Crt_f_04 04e.pdf

Testing and Certification Regulations
TÜV SÜD Group
These Testing and Certification Regulations apply to the TÜV SÜD Group. Specifically for the following companies: TÜV SÜD Management Service GmbH www.tuev-sued.de Hereinafter solely and jointly referred to as TSC (TÜV SÜD Company). The Testing and Certification Regulations apply to: - the testing and certification of products, services and projects (hereinafter - the auditing and certification of management systems (hereinafter referred to as These Testing and Certification Regulations shall replace previous versions and become effective on 15th December 2012 and remain valid until a new version is issued. In case of doubt, the German version shall be authoritative for work related to Certification Bodies located in Germany. For all other Certification Bodies the version in English shall be authoritative. These Testing and Certification Regulations apply under the legal system of the relevant Certification Body’s location as appropriate for the requested service. These Testing and Certification Regulations are formed of a number of modules; in general module A applies to all TSC; The remaining modules apply as appropriate and may amend, replace or declare regulations to be not applicable in other modules. In the context of C-modules the references to Certification body or TSC shall be construed as references to the concerned certification body. If there are any conflicts between the respective C-module and other sections of this document the respective C-module shall take precedence. Contents
Module B2) Special Regulations for management system auditing Module C2) Special regulations for the auditing and certification of specific management systems by TÜV SÜD Management Service GmbH (TUV SÜD MS) Module A) General regulations
These Testing and Certification Regulations apply to tests, audits, conformity assessment procedures as per EC directives, or on basis of other appointments as well as all other certification activities carried out by TSC. The services offered by TSC also include information on normative requirements or approval procedures. On issue of the first certificate, the client automatically becomes a TÜV SÜD certification-system partner and remains so for as long as at least one certificate is valid. A certificate only becomes valid after all financial and technical requirements in connection with the test/audit and product/system certification have been fulfilled. If a certificate is awarded subject to certain requirements, the certificate holder undertakes to satisfy these requirements within the defined deadlines. Prior to placing an order, the client shall inform TSC of the name and relevant activities of any other organization which has already tested/audited/certified or is in the process of testing/auditing/certifying the same product or system in a similar way. With each order the client agrees to comply with the current version of these Testing and Certification Regulations as terms of the contract. Existing contractual relationships are governed by the respectively valid versions of these Testing and Certification Regulations. Up-to-date versions of these Testing and Certification Regulations can be accessed on the Internet as listed under the specific TSC on the table on page 1 or can be sent on request. The Certification Body of the relevant TSC evaluates the documents submitted by the testers/auditors. It decides whether a certificate is to be issued and handles disagreements/appeals concerning certification via the appropriate procedure. Appeals and Complaints shall be addressed directly to the Certification Bodies of the respective TSC. The Certification Bodies maintain documented procedures governing the handling of Objections and Complaints Management. A description of these procedures is made available to the public. The Certification Body will forward complaints about certified clients within an appropriate period of time to the certified clients in question. Certificates, certificates of conformity, test certificates based on EC Directives, standards or other criteria relate to the version of the relevant Directives, standards or other criteria valid on the date of issue of the certificate. The Certification Body only issues a certificate or another attestation if the product or system fulfills all certification-relevant legal requirements, applicable standards, and other certification-relevant criteria at the time of its issuance. A granted certificate makes no statement on the marketability of a certified product. The time of placing the order or conclusion of the contract is irrelevant in this regard. The holder must at all times associate the certificate with any annexes issued with it. The certificate (and any duplicate certificates) is not transferable and shall remain the property of TSC. Certificates only relating to EC-directives do not entitle the holder to use a TÜV SÜD certification mark. Any CE marking that may prove necessary falls solely under the responsibility of the persons indicated in the relevant Directive. The client shall ensure that auditors/representatives of the authorized bodies (e. g. authority, accreditation body or certification scheme owner) are entitled to participate in so called observed audits on the business premises of the client/manufacturer and/or their subcontractor/supplier. Where on-site activities (e. g. audits, inspections) conducted by TÜV SÜD personnel require personal protective equipment, TÜV SÜD and the client shall agree upon supply of such in advance of any visit. If a hard copy of a test/audit report is produced in addition to a computer copy, the hard copy test/audit report represents the legally binding document. Each certificate is subject to the existence of a valid certification contract/order. The certification contract/order/membership in the certification system may be terminated in whole or in part: if the individual contractual regulations, guidelines/regulations of the Certification Bodies or other authorized bodies (e. g. authorities, accreditation bodies or certification scheme owner) do not define other periods of notice: I. by termination without cause
a. for system-certifications: with three (3) months notice to the next scheduled audit date (for the surveillance respectively the recertification audit) by the certificate holder or the TSC. b. for product-certifications: with two (2) months notice to the end of the respective calendar year by the certificate holder or with one (1) year notice to the end of the respective calendar year by the TSC. c. System Certificates based upon EC directives are handled by II. by termination for cause at the terminating party´s choice with or
without notice, in particular (but not only) in case the certificate issued on the basis of the certification contract/ order may be withdrawn, revoked or restricted according to the following regulations in paragraphs A-2.1 – A-2.3. Terminations have to be made in writing. If the validity of a certificate ends - for whatever reason - the underlying certification contract/order with respect to such certificate ends accordingly at the same time. In case where the holder’s last remaining certificate is no longer active, the membership of the holder in the certification-system of TÜV SÜD is suspended. Any outstanding fees are still due. Any costs incurred for imminent surveillance or auditing/testing of the certified system or product may still be billed. The requirements of these Testing and Certification Regulations stay valid until three (3) years after the end of the certification contract/order and/or in the case of expiration, revocation or withdrawal of a certificate the related part of the contract/order. Should any individual provision of this Testing and Certification Regulations or any part of any provision be or become void or unenforceable, the validity of the remaining Testing and Certification Regulations hereof shall in no way be affected. In such case the void and/or unenforceable provisions shall be replaced by relative provisions coming as close as possible to the sense and spirit and purpose of the void and/or unenforceable provision. Expiry, withdrawal, revocation, restriction or suspension of
certificates
A certificate expires automatically or is deemed to be withdrawn if the indicated period of validity expires or in other ways the contractual basis for the use of the certificate and/or certification mark is omitted; the certificate holder becomes subject to bankruptcy laws or makes any arrangements with their creditors; or who has a receiver or administrator appointed for their business and the certificate holder does not inform in writing the relevant Certification Body within 4 weeks; the certificate holder discontinues the relevant business operations; the requirements change on which the certificate is based (e.g. from authority, accreditation body, certification scheme owner, the codes of practice etc.) and the certificate holder is unable to demonstrate within a defined time period at the certificate holder's expense that the product or system conforms to the new requirements through TSC re-testing or re-auditing; the underlying (basic) certificate becomes invalid; the certificate holder is obliged to withdraw the product/certified service from the market. The Certification Body in the related TSC is entitled to withdraw or revoke a certificate at its own choice with or without notice if further use of a certification mark/certificate is no longer justified, i.e. no longer meaningful within the market context or is prohibited by law; in such cases, TSC will provide an alternative mark, if possible; misleading or unauthorized advertising is conducted, specifically in connection with certification marks or certificates, or certification marks or certificates are misused, or legal requirements not met when a product is marketed; or such misuse is tolerated by the certificate holder; A-2.2.3 the certificate holder fails to pay outstanding invoices within 4 weeks to TSC, despite receiving reminders to that effect. Failure to make partial payments may also lead to withdrawal of all certificates; A-2.2.4 the certificate holder files for insolvency or similar proceedings or the opening of such proceeding is rejected for lack of assets; A-2.2.5 the certificate holder violates these Testing and Certification Regulations and/or the related part of the business contract/order, unless such violation is due to isolated careless or insignificant acts; TSC has the right but no obligation to give the certificate holder a respite to fix the violation. A-2.2.6 the Certification Body forms the opinion that the certified product or system does not comply with the standard, or with any amended or new edition of the standard within the period of time allowed to the holder by the Certification Body to adapt the product or system, or that the holder has breached any of the conditions endorsed on the certificate; A-2.2.7 the certificate holder makes untrue statements to TSC or withholds important facts from TSC relevant to the basis for the certification; A-2.2.8 the certificate holder fails to comply with these Testing and Certification Regulations and/or a related part of the business contract/order (e. g. the relevant actual prices and fees) within 6 weeks after such amendments have come into effect or within 6 weeks after the certificate holder has had the possibility of taking note of them; A-2.2.9 it comes out that the certificate holder did not fulfill the requirements for the certificate issue right from the start. In addition to the reasons noted in the above cases (A-2.1 and A-2.2) certificates may with regards to time and content be restricted or suspended. The Certification Body of the related TSC is entitled to publish details of the expiry, withdrawal, revocation, restriction and suspension of a certificate. Continued advertising or other use of the certificate/mark or the name of TSC is prohibited in all such cases. A certificate that has expired, has been withdrawn, or has been revoked shall be immediately returned to the Certification Body and/or destroyed upon the Certification Body’s written request. License fees paid in advance shall not be reimbursed; those not yet been paid shall be paid in full. Apart from cases of willful intention and gross negligence, TSC shall not be liable for any disadvantages arising for the client from non-issue, expiry, withdrawal, revocation, restriction or suspension of a certificate. Advertising; publishing of certificates, certification marks and test
reports; information
A certificate or mark referring to a management system may only be used to promote the system concerned. A product certificate (in as far as a mark is approved) or a product mark may only be used to promote the certified product. Product-related advertising using a TSC mark is not permissible in cases where only a certificate of conformity or management system certificate has been issued. In the non-regulated area, TSC certification marks document optional certification, which is identified accordingly. The correct marking and related communication is not in the responsibility of TÜV SÜD. The certificate holder assumes full and complete responsibility for the use and the legitimacy of all statements concerning the issued certificate, certification mark or test/audit report about a certified system/product as well as for the correct application/publicity by their customers. Specifically, when promoting a product which has been voluntarily tested, all advertising must indicate this voluntary aspect as well as the standard or entity that has issued the standard. Test/audit reports prepared by TSC may only be quoted with their exact and complete wording, giving the date of issue. Use of the test/audit report prepared by TSC or the name of TSC for advertising purposes is in any case subject to prior written approval. TSC is entitled to publish the names of certificate holders, tested products and audited management systems and the like for consumer information and advertising purposes. The Certification Body shall keep all other records about clients and certified products and systems confidential unless instructed to the contrary by a court or authorized body (e. g. authority, accreditation body or certification scheme owner) or is by other means legally required. All employees of TSC and their agents are bound by confidentiality requirements to this effect. The certificate holder receives the non-exclusive right to use the certification mark according to the directives of TSC for advertising purposes. This right is limited to the period of certificate validity. The certification mark may not be associated or combined with any other element (e. g. logo, statement or graphics) in a misleading way. The certification mark may only be displayed as shown on the certificate. Neither the content nor the design of the certification mark may be changed and if the size is changed, the proportions must remain the same. In particular, no text may be added to the certification mark. The certificate holder undertakes to indemnify TSC against all claims by third parties arising as a result of the use of the certification mark and/or certificate contrary to contract. The same applies to all claims by third parties against TSC arising as a result of advertising statements made by the client. The use of the certification mark must not give the impression that the certified company or its employees are belonging to TÜV SÜD Group. The role of TSC as an independent 3rd party shall not be compromised A-3.3.1 shall comply with the requirements of the Certification Body with respect to referencing their certification status in communication media (e. g. Internet, brochures, advertising materials or other documents); A-3.3.2 upon certificate suspension, expiry, revocation or withdrawal, shall discontinue use of their advertising materials containing reference to their certification status, in line with the instructions of the Certification Body; A-3.3.3 shall amend all their advertising materials if their scopes of certification A-3.3.4 shall not make or permit any misleading statements about their A-3.3.5 shall not use any certification documentation or parts thereof in a A-3.3.6 shall not make or permit any reference to their management system certification which may imply product (including services) or process certification by the Certification Body (note: this includes laboratory test, calibration or inspection reports etc.); A-3.3.7 shall not make or permit an implication that certification applies to activities A-3.3.8 shall not use or permit use of their certifications in a manner discrediting the Certification Body and/or the certification scheme or jeopardizing public confidence; A-3.3.9 shall neither use the company logo nor the claim "Choose Certainty. Add value" nor use the corporate design of TÜV SÜD. Retention of test samples and documentation
As far as clients are in possession of test samples and pertinent documentation, they must retain them for a period of ten (10) years after expiry of the certificate or after the last product is placed on the market area covered by the certificate, whichever is longer. System certification documentation shall be retained for the term of validity of the certificate plus a minimum of three (3) years. All other legal provisions going beyond the above shall remain unaffected. Claims for damages against TÜV SÜD or TSC shall be excluded, in particular if the client fails or is unable to provide a test sample/document returned to or retained by him in an unchanged condition. Violation of Testing and Certification Regulations
TSC is entitled to claim payment of a contractual penalty of up to EUR 250.000 in the case of culpable violations of these Testing and Certification Regulations by the certificate holder. This applies more specifically if a product labeled with the certification mark is offered for sale or marketed prior to the issue of the certificate, if unauthorized advertising takes place or if a certificate or certification mark is misused. The certificate holder is liable for costs charged to TSC by authorized bodies (e. g. authority, accreditation body or certification scheme owner) or costs directly incurred by the Certification Body or the test laboratory resulting from culpable violation on the part of the certificate holder, in particular violation of these Testing and Certification Regulations. This applies in particular if TSC’s activities were the result of instructions issued by a supervisory authority or similar instructions and if such instructions proved to be justified. Module B2) Special Regulations for management system auditing and
certification
TSC carries out management system (hereinafter referred to as "system“) auditing and certification also in the regulated area e. g. EU directives. The TSC does not perform consultancy services relating to management system establishment. Preliminary system assessment, pre-audit
On request, TSC offers the following services which can also be independent of a certification procedure: Based on management system documentation, improvement potential in the system description is pointed out in a preliminary assessment as compared with the requirements of the respective legal basis or standard. The client receives a report on the results of the assessment. The aim of the pre-audit, the on-site and total scope of which is defined jointly with the client, is to draw attention to weak points in the system. The auditor informs the client of the results in a closing meeting; if requested, TSC prepares a pre-audit report. Only one (1) pre-audit may be carried out. Certification procedure
At the client’s request, the following points can be discussed in advance: • objective, benefits and prerequisites of certification • steps in the certification procedure with respect to contents and time • legal basis, standard governing the audit, audit scope B2-3.1.2 Preparation for certification audit After the client has accepted in writing the quotation submitted by TSC, the client’s management appoints an Audit Representative, who is responsible for the certification procedure; TSC informs the client of the auditors assigned to the audit (audit team or lead auditor). Requirements outlined in the applicable standards and regulations pertaining to unauthorized consultancy on the part of auditors are observed. The client has the right to reject auditors. In addition and in as far as legal regulations as e. g. obligations to observe confidentiality do not stand in the way, clients can request appropriate background information on each member of the audit team. An initial certification audit is carried out in (2) stages (stage 1 and stage 2 audit). The client shall ensure that appropriate staffs are available to answer questions; clients grant auditors access to the respective units of the company and allow them to review all system-relevant records. B2-3.2.1 Review and evaluation of management system documents / stage 1 audit Clients provide the Certification Body with all management system documentation concerning their systems (manual and, if necessary, further documents such as documented procedures, work and test instructions) for review and assessment of compliance with the applicable Directives and Standards. If the system is already certified by another body to the same or an appropriate standard then the client shall include a copy of the certificate with any scoping information, and details of the findings of the previous audit. The Certification Body reviews the management system documentation - to the extent required which may include an on site audit - the site-specific conditions of the client, the client’s status and understanding of appropriate standard, statutory and legal requirements and their specific implementation in management system documentation. Based on the results of the stage 1 audit, the Certification Body assesses whether the level of management system implementation is sufficient for conducting a stage 2 audit and plans the process and priorities of the stage 2 audit. The details of the stage 2 audit will be agreed with the client. Where required by court order or other authorized bodies (e. g. authorities, accreditation body or certification scheme owner), the TSC may request product samples in order to verify the implementation of the management system. Additional costs related to such additional testing shall be covered by the client. The Certification Body documents the findings of the stage 1 audit and notifies the client thereof, including information about areas of concern which may be classified as nonconformities in the stage 2 audit. The interval agreed between the stage 1 and stage 2 audit, will give the client sufficient time to eliminate any identified areas of concern (weaknesses). B2-3.2.2 On-site certification audit / stage 2 audit Prior to the stage 2 audit, clients receive the audit plan, which has been coordinated with them, for information purposes. During the audit, clients demonstrate practical implementation of their documented procedures, while the auditors check and evaluate system effectiveness on the basis of the agreed legal provisions, standards or other criteria. If all requirements of the applicable standard are satisfied and all legal and official regulations observed, the Certification Body will issue a certificate, generally with a three (3)-year period of validity from the date of the certification decision. Period of validity of certificate / Surveillance audit Unless specific directives/schemes, regulations, standards or individual arrangement in the certification contract/order, require other periods of validity, a certificate is in principle valid for three (3) years after issue/decision of the certificate, provided that regularly required (normally annual) surveillance audits are carried out at the company with positive results. The first surveillance audit must be carried out within twelve months of the last day of the stage 2 audit at the latest, provided that no other date has been determined for specific regulations. The TSC shall be entitled to carry out audits at short notice or unannounced (ad-hoc audits) at the expense of the certificate holder. The Certification Body specifies the conditions under which these announced at short notice or unannounced audits will be carried out, and communicates them to the certified client. To prepare for the surveillance audit, the valid management manual and a list of all modifications that have been effected must be submitted to the Certification Body upon request. In the surveillance audit, the auditor checks selected management system elements/processes to maintain confidence that the management system continues to fulfill the requirements. The auditor will prepare a report. Further surveillance activities may include: Enquiries regarding certification aspects addressed by the Certification Body to certified clients Assessment of client information about their operations (e.g. advertising materials, web pages), Requests addressed to clients to provide documents and records (on paper or electronic media), and Other means of monitoring the performance of the certified client. A re-certification audit shall be carried out in advance of the certificate expiry to allow for continuous certification. If such re-certification audit has been carried out successfully, a renewal certificate may be issued. In such cases, overall system effectiveness is checked by means of random sampling. To prepare for the audit, the valid management manual and all significant modifications that have been effected must be submitted to the auditor/audit team. In cases involving significant changes to the system, a stage 1 audit may first be required. After audit completion, TSC informs the client of the audit result in a closing meeting and an audit report. Nonconformity reports are countersigned by the Audit Representative. The client will document the required correction and corrective action. In the case nonconformity one (1) re-audit is possible; the costs being based on the time needed (current daily rate). This includes any verification of corrective actions documented in the nonconformity report that becomes necessary. If nonconformities become evident during the audit that are so serious that certificate award or continuation appears unrealistic even after reasonable corrective action, TSC informs the client of the termination of the certification audit and recommends that the audit should be continued as a pre-audit. In such cases, TSC will charge for the costs incurred up to audit termination (including report). Supplementary contractual terms
As far as possible, the Certification Body is obliged to see that clients use certification correctly in advertising. The Certification Body reviews and evaluates complaints by third parties, issues causing concern or changes in the client’s organization that comes to its knowledge. It informs the certificate holder of substantial changes to the certification and surveillance procedure as well as of any changes in the standards which are relevant for certification. The client shall satisfy all reasonable requirements pertaining to certification and supply all reasonable information required for auditing. Certificate holders shall inform the Certification Body immediately but not later than within one (1) month in writing of all relevant changes in their systems and about modifications in company structure/organization that affect the compliance of the management system, or any other significant events affecting compliance with the requirements for certification. These changes may include but are not limited to, for example: x organization and/or management (including individual changes in key x contact address and the addresses of sites x scope of operations under the certified management system, and x significant changes to the management system and processes including planned changes if requested by the Certification Body or scheme. In addition, certificate holders shall document internal and external complaints relating to their management systems as well as implemented corrective action and provide such information during the audit. The Certification Body will review the change and advise the certificate holder of any action required to continue the certification. Despite the fact that TSC normally informs the certificate holder of due surveillance/re-certification audits, it is also in the responsibility of the certificate holders to request such audits at least three (3) months before they become due within the 12-month-cycle in order to maintain the validity of a certificate. Changes in the standards, underlying codes of practise or other regulations shall apply – under consideration of transition periods – as binding contractual basis. The number of auditor days cited in the quotation shall apply subject to the approval of the Certification Body. Integrated management systems must allow specific aspects of individual systems to be identified. The Certification Body may make information about issued, revoked or withdrawn certificates available to the public. Module C2)
Special regulations for the auditing and certification of
specific management systems by TÜV SÜD Management
Service GmbH (TÜV SÜD MS)
(These terms and conditions supplement or amend modules A and B as follows:) C2 -> B2
Module B2
Additional terms and conditions of auditing, verification and certification apply to: VDA 6.x: VDA volume 6 "Basis for Quality Audits" and VDA volumes 6.1, 6.2 and 6.4. VDA volume 6 sets forth the requirements, rules and processes of audits carried out between automobile manufacturers and suppliers and third-party audits carried out by certification bodies and must be complied with by all parties involved. Other applicable documents supplementing the VDA 6.x volumes are the SI (sanctioned interpretations) published on the website of the VDA-QMC www.vda-qmc.de. ISO/TS 16949: The "Automotive certification scheme for technical specification ISO/TS 16949" is binding on all IATF-recognized certification bodies and must therefore also be complied with by every client aiming for ISO/TS 16949 certification. Other applicable documents supplementing the Automotive certification scheme for technical specification ISO/TS 16949 are the SI (sanctioned interpretations) published on the website of the IATF www.iatfglobaloversight.org. ISO 9001 and 14001: Applicable mandatory documents of the International Accreditation Forum (IAF): MD 1:2007 (Certification of Multiple Sites Based on Sampling), MD 2:2007 (Transfer of Accredited Certification of Management Systems), MD 5:2009 (Duration of QMS and EMS Audits). BS OHSAS 18001: In accordance with the provisions of the Deutsche Akkreditierungsstelle (DAkkS), the "IAF Mandatory Document For Duration of QMS and EMS Audits“ (IAF MD 5:2009) also applies to the certification and auditing of occupational health and safety systems as per OHSAS 18001. Food and feed standards: EN 45011 or ISO/IEC 17065 after coming into effect (not applicable for ISO 22000, Fami-QS and FSSC 22000). Certification as per the IFS International Featured Standards (including but not limited to IFS Food, IFS Logistics): - TÜV SÜD MS is authorised by IFS Management GmbH) to conduct IFS audits and certifications. This authorisation lapses in the event the Framework Agreement ceases between IFS Management GmbH and TÜV SÜD Management Service GmbH; - TÜV SÜD MS is obligated and irrevocably authorised by the client to transmit to IFS Management GmbH the relevant (detailed) results from the IFS audits and certifications, independently of the results of the audit; this data will be deposited there in an online database - the IFS portal - ; - IFS Management GmbH is irrevocably authorised to make available the master data of the audited market participants who hold a valid certificate as well as basic data on passed audits without detailed information (e. g. the reached points) via the IFS portal; - The client himself decides whether failed audits and the detailed results of passed and failed audits may be made available by IFS Management GmbH to wholesalers and retailers via the IFS portal; - IFS-certified companies are obliged to support audits carried out under the "IFS Integrity Program". Under the "IFS Integrity Program", the standard-setter IFS Management GmbH carries out activities in the field of complaints management and preventive actions to assure the quality of the IFS. (1) Within the scope of complaints management, the IFS Management GmbHmay conduct "investigation audits" which are aimed at managing and investigating complaints referring to completed IFS audits. Investigation audits are carried out either at short notice or unannounced by an auditor commissioned by IFS Management GmbH. (2) Within the scope of preventive quality assurance activities, HTS conducts "surveillance audits" to monitor the quality of the completed IFS audits in a sampling approach regardless of whether or not a complaint has been made. The audits are selected at random and carried out by HTS. (3) In re-approval witness audits, a standard certification audit carried out by an IFS auditor is attended by an auditor employed or commissioned byIFS Management GmbH. If the measures performed under the Integrity Program reveal a breach in the implementation of the standard requirements on the part of the IFS-certified company, the company may be billed for the costs of additional audits performed under the Integrity Program. Certification as per the GMP+ standard of GMP International: Companies certified as per the GMP+-standard are permitted to use the GMP+-logo and must therefore strictly comply with the criteria defined by GMP+-International. Companies with a temporary acceptance are not permitted to use the GMP+-logo in any way. Companies certified as per the GMP+-standard must cooperate in witness audits, parallel audits and additional audits (compliance audits, stricter supervision and repeat audits). C2-1.10 -> B2 Certification as per the QS-Standard of QS Qualität und Sicherheit Cooperation in witness audits: Q&S GmbH reserves the right to send an appointed person/organization to verify compliance with the certification standard. One way of verification is for Q&S GmbH and/or an auditor appointed by Q&S GmbH to perform a witness audit at the certified company. Within the scope of QS certification, QS system participants are obliged to cooperate in witness audits at all times (see guideline for certification bodies, Sections 2.1.10., 3.2. and Chapter 4.). C2-1.11 -> B2 Certification as per GLOBALGAP: Producers or companies certified as per GLOBALGAP must support audits carried out under the GLOBALGAP integrity program "Certification Integrity Programme, CIPRO“. CIPRO audits are carried out by auditors commissioned by GLOBALGAP. C2-1.12 -> B2 Certification in accordance with BRC Global Standard for Food In justified cases, TÜV SÜD MS or BRC may carry out additional audits or question activities at any time at the expense of the certificate-holder to validate continued certification. These visits may take the form of announced or unannounced visits to undertake either a full or a partial audit. In addition to the information duties in accordance with B2-4.2 of this testing and certification order, the holder of the certificate is obliged to inform the certification body in writing without delay but within incident_food_feed_certification@tuev-sued.de) circumstances that may affect the validity of continuing certification. This includes particularly but not exclusively: - The legal proceedings with respect to product safety and legality The certificate holder undertakes to provide TÜV SÜD MS with all information required to assess the effect on the validity of the current certificate. C2-1.13 -> B2 Certification in accordance with BRC Packaging / BRC Global Standard for packaging and packaging materials: In justified cases, TÜV SÜD MS or BRC may carry out additional audits or question activities at any time at the expense of the certificate-holder to validate continued certification. These visits may take the form of announced or unannounced visits to undertake either a full or a partial audit. In addition to the information duties in accordance with B2-4.2 of this testing and certification order, the certificate-holder is obliged to inform the certification body without delay in writing (report to incident_food_feed_certification@tuev-sued.de) circumstances affecting the validity of continued certification. This includes particularly but not exclusively: - The legal proceedings with respect to product safety and The certificate holder undertakes to provide TÜV SÜD MS with all information required to assess the impact on the validity of the current certificate. C2-1.14 -> B2 Certification in accordance with FSSC 22000 In justified cases, TÜV SÜD MS or Foundation for Food Safety Certification may carry out additional audits or question activities at any time at the expense of the certificate-holder to validate continued certification. These visits may take the form of announced or unannounced visits to undertake either a full or a partial audit. In addition to the information duties in accordance with B2-4.2 of this testing and certification order, the holder of the certificate is obliged to inform the certification body in writing without delay but within incident_food_feed_certification@tuev-sued.de) circumstances that may affect the validity of continuing certification. This includes particularly but not exclusively: - The legal proceedings with respect to product safety and legality The certificate holder undertakes to provide TÜV SÜD MS with all information required to assess the effect on the validity of the current certificate. C2-1.15 -> B2 Certification as per Fami-QS The certified company has the duty to inform TÜV SÜD MS about all incidents jeopardizing product safety and legality and, in the case of a product recall, without delay but within two working days at the latest, in writing (report by means of "Fami-QS Notification Form D-CM-01.01" to: incident_food_feed_certification@tuev-sued.de). TÜV SÜD MS can carry out special audits at short notice, if the certified company is involved in an incident jeopardizing product safety and legality or is listed on the Fami QS website as "under review". Other applicable documents are the "rules for operators" (http://www.fami-qs.org/documents.htm). C2-1.16 -> B2 Assessment of the fulfillment of relevant licensing requirements as a technical service (TD) of category C in the sense of the Framework Directive 2007/46/EC, of the ECE Convention of 1958 and the Road Traffic Licensing Regulations under the German Motor Transport Authority (KBA) type approval procedure: TÜV MS is permitted to publish the names of certificate holders. In certification procedures for the above mentioned regulations as well as for verification for StVZO (Regulations Authorizing the Use of Vehicles for Road Traffic), TÜV SÜD MS will inform the accreditation body of the German Motor Transport Authority (Kraftfahrt-Bundesamt) about the issue, suspension, revocation, withdrawal and expiry of certificates, or other confirmations, that are always coupled with an existing ISO 9001-certificate and about confirmations of verification. TÜV SÜD MS is permitted to publish the names of certificate holders. In cases involving certification procedures as per Council Directive 2007/46/EC and verification procedures as per the StVZO (Regulations Authorizing the Use of Vehicles for Road Traffic), TÜV SÜD MS will inform the accreditation body of the German Motor Transport Authority (Kraftfahrt-Bundesamt) about the issue, suspension, revocation, withdrawal and expiry of certificates, confirmations of verification or other confirmations that are coupled with an existing certificate. C2-1.17 -> B2 Verification as per StVZO (Regulations Authorizing the Use of Vehicles for Road Traffic), Article 19(3) including Annex XIX, and the directive governing the procedure and confirmation of quality system verification in the manufacturing of vehicle components for which component expert opinions are prepared: Verification confirmations may only be used by manufacturers in connection with the appropriate component expert opinion as per Article 19 StVZO in conjunction with Annex XIX. Certification in accordance with the Accreditation and Approval Regulation for Employment Promotion (Zertifizierung nach Akkreditierungs- und Zulassungsverordnung Arbeitsförderung, AZAV): EN 45011 or, after coming into effect, ISO/IEC 17065. In this context, the term "manufacturing facility" is also used for training venues. The period of validity for the certification of training providers is five years, and for the certification of training measures generally 3 years with the possibility of extending the period of validity to five years. C2-1.19 -> B2 Payment Card Industry (PCI) Compliance Standards The Client shall ensure that the employees in charge of the IT systems have been duly notified prior to carrying out the order. The Client shall provide all the necessary documentation and information to the employees of TÜV SÜD MS involved in carrying out the work. In the case of Onsite Reviews (Onsite Audits), this shall also include access to all premises required to carry out the review and the availability of individuals in charge during the review. The current version of the "Payment Card Industry Standards" is binding and must be observed by the Client. The same applies to notification obligations arising therefrom. The Client is obliged to back up data at least once a day so that data may be restored at reasonable expense in the event of data loss using automated processes. TÜV SÜD MS hereby informs the Client that activities such as Vulnerability Scans in particular - but not exclusively – carried out as part of the order may impair system operation or cause systems to crash and that such events cannot be ruled out. TÜV MS explicitly excludes any liability for damage or other consequences arising therefrom. TÜV MS is not liable for the accuracy, completeness, operational procedures, temporal validity of the card organisations’ security programmes and the assessment services based thereon. TÜV MS does not represent the Client in the provision of the assessment service, nor does it assume liability (i) for delays or losses, (ii) in the event of third-party claims, (iii) for the use and forwarding of assessment results based on the card organisations’ security programmes and on the results of assessments carried out by the Client. The Client irrevocably authorises TÜV MS, without the requirement for a separate declaration of consent from the Client, to archive the documentation and/or information produced or received as part of carrying out the order in accordance with the requirements of the card organisations or the PCI Security Standards Council, and to forward

Source: http://www.tuv.it/uploads/images/1362665024362599740158/crt-f-04-04er00.pdf