, etc.

Remote (or support) Sites:
Off-site facilities where specific activities that are an integral part of the overall management system are located. Typical activities may include design, purchasing, sales. Other activities may also be executed on a remote basis, as defined by the specific organizational structure. Remote site activities are always included in the initial assessment, and, as a minimum, on a once-every-three-year basis during the surveillance phase of each three-year certificate period – with one major exception: design activities must be assessed annually during the three-year certificate period. NOTE: In most cases, these remote sites cannot achieve certification on their own. Their activities must be tied to one or more manufacturing or service facilities.


5. Certification Activities

Certification Process:
The registrar’s course of action for certifying an organization to a nationally or internationally recognized standard for which the registrar is accredited. This mandatory course of action includes a document review, an on-site assessment and a final report of the objective evidence. This will be followed by surveillance and re-certification assessments for maintaining the validity of the certificate.

Document Review:
A required assessment of a documented management system executed to determine the level of conformity with a standard’s applicable requirements for documentation. The documents typically include policies and procedures but may also include instructions and forms. These documents must be formally approved prior to a recommendation for certification.

A discretionary and preliminary assessment of a management system to help determine if there may be any glaring errors or omissions; it is not part of the official certification process. Hence, any audit-days utilized for pre-assessment may not be counted toward the required days for the certification assessment. Also, the results of the pre-assessment cannot in any way influence the actual certification assessment. Pre-assessments may be conducted as a desk audit – also called a perception audit, or as a mini-audit, also called a rehearsal audit.

Initial Assessment:
Typically conducted after the official document review; the first time the entire management system is assessed for certification. For a QMS, this activity is termed the certification audit. For an EMS, it is termed the Stage-2 audit. Conclusions will be based upon interviews with multiple personnel from all applicable functions, as well as a review of applicable records. The intent of this assessment is to validate, to interested parties, that the management system conforms with the requirements of the organization’s designated standard(s).

The first part of a two-part initial assessment process for an environmental management system. During this part, the EMS will be assessed for readiness. This will consist of a review of the management system documentation, current environmental permits and associated records, a facility review, a grounds review, and a review of internal audits and management review records.

The second part of a two-part initial assessment process for an environmental management system. During this part, the EMS will be assessed for implementation and effectiveness. Conclusions will be based on interviews with numerous personnel from all levels of the organization and a review of records.

Surveillance Assessment: 
Annual or semi-annual assessments conducted to validate the ongoing conformance, improvement and effectiveness of a certified management system. For each assessment, the auditor will select a sampling of the elements or clauses of the applicable standard, or, management system processes. The selected sampling is at the auditor’s discretion and will be based on the management system’s performance, previous audit results, findings uncovered during the surveillance, among others. However, it is typical that certain “core elements” will be assessed to a limited degree, e.g., internal audits, management review, corrective actions.

Re-Certification Assessment:
A mandatory assessment activity conducted once every three years, in the third year of the three-year certificate period. The length of this assessment will be two-thirds of the time required for an initial assessment and is based on conditions as they exist at the time of the re-certification assessment. All elements, clauses or processes of the management system will be assessed to ensure that the system remains effectively implemented and can be renewed for another three-year certification period.

Assumption Assessment (Applies to a certified organization seeking to change registrars.): 
An audit conducted by one accredited registrar when “taking over” or assuming another accredited registrar’s certificate. The one-day assumption audits include a review of previous audit reports and nonconformities from the existing registrar as well as a review of customer performance metrics, internal audit reports and management review records, although it may include more as warranted by the governing assumption rules of the standard to which the organization is currently certified.

Upgrade Assessment:
A change from one revision level of a standard to a newer level. For instance, changing from ISO 9001:2008 to ISO 9001:2015 with design; or to IATF 16949,2002. Revisions typically happen once every five to seven years.

Scope Change Assessment:
Audit activities associated with assessing significant changes in a certified management system. Examples of such changes include, but not limited to: the addition of a new manufacturing process; inclusion of a new facility on an existing certificate; change of company ownership, etc.

Process Audit:
An approach to auditing based on inputs, activities, and outputs, all of which are supported by objectives and other metrics. The focus is to assure the flow of information and associated product or service is such that the quality and delivery of the product or service is maintained throughout the process; the interaction between functions is paramount.


6. Certificate Issues

Certificate Term:
The limited amount of time for which a certificate is issued by a Certification Body. In most cases, certificates are issued for three-year terms. During this period, the certificate remains valid provided it is not de-listed or withdrawn. When an existing certified QMS is upgraded to IATF 16949, a new three-year certificate period will be started.

Scope Statement:
A written statement that defines the limits of the certification – what is included and excluded. It may make reference to support facilities, as applicable. It should make reference to what an organization manufactures or what service it provides. It should never contain qualitative terms such as best, high-quality, ultra, excellent. If the organization is responsible for design activities, the word “design” must be included in the statement. If the organization is not responsible for design, the word “design” may not appear in the scope statement.

Unacceptable: “Producer of high quality injection molded parts, supported by world-class design activities, serving only the finest automotive manufacturers.”

Acceptable: “The design and manufacture of injection molded products for the automotive industry; with sales and purchasing services provided by our corporate facility in Akron, OH.”

Multi-Site Schemes (Does not apply to automotive, e.g.,  IATF 16969):
Exist with organizations that have multiple facilities in various geographic locations, all of which perform predominantly the same type of service or manufacture similar products. In addition, the facilities utilize similar processes, and the management system is centrally managed and administered. Certification, surveillance and re-certification assessments are generally done on a sampling basis, that is, not all sites need to be assessed by the certification body. (Exception: The “central office” must be assessed annually, and remote support sites must be assessed at least once during each three-year certificate period.) However, it is required that the organization perform its own internal audit and management review for all sites to be included in the multi-site scheme prior to granting certification. One certificate will be issued listing the sites included; an appendix may be required.

Corporate Schemes (Generally, limited to automotive, e.g.,  IATF 16949):
Exist with organizations that have multiple facilities in various geographic locations, all of which are centrally managed and administered and adhere to the same management system. Sampling of sites is not permitted, however, a reduction of audit days for each site may be granted. Also, it is not required that each site within the corporate scheme produce similar products via similar processes, as is the case in multi-site certifications. One certificate will be issued listing the sites included; an appendix may be required.

Timing (issuance of the certificate):
Three weeks following the closing meeting, provided there is a recommendation for certification. If there are open nonconformities at the time of the closing meeting, the certificate will be issued within three weeks after the lead auditor has delivered all required objective evidence to the SQA office. (The client will receive advance notice of the certificate number. They will also be asked to review and approve a draft copy of the certificate; delivery of the final, official certificate will be influenced by the turn-around time for this client review.)

Updated certificates due to scope changes or updates to standards are also issued within three weeks after the lead auditor has delivered all required objective evidence to the SQA office. Updated certificates due to re-certification will be delivered one month prior to the expiration date of the current certificate, provided all open nonconformities are closed and the lead auditor has delivered all required objective evidence to the SQA office.

The Certificate:
Contains some basic information - client identification; standard; scope statement; certificate number; original, current and expiration dates; one or more accreditation/approval marks; the SQA mark. New clients will receive two framed certificates and one un-framed certificate (for copying purposes). Three copies of renewed or re-issued certificates will be delivered, without frames.


7. Reports

Final Report:
The formal documentation of all assessment activities leading up to and including the initial and/or Stage-2 assessment. This provides evidence to official, authorized parties that a legitimate assessment has been conducted by qualified auditors. It is also used by the Certification Panel as one of the main parts of the decision making process that leads to certification.

Surveillance Report:
Similar to a Final Report, only less detail is required; contains a recommendation regarding continuation of certification during the current three-year period; is also used for upgrades and scope changes.

Re-Certification Report:
Similar to a Final Report, only less detail is required; contains a recommendation regarding continuation of certification for a new three-year period.

Assumption Report:
The report that results from the initial assessment executed for the purpose of assuming a certificate from another registrar, which is generally limited to a review of the two most current surveillance reports, any outstanding corrective actions, the initial certification report, and a general review of the organization’s current performance relative to quality, customer satisfaction, and delivery.

Special Investigation Report:
A non-standard assessment. Such assessments are typically executed to verify the effectiveness of customer-imposed sanctions, e.g., new business hold-quality.


8. Compliance, Conformity and Non-Conformity Terms and Related Assessment Actions

Adherence with requirements of standards, e.g., ISO 9001,  etc.

Adherence with requirements of laws and government regulations.

Opportunity for Improvement (OFI):
A situation or condition of a management system that may be weak, cumbersome, redundant, overly complex, or in some other manner, may, in the opinion of the auditor, offer an opportunity for an organization to improve its current status. These OFIs do not require any action on the part of the organization, however, the organization should give them serious consideration in view of the auditor’s knowledge and exposure to similar systems. An OFI may be an improvement to the management system or could prevent future problems.

Minor Nonconformance:
A nonconformity that, based on the judgment and experience of the auditor, is not likely to result in the failure of the management system or reduce its ability to assure controlled processes or products. It may be either:
- A failure in some part of the supplier's management system relative to a specified requirement.
- A single observed lapse in following one item of a company's management system.

Major Nonconformance:
A nonconformity that is either:
- The absence (omission, not addressed) or total breakdown (commission, failure, not implemented) of a system to meet a specified requirement. A number of minor nonconformities against one requirement can represent a total breakdown of the system and thus be considered a major nonconformity.
- Any noncompliance that would result in the probable shipment of a nonconforming product. Conditions that may result in the failure of or materially reduce the usability of the products or services for their intended purpose.
- A noncompliance that, in the judgment and experience of the auditor, is likely to either to result in the failure of the management system or to materially reduce its ability to assure controlled processes and products.

Corrective Action Assessment:
Assessment time resulting from the issuance of a Corrective Action Request (CAR). This is used for the purpose of reviewing objective evidence for the closure of a CAR, and is generally in addition to the regularly scheduled initial or surveillance assessment times. In the case of IATF 16949 assessments, it is mandatory that this time be in addition to any regularly scheduled assessment time. Approval of action requires that the auditor assess the action for implementation and effectiveness. It may be conducted on or off-site, depending upon the severity of the nonconformance.

Quality Alert Status:
Notification to top management that the quality and/or environmental management system has been found by the SQA auditor in a state of degradation, as evidenced by a series of minor nonconformance's, a major nonconformance, or other serious breakdown.

Probation Status (Limited to automotive standards, e.g.,  IATF 16949.):
Official notification by the registrar to top management and other concerned parties that the organization’s certification is in jeopardy due to: a failure to close a minor nonconformity within a given time period, an issued major nonconformance or a customer imposed sanction. If the situation is not corrected in a specified amount of time, the certification status will change to de-listed and the certificate will be withdrawn. Alternatively, the rescinding of “probation status” requires an assessment of the corrective action for implementation and effectiveness; may also require removal of the customer-imposed sanctions.

Suspension Status:
The same as “Probation Status,” except that this term is primarily used for all non-automotive certifications.

De-listed Status:
Official notification that the certificate is no longer valid or recognized. This may be due to “probation” or “suspension” not being resolved within the required time frame. It may also be imposed based on the organization’s request. Or, it may be imposed by the registrar as the result of other issues such as failure to comply with the SQA Agreement for Services.