ASACB has transitioned from a remote audit policy based on COVID-19 to one based on extraordinary events, SOP 5.1.2f Management of Extraordinary Events of Circumstances.
Excerpts from this policy are as follows.
Extraordinary event or circumstance is defined as a circumstance beyond the control of the organization, commonly referred to as “Force Majeure” or “act of God”. Examples include natural disasters, flooding, earthquake, war, strike, riot, political instability, geopolitical tension, terrorism, crime, pandemic diseases, malicious computer hacking, or other natural or man-made disasters.
An extraordinary event affecting ASACB or ANAB may temporarily prevent us from carrying out planned audits on-site. For such situations, we have established (including consultation with our certified clients) a reasonable planned course of action.
ASACB shall assess the risks using form 5.1.2b ASA ICT Risk Assessment of continuing certification and establish the documented process, outlined in the steps we will take in the event a client is affected by an extraordinary event.
The procedure describes the methods for evaluating the current and expected future situation of the client and describes alternate potential short-term methods of assessing the client to verify continuing effectiveness of their AQMS or QMS.
To enable ASACB to assess the risk for continuing certification and understand the client’s current and expected future situation, ASACB shall gather the necessary information from the client before deciding on an appropriate course of action. The information collected by ASACB includes but is not limited to the following, as appropriate:
- When will the facility/site be able to function normally?
- When will the client be able to ship products or perform the service defined within the current scope of certification?
- Will the client need to use alternative manufacturing and/or distribution sites?
- If so, are these currently covered under the existing certification, or will they need to be evaluated?
- Does existing inventory still meet customer specifications or will the client contact its customers regarding possible concessions?
- If the client is certified to a management system standard that requires a disaster recovery plan or emergency response plan (e.g. ISO14001, etc.), has the client implemented the plan and was it effective?
- Will some of the processes and/or services performed or products shipped be subcontracted to other organizations?
- If so, how will the other organizations’ activities be controlled by the client?
- To what extent has operation of the AQMS or QMS been affected?
- Has the client conducted an impact assessment?
- Identification of alternative sampling sites, as appropriate.
Once received back from the client, ASACB will conduct a risk assessment with ‘Risk’ being defined as either ‘high’ or ‘low’ regarding the likelihood of fulfilling the requirements for assessing the client’s AQMS or QMS with respect to continuing certification. The risk assessment will be documented using Form 5.1.2b ASA ICT Risk Assessment.
If the risk of continuing certification is high, then the audit will not be performed, an alternative short-term method of assessment will not be considered, and the client will be advised that initiation of suspension will be considered per SOP 5.1.2d.
If the risk of continuing certification is low, and based on the collected information ASACB may need to consider alternative short-term methods of assessment to verify continuing system effectiveness for the client’s AQMS or QMS. This may include requesting relevant documentation (for example, management review meeting minutes, corrective action records, results of internal audits, test/inspection reports, etc.) to be reviewed off site by ASACB to determine continuing suitability of the certification (on a short-term basis only).
If the client believes an extraordinary event may prevent an on-site audit, please contact ASACB for more information.