Certification Regulations

Introduction

This document outlines the process of obtaining and maintaining certification with Orion Registrar Incorporated.  Included are the requirements and rights of a Company undergoing certification services, along with the applicable rules of conduct for the Company and Orion Registrar Inc.   Orion Registrar Incorporated will be referred to herein as “Orion.”  The Company requesting certification services is referred to as the “Applicant” or “Company or Client.”  After a contract is signed and the process has begun, the Applicant is referred to as the “Client.  The Certificate of Certification is referred to as the “Certificate.”

1.0 Overview of the Certification Process

The basic steps of the Management System Certification Processes are:

1. ) Company Profile: This detailed description of the Company seeking certification services provides the information necessary for Orion to perform the certification activities.
2. ) Quotation: Orion provides the Company with a price for the different certification activities.
3. ) Application for Certification Services: This is the official document requesting certification services from Orion. After the Applicant and Orion approve this document, it becomes a legal contract.
4. ) Pre-Audit (Optional): An optional audit to review the Management System or Product Certification for conformance to the applicable requirements.
5. ) Stage 1 Audit: Normally conducted at the client site to determine if Management System is sufficiently documented to warrant the next steps. This audit includes a Document Review of the Client’s Management System Documentation.  All nonconformities identified in this review must be addressed before certification will be granted.
6. ) Stage 2 Audit: Determines if the Client has successfully documented and implemented a Management System for the requirements of a specified standard. Note: For Product Certification, the product certification scheme may only require an Initial Audit or an Initial Audit and Document Review. The Initial Audit will combine the Stage 1 Audit and Stage 2 Audits into one audit.
7. ) Issuance of Certification: After successful completion of the Stage 1 and 2 audits or Initial Audits and after the Client has corrected all major nonconformities and addressed all minor nonconformities, the Certificate will be issued to the Client.
8. ) Surveillance Audit: An Audit conducted at the Client’s site every six or twelve months. It reviews a portion of the standard and determines if the Client has implemented and is maintaining a Management System or Product Certification System that meets the requirements of the standard.  The date of the first surveillance audit following initial certification shall not be more than 12 months from the certification decision.
9. ) Recertification Audit: Conducted every three years for Management Systems or five years for Product Certification to review if the client has maintained an effective management system for the applicable standard. After successful completion of the Recertification Audit, the process starts over at Step g), until the next three-year anniversary occurs for Management Systems or five years for Product Certification.  Then another Recertification Audit will be conducted.

If a Client does not pass the Stage 2 Audit for Management Systems or the Initial Audit for Product Certification, or Recertification Audit or fails to maintain its Management System Program, a Corrective Action Audit may be implemented to review the situation.

Further details are provided in the next sections of this document.

2.0 Requirements

2.1 Each Certified Facility shall:

1. For Management System, have Management System documentation that addresses the applicable standard. For Product Certification, have a documented system that addresses the applicable Standard or Program.
2. Document and maintain a Management System or Product Certification in accordance with the applicable standard(s) requirements.
3. For standards that require management review and/or internal audits, perform a management review and/or internal audit before the Stage 2, for Management System audits, and before the Initial Audit for Product Certification.
4. Allow Orion access to all certified locations during normal working hours to assess the effectiveness of the Management System or the Product Certification.
5. Inform Orion (without delay, and in writing) of major changes to the Management System or Product Certification (e.g., changes of: ownership or legal structure, management structure or key staff, location or sites, the scope of operations, infrastructure, changes to the management system and processes, or new significant environmental aspects or workplace hazards).
6. Inform Orion (without delay) of any serious incident or breach in regulation requiring agency involvement.
7. Use the Certification Mark/Logos in accordance with Orion’s requirements as specified in this document and Use of Logos hand-out. Original Certificates are the property of Orion.  May not use the certification in such manner as to bring Orion into disrepute and may not make any statement regarding its certification which Orion may consider misleading or unauthorized.  Endeavor to ensure that no certificate or report or any part thereof is used in a misleading manner.
8. Upon termination of the certification, discontinue reference to the certification in all advertising material or other documents and return any certification documents as required by Orion. The Company shall notify its contracting companies that the certification has been terminated and the Company will be required to return the original Certificates to the Orion office.  For Management Systems, the certification shall not be used as evidence of product certification, product endorsement, or product approval.
9. Maintain a record of all complaints and remedial actions concerning the Client’s products or services.
10. Allow Accreditation Bodies, Program Representatives and Regulatory Agencies access for Witness Audits of Orion and oversight programs of Orion. For Product Certification, the client must make all necessary arrangements for the conduct of the evaluation and surveillance (if required), including provision for examining documentation and records, and access to the relevant equipment, location(s), area(s), personnel, and client’s subcontractors.
11. Comply with the applicable requirements of the Standard or Program. In addition for Product Certification comply with the requirements and to supply any information needed for evaluation of products to be certified.
12. Comply with the requirements of this document.
13. Have the right to object to the assignment of a specific Auditor, and may request that a different Auditor be assigned.

2.2 Orion Shall:

1. Perform Pre-audits, Stage 1 Audits, Stage 2 Audits, Corrective Action Audits, Surveillance Audits, Recertification Audits and Transfers, as applicable, to the requirements of the Orion Quality Manual. Orion shall issue reports after each audit.  Orion maintains ownership of all its reports.  The Company may reproduce an Orion report, but only the entire report, as issued by Orion.  For Product Certification, the Initial Audit replaces Stage1 and Stage 2.
2. Verify the certification status of Certified This shall include their name, location, certification, and date of certification expiration.
3. Maintain all information pertaining to the applicant (other than specified in 2.2b) confidential and not release any information without written permission of the applicant except as required by program requirements and/or required by law. Examples of program and legal release of information are:
   1. Information for the OASIS Database for AS9100.
   2. Information required for BAN for the e-Steward Standard.
   3. Information required by GRSO for RIOS.
   4. Records requested by applicable Accreditation Bodies or Regulatory Agencies in writing concerning specific program or problems.
   5. Information required by SERI for R2.
4. Information may be shown to Orion’s Accreditation Bodies or Regulatory Agencies who may review this information as part of a standard Compliance Audit of Orion.
5. Comply with all Client’s rules and regulations while at the Company’s facilities.
6. Comply, in all activities, with applicable accreditation body requirements, and Orion’s Quality Manual, Certification Regulations, and procedures.
7. When the desired scope of certification is related to specific system or type of system operated by Orion, any needed explanation shall be provided to the applicant.

3.0 Company Profile

Orion requires an authorized representative of the applicant organization to provide the necessary information:

1. ) The desired scope of the certification. For Product Certification, a definition of the products to be certified, the certification system, and the standards against which each product is to be certified, if known to the applicant.
2. ) The general features of the applicant organization including its name and address(es) of its physical location(s), significant aspects of its processes and operations, and any relevant legal obligations
3. ) General information relevant for the field of certification applied for, concerning the applicant organization such as activities, human and technical resources, functions and relationships in a larger corporation, if any
4. ) Information concerning all outsourced processes used by the organization that will affect conformity to requirements
5. ) The standards or other requirements for which the applicant organization is seeking certification
6. ) Information concerning the use of consultancy relating to the management system.

4.0 Quotation:

Orion will provide the potential client with quotes for the optional Pre-audit, the Stage 1, Stage 2, the first Surveillance Audit and any fees.  For Product Certification the quotation may be for the Initial Audit, the specific Product Certification activities, the first Surveillance Audit and any fees.  The Recertification Audit is normally not quoted unless requested by the potential client or client.  Audit time justification is based on applicable standards and knowledge of the specific client.  For Orion offices not using the web-based Client Portal, additional detail is provided to each client with their signed contract.  For Orion offices utilizing the web-based Client Portal, additional detail is available in the Client Portal.

5.0 Application for Certification

Orion will give full consideration to any Application for Certification of a Management System or Product Certification in accordance with the proper standard(s) or programs.  For Management Systems certification, Orion will require the Client to have a documented Management System.  For Product Certification, Orion requires that the company meets all the requirements for the product of the applicable Standard or Program.  If the standard or program requires a management system, the management system is required to be documented and implemented in accordance with the requirements of the applicable Standard or Program.   The Company seeking certification services will complete a Company Profile (or equivalent) and a contract agreement (Application for Certification Service) for the certification process.

For companies seeking certification services:

1. Orion will never delay requests for certification services without justifiable cause.
2. Orion will always maintain the necessary level of expertise and capability to perform certification services.
3. Orion shall make its services accessible to all applicants whose activities fall within the declared field of operation. There shall not be undue financial or other conditions.  Access shall not be conditional upon the size of the supplier, or membership in any association or group, nor shall certification be conditional upon the number of certificates already issued.
4. If an Application for Certification is rejected, Orion will inform the Applicant in writing, stating the reasons for the rejection, and advising that the decision may be appealed. The rejection may also be appealed to the applicable accreditation agency.

The contract (Application for Certification Service) is the legal agreement to conduct the certification activities, including confidentiality requirements and the right of access to the Client to conduct audit activities.  The contract shall also require the Client to keep records of all complaints and subsequent remedial actions.  These records must be available to Orion.

6.0 Pre-Audit

The aim of the Pre-audit is to determine the readiness of the Client for the Stage 1 and 2 Audits.  It shall be similar in scope to the Stage 2 unless the Client requests a smaller scope.  Following the Pre-audit, the Client will be issued a report that details the activities not meeting the applicable requirements of the standard. The Auditor(s) will not consult during the Pre-audit activities. The Client has the right to object to the identified Auditor(s) for the Pre-Audit.

7.0 Stage 1 Audit

The Stage 1 Audit shall review the following:

1. ) Audit the client’s Management System Documentation (Stage 1 Document Review).
2. ) Evaluate the client’s location and site-specific conditions and to undertake discussions with the client’s personnel to determine the preparedness for the Stage 2 audit.
3. ) Review the client’s status and understanding regarding the requirements of the standard, in particular with respect to the key performance or significant aspects, processes, objectives and operation of the management system.
4. ) Collect necessary information regarding the scope of the management system, processes and location(s) of the client and related statutory, regulatory and compliance issues (e.g. quality, environmental, legal aspects of the clients operation, associated risks, etc.)
5. ) Review the allocation of resources for Stage 2 audit and agree with the client on details of the Stage 2 Audit.
6. ) Provide a focus for planning the Stage 2 audit by gaining sufficient understanding of the client’s Management System and site operations in the context of possible significant aspects.
7. ) To evaluate if the internal audit and management review are being planned and performed and that the level of implementation of the management system substantiates that the client is ready for Stage 2 Audit.

For most management systems, it is recommended that at least part of the Stage 1 Audit be carried out at the client’s premises in order to achieve the objectives stated above.  Stage 1 audit findings shall be documented as Areas of Concern.  The duration between Stage 1 and Stage 2 Audits will be determined from the needs of the client to resolve the nonconformities identified during the Stage 1 Audit.  From the Stage 1 review, Orion may change the original planned duration between Stage 1 and Stage 2.

8.0 Stage 2 Audit

The purpose of the Stage 2 Audit is to evaluate the implementation, including effectiveness of the client’s management system.  The Stage 2 audit shall take place at the site(s) of the client.  It shall include at least the following:

1. ) Information and evidence about conformity to all requirements of the applicable management system standard or other normative documents.
2. ) Performance monitoring, measuring, reporting and reviewing against key performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document).
3. ) The client’s management system and performance as regards legal compliance.
4. ) Operational control of the client’s processes
5. ) Internal auditing and management review
6. ) Management responsibility for the client’s policies
7. ) Links between the normative requirements, policy, performance objectives and targets (consistent with the expectations in the applicable management system standard or other normative document), any applicable legal requirements, responsibilities, competence of personnel, operations, procedures, performance data and internal audit findings and conclusions

Each Auditor will examine the specific area or activity assigned by the Lead Auditor.  This may involve interviews, examination of documents and observations.  The objective is to thoroughly determine the implementation of the management system standard.

During the Audit, the Auditor(s) will identify any nonconformities.  These will be handled in accordance with section 9.0.  Once the nonconformities have been addressed per section 9.0, the Lead Auditor will make a recommendation for certification or non-certification.  Certification will take place in accordance with Section 11.0.

An Auditor does not advise or give consultancy as part of an Audit.

9.0 Audit Nonconformity Reports (NCRs)

Orion has published Guidance Document for Responding to Nonconformity Reports.  This document is available on Orion’s website.

Nonconformities identified during Audits will be documented on the Orion Nonconformity Report (NCR).  In accordance with Orion’s Technical Procedures, the Lead Auditor will determine if the nonconformities are major or minor.  The Client will acknowledge the nonconformities by signing the Nonconformity Report or the section for this on the Opening and Closing Meeting Agenda.

9.1 Management System Nonconformity Definitions

A major nonconformity is a nonconformity that affects the capability of the management system to achieve the intended results.

Note: Nonconformities could be classified as major in the following circumstances:

• If there is a significant doubt that effective process control is in place, or products or services will not meet specified requirements.
• A number of minor nonconformities associated the same requirement or issue could demonstrate a systemic failure and thus constitute a major nonconformity.

A minor nonconformity is a nonconformity that does not affect the capability of the management system to achieve the intended results.

9.2 Governmental Regulation or Legislation

In the event that an infringement of governmental regulation or legislation is identified during the audits activities, this violation(s) is documented on a Nonconformity Report.  This nonconformity will be written as a failure to implement the Environmental System, not as a violation of regulatory requirements. If it is a criminal act that has an imminent danger to the environment, Orion must report the Compliance Director for further direction and actions.

9.3 Deadlines for Nonconformity Reports

For most NCRs, regardless of severity (major/minor) or initiating activity, the client is required to send in:

1. Plan for Correction
2. Cause of Nonconformity and
3. Plan for Corrective Action

within 30 calendar days of the date the NCR was written.  This due date will be documented on the NCR.  This due date may vary by standard.

The due date for implementing correction and corrective action is dependent on the severity of the NCR (major/minor).

Major NCRs
The due date for completion of the Corrections and  Corrective Actions by the client and Orion’s verification of effective implementation depends on the standard, the type of audit, and the severity of the Nonconformity., In all cases, the due dates will be documented on the NCR form. The following is true for most standards:

1. At Stage 2 audits – Certification cannot proceed until all major NCRs have been closed by the Orion auditor.  For the Stage 2 audit, if the NCRs are not closed within 6 months, then a new Stage 2 is required before certification.
2. At Recertification audits – Certification cannot proceed until closure.  However if the NCRs are not closed in 6 months, a new Stage 2 is required to be conducted before certification.
3. At Surveillance Audits – Generally between 60 and 120 days, depending on the standard.

Minor NCRs

Implementation of the Correction and Corrective Action by the client, and Orion’s on-site verification of effective implementation is generally due at the next regularly scheduled audit.  Some standards, however, may have differing requirements for due dates.  In all cases, the due dates will be documented on the NCR form.

9.4 Client’s Response to a Nonconformity Report

After the client has completed the “Company Response to Nonconformity” section of the NCR, the client must then submit the completed form per the instructions.

 The Lead Auditor must accept or reject each portion of the client’s response and inform the client of the decisions.  If the client’s response is rejected, the Lead Auditor will ask for a more appropriate response and assign a short extension period for the due date.

If no response is received by the due date, or if the client continues to fail to provide an acceptable response, Orion will take further actions.  For major NCRs, suspension activities will be initiated.  For minor NCRs, the NCR will be elevated to a major NCR.

10.0 Corrective Action Audits

If a clause of a standard is found to have major nonconformities, a Corrective Action Audit may be conducted.

An Audit Plan will be developed for the specific nonconforming clauses.  This Audit will be conducted in accordance with the requirements of paragraph 8.0 (except for audit scope).

Corrective Action Audits are a type of Special Audit.  See section 24.0 for additional details on Special Audits.

11.0 Certification

Based upon the Lead Auditor’s recommendation for certification and the Orion Certifier’s decision for certification, the Certificate will be issued.  For Management Systems, certification is valid for three years and for Product Certification the certification is valid for five years.  Maintaining the certification is dependent upon the Client’s maintenance of their Management System and their adherence to Orion’s Certification Regulations.

12.0 Use of the Certificate

12.1 General

Upon certification, the Client is issued one or more original certificates.  All originals remain the property of Orion.  The Certificates may be copied by the Client.

Upon certification, the Client is entitled to use the Orion mark/logo and the applicable accreditation body mark/logo.

Orion will take action in response to misuse of the marks or logos such as incorrect references to the certification system or misleading use of licenses, certificates or marks, found in advertisements, catalogues, etc,.  Actions may include Nonconformity Reports, or for severe misuse, suspension or withdrawal of the certification.

A Client awarded certification shall stop the display or other use of the Certificate, Orion’s mark/logo, and the accreditation agency marks/logos, as soon as possible after the following conditions

1. A lapse, suspension, or withdrawal of certification.
2. When the Client makes a major change to its Management System that is not acceptable to Orion because Orion believes that the change will negatively affect the Client’s qualification for certification.
3. When the Client has failed to adequately respond to a change in requirements of an applicable standard or requirements issued by Orion or the applicable accreditation body.
4. Under circumstances that could reasonably be expected to adversely affect the Client’s Management System.

12.2 Management System Use of the Certificate and Marks

The marks shall not be used on a product or in any way that may be interpreted as denoting product conformity.  The certification marks/logos may be used on advertising materials, supplier letterheads, or other material that is not used on the product.  More specific guidance for the marks is provided upon certification and is also available on Orion’s website here.

13.0 Verification of Certificates

Orion will verify the certification status of Certified Companies.  This shall include their name, location, certification, and date of certification expiration.  The information provided will be from the information on the Certificate.

 14.0 Surveillances

After certification, Surveillance Audits are conducted every six months or once a year to review selected clauses of the standard.  The Client has the choice of a six month or yearly audit period.  For Management Systems after three years, a Recertification is conducted.

Surveillance Audits are on-site audits, but are not necessarily full system audits, and shall be planned together with the other surveillance activities so that Orion can maintain confidence that the certified management system continues to fulfill requirements between Recertification Audits.  The Surveillance Audit program will include at least:

1. ) Internal audits and management reviews
2. ) A review of the actions taken on nonconformities identified during the previous audit
3. ) Treatment of complaints
4. ) Effectiveness of the management system with regard to achieving the certified client’s objectives
5. ) Progress of planned activities aimed at continual improvement
6. ) Continuing operational control
7. ) Review of any changes
8. ) Use of marks and/or other reference to certification
9. ) Surveillance Audits shall be conducted at least once per calendar year. The date of the first surveillance audit following initial certification shall not be more than 12 months from the certification decision date.

15.0 Recertification

A Recertification Audit is planned and conducted to evaluate the continued fulfillment of all the requirements of the relevant management system or other normative document.  The purpose of the Recertification Audit is to confirm the continued conformity and effectiveness of the management system as a whole, and its continued relevance and applicability for the scope of certification.  The Recertification Audit shall consider the performance of the management system over the period of certification, and shall include the review of previous Surveillance Audit reports.  Recertification Audit activities may need to have a Stage 1 Audit in situations where there have been significant changes to the management system, the client, or context in which the management system is operating (e.g. changes to legislation).

The Recertification Audit shall include an on-site audit.  The audit shall address the following management system requirements:

1. ) The effective interaction between the processes of the management system,
2. ) The effectiveness of the management system in its entirety in the light of internal and external changes,
3. ) Demonstrated commitment to maintain the effectiveness and improvement of the management system in order to enhance overall performance,
4. ) The operation of the registered management system as it contributes to the achievement of the client’s policy and objectives.

For most standards, if no negative trends exist and no major nonconformities are identified, the Lead Auditor will make a recommendation for re-certification of the Client.  If major nonconformities are identified, a Corrective Action Audit may be required.  If so, it will be conducted per paragraph 10.0.

The Recertification will be followed by another round of Surveillance.  The certification cycle will repeat itself every three years.  Certification will take place in accordance with 11.0.

16.0 Modification of Scope

The Client shall notify Orion if the Client wants to increase or decrease the certification scope.  Orion will investigate the change in scope to decide the applicable actions.

If a decrease in the certification scope is requested, appropriate steps will be taken to modify the scope.

If an increase in the certification scope is requested, the next Surveillance will normally be increased to review the scope change.  If necessary, a Recertification will be conducted.

17.0 Changes to the Client’s Management System

The Client shall notify Orion in writing within 30 calendar days of any major changes to its Management System that affect its certification.  A major change to the Management System is defined as one that involves organization or procedures that affect the implementation of the Management System to a substantial degree.

Examples of major changes include a sale of the Client involving a management change, deletion of the registered management system, downgrading of the management system procedures, decisions to not conduct internal audits, a change in technology or legislation, or a downgrading of management resources to conduct the applicable Program.

Orion will investigate the change to determine if an additional audit is necessary.  Orion may decide it is necessary to do any of the following: perform a Special Audit that reviews the concerns; perform a Recertification; perform a review of documentation; or take no further action.

18.0 Changes in Requirements of the Applicable Standard

When there is a change in the requirements of the standard to which a Client is registered, Orion will notify the Client.  If the Client’s registered system does not meet the new requirements within the requisite timeframe, the Client’s certification will be withdrawn.  For example, when the ISO 9001 standard was revised to the 2015 version, Clients had three years after the approval of the standard to implement the revised requirements.  Further information is available on Orion’s website.

19.0 Changes in Orion’s Requirements

Orion shall give its certified Clients due notice of any changes to its requirements for certification.  Orion shall verify that each certified Client complies with the new requirements.

The Client will be notified via Orion’s Newsletter and Web Site of any change to the Certification Requirements that affect the Client.

20.0 Complaints

20.1 Complaints about Orion

Any person or entity may file a complaint about Orion’s Certification Program or certification decision.

A complaint is defined as a disagreement that does not affect the outcome or decision of the certification activities or the certification scheme.  The complaint may be made orally to Orion or may be made on Orion’s Complaint or Appeal Form.  In addition, any person may file a complaint about one of Orion’s certified Clients.

The Compliance Director of Orion is responsible for ensuring the investigation and conclusion of complaints.  The person or entity filing the complaint will be notified of the results.  If there is disagreement with the results, an appeal may be filed in accordance with paragraph 21.0, or the appropriate accreditation body may be contacted concerning the complaint.

20.2 Complaints about Application or Client

Orion requires the Client who has certified products to:

1. ) keep a record of all complaints made known to the client relating to a product’s compliance with the requirements of the relevant standard and to make these records available to the certification body when requested
2. ) take appropriate action with respect to such complaints and any deficiencies found in products or services that affect compliance with the requirements for certification
3. ) document the actions taken.

21.0 Appeal

Any person or entity may file an appeal about Orion’s Certification Program or certification decision.  An appeal is defined as a disagreement that affects the outcome or decision of the certification activities or certification scheme.  The appeal will be made to Orion in writing, preferably on the Complaint or Appeal Form found at https://orioncertification.com/about-us/feedback-appeals/.  Appeals shall not result in any discriminatory actions against the appellant.

The Compliance Director of Orion will ensure the processing of the appeal in accordance with Orion’s procedures.  An appeal committee may be formed to address the appeal.

If the review for the appeal is extensive, the cost for the review may be split between the Company filing the appeal and Orion.

The person or entity filing the appeal will be notified of the decision.  If there is disagreement with the results of the appeal, the appropriate accreditation body may be contacted concerning the appeal.

22.0 Suspension of Certification

Orion shall suspend certification in accordance for cases when, for example:

1. ) The client’s certified management has persistently or seriously failed to meet certification requirements including requirements for the effectiveness of the management system.
2. ) The certified client does not allow surveillance or recertification audit to be conducted at the required frequencies
3. ) The certified client has voluntarily requested a suspension.
4. ) The certified client has not paid for certification services as agreed.

Under suspension, the client’s management system certification is temporarily invalid.  In the case of suspension, Clients must refrain from further promotion of its certification and/or use of the marks.  Also the client shall make no misleading claims and should advise relevant existing and potential purchasers regarding the status of certification and  return any certification documents as required by Orion.  For Product Certification the client shall cease to use the certification mark on the products manufactured since the date of notification of suspension.

Orion will make the suspended status of the certification publicly available.

A Client’s failure to resolve the issues that have resulted in the suspension in a time established by Orion shall result in withdrawal or reduction of the scope of certification.

NOTE In most cases a suspension would not exceed 6 months.

23.0 Withdrawal of Certification

Orion may withdraw the certification, the Certificate and Marks, and cancel all agreements with the Client in the following cases:

1. If the certification is suspended and no corrective action is implemented.
2. If Orion identifies major nonconformities which may cause improper implementation of the requirements of the applicable standard.
3. By formal request of the Client.
4. If the requirements of the standard change and the Client will not or cannot ensure conformance to the new requirements.
5. If the Client ceases to supply the product, process or service defined in their certification scope for an extended period of time.
6. If the Client fails to meet financial obligations to Orion.
7. On any other grounds specifically provided for under the system rules or formally agreed to between Orion and the Client.

Clients must stop all promotion of its certification and/or use of the marks.  Also the client shall make no misleading claims and should advise relevant existing and potential purchasers regarding cancellation of certification and return any certification documents as required by Orion. 

24.0 Special Audits

If the Client has a significant change to its Management System that affects the implementation of the applicable standard or program, Orion may deem that a Special Audit is necessary.

Orion may perform a Special Audit as a result of a complaint, appeal, as follow up on a suspended client or upon receipt of information that a Client is not properly implementing its Management System.

Special Audits will be conducted with the Client’s permission, but the Client may have only a short notice of the Audit’s date and content.

In order for Orion to comply with ISO 17021-1, it may be necessary for Orion to conduct audits of certified clients at short notice or unannounced to investigate complaints, or in response to changes, or as follow up on suspended clients. In such cases:

1. Orion shall describe and make known in advance to the certified clients the conditions under which such audits will be conducted;
2. Orion shall exercise additional care in the assignment of the audit team because of the lack of opportunity for the client to object to audit team

25.0 Transfers

If a Company who is already registered by an accredited registrar desires certification from Orion, Orion can transfer the certification without normally performing all the activities of the original certification.

26.0 Additional Requirements for Standards or Programs

Standards or Programs have additional requirements for both Orion and the Client.  Orion will implement all the requirements applicable to a registrar for the standard or programs and the Client is required to follow all the applicable requirements of the standard program.

26.1 Additional Requirements for AS 9100/9110/9120 Clients

26.1.1 Certified organizations shall comply with the duties, responsibilities, and requirements of the ICOP scheme as defined in the 9104-series standards AQMS processes.

1.  AQMS certified organizations shall allow Orion to provide Tier 1 data (i.e., information on the issued AQMS standard certificate – public domain) and Tier 2 data (e.g., information and results of audits, assessments, nonconformances, corrective action, scoring, and suspensions- private domain) to the OASIS database.
2. Organizations shall provide access to the Tier 2 data in the OASIS database to their aviation, space, and defense customers and authorities, upon request, unless justification can be provided (e.g., competition, confidentiality, conflict of interest).
3. If AQMS certified organizations lose their AQMS standard certification, they shall provide immediate notification to their aviation, space, and defense customers.
4. Organizations shall identify an OASIS administrator and be responsible  for notifying Orion of significant changes within the organization (e.g., changes related to address, ownership, key management, number of employees, scope of operations, customer contract requirements).

 26.1.2  Organizations shall agree that ABs, OP assessors, customer representatives, and regulatory authorities may accompany an Orion audit for the purpose of oversight witness or the confirmation of the effectiveness of the CB audit process.

 26.1.3 Failure of a certified organization to abide by these expectations shall be cause for withdrawal from the !COP scheme and the OASIS database listings.

27.0 Definitions

ORI—Orion Registrar Inc., or Orion

Applicant—The Company that is applying to ORI for certification services.

Certification—The decision by Orion that the Applicant’s Management System meets the requirements of the specified standard.

Document Review—A review of the Client’s documentation and required procedures, to assess compliance to the applicable standard.

Pre-Audit—an optional first review of the Management System to identify its strengths and weaknesses.  This Audit does not result in certification.

Stage 1 Audit— Review to determine if the Management System is sufficiently documented and implemented to warrant a Stage 2 Audit.  It includes a Document Review of the Client’s Management System documentation.

Stage 2 Audit—Review of the Management System to determine conformance to the designated standard.

Surveillance—Audits carried out to review portions of the Management System.

Recertification—An Audit of the Management System that occurs approximately three years after the certification.

Standard—The recognized commercial, national, or international standard governing the Management System (i.e. ISO 9001, ISO 14001, AS9100, ISO 13485 etc.).

Certificate—Document issued upon certification stating that the Management System has been audited by Orion and found to meet the requirements of the designated standard.

Management System—The documented, implemented, and maintained actions that fulfill the requirements of the applicable standard.

Product Certification System: The documented, implemented and maintained actions that fulfill the requirements of the Standard or Program for certification of a product.