Certification Process

Certification Processes and Guidelines

SARA Certification Application Process
SARA Certification Processes

Company Info (Request for Quote)

SARA uses a form for a company info request. SARA uses the company information to prepare a quote for the certification requested. SARA will provide a quote and information to all companies requesting information.

Contract for Certification

SARA will provide an application for certification (contract) to the company.
SARA will perform a contract review.
If the company application is rejected, SARA will inform the company in writing of the reason for rejection and provide with an option to appeal.
If accepted by SARA, the company will sign the contract for certification before any assessment. This guideline is also part of the application (signed contract).
SARA will assign an audit team and inform the client for acceptance.
The client has the right to appeal against the appointment of an auditor or technical expert assigned.
Have a document, manual, or other manual that addresses the applicable standard(s).

Multi-Site Sampling (ISO 13485)
Design, development, and manufacturing sites cannot be sampled.

Pre-Assessment (Optional)

Pre-assessment is an optional activity and does not guarantee certification.
SARA will provide company with Pre-assessment report.

Initial Assessment

Initial Certification Audit: The audit program for the initial certification does include a two-stage initial audit, surveillance audits in the first and second years following the certification decision and a recertification audit in the third year prior to the expiration of certification. The first three-year certification cycle begins with the certification decision. Subsequent cycles begin with the recertification decision.

A. Stage 1:

The objectives of stage 1 are to:

Review the client’s management system documented information.
Evaluate the client’s site-specific conditions and undertake discussions with the client’s personnel to determine the preparedness for stage 2.
Review the client’s status and understanding regarding requirements of the standard, in particular to the identification of key performance or significant aspects, processes, objectives, and operation of the management system.
Obtain necessary information regarding the scope of the management system, including:
- The client’s site(s)
- Processes and equipment used
- Levels of controls established (particularly in case of multisite clients)
- Applicable statutory and regulatory requirements
Review the allocation of resources for stage 2 and agree to the details of stage 2 with the client.
Provide a focus for planning stage 2 by gaining a sufficient understanding of the client’s management system and site operations in the context of the management system standard or other normative documents.
Evaluate if the internal audits and management reviews are being planned and performed, and that the level of implementation of the management system substantiates that the client is ready for stage 2.

Stage 1 audit is recommended to be carried out at the client's premises in order to achieve the objectives stated above.

Stage 1 audit findings will be documented and communicated to the client, including identification of any areas of concern that could be classified as nonconformity during the stage 2 audit. In determining the interval between stage 1 and stage 2 audits, consideration will be given to the needs of the client to resolve areas of concern identified during the stage 1 audit. SARA may also need to revise its arrangements for stage 2.

If due to areas of concern identified during stage 1 any significant changes which would impact the management system occur, SARA may need to repeat all or part of stage 1. In that case, SARA will inform the client that the results of stage 1 may lead to postponement or cancellation of stage 2. The lead assessor will provide an assessment report to company and nonconformities (if any).

B. Stage 2 Assessment:

Stage 2 audit

Is to evaluate the implementation, including the effectiveness of the client's management system. The stage 2 audit will take place at the site(s) of the client. It will include at least the following:

Information and evidence about conformity to all requirements of the applicable management system standard or other normative documents
Performance monitoring, measuring, reporting, and reviewing against key performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative documents)
The client’s management system ability and its performance regarding the meeting of applicable statutory, regulatory, and contractual requirements
Operational control of the client’s processes
Internal auditing and management review
Management responsibility for the client’s policies

C. Initial Certification Audit Conclusions:

The audit team will analyze all information and audit evidence gathered during the stage 1 and stage 2 audits to review the audit findings and agree on the audit conclusions.

D. Information for Granting Initial Certification

Certifier will make the certification decision on the basis of an evaluation of the audit findings and conclusions and any other relevant information (e.g. public information, comments on the audit report from the client).

Surveillance Activities

SARA develops its surveillance activities so that presented areas and functions covered by the scope of the management system are monitored on a regular basis and take into account changes to its certified client and its management system. Surveillance activities include on-site audits, assessing the certified client's management system's fulfillment of specified requirements with respect to the standard to which the certification is granted. Other surveillance activities may include:

Inquiries from SARA to the certified client on aspects of certification
Reviewing any client's statements with respect to its operations (e.g. promotional material, website)
Requests to the client to provide documents and records (on paper or electronic media)
Other means of monitoring the certified client's performance

Surveillance audits are on-site audits but are not necessarily full system audits and will be planned together with the other surveillance activities so that SARA can maintain confidence that the certified management system continues to fulfill requirements between recertification audits. The surveillance audit program will include, at least:

Internal audit and management review
A review of actions taken on nonconformities identified during the previous audit
Treatment of complaints
Effectiveness of the management system with regard to achieving the certified client's objectives
Progress of planned activities aimed at continual improvement
Continuing operational control
Review of any changes
Use of marks and/or any other reference to certification
A review of actions taken for notification of adverse events, advisory notices, and recalls (for ISO 13485 only)

Surveillance audits will be conducted at least once a year. The date of the surveillance assessments following initial certification will not be more than 12 months from the certification decision date. Failure to comply with this requirement will lead to suspension of certification.

Recertification:

A recertification audit will be planned and conducted to evaluate the continued fulfillment of all of the requirements of the relevant management system standard or other normative documents. The purpose of the recertification audit is to confirm the continued conformity and effectiveness of the management system as a whole and its continued relevance and applicability for the scope of certification.

The recertification audit considers the performance of the management system over the period of certification and includes the review of previous surveillance audit reports. Recertification audit activities may need to have a stage 1 audit in situations where there have been significant changes to the management system, the client, or the context in which the management system is operating (e.g. changes to legislation).

The recertification audit will include an on-site audit that addresses the following:

The effectiveness of the management system in its entirety in the light of internal and external changes and its continued relevance and applicability to the scope of certification
Demonstrated commitment to maintaining the effectiveness and improvement of the management system in order to enhance overall performance
Whether the operation of the certified management system contributes to the achievement of the organization's policy and objectives

When, during a recertification audit, instances of nonconformity or lack of evidence of conformity are identified, SARA will define time limits for correction and corrective actions to be implemented prior to the expiration of certification.

The certifier will make decisions on renewing certification based on the results of the recertification audit, as well as the results of the review of the system over the period of certification and complaints received from users of certification.

Recertification audit will be scheduled at least 3 months before the certificate of registration expires.

Transfer Assessment

Only certificates which are covered by an accreditation of IAF MLA signatory should be eligible for transfer. Organizations holding certificates that are not covered by such accreditations shall be treated as new clients.

Special Assessments (Short Notice and/or Extension Of Scope)

Special Assessments are used for on-site investigation of complaints, appeals, or other information supplied to SARA that suggests that the certified company is not complying with the contract, which includes failure to maintain the system. This can also be used for suspension, cancellation, or withdrawal situations.

SARA, in response to an application for an extension to the scope of a certification already granted, undertakes a review of the application and determines any audit activities necessary to decide whether or not the extension may be granted. This may be conducted in conjunction with a surveillance audit.

Special Assessments (Short Notice and/or Extension of Scope)

A short notice audits may be required when (for ISO 13485 only):

A) External factors apply such as:
I) Available post-market surveillance data known to SARA on the subject devices indicate a possible significant deficiency in the quality management system
II) Significant safety-related information becoming known to SARA

B) Significant changes occur which have been submitted as required by the regulations or become known to SARA and which could affect the decision on the client’s state of compliance with the regulatory requirements.

The following are examples of such changes which could be significant and relevant to consider that a special audit is required, although none of these changes should automatically trigger a special audit:

I) QMS – impact and changes:

New ownership
Extension to manufacturing and/or design control
New facility, site change

Note: Modification of the site operation involved in the manufacturing activity (e.g relocation of the manufacturing operation to a new site or centralizing the design and/or development functions for several manufacturing sites)

New processes, process changes

Note: Significant modifications to special processes (e.g. change in production from sterilization through a supplier to an onsite facility or a change in the method of sterilization)

Modifications to the defined authority of the management representative that impact:

A) Quality management system effectiveness or regulatory compliance
B) The capability and authority to assure that only safe and effective medical devices are released

II) Product related changes:

New products, categories
Addition of a new device category to the manufacturing scope within the quality management system (e.g addition of sterile single-use dialysis sets to an existing scope limited to hemodialysis equipment or the addition of magnetic resonance imaging to an existing scope limited to ultrasound equipment)

III) QMS and product-related changes:

Changes in standards, regulations
Post-market surveillance, vigilance

An unannounced or short-notice audit may also be necessary if SARA has justifiable concerns about the implementation of corrective actions or compliance with standard and regulatory requirements.

Nonconformance

When a major non-conformance is identified, the company must take corrective action to correct the nonconformance. SARA will verify the effectiveness of corrective action prior to recommending certification, recertification, or continuation of certification. Verification may require a re-audit of the non-conformance.

Major Nonconformity:

1) Failure to fulfill one or more requirements of the management system standard
2) A situation that raises significant doubt about the ability of the client's management system to achieve its intended outputs

Minor Nonconformity:

A situation that will not raise significant doubt about the ability of the client's management system to achieve its intended outputs or will not result in failure to fulfill one or more requirements of the management system standard. It may be either a failure in some part of the supplier’s documented system relative to the standard or a single observed lapse in one item of a company’s system.

Complaint

Appeal

Use of Logo Rules