The Certification Process will generally include the following steps:
Initial Information:
The process starts with the client’s needs and expectations. PCI wants to learn about the client’s organization, its management system, size and types of operation. Together both parties will define objectives for the assessment and/or certification, including applicable standards and specifications.
Offer and Contract:
PCI will provide a detailed offer for assessment and certification services, tailored to individual client needs, based on the information provided initially. A written contract will specify all relevant deliverables as well as applicable assessment and certification criteria.
Optional: Pre-Assessment,Project Planning
A pre-assessment can serve as initial performance or gap analysis, identifying strengths and areas for improvement. For larger assessment and certification projects a project planning meeting provides a valuable opportunity for the client to meet the lead assessor and develop a customized assessment plan for all functions and locations involved. Both services are optional.
Stage 1 Audit:
The assessment procedure itself begins with review and evaluation of system documentation, goals, results of management review and internal audits. During this process, it will be determined whether the client’s management system is sufficiently developed and ready for certification. The assessor will explain findings and coordinate any required activities to prepare for the on-site Stage 2 Audit.
Stage 2 Audit:
The assigned assessment team will assess the client’s management system at the place of production or service delivery. Applying defined management system standards and specifications, the assessment team will evaluate the effectiveness of all functional areas as well as all management system processes, based upon observations, inspections, interviews, review of pertinent records, and other assessment techniques. The assessment result, including all findings will be presented to the client during the closing meeting. Required action plans will be agreed upon as necessary.
System Evaluation:
The independent certification function of PCI will evaluate the assessment process and its results, and decide independently about issuance of the certificate. The client receives an assessment report, documenting the assessment results. When all applicable requirements are fulfilled the client also receives the certificate.
Surveillance Audit:
Either semi-annually or at least once per year, there will be an on-site assessment of the critical components of the management system. Improvement potential will be identified, with a focus on continual improvement and sustained effectiveness.
Re-Certification:
A management system certificate is valid for a limited period of time, frequently for a maximum of three years. At the end of this cycle, a re-assessment will be carried out to ensure the ongoing fulfillment of all applicable requirements. Subject to this fulfillment, a new certificate will be issued.